The Seven Viral Myths

Myth: An anti-virus scan will resolve any virus problem that you have.

Uh, no. The thing that you must keep in mind is that this is one of the reasons why an anti-virus industry exists: There is no single piece of software that can clean up every single virus that you encounter. (Similarly, there's also no single piece of software that can shield you from every single virus out there.)

For that matter, the business of anti-virus software is reactive by nature: Anti-virus solutions are created in response to existing infections, not in anticipation of them. This means that anti-virus software almost always lags behind the most cutting-edge viral threats. It takes a while for people to identify any new strains, longer to come up with a safeguard against them, and even longer to clean them up completely. And by the time all that is said and done, the new generation of malicious code may already be spreading.

Anti-virus software will do a fair job of cleaning any older threats that your computer may have caught. Just don't automatically assume that it'll also handle any newer viruses that manage to sink their tendrils into your technical setup.

Myth: Your USB drive / external storage unit can't be infected by a virus.

This is one of the most appalling assumptions I've come across. Of course your external storage unit can be affected by a virus; in fact, USB drives, flash drives, portable hard drives, and data storage devices (like that iPod of yours) have a reputation as virus carriers.

I think that this goes back to the fact that, in pre-Internet days, the humble floppy disk (and its 3 1/2-inch successor) was the choice medium of transmission for most viruses. Now that diskettes are on the brink of death, however, and more viruses are being transmitted via computer networks (Internet and otherwise), the idea of virus transmission via storage unit has fallen by the wayside. In fact, modern Windows systems inadvertently contribute to this issue by automatically accessing these devices the moment you plug them in.

Myth: Macs (and other non-Windows-based units) can't be infected by a virus.

The anti-Windows lobby has long used this as a self-congratulatory point, but it's inaccurate for the most part. While the vast majority of viruses indeed target Windows-based systems, that doesn't necessarily mean that absolutely no viruses are written for any other setup.

Macs have their own viral problems too, as well as any other operating system that makes it to the general public. They just happen to run into far less attacks and incidences of infection — certainly a good selling point, but a far cry from implying that you're perfectly safe.

That said, I find it an interesting method to "cleanse" data storage units that are infected with Windows viruses by plugging them into a Mac and cleaning them out there. Hopefully there aren't any "modal" viruses that can hit both types of computers at once.

Myth: The purpose of a virus involves "breaking" your computer for no reason at all.

While some viruses exist to define the skills of their creators (mostly by fooling around with security settings), it would be foolish to assume this for the entire roster. In fact, it's tantamount to saying that a virus is more an annoyance than a major security threat.

Quite a few viruses nowadays were built with specific purposes in mind. The most common one involves stealing secure data by either screening the files that you open, logging the keys that you press, and tracking the applications or sites that you use. Other viruses steal processing power in some way, often to try and bring down a specific online site or service by overloading it with feedback. I imagine that there are a lot more of these purposes built into the modern viral generation, almost certainly enough to question the assumption that these things don't do anything but try to "break" your computer.

The bottom line, I think, is that any incident where a virus makes it into your computer should be seen as a good-sized security threat. Either your system should have been able to ward this off through its built-in settings, or it should have been caught by any counterintrusion measures that you have installed. Anything that bypasses these should be taken as a sign that something's wrong with your setup.

Myth: Your average virus creator is a young, teenage kid who likes fooling around with malicious code.

The media seems to like this stereotype, but it's not a good one to propagate. There are almost certainly some young virus writers out there, but to say that they're all pimply-faced kids working from their parents' basements is just laughable.

Virus writing shouldn't be underestimated. The whole business of writing, modifying and upgrading code is a pursuit that demands time and attention, especially when you consider that you're looking for ways to bypass existing security setups. In a sense, it's like an artistic hobby: You won't be much good at it unless you put in some effort and craftsmanship.

In fact, the prospect is even more removed when you consider that techncially-savvy adults may have more extensive backgrounds, better expertise, and greater resources to fool around with malicious code. There are definitely some younger programmers here (a lot of them, mind you), but one shouldn't make the mistake of assuming that they're all young and immature.

Myth: Your average virus creator is an expert computer programmer who knows how to break into secure systems.

On the other hand, one also shouldn't automatically assume that they're all expert computer programmers. Most bleary-eyed corporations fall into this trap: They think that a person is a technical expert just because he or she is capable of creating a virus (or has created one in the past).

Some people simply don't create viruses for the infamy and the prestige; they do so because they just want to toy around with a bit of code. Heck, there are more than a few amateurs out there who simply take existing viruses (or parts of viruses) and end up making variants that pose a much lesser threat than their original counterparts.

One interesting thing to note is that a lot of viruses don't actually work as intended. Either some configurations are too foreign for them to handle, or some anti-virus shields are too difficult to crack, or some sections of code don't function correctly at all. It's not as though every single virus creator strictly follows a set of guidelines for good programming conventions, after all; this is still a rather independent and informal setting.

A good virus that actually works as maliciously as intended is rare. You'll probably know them when you hear about them; These are the ones that usually make the news.

Myth: The anti-virus software companies are actually the ones creating the viruses, because it gets people to continue buying their product. The more viruses are out there, the more they're guaranteed some form of return business.

And of course, this article wouldn't be complete without the inevitable conspiracy theory. While I won't discount the possibility that a computer virus may end up finding its origins in an anti-virus collective, it would be absurd to say that this happens on a regular basis.

One good way to look at it involves asking yourself how many computer viruses you've ever encountered in your lifetime as a computer user. This is most likely a relatively small number, perhaps ten or so. Twenty would probably be your upper bound here.

In contrast, Wikipedia's list of computer viruses is so long that it has to be split into four or five sections. And even considering that I wouldn't necessarily trust Wikipedia on this matter, you can look up your favorite anti-virus provider's list of security threats and see just how long the list is. The truth is that, historically, only a small percentage of these viruses have infected a large portion of the population... which is really what you'd like a virus to do if you're an anti-virus company looking to drum up some business for yourself.

Despite everything that I've written here, I recognize that I still have a lot to learn about viruses and other security threats in general. I'm not too knowledgeable on how to recognize them, and I'm even less knowledgeable on how to remove them. (Like I said, I'm not a technical resource at all.)

Regardless of that, however, I think that we would benefit from a less stereotypical and more practical view of these things. It would certainly help us the next time we find that we've been infected in some way... although it's already too late for me to get that one hour of my life back.

No comments: