How to solve the virus crisis ?
Introduction and Purpose
As a regular reader of the newsgroup news:alt.comp.virus I know how serious the virus problem is. Every day there are new ones. The question immediate pops up: Can we solve the virus problem. IMO we can, however we have to pay a price.
Part of the problem in this newsgroup is that the readers are not allowed to discuss what virusses are in detail. IMO that is wrong. IMO there is nothing wrong in discussing what a virus is. It is wrong to write a virus. It is wrong to modify a program, adding actions that where not intended by the original creator of the program.
Explaining how a virus works will help to understand the general public what a virus does, how to prevent the virus to perform its deadly work and to solve the damage in case it has caused. Not only that if you know how virusses currently operate, you can study how they change, predict what they could do in the future and take protective actions.
If you want to discus virusses than first we have to define what a virus is. IMO there are two different types:
Only the second type are subject of this discussion.
- The first type of virusses are programs which take there actions based on errors in the operating system. The operating system does not perform as designed. The manufacturer of the operating system has to solve those problems.
- The second type of virusses are programs take actions not based on errors. They are written in standard available program languages but their functionality is not what the user expects. For example: they modify and or delete system files.
A virus program performs two tasks:
- one task modifies the system (i.e. certain files)
- a second task is used to reproduce (i.e. to spread)
Reproduction uses two strategies: diskettes or e-mail.
- Diskette reproduction could be as follows: Starting point is a diskette with one modified program. Loading and reading that diskette (to see which files it maintains) will not cause any harm. Executing the modified program will modify at least some of the the files in your system. Copying any of those modified files on a new diskette will take care for the reproduction process.
- e-mail reproduction goes more or less as follows: Starting point is an e-mail with an attachment. Receiving the e-mail does not cause any damage. Opening and executing the attachment will first result that some of your files are modified. Secondly that the program will issue an e-mail with the attachment to the people mentioned in your address book. As such the virus reproduces.
Answer part 1
- The first rule to follow, in order to solve the virus problem is that (application) programs should only be allowed to write to the files in their own root directory or in the files in their child directories but never in its parent directory i.e. the operating system should prevent that. However not completely. If they want than each time they should ask permission from the user (For example: at the beginning of Setup or to modify REGISTRY)
- The second rule is that programs downloaded via Internet should not be executed directly, but always first stored onto the disk.
The first rule allows a program to create files and directories relative to their own directory in which they reside i.e. in their child or offspring directories. That means programs should by preference only use relative disc addressing and not absolute disc addressing.
Most application programs under Windows 98 (ME ?) already follow both rules.
All Programs, Visual Basic scripts, Java scripts and Macros should follow both rules.
The operating system itself should be an exception.
Answer part 2
Microsoft should supply the above feature as an option in its Operating Systems (Limited Edition).
IMO many people will benefit if it excists.
One current strategy to protect yourself against macros is the following: Do not execute programs (macros) from unreliable (not trusted) sources.
IMO such a strategy is not very pratically on the long run (Currently, without any modification to the Operating System, it is one of the best). IMO the operating system should give the user a certain amount of build in protection. My suggestion does that.
When you go to the URL http://16ton.com/htg/consp2.htm the following message is displayed:
"You should be aware that any file you download from the network could contain malicious program code (application) or scripting language (documents). Simply viewing the contents of these files could be dangerous. Take precautions: do not download anything from a site that you do not trust. Are you sure you want to continue ?"
There are 17 programs available of this home page. See Program Implementation for details. As part of download infomation I have added the following warning: "You have to trust the owner for that". I wish that the Operating System would be responsible for this security risk and that trust would not be an issue.
A second type of strategy is to install Anti Virus (AV) software. The problem with AV software is that it requires continuous updates. My suggestion makes you less dependent on AV software. I can not quarantee that it solves all the problems.
A different strategy to solve the virus problem is more severe punishment for the people who make those virusses. IMO that deterrent will not work as a general world wide solution.
A different strategy is education. One current opinion is that it are only the lonely kids who write computer virus programs. All education is good and eduction about how to behave is worthwhile (for everyone of all ages). However telling someone that it is bad to write a virus I do not think will solve the problem.
The Love Letter virus contains many different parts and functions. Each of those parts is important and worthwhile knowing for any programmer, because it can be usefull for his normal day by day work. It is the combination of those functions that make it dangerous.
The price for my suggestion is less flexibility. That is a slight disadvantage. For me does disadvantages outperform the major advantage: More security
For a technical slide show about virusses see: http://www.seas.gwu.edu/~csci229/nov19/sld001.htm
For a technical information and (old) source code see: http://www.tlsecurity.net/
For virii resources see: http://vx.netlux.org/
Answering each of the following questions is an option.
Created: 29 October 2000
Modified: 17 October 2001
Back to my home page Contents of This Document