Home -> Magazines -> Issues -> Articles in this issue -> View
Virus! | |
Article from Music Technology, October 1988 |
The latest scare in the computer world is a series of programs that behave as if they are a human disease. Roly Pickering describes the background to computer viruses and what you con do to protect yourself from them.
Just when you thought it was safe to copy software, news breaks of a virus that infects computers... But what is a computer virus and what can it do to your computer and software?
"The Trojan Horse has the distinction of getting into a computer as a friendly helpful program, doing its job. doing no damage, but getting out with all your passwords."
As a joke, a programmer had added a few lines of code to a graphics program so that when it was loaded it looked to see if the copy being used was an original or a pirate, if it found a pirate, it destroyed the hard disk then printed on screen. The trouble was, the user in question had a real copy and there was a fault in the code that checked for pirates. The company apologised and replaced all the disks that were affected. It's not recorded whether the programmer in question still works for them.
That type of logic bomb has been around since the early '70s in one form or another, with the earliest recorded being a program called the Vampire Worm. It got its name from the fact that it only came out at night, to take advantage of the large American networks of computers that were available. In the morning when humans arrived it would disappear. There was even talk of using the virus to multitask, for maintenance and for useful ends. The logic bomb is usually nasty, in that on a certain date or when a preconceived set of circumstances arise, then the bomb is "detonated" - sometimes years after the timers were set. The Jerusalem Virus was triggered on Friday the 13th. It was defused in time only because of the sense of humour of the programmer, who had ensured that on every Friday or on the 13th of the month the machines involved would slow almost to a halt. Complaints about this from users prompted a search which discovered that the virus was only aimed at the IBM PC, and that it had spread almost right through the IBM community of Israel. Steps were taken to stop users running the machines on the appointed date including taking advertisements out in newspapers and the use of national TV and radio. Even now computer users all over the world set the date in their system to the 14th, returning it to the correct date after midnight - just in case.
It's not only the mega mainframes and IBM that have had virus troubles; the Atari, Apple, Tandy and Amiga (with the infamous "...something wonderful has happened, your Amiga is alive" message followed by the destruction of all files) have suffered from examples of what an idiot, (they're not "hackers"), can do with an assembler package. As vaccines are brought out to warn you of the presence of a virus, or to stop the virus doing the naughties to your add-ons, so the virus types mutate around them - even to the point of hiding in a vaccine program. If you ran what you thought was Flushot 4 you would have got more than you bargained for. Flushot 1, 2 and 3 were useful programs warning you of impending doom, the author of which countered the virus-infested Flushot 4 with Flushot+, which carries the immortal words of warning to the interloper:
"GO ON SLIME BUCKET, MAKE MY DAY"
Some of the more recent viruses approach almost human levels of deceit. One example, called the Brain virus, from Lehore in Pakistan, is smarter than the average virus, in that where you would normally look for the virus to appear on a disk directory, this one doesn't; it hides instead amongst the data that should be on the disk, telling you that there is no virus, just a couple of bad sectors - which is, of course, where it resides. It can modify itself and looks for innoculation "bytes". As yet it's not known what it does other than marking the disk - when it's nearly full of data, of course - "Copyright Brain".
To get some idea of how fast a virus can spread, a programmer at the technical university of Clausthal, near Hanover in Germany, wrote a program in REXX, an IBM command language, as a seasonal joke. It was called "Christma" and what it did was to show a pretty Christmas card on screen. Meanwhile it was looking at two files known as Names and Netlog. The first contains the names of your regular correspondents, the other a list of all recent incoming and outgoing mail. Armed with this information the virus then sends a copy of itself to all listed users before deleting itself.
On December 9th, the programmer sent a copy of this to his friends. They ran it and saw the Christmas card. It duly sent a copy of itself to all their friends. The university was on the European Academic Research Network, (EARN) which is linked via the Montpelier Bitnet to the USA, both of which have automatic diallers (Listservs) to distribute information to thousands of users worldwide. These also have Names and Netlog files. The speed with which the virus spread was increasing.
By Friday the 11th December, a task force was set up. Sites were being isolated and hunter-killer viruses were sent along the same routes after the Christmas card virus, in a desperate bid to stop it, but by now it had spread further afield. Off Bitnet is VNET, IBM's own personal network - and IBM staff kept very long name files. The virus was perfectly at home on VNET as the IBM and the mainframes both used the same language. The entire network was shut down for 72 hours and the electronic side of corporate communications stopped while the virus was purged.
There are already reports from IBM programmers in Lancashire that they are seeing a so-called "virus" for the DX7. Called the MIDI Virus, it shows all the signs of being a virus, and flashes "Gotcha!" on the DX while gurgling noises come from the synth. However it isn't a virus at all, just a spin-off from them, relying upon system exclusive messages to get at the synth. It doesn't care whether it's five thousand miles or a two-foot MIDI lead away, it all looks just the same to a virus.
"The Vampire Worm came out at night to take advantage of large American networks of computers - in the morning when humans arrived it would disappear."
The sickos don't even have to damage data or the machine to screw up a system. Putting in garbage will do it just as well as a killer virus - and it's happened to at least one large company already.
An employee of a large multinational company left a little program called Creeper in the mainframe at his company headquarters that checked every month to see if his name was still on the payroll. If it was, all well and good. If not, it would deposit 400 bytes of rubbish in a system that held over 300 million. These 400 bytes would double every 24 hours. One month his name was missing, so it duplicated itself and went back to sleep. He had been fired. After ten days, strange hold-ups and mistakes were occurring in parts of the system. After 14 days the whole system had ground to a halt, paralysed by Creeper. The company created emergency workspace and wrote another virus into it called Reeper, whose only purpose was to kill Creeper. For days the viruses fought it out, with one, then the other gaining the upper hand, until Reeper won. The company had almost gone bankrupt during the proceedings.
