Computer Viruses: Hoaxes and Hype

There are currently over 13 000 viruses infecting computers.

Wrong! Of the mega-thousands of viruses known to exist, only a few hundred are actually "in the wild". This doesn't mean that it's enough to have anti-virus software that just detects those few hundred viruses, of course (you never know when a virus is going to 'leave the zoo' and end up spreading for real). On the other hand, you don't need to fall prey to the numbers game and get in an unnecessary panic.

Simply counting the number of viruses is not a good way of measuring the size of the virus threat. The impact of any specific new virus depends on a number of factors other than its mere existence, including its novelty (does it introduce a new infection mechanism?), its viability (does it work correctly only on PCs with exactly 8MB of memory?) and its distribution (was it posted to an Internet newsgroup, or merely sent anonymously on diskette to an anti-virus researcher?).

Moving the date forward on my computer so that it misses the virus trigger date, will ensure that the virus can't be activated.

Wrong! It's extraordinary that such an old myth is still doing the rounds. The virus is still there and can easily be triggered on other PCs; all you are doing is denying it the opportunity to show its side-effects on your own machine but giving it ample opportunity to spread to other people’s machines. Worse still, most viruses don't use the date to trigger their warhead - they use any of a limitless range of conditions, such as 'after 400 boots' or 'while printing every 12th document'.

Some viruses don't even have a trigger, date-driven or otherwise. They spread, and spread. It's the spreading that is the real problem - a virus infecting your computer is offending under the Computer Misuse Act. 'Unauthorised access' and 'Unauthorised modification', are both crimes. That is what makes viruses bad news. Any malevolent (or even supposedly humorous) trigger in a virus is simply the icing on the cake.

You can infect a write-protected floppy disk with a virus.

Wrong! Write-protected disks cannot have anything - and that includes viruses - written to them once the protection is in place (unless a specially modified disk drive is used to write to the disk). So, the write-protect switch on floppy diskettes is an excellent security mechanism for 'locking down' the contents of disks that you want to protect against unwanted modification -- malicious or otherwise.

So, write-protected disks cannot contain viruses.

Wrong! They can be write-protected, cellophane-wrapped, company-endorsed, whatever - they can still hold and therefore transfer a virus on to your machine if they became infected before being write-protected. The same goes for CD-ROMs. You can't infect them, but the creator of the original master disc can, before the CD-ROM itself is pressed. Of course, the nasty thing about virus-infected CD-ROMs is that the 'write-protection' is permanent, so you can never disinfect them!

Floppies and CD-ROMs sent by reputable companies are guaranteed virus-free.

Wrong! Some of the most prevalent viruses have spread rapidly just because of this misconception. Even major software companies have published viruses by mistake on CD-ROM. And they don't always learn from their mistakes. Some companies (try looking between 'microsecond' and 'microsome' in your dictionary, for example) have even done so more than once!

The anti-virus industry writes viruses.

Wrong! It doesn't. Enough said.

Virus infection isn't really an issue for us because we're not that big.

Wrong! Even a single user using any software, receiving emails with attachments, downloading from the Internet etc., needs to install adequate anti-virus software, such as Sophos Anti-Virus.

All viruses are sent maliciously.

Wrong! Most are sent inadvertently by people who don't realise they have them.

Macro viruses like those in Word documents are all we need to worry about these days.

Wrong! Macro viruses are rightly the "flavour of the month" (after all, we have gone from one macro virus to thousands in less than three years). Nevertheless, all virus types - boot viruses, file infectors, polymorphics and so on - still represent a real threat. Several boot viruses, for example, are still in the Sophos "Top Ten", published each month on the Sophos website (www.sophos.com).

If I surf the net, I might get a virus.

Wrong! Well, sort of. Most anti-virus experts will probably rightly tell you that you can't yet get infected 'simply by browsing the Web'. However, different people have different definitions for 'browsing', and the Web is making it easier to download files and documents, or to subscribe to mailing lists which will start to bombard you with emails (junk or otherwise), or to upgrade locally-installed software automatically at the click of a button. When you consider that even boot viruses (which spread only via the exchange of floppy diskettes) are still spreading pretty well, the risks that present themselves while you are browsing the Web should be obvious.

Since there are so many ways in which viruses can be 'wrapped up' and delivered across the Internet, the smart thing to do is to install a decent on-access virus scanner (Sophos Anti-Virus springs to mind!) on your workstation. This will protect you from intruding viruses regardless of the way they get in, whether they be from newsgroups, emails, file downloads - or even that exciting-looking CD you've just ordered by credit card across the Web.

People bringing a virus into the organisation should be disciplined.

Wrong! As already pointed out, this is not usually done maliciously, and disciplining the hapless "culprit" will just drive the problem underground. Much better to teach some awareness and good hygiene rules such as using a "dirty machine" for looking at freebie floppies. Of course if someone brings a virus in deliberately, that is serious and does deserve disciplinary action.

We've bought anti-virus software so we don't need to do anything else.

Wrong! Using anti-virus software is of course essential but is only part of a good anti-virus policy and needs to be complemented by good hygiene and education. The virus threat changes its face all the time and you ought to keep tabs on the threat to understand the current risks - and hoaxes.

I've heard that no anti-virus software is able to detect the Good Times virus.

Right (at last)! But only because your assumption is wrong :-) Good Times isn't a virus. It's a hoax email. It can't infect your system, or wipe your hard drive, or unleash any of the disastrous side-effects attributed to it. It doesn't exist.

It can, however, cause an enormous amount of unfounded concern and waste a huge amount of time if you are told you have got it and don't realise it's a hoax. It can also waste huge amounts of someone else's time if you do what the hoax tells you, and pass the 'warning' on to as many people as you can. This is why it's so important to maintain an awareness of what is happening in the virus world, so that you don't use up resources worrying about things that can be instantly dismissed.

© Sophos plc, used with permission