Introduction |
Medicine is becoming increasingly dependent on information
technology, 1-3 and
clinicians should be aware of the risks posed by computer viruses. The
effects of these viruses vary, ranging from irritating, but benign,
messages on your screen like "Your computer is stoned" to permanent
destruction of data.
Not surprisingly, given their name, computer viruses are analogous to biological viruses, and analogies can be drawn between them in the prevention, detection and treatment of infection. The term "computer virus" was coined by Cohen in 1983, 4 although the notion of computer programs that could multiply was described by von Neumann in the 1940s. 5 It is difficult to establish exactly what the first computer virus was, as several existed before Cohen called them viruses. However, the first virus may have been a program called Creeper, 6 which spread over the ARPANET (the forerunner of the Internet) in 1970, announcing itself by "I'm the creeper . . . catch me if you can!". Cohen recognised that transmission of computer viruses was largely a "social" problem, 7 and has been proved correct.
|
 | |
Pathophysiology |
Both computer and biological viruses are controlled by code --
computer code and genetic code, respectively. Genetic code evolves
spontaneously to permit biological viruses to evade our immune
system. Computer virus code is specifically crafted by programmers
to exploit the weaknesses and idiosyncrasies of computer software,
usually the operating system software. New biological viruses are
uncommon, but ingenious computer programmers are always designing
new viruses. Brand new viruses can easily evade a computer's
defences, but fortunately are quite rare.
However, while biological viruses are self-contained particles, able to exist in isolation under suitable physical conditions, computer viruses are code which must reside on some form of storage medium. The medium determines the longevity of the virus -- those on magnetic disks (floppy or hard) or tape persist until the medium is erased; those in computer memory survive only until the computer is turned off; and a virus on a CD-ROM (compact disc-read only memory) disk will last until the disk is destroyed . The term "infection" is used differently with biological and computer viruses. The mere existence of a biological virus does not qualify as infection. However, anything containing a copy of computer virus code is considered infected, be it the computer, its memory, floppy or hard disks, magnetic tapes, CD-ROMs or other storage media. Neither biological nor computer viruses can multiply without a functioning host. Computer viruses are able to replicate in a susceptible host computer, and virus copies are then stored in memory or on storage media. Computer viruses, like their biological counterparts, are species-specific. Computer species are defined by the program-running environment. For the vast majority of viruses, this is the operating system software (e.g., DOS, Windows NT, OS/2, Netware, Macintosh OS). So, for example, a Macintosh computer cannot catch a PC/DOS virus and vice versa. Newer "macro viruses" are specific to a particular application. For example, a "Microsoft Word" macro virus can spread from a PC to a Macintosh running Microsoft Word, but not to computers running other word-processing programs. There are many types and strains of computer virus, the number of which depend on a combination of the popularity of the computer and the ease with which its weaknesses are able to be exploited. There are over 1500 families of PC/DOS virus, fewer than 20 Macintosh virus families, and no known Unix viruses . Some computer viruses are very damaging, but these tend to disable their hosts before having much chance to replicate and be transmitted (like Ebola). Those which cause little damage tend to be more successful at propagation (like upper respiratory tract viruses). Some computer viruses create "carrier" states, where they may not reveal any overt evidence of infection, but are still infectious (like hepatitis B). |
Transmission |
Computer viruses are easily transmitted, as any means of
transmitting computer code from one computer to another can pass on
infection. Data files do not generally transmit viruses, because
they do not contain executable code; the exception is the macro virus.
Plain text e-mail messages are generally safe because they cannot
transmit virus code.
Binary files attached to e-mail messages or word-processor files containing macro viruses, however, may transmit virus code. Floppy disks are a common vector for computer viruses. Any means of transmitting computer code from one computer to another can transmit infection. Software downloaded from bulletin boards or the Internet could contain viruses, although systems operators try not to let viruses infect their systems. Computer networks can help viruses spread rapidly to all computers on the network. |
Symptoms and signs |
Each computer virus acts in a different way, so it is difficult to
describe the behaviour of them all in general terms, except to say that
they are capable of doing almost anything! Because they are computer
programs, they do exhibit very deliberate behaviour. Detailed
descriptions of known viruses are available in books, with antivirus
programs, or on the Internet. The Internet is the best place to find out
about viruses, because information on the latest viruses is
available almost immediately they are documented in online virus
bulletins or encyclopedias.
