Computer Viruses: A Simple Program That Becomes Complicated

Despite the catchy name, a computer virus is simply a computer program that, uninvited and without a user’s knowledge, makes its way into a person’s computer and does something that the computer user does not expect it to do.

What the particular virus program does determines how benign or malevolent it is. It could simply flash a message on the user’s screen and disappear harmlessly. Or it could destroy all the work and programs stored on the computer’s disks.

The virus that struck universities and governmental research agencies nationwide two days ago is being described as neither benign nor particularly malevolent. It didn’t destroy data, but it did consume so much of the computers’ processing resources, searching and poking at each system it infected, that it prevented the legitimate programs running on those computers from being able to do their jobs.

A computer carries out a program’s instructions much the way a piano carries out a pianist’s instructions by sounding the appropriate musical notes.

A computer program, even a virus program, is inactive (and harmless) as long as it is resting in storage on the disk or tape, just like a CD music album is inactive as long as it sits on a bookshelf.

But as a program is “run,” its contents move into a computer’s operating memory where the processors can carry out its instructions. (Such memory is usually referred to as RAM--random access memory.)

A computer cares not what that program instructs it to do, so if the program says go out and erase every file on the hard disk attached to this computer, the computer dutifully carries out its task.

If the program, as did the virus that struck nationwide this week, instructs the computer to search its memory for the addressing information for every system connected to it and then send a copy of the program to each system and instruct those systems to begin running that program, the computer complies.

Viruses would be easy to detect and prevent if they announced their presence by being identifiable as separate programs. Instead, they are typically disguised by attaching the programming code onto an otherwise innocent program that the user would expect to have in his computer, or that the user is copying with a telephone modem from an information service or computer bulletin board.

One of the favorite prevention techniques used by so-called “vaccine” programs is to electronically watch existing programs to make sure they aren’t nefariously modified.

Copying Instructions

To add to the insidiousness of viruses, they often contain instructions to the computer to copy them onto whatever floppy disks are inserted into the machine in such a way that they cannot be seen by the user.

If a personal computer has no modem connecting it to a telephone line, it could still pick up a virus from floppy disks put into it. But that is extremely unlikely with software purchased from legitimate dealers in sealed packaging. If a user accepted copies of programs from friends, or even copies of data disks upon which corrupted system program files could be lurking, security could be compromised.

“Don’t share disks. Don’t copy software,” one computer buff wrote on an electronic bulletin board recently. “Don’t let anyone touch your machine. Just say no.”

Even with a modem, no one can simply call up another computer surreptitiously and infect it.

The user must cooperate by instructing the computer, through communications software, to answer the telephone and accept any program files that it receives. Program files are more difficult to transfer because no error can be tolerated, so it is virtually impossible a user would unwittingly receive a program file.

The communications risk comes in copying program files from another computer into one’s own over the telephone. Even then, the major computer information services make strenuous efforts to keep their systems free of viruses that could infect their clients’ machines.

Universities, government research agencies and others are connected to large computer networks designed to allow users on one system easy access to transfer data and programs to users on another system. These will always be vulnerable to someone attempting to break into the network and infect it with mischievous or more mean-spirited programs.

Phil Sih, a Silicon Valley operator of a new electronic bulletin board, notes that these networks are operated on a kind of honor system, with participants sharing an unwritten agreement “not to do stuff like this.”

“Everyone knows there are holes in every system,” Sih said. “The whole idea is not to exploit them.”

HOW COMPUTER VIRUS SPREAD COAST TO COAST Anatomy of a Computer Virus Programmer writes a program that can hide in the computer, replicate and distribute itself and carry out any other task that programmer chooses. Program spreads when floppy disk containing virus is put into another computer, or when program to which it is attached is copied over telephone off computer information service or bulletin board or transferred along a computer network from system to system. The virus is activated whenever it enters the operating memory of the computer it has reached and the prescribed conditions set by the programmer are met. Vaccine programs attempt to detect presence of virus by various means, primarily by watching for unwarranted changes in system programs that all computers must have to operate. The Infected Network

After first detecting the virus at midnight Wednesday (9 p.m. PST) at Harvard University, researchers backtracked and found the earliest traces of it in messages sent from RAND Corp. six hours earlier. Presence of the virus set off a coast-to-coast investigation to find its purpose. It contained instructions to do something in 12 hours, but investigators still don’t know what. The nation’s top experts on the UNIX, the operating language used by the affected network, met in Berkeley Thursday and devoted themselves to continuing the probe.