Friday, November 18, 2005 

It's...Inevitable

void main()
{
SpellCheck.Set(0);

Computer viruses have been pacified.

Plain and simple. The few that exist...I would hardly consider them viruses anymore. Since Trojans have pretty much taken over, there has been a pretty steep decline in the number of REAL viruses. By "real" i am refering to the destructive viruses that existed for the sole purpose of harming your computer and spreading to the next host.

I remember years ago, when I would use microsofts DOS debug tool to compile viruses encoded in hex (i didnt have an assembler at the time). I would carefully handle them-- making sure i never really executed them, as i copied them from harddrive, to floppy, to computer. I knew the potential for Disk Killer to XOR your entire harddrive. And that was back in 1989!

Or how about Tentacles infecting my Windows 3.11 installations for 1-2 years in the early 90s. I would reinstall and still get hammered. Sometimes i didnt even want to scan my computer because i knew it'd be there, even after multiple cleanings. It'd slow my computer to a crawl-- Until I got smart and reformatted. I got another computer and transfered only the data i wanted to salvage using the old DOS Interlnk/Intersrv tools. Now that I think about it, viruses played a large role in pushing me towards the computer engineering field. I got so good at installing and tweaking Win16 and DOS just so I could work around the viruses that I kept tweaking even after I solved the virus problems.

But nowadays, I look around, and those viruses that struck fear in the hearts of many PC users are now just fossils. Viruses arent destructive anymore-- instead, they hide and steal information or open backdoors, effectively becomming trojans. However, I believe that the potential still exists. It just takes one person who is more destructive than greedy to pull the entire worlds eyes toward the potential security risks of poor programming.

Lets say that Windows 2000 Plug and Play bug was taken advantage of by someone who wanted to destroy computers instead of setting up bots or something corny like that. Lets say it was a real virus instead of a little worm/trojan. After compromising your system, it started disabling antiviruses or firewalls, infected other executables, scanned some other networks or sent some emails and THEN attempted to spread for a few hours (3 or so). Afterwhich, it would nuke your harddrive, a la Disk Killer!

Imagine that, u get infected and 3 hours later your computer is DEAD. And you didnt even see it comming. But the worst part is that it spread around the network first, infecting more comps. In a matter of days millions of computer HDs could have been wiped out. The potential was there-- all Zotob did was open a backdoor. If it had really wanted to, it could have grinded your PC away to a nub like a dentist on crack. A removal utility would be almost POINTLESS. The virus did its bid and moved on before the average user could detect an infection, download the removal utility/patch and get it taken care of. Someone could go watch the football game, and their computer would be deep fried by the time they came back.

There are some who would consider such a program a destructive worm. And technically, that is correct. Worms can spread without user intervention, whereas a virus must be explicitley run and doesnt spread to other systems unaided. However, by running an application that is vulnerable to exploitation, I honestly beleive you are enabling malicious code to run. Its the same as logically connecting your computer's filesystem to that of another system (i.e. mapping a network drive) and having a running virus attempt to infect data stored there. So a bad proggy that runs because of a remote exploit, infectes other executables, then tries to spread to other networks, but ultimately kills its host might be somewhere between a virus and worm since it exhibits qualities of both. But for this entry, I refer to it as a Virus/Worm.

My point is, the potential is there. Real viruses/worms can still be made. The worst combination would be the inevitable widely-used-app (AIM, MSN messenger, Yahoo messenger, Google/Yahoo/MSN website hack) bug that allows remote attackers to compromise a user's computer. Then if they use a destructive virus/worm, its all over within hours. What if Google got hacked and everyone who visited Google using IE got a virus/worm uploaded to them from an un-publicized IE bug. Even if it was detected, the traffic Google gets per minute is so large, thousands of people would be infected. Including people using computers behind government security measures, coorporate firewalls, personal traffic filters, etc. The range and rate of infection would be huge.

Sometimes, people dont wanna steal from you-- they just wanna mess w/ you.
}