EVEN IF YOU only buy original software and never let your computer talk to strange computers, never run any software that you haven't run before, and never borrow or loan any software, there is still no guarantee that it can't happen to you. Viruses generally use the ability of computers to talk to one another to spread across great distances, and the inability of them to do anything other than blindly follow instructions to infect any other program that it or the host comes into contact with. The ultimate aim is "damage or destroy". They are as deadly as any human virus - all you need is one program hiding the harbinger of doom and by the time you have found out, it's infected all your others.
Some of the nastier strains about have other ideas on how to do the maximum damage. Apart from scrambling data, there are those that will either repeatedly knock the read/write head of the hard disk against the stops to bend them (which can be more efficient than a blow torch in converting hard drives to instant scrap metal) or follow the classic route of the Commodore PET Poke, where, by putting a specific number into a specific address in the computer memory, it is possible to up the clock rate of that computer to a point where the chip itself overheats and fries. This has come back as the Sizzle virus, but just as nasty and with the same effect.
Some viruses can be amusing: in one the "cookie monster" appears on screen, demands a cookie, and if you don't give it one, starts eating the screen characters. If you type "Cookie", it politely says "thank you" and disappears. There is an Apple virus that, if an Appletalk card is fitted, gives a one-in-16 chance of you hearing "don't panic" coming from the speaker. Most unnerving.
No one anti-virus programme will protect you, just as no one set of procedures will be watertight. The best that is available today is to know your enemy. Invest £50 in a modem, and find a good free bulletin board to call. After a while you'll wonder how you ever managed without one. Most of the Sysops (bulletin board system operators) are very experienced in the weeding out of suspect software and callers, not allowing software to be loaded until it is checked. The more established Sysops can call on a range of experienced users to dissect and analyse the best-hidden and most discreet programs. They can also supply the latest news on the most effective method to combat the recent moves by the virus aimed at your machine. You should find users with experience in every field, not only in computing, MIDI and music. You'll also get the latest in PD and Shareware programs down the phone at a fraction of the normal cost. (As little as 60p/100K of software, dependant upon speeds). A lot of computer-related companies are involved in Bulletin Boards for user support, or sponsor bulletins on existing boards.
Most of the Shareware and PD authors are on a Bulletin Board somewhere, with most authors putting the details into the information on the program itself. If you're using a board that has an electronic mail connection to America, Japan or Australia you can ask for all the help you need with a program, for the cost of a local call. Whatever you spend you'll recoup the outlay in assistance, advice and practical help very quickly.
If it's only a matter of time before a virus of one sort or another contacts everybody, it's in your own interest that you know what they can do and what you can do to combat them. Music programs and data are an ideal breeding ground for the data-corrupting viral strains, and the effects that other areas have felt could be here next.
"After ten days strange hold-ups and mistakes were occurring in parts of the system; after 14 days the whole system had ground to a halt, paralysed
by Creeper."
There are various commercial service and software packages available to protect you and your equipment from damage, or to repair damage that has already been done. But before you spend your hard-earned cash, remember that no one thing can protect you from all the viruses that existed yesterday, let alone today's and tomorrow's.
Being careful is cheap and effective. These are some of the precautions that will help you to help yourself.
1. Write protect all your disks.
2. Get a modem, find a bulletin board.
3. Do not use pirate software.
4. If possible, use software that has been checked by someone you trust, and who knows what to look for.
5. At the first sign of something unusual, switch off.
6. If you're using a program you're unsure of, disinfect by turning the computer off and counting to 50 after you've used it. If there is a virus, you won't pass it on to any of your other disks.
These simple steps won't stop every possible attack on every computer, but they will stop most of them or, at least, minimise the risk to your computer and your data. Virus rumours are easier to start than stop, so the next time your computer crashes, don't assume you've got a virus - there's more chance it's a bug. There are also "joke" programs about that are not viral at all.
However, if your synth won't stop playing the birdie song in 23/17 on a rubber triangle patch, and you don't have a sequencer, you can immediately discount the joke. You just might have captured the very rare Bird virus.
The analogy of a computer virus to that of "AIDS", here at least, is to assist in education, not scaremonger or in any way trivialise the illness called AIDS. The way in which both viruses spread, although not how, are similar. The methods of defeating them are again similar enough to illustrate the point. You can still enjoy "safe computing".
Thanks to the users and Sysop of the Crystal Tower (Contact Details) for help given In the preparation of this article.
Apple Notes |
The Musical Micro - Software For The 64 |
Software Support - Hints, Tips & News From The World Of Music Software |
Apple Notes |
Apple Notes |
Atari Notes |
On the net |
When Is A Computer |
The Musical Micro - Rag Bags and Hotch Potch |
Musical Micro - Bananas and Softsels |
Software Support - Hints, Tips & News From The World Of Music Software |
Software Support - Hints, Tips & News From The World Of Music Software |
Browse by Topic:
Feature by Roly Pickering
mu:zines is the result of thousands of hours of effort, and will require many thousands more going forward to reach our goals of getting all this content online.
If you value this resource, you can support this project - it really helps!
New issues that have been donated or scanned for us this month.
All donations and support are gratefully appreciated - thank you.
Do you have any of these magazine issues?
If so, and you can donate, lend or scan them to help complete our archive, please get in touch via the Contribute page - thanks!