The Basics of the Computer Virus

A plethora of negative magazine articles and books have catalyzed a new kind of hypochondria among computer users: an unreasonable fear of computer viruses. This hypochondria is possible because a) computers are very complex machines which will often behave in ways which are not obvious to the average user, and b) computer viruses are still extremely rare. Thus, most computer users have never experienced a computer virus attack. Their only experience has been what they’ve read about or heard about (and only the worst problems make it into print). This combination of ignorance, inexperience and fear-provoking reports of danger is the perfect formula for mass hysteria.

Most problems people have with computers are simply their own fault. For example, they accidentally delete all the files in their current directory rather than in another directory, as they intended, or they format the wrong disk. Or perhaps someone routinely does something wrong out of ignorance, like turning the computer off in the middle of a program, causing files to get scrambled. Following close on the heels of these kinds of problems are hardware problems, like a misaligned floppy drive or a hard disk failure. Such routine problems are made worse than necessary when users do not plan for them, and fail to back up their work on a regular basis. This stupidity can easily turn a problem that might have cost $300 for a new hard disk into a nightmare which will ultimately cost tens of thousands of dollars. When such a disaster happens, it is human nature to want to find someone or something else to blame, rather than admitting it is your own fault. Viruses have proven to be an excellent scapegoat for all kinds of problems.

Of course, there are times when people want to destroy computers. In a time of war, a country may want to hamstring their enemy by destroying their intelligence databases. If an employee is maltreated by his employer, he may want to retaliate, and he may not be able to get legal recourse. One can also imagine a totalitarian state trying to control their citizens’ every move with computers, and a group of good men trying to stop it. Although one could smash a computer, or physically destroy its data, one does not always have access to the machine that will be the object of the attack. At other times, one may not be able to perpetrate a physical attack without facing certain discovery and prosecution. While an unprovoked attack, and even revenge, may not be right, people still do choose such avenues (and even a purely defensive attack is sure to be considered wrong by an arrogant agressor). For the sophisticated programmer, though, physical access to the machine is not necessary to cripple it.

People who have attacked computers and their data have invented several different kinds of programs. Since one must obviously conceal the destructive nature of a program to dupe somebody into executing it, deceptive tricks are an absolute must in this game. The first and oldest trick is the “trojan horse.” The trojan horse may appear to be a useful program, but it is in fact destructive. It entices you to execute it because it promises to be a worthwhile program for your computer—new and better ways to make your machine more effective—but when you execute the program, surprise! Secondly, destructive code can be hidden as a “logic bomb” inside of an otherwise useful program. You use the program on a regular basis, and it works well. Yet, when a certain event occurs, such as a certain date on the system clock, the logic bomb “explodes” and does damage. These programs are designed specifically to destroy computer data, and are usually deployed by their author or a willing associate on the computer system that will be the object of the attack.

There is always a risk to the perpetrator of such destruction. He must somehow deploy destructive code on the target machine without getting caught. If that means he has to put the program on the machine himself, or give it to an unsuspecting user, he is at risk. the machine himself, or give it to an unsuspecting user, he is at risk. The risk may be quite small, especially if the perpetrator normally has access to files on the system, but his risk is never zero.

With such considerable risks involved, there is a powerful incentive to develop cunning deployment mechanisms for getting destructive code onto a computer system. Untraceable deployment is a key to avoiding being put on trial for treason, espionage, or vandalism. Among the most sophisticated of computer programmers, the computer virus is the vehicle of choice for deploying destructive code. That is why viruses are almost synonymous with wanton destruction.

However, we must realize that computer viruses are not inherently destructive. The essential feature of a computer program that causes it to be classified as a virus is not its ability to destroy data, but its ability to gain control of the computer and make a fully functional copy of itself. It can reproduce. When it is executed, it makes one or more copies of itself. Those copies may later be executed, to create still more copies, ad infinitum. Not all computer programs that are destructive are classified as viruses because they do not all reproduce, and not all viruses are destructive because reproduction is not destructive. However, all viruses do reproduce. The idea that computer viruses are always destructive is deeply ingrained in most people’s thinking though. The very term “virus” is an inaccurate and emotionally charged epithet. The scientifically correct term for a computer virus is “self-reproducing automaton,” or “SRA” for short. This term describes correctly what such a program does, rather than attaching emotional energy to it. We will continue to use the term “virus” throughout this article though, except when we are discussing computer viruses (SRA’s) and biological viruses at the same time, and we need to make the difference clear.

If one tries to draw an analogy between the electronic world of programs and bytes inside a computer and the physical world we know, the computer virus is a very close analog to the simplest biological unit of life, a single celled, photosynthetic organism. Leaving metaphysical questions like “soul” aside, a living organism can be differentiated from non-life in that it appears to have two goals: (a) to survive, and (b) to reproduce. Although one can raise metaphysical questions just by saying that a living organism has “goals,” they certainly seem to, if the onlooker has not been educated out of that way of thinking. And certainly the idea of a goal would apply to a computer program, since it was written by someone with a purpose in mind. So in this sense, a computer virus has the same two goals as a living organism: to survive and to reproduce. The simplest of living organisms depend only on the inanimate, inorganic environment for what they need to achieve their goals. They draw raw materials from their surroundings, and use energy from the sun to synthesize whatever chemicals they need to do the job. The organism is not dependent on another form of life which it must somehow eat, or attack to continue its existence. In the same way, a computer virus uses the computer system’s resources like disk storage and CPU time to achieve its goals. Specifically, it does not attack other self-reproducing automata and “eat” them in a manner similar to a biological virus. Instead, the computer virus is the simplest unit of life in this electronic world inside the computer. (Of course, it is conceivable that one could write a more sophisticated program which would behave like a biological virus, and attack other SRA’s.)

Before the advent of personal computers, the electronic domain in which a computer virus might “live” was extremely limited. Computers were rare, and they had many different kinds of CPU’s and operating systems. So a tinkerer might have written a virus, and let it execute on his system. However, there would have been little danger of it escaping and infecting other machines. It remained under the control of its master. The age of the mass-produced computer opened up a whole new realm for viruses, though. Millions of machines all around the world, all with the same basic architecture and operating system make it possible for a computer virus to escape and begin a life of its own. It can hop from machine to machine, accomplishing the goals programmed into it, with no one to control it and few who can stop it. And so the virus became a viable form of electronic life in the 1980’s.

Now one can create self-reproducing automata that are not computer viruses. For example, the famous mathematician John von Neumann invented a self-reproducing automaton “living” in a grid array of cells which had 29 possible states. In theory, this automaton could be modeled on a computer. However, it was not a program that would run directly on any computer known in von
Neumann’s day. Likewise, one could write a program which simply copied itself to another file. For example “1.COM” could create “2.COM” which would be an exact copy of itself (both program files on an IBM PC style machine.) The problem with such concoctions is viability. Their continued existence is completely dependent on the man at the console. A more sophisticated version of such a program might rely on deceiving that man at the console to propagate itself. This program is known as a worm. The computer virus overcomes the roadblock of operator control by hiding itself in other programs. Thus it gains access to the CPU simply because people run programs that it happens to have attached itself to without their knowledge. The ability to attach itself to other programs is what makes the virus a viable electronic life form. That is what puts it in a class by itself. The fact that a computer virus attaches itself to other programs earned it the name “virus.” However that analogy is wrong since the programs it attaches to are not in any sense alive.