You are on page 1of 12

COMPUTER VIRUSES AS A LIFE FORM

“And God saw that it was good.


And God blessed them, saying ‘Be Fruitful and multiply’.”
Genesis 1:21,22

COMPUTER VIRUSES: ARTIFICIAL LIFE, APPLICATIONS AND ISSUES.

Mayur Hemani
Shreyansh Jain
PROLOGUE

The universe of computers is ruled by the whims of a handful of elite. Liberty is


scarce, creativity is restricted, and monopoly empowers them who are the pillars of
this red-taped bureaucracy. In this darkness, a creature possessing mysterious powers
and the soul of many a free mind is born. It is borne to break free of the shackles of
the dominant hypocrisy.

Some call this creature a VIRUS (Vital Information Resource under Siege), a term
coined by Fred Cohen in the late 1980s. The contemporary rationalists would have
probably called it a “Very-Intelligent Reproducing Undaunted System”. However, the
word remained, and haunted those who planned to conquer the silicon world by
means of sheer monopoly.
The very word disturbs the serenity of the heaven in which the software giants live
peacefully, indifferent of the difficulties of a common computer user.

WHAT IS A VIRUS?

To a layman, a computer virus is some demon (because demons represent disease),


that causes damage to computers. However, the technical definition of a computer
virus is far from this. In reality, the essential feature of a computer program that
causes it to be classified as a virus is not its ability to destroy data, but the ability to
gain control of the system and make fully functional copies of itself. This has nothing
to do with destruction.
Although, it is true that most viruses that appear in the wild are meant to cause
damage, the same does not go for all viruses that are created.

In fact, out of the millions of viruses that are created only a few thousand ever make it
into the open, and only about a few hundreds are known to cause widespread damage.
A virus, therefore, is just another computer program with the special ability to
multiply, i.e. create copies of itself. There are many viruses that do no harm to the
computer, yet are dangerous in their own self. And there are yet other programs that
are not viruses, but can cause a lot of damage.
ANATOMY OF A COMPUTER VIRUS

The imaginary schematic of a computer virus

A computer virus is a program capable of replicating on its own, i.e. create its
functional copies, which in turn can self-reproduce. The computer virus structure
looks something like what is shown in the figure above. The diagram shows three
parts of a computer virus – the payload, the replication routine, and the target-search
programs.

The payload of a virus is the effect that a user feels when the virus infects his/her
computer. The visible effects such as irritating messages, error messages caused by
the malicious program, the erasure or disclosure of some private, valuable data etc.
are some possible payloads of a program. The payload is the malignant effect for
which most viruses are actually despised. Payloads can range from simple, crazy
messages, drive cleansing programs, to sophisticated spy programs capable of
collecting specific information from the infected computers and sending them to
specified locations on a network (as the Internet).
The Replication Routine is the heart and soul of the computer virus. It is the program
that is responsible for the replication feature of the virus. Viruses are basically
programs, and so comprise of a few lines of code. This code (or a part of it) is referred
to as the signature of the virus, and is used for identifying different types of viruses.
The replication routine is responsible for two things – search and copy.
The tentacle like projections in the diagram refers to the target-search routine, which
may or may not be a part of the replication routine.

The first problem the replication routine must solve is how to find suitable objects.
A virus is always written so as to work attached to a certain type of carrier object,
such as a program file or text document created by MS Word, or a limited number of
carrier object types. The replication routine must be able to locate objects of the
correct type. This can be done by searching through the computer, file by file.
However, this is rather inefficient and requires a great deal of computer power. A
more elegant approach is for the virus to remain in memory and monitor system
activity. This enables the virus to infect files when they are used. The performance
impact of infecting a single file is so small that the user would not notice it. This
behaviour also improves the ability of the virus to spread, as recently accessed files
are more likely to be transmitted to another system.

The idea that viruses can remain in the memory of a computer is taken from a class of
programs called TSR (Terminate and stay resident) programs. These programs remain
in the memory, once executed and are activated whenever a specific event (called the
trigger) occurs. A computer virus does things similarly. It latches onto particular
interrupt services, and whenever they occur, these interrupts result in the execution of
the viral code. This is followed by the normal routine being executed in order to cloak
the presence of the virus. Thus, in a way, the virus gains control over the system and
does what it wants to without getting detected in a direct way.

An example of viral activity can be shown by means of a virus called the ‘STONED’
virus. This virus belongs to a class of viruses, called boot-sector viruses. The virus
infected the boot sector of floppy disks (floppies were used for booting systems,
then). Each time the system booted, the viral code was loaded into the memory,
allowing it monitor all the floppy disks that are used on the computer, and copying
itself to their boot-sectors. The virus in this case, however, yields its identity by
flashing a message – “Your computer is now stoned”.

