First published: 01st March 1995
By Allan G. Dyer M.Sc.(tech) B.Sc. AIDPM MIAP MHKCS, Head of F-PROT Technical Support, Yui Kee Co. Ltd.
Viruses are often seen as a DOS problem, which will disappear when people move to real operating systems. It is argued that DOS is full of security loopholes, and a better operating system will eliminate viruses. In fact, this is totally incorrect. We have already seen, in the first of this series of articles, that the idea of a computer virus and some early viruses existed before the first PC was built or DOS 1.0 was written.
DOS Viruses Everywhere
The number of different DOS viruses totally overwhelms the number of all other viruses put together. There are over 5000 known DOS viruses, and less than 300 of all other types of virus. Once people stop using DOS or DOS/Windows 3.1 and move to Windows '95, NT or OS/2, surely these viruses will disappear? No, because these operating systems are designed to run DOS programs, and DOS viruses are all just DOS programs. There will be particular viruses that are incompatible with some of these operating systems, but a lot will work. Others will be incompatible, but will work enough to make a real mess, for example, infecting a machine using OS/2 boot manager with a boot sector virus will probably cause OS/2 to fail to boot. The virus will not spread using OS/2, but the user will have a real problem.
In general, anything that can run a DOS program can be infected by DOS viruses. So, if you run a DOS emulator on a Macintosh you can be infected by a DOS virus.
OS/2 and Windows
There are two Windows viruses and one OS/2 virus known. Really, the OS/2 virus is little more than a demonstration that it is possible, but now that the way has been shown it will only be a matter of time before more appear. Tools for programming in Windows are becoming more common, making it easier for the virus writer. Another development in Windows is OLE, this allows objects to be embedded in documents. An object could be executable code, so an OLE virus is theoretically possible.
Secure Operating Systems
DOS is well known for it's low security, but Windows NT is designed to meet Orange Book security standards (the US Department of Defense security criteria), surely that gives protection against viruses? No, quite simply, the Orange Book standard was written to provide secrecy (preventing unauthorised access to data), which is a different aspect of security to integrity (preventing damage to programs or data). A program run by a user has that users access privileges, if it is infected by a virus the virus has those privileges to modify programs or data.
Trends in Virus Writing
Very early DOS viruses were often not intentionally destructive, but later viruses were first intentionally destructive, and then destructive in nastier ways. This pattern has been repeated on the Macintosh, with the most recent Mac viruses being intentionally damaging.
On the Acorn Archimedes, another pattern is being repeated. Recent viruses for this machine are slightly mutating. This pattern of the first viruses written for a particular type of computer being simple replicators, and later viruses showing polymorphism, damage routines, or any other technique such as stealth, fast or slow infectors, will be repeated many times.
The Virus Count
Table I
| Computer | Number of Viruses |
|---|---|
| Apple Macintosh | 50 |
| Commodore Amiga | >100 |
| Acorn Archimedes | 84 |
| Atari ST series | 20 |
| HP-48 | 5 |
| Unix | 3 |
| Commodore 64 | 2 |
Table I shows the approximate number of viruses known for different computers. A relationship can be seen to student use, the Acorn Archimedes is common in schools in the UK, and the Commodore Amiga is a popular home machine. This fits with the profile of known virus writers: they are all male, and mostly between the ages of 14 and 25. Viruses are mostly written on the types of machine that this age group has access to. The fact that none of the known writers are female possibly indicates that women are more intelligent than men, because, either, a) they do not get caught or b) they do not do anything as stupid as writing a virus anyway. The ages cover the range where intellectual development is sufficient to write a virus, but ethical development is not sufficient to stop the writer.
So, the difficulty of writing a virus for a particular machine does not appear to be a factor in how many viruses are written for it. The major factor appears to be how likely it is that a male aged 14 to 25 would have access to that type of machine and tools for programming it: DOS machines are extremely common, there are over 5000 DOS viruses, the Amiga and Archimedes are popular home and educational machines, their viruses number close to one hundred. The Macintosh is popular, but programming tools for it are relatively uncommon, so there are fewer Mac viruses. Minicomputers, such as AS/400 or VAX, and mainframes are not accessible to the typical virus writer, so viruses are, as yet, unknown on these.