While computer users often blame viruses for the odd behaviour of their computers, this is most commonly caused, not by infection, but by infestation -- with software "bugs" (faults in programs). The level of complexity in computer software these days is enormous, bugs occur frequently and bug-free software would be unaffordable for most people. (Mission-critical software, like that which controls jet aircraft, is meticulously designed, extensively tested and very expensive.) |
Primary prevention |
The best protection against computer virus infection is complete
celibacy. For absolute protection against viruses, don't trade
files with anyone; don't put your floppy disks in other people's
computers; don't allow other people to put floppy disks in your
computer; and don't connect your computer to any other computers.
Computer viruses cannot appear spontaneously in a virus-free
computer. However, while computer celibacy is safe, it is not for
everyone. Just as it is impossible to simultaneously attempt natural
pregnancy and avoid transmission of a sexually transmitted disease,
computer celibacy is clearly impractical if you want someone else's
file.
"Safe data transfer" reduces the risk of viral transmission. Write-protecting your floppy disks (by sliding the write-protect tab on 3.5-inch diskettes as indicated by the arrow below) or other removable storage media will reduce the risk of transmission of a virus to your floppy. Because the write-protect function is managed by software, it may be disabled by a virus. Write-protecting a floppy disk does nothing to prevent transmitting a virus from this "donor" floppy. |
 | |
Secondary prevention | Installing antivirus software is not unlike vaccination -- it can manually or automatically detect and prevent virus infection. Some antivirus programs try to detect "virus-like" activity and attempt to be a universal "vaccine". Unfortunately, it is impossible to reliably detect unknown (unidentified) computer viruses. |
Detection |
Early detection is important and, fortunately, antivirus software
can also act as a screening test. Unlike the complexities of screening
for human viruses, there is little effort involved in producing an
antivirus program capable of detecting every currently known virus.
Known computer viruses can be detected immediately, and all
potential new contacts (i.e., floppy disks and downloaded files)
should be screened with virus-detection software.
Computer viruses can act in many different ways. When faced with the question "Does my computer have a virus?", the simple answer is to use up-to-date virus detection software as the arbiter -- if an antivirus program can't detect a virus, there probably isn't one. Clearly, it is essential that you always have the latest version of your antivirus software. Ingenious computer programmers are always designing new viruses. Luckily, those that can easily evade your antivirus defences are quite rare. There are good commercial shareware (try-before-you-buy) and freeware antivirus programs available, and those distributed by user groups or available on the Internet offer frequent updates. |
Treatment options |
A computer virus may be removed by either an antivirus program or by
complete erasure of the infected storage medium. The importance of
keeping adequate backup copies of data files cannot be emphasised
strongly enough -- without them, your data may be lost forever.
Appropriate treatment of a computer virus infection depends on the nature of the virus attack. "Benign" viruses spread without altering any user data, and hence can be completely removed from memory and disks by antivirus software without any loss of data. On the other hand, removal of malicious viruses can leave damaged program and data files or corrupted directories. The only way to recover the files is from backup copies made before the virus infection. In the worst cases, severe virus damage could necessitate complete reformatting of damaged disks (including hard disks), complete reinstallation of operating system software, and re-creation of data files from backup copies. It is vital to have "clean" original software distribution disks, with their write-protect tabs in the "protected" position. Unlike human viral infection, reinfection with computer viruses is common. Disinfecting a computer does not confer any "immunity". To prevent reinfection, it is wise to trace all computer contacts; that means any computer you have traded data with and all of the disks or other storage media you use with your computer. All contacts will need to be screened; those that test positive will need to be disinfected. Contact tracing can stop when all contacts are known to be virus free. |
Conclusion |
In general, it is unlikely your computer will catch a virus from
original software distribution disks, especially from reputable
companies. However, viruses have been spread on original software
disks in the past, possibly by disgruntled employees, so you can never
be too careful. Also, CD-ROMs are not immune from viruses, although
the companies that produce them try hard to prevent viruses getting
onto CD-ROMs in the first place.
Lastly, and most importantly, we must recognise the value of our data and the importance of protecting it. To this end, practical guidelines are summarised above. While continued vigilance is essential as computer viruses often strike when you are least expecting them, they are only one small threat to electronic information Information security is a complete discipline in itself, 8 but that's another story . . . |
 | |
References |
|
Register to be notified of new articles by e-mail -
Current contents list -
To top of article -
©MJA 1997
<URL: http://www.mja.com.au/>
© 1997 Medical Journal of Australia.