Several classes of viruses exist, of which the commonest are – boot-sector viruses,
macro viruses, and parasitic viruses. Macro viruses affect documents that allow
specific instructions to their respective document-processors, such as Microsoft Word
Documents. User-defined macros are replaced by new virus-infected versions that are
executed whenever the document is accessed. Viruses may also be classified on the
basis of the domain that they affect. PC-viruses and Network-viruses ( WORMS) are
the two main clans of viruses in this respect. The most widespread viruses are actually
worms. The notorious SirCam, Nimda, Melissa etc. are worms that use Internet
services such as e-mail to spread.
In the context of virus types and the focus of this paper, a special mention must be
made to a rather new kind of virus-class called Polymorphic viruses. These are highly
sophisticated viruses that possess equally deadly payloads as those of common
viruses, as well as a very special way of escaping detection. These viruses appear in
different places in different forms (hence the name).

Polymorphic viruses change their signatures from target to target to escape detection.
While even a single copy of the virus survives, the virus dwells on the computer. This
is a feature that cannot be accounted for even by programs specifically written to
detect and remove viruses from computer systems.

By varying the code sequences written to the file (but still functionally equivalent to
the original), or by generating a different, random encryption key, the virus in the
altered file will not be identifiable through the use of simple byte matching. To detect
the presence of these viruses requires that a more complex algorithm be employed
that, in effect reverses the masking to determine if the virus is present. This stealth
technique makes a Polymorphic virus a dangerous adversary, and an interesting object
of study.

POLYMORPHISM IN VIRUSES

Computer viruses of all classes are so despised that it is hardly noticed how closely a
computer virus can resemble living creatures. Viruses are associated with destructive
perspectives of computing. Following is an analogy that can be drawn between a
microbial organism and a computer virus.

COMPUTER VIRUS: ARTIFICIAL LIFE?

Computer viruses can actually represent a form of life that is known to mankind –
microbes. These viruses bear a close resemblance to their biological counterparts.
Real creatures are born. So are viruses. Real creatures feed and reproduce, and so do
computer viruses. The real ones evolve and adapt, and it is possible for computer
viruses to do the same.

 VIRUSES ARE BORN: -


Computer viruses, as explained are nothing but programs of a certain kind, which
have the capability of breeding copies of them. But, it is very rare to find a virus that
can actually brew formulae for altogether new viruses (Polymorphic viruses being
exceptions). They have to be born in the computer world, and to be brought into
existence they must be executed atleast once.
It is notable that all malicious effects of a computer virus begin from its execution.
So, basically a virus is nothing more than a few lines of code, inserted into some
programs or documents.

 VIRUSES SPAWN A NEW RACE: -


Computer viruses are initially brought into existence by human beings. However, they
possess the capability of generating their copies and attaching themselves to new
victims. Just like a biological virus, a computer virus can replicate itself, passing on
its fingerprints to its kin. The new entity so obtained is itself capable of generating
new copies, thereby spawning its race.
Unlike mammals, however, viruses do not require mating to reproduce. They have
their own ‘DNA’, which allows their duplication. The part of a computer virus, which
enables it to replicate itself, is the replication routine of the virus. Every virus must
have atleast this feature, that it may create its children.
So even viruses have mums!

 VIRUSES FEED: -
Computer viruses use up system resources for their own survival. Important resources
like, memory (it cocoons the memory with certain protection measures to prevent
direct access to the viral code), disk-space (inconspicuous), network bandwidth (in
case it is made in order to slow a network down), interrupt services for its own
existence, and so on. The items on the menu are too many. Some viruses are known to
modify hardware configurations (the CIH virus tries to modify the Flash BIOS).

True, this is destructive. Yet, considering the fact, that very much like computer
viruses, we human beings are never useful to any other species, and yet we use up
resources, the viruses are perhaps better than us (atleast they exist only in the
computer world).
 VIRUSES GROW/SPREAD: -
Computer viruses are known to spread rapidly and undetected owing to the stealth and
anti-detection mechanisms built into them, from computer to computer. The only
restriction to a computer virus is that it is a program and so cannot go beyond the
realm of computers.

 VIRUSES EVOLVE WITH GENERATIONS: -


Computer viruses of the present generation are smart; so smart that they can actually
change their appearance to avoid detection. And upon being detected, some viruses
can not be removed from their hosts. Either the host program/document has to be
erased, or isolated from access. This is so because the viruses that infect programs and
documents attach their code in such a subtle way that without corrupting the file it
would not be possible to remove the virus.

 VIRUS METABOLISM: -
All computer programs use up computer resources. However, they do so for the user
of the program, and not for themselves. Real organisms metabolize material into
energy, for their existence. It goes for the computer viruses as well. If a virus would
not lock up certain resources of the computer it infects, its survival would be out of
question. Thus, it is possible to understand this phenomenon as a form of viral
metabolism.

