The last time you installed a large software, let us say a photo program, you just executed one command, for instance INSTALL or SETUP. After that the installation program took control, creating and deleting files. A few minutes later you have a lot of new code and data installed.
You had really no idea of what you had received. Hopefully all you received was good and may be it was. But think for a minute of all the millions of byte that were transferred and all the modifications that were made to the existing files. And all this was going on without your consent or knowledge.
A malicious code can do anything other program can. It can write a message on the computer screen, erase a stored file or stop a running program. Malicious codes can do different things every time. They can also do nothing most of the time and then suddenly act in a very dramatic way.
What is a malicious code? How is it possible that it can take control of a system? How can you recognize a malicious code? Is it possible to stop it? Let me try to give you some answers.
A malicious code is an undesired effect in a program or in a part of a program, caused by an agent intent on damage. A virus is a program that can pass on a malicious code to other good programs by modifying them. A virus 'infects' a program by attaching itself to the program. Then the virus destroys the other program or it exists with it. Also the good program can be modified. It then acts like a virus and starts to infect other programs. A transient virus acts when the attached program runs and terminates when the attached program stops. A resident virus locates itself in the memory of the computer and can remain active even if the attached program stops.
A Trojan horse is a malicious code that besides its primary effect even has a non obvious effect. It can for example take the identification and password of a user, passes the identifi-cation information on to the rest of the system, but keeps a copy of the information for later use.
A logic bomb is a type of malicious code that goes off when a certain condition happens. A time bomb is a logic bomb, where the trigger is a time or date.
A worm is a malicious code that spreads copies of itself through a network. The difference between a worm and a virus is that a worm operates through a network and a virus is spread through a medium, usually a copied program or data files.
The only way to prevent an infection by virus is to avoid sharing an executable code with an infected source. Of course you cannot know which sources are infected, the best advice I can give you is to expect that any outside source is infected. The problem is that you cannot cut out all contact with the outside world. However there are some techniques to obtain a fairly safe community for your contact with the outside world.
1. Use only commercial software from established vendors
2. Test all new software on an isolated computer
3. Made a bootable disc and store it on a safe place
4. Make backup copies of executable system files
5. Use virus scanners regularly
You can never be quite safe for a malicious code, but at least you have a good chance to diminish the harm if you follow these fairly simple rules. |
