FUNGEN1.CVP 910727 Computer operations and viral operations Having defined what viral programs are, let's look at what computers are, and do, briefly. The functions that we ask of computers tend to fall into a few general categories. Computers are great at copying. This makes them useful for storing and communicating data, and for much of the "information processing" that we ask them to do, such as word processing. Computers are also great for the automation of repetitive tasks. Programming allows computers to perform the same tasks, in the same way, with only one initiating call. Indeed, we can, on occasion, eliminate the need for the call, as programs can be designed to make "decisions" on the basis of data available. Finally, computer processors need not be specially built for each task assigned to them: computers are multi-purpose tools which can do as many jobs as the programs available to them. All computer operations and programs are comprised of these three components: copying, automatic operation, "decision" making: and, in various combinations, can fulfill many functions. It is no coincidence that it is these same functions which allow computer viral programs to operate. The first function of a viral program is to reproduce. In other words, to copy. This copying operation must be automatic, since the operator is not an actively informed party to the function. In most cases, viral program must come to some decision aobut when and whether to infect a program or disk, or when to deliver a "payload". All of these operations must be performed regardless of the purpose for which the specific computer is intended. It should thus be clear that computer viral programs use the most basic of computer functions and operations. It should also be clear that no additional functions are necessary for the operation of viral programs. Taking these two facts together, noone should be surprised at the conclusion reached a number of years ago that not only is it extremely difficult to differentiate computer viral programs from valid programs, but that there can be no single identifying feature that can be used for such distinction. Without running the program, or simulating its operation, there is no way to say that this program is viral and that one is valid. The fact that computer viral operations are, in fact, the most basic of computer operations means that it is very difficult to defend against intrusion by viral programs. In terms of "guaranteed protection" we are left with Jeff Richards' Laws of Data Security: 1) Don't buy a computer. 2) If you do buy a computer, don't turn it on. copyright Robert M. Slade, 1991 FUNGEN1.CVP 910729 ============== Vancouver ROBERTS@decus.ca | "Le mathemtica e l'alfabeto Institute for Robert_Slade@sfu.ca | nel quale Dio ha scritto Research into rslade@cue.bc.ca | l'universo." User p1@CyberStore.ca | Security Canada V7K 2G6 | - Galileo