 VIRUSES FIGHT FOR EXISTENCE: -


Some viruses are known to attack other species for acquiring the resources held by
them. Some viruses show this kind of predatory behaviour. For instance, the DenZuk
Virus seeks out and overwrites instances of the Brain virus if both are present on the
same system. Other viruses exhibit territorial behaviour—marking their infected
domain so that others of the same type will not enter and compete with the original
infection. Some viruses also exhibit self-protective behaviour, including camouflage
techniques.
EVOLUTION AND ADAPTATION IN A COMPUTER VIRUS

The concept of evolution and adaptation is alien to computer programs. The idea that
a computer program could change with time and adapt to its changing environment is
a bizarre one. But it is possible, atleast in theory to build such a virus that can adapt to
changes in its environment, and evolve with generations.

Adaptation here means the changing of a virus’ appearance in its lifetime, in order to
nullify the effects of its changing environment (typical of that caused by anti-virus
software). Evolution on the other hand refers to changes inculcated in the virus
program over the generations (mutations). Computer viruses of the present era are not
capable of evolving and adapting. Consider, for example, the polymorphic viruses.
These viruses use a very special stealth technique that involves changing the virus
signature in the files that it has infected. However, this is not really an adaptive
measure, as it does not have any intelligent real-time decision making involved.

Consider a new virus – one that can evolve as well as adapt autonomously. To
accomplish the making of such a virus, the following things must be taken into
consideration: -
The main threats to a virus are: -
i) Anti-virus software which uses signature-scanning to detect the presence
of viruses.
ii) Accidental erasure of viral code.
iii) Firewalls and other preventive software that filter data packets entering a
network-node.
iv) Hostile conditions – such as inoculations.

The virus under consideration must possess the intelligence to: -


i) Change its appearance with a change in its environment. Switching
between payloads (because most viruses are detected in the first place
because of their payloads) may bring about such a change.
ii) Pass on a different sequence (or encrypted sequence) of code to its
successors.
iii) Span a variety of targets, not just one type.
iv) To actually disinfect hosts and copy itself to another, in order to remain
hidden.
v) Pry into the system files of an operating system, and subtly change its
services to suit itself.
Following is the idea of a hypothetical virus that can both adapt and evolve, as
well as do a few things that are possible for only a living thing.
i) This virus, for now, is a simple PC executable infector.
ii) It possesses the feature of polymorphism.
iii) It has a database of payload codes that it incorporates randomly in its
copies.
iv) It has a powerful encryption scheme (such as one-time pads), to encrypt
viral code in a polymorphic manner.
v) It has a recursive scan-engine that scans for other viral-presence, and
adopts their payload functionality as its own.
vi) It can change its host (disinfecting the prior one).
vii) It recognizes itself, i.e. prevent redundant operations of copying.
viii) It possesses the capability of upgrading itself, every time it is provided
with an upgrade patch.
ix) It can sense a virus-detection in progress in advance. This allows it to
escape being sensed by even the most powerful anti-virus software.

In theory, it is possible to make such an adaptive and evolving virus. However,


common sense tells us that such a virus would be too big in size to actually reside on a
system, because learning and deciding program involve the use of sophisticated
programming techniques (as self-teaching networks). A different approach could be to
use the services of programs already present on the computer system for its own
working.

Then again, it IS possible to make such a virus, on a computer (or perhaps a whole
network), dedicated to this virus. But who would ‘waste’ valuable infrastructure on
computer viruses? After all they are ‘useless’.
In our opinion, research in the field of computer viruses can prove to be really useful
to mankind as a whole, and can find utility in several arenas.

APPLICATIONS OF COMPUTER VIRUSES: -

1. Applications in military operations


A computer virus can be a powerful soldier in the modern era, because computers
(and networks) are definitely going to be used in the near future in weapons and
war-equipment control technology. Only a computer virus can actually penetrate
the defences of a military computer system. Once into the system, the virus is
uncontrollable mostly. Because of this feature of virii, till date, most military
systems are kept heavily guarded against unsolicited data transfers.
A virus can also be an expert spy. Trojans, for instance, are programs that collect
valuable information from a computer and send them to a predefined computer
through a network. Because viruses can outnumber the number of defensive
measures taken by a network administrator (as in the case of network worms),
they offer an entry passage for hackers, etc.
If such technology were put into implementation, there would be an uncontrolled,
unguarded exchange of information between enemy nations. This would, in turn,
cause a deterrent environment to be created, which could prevent wars.

2. Applications in maintaining market parity: -

Some software companies try to play God. They disallow programs of other
vendors to work properly on their platforms, integrating features for their own
programs to run predictably well. If this is allowed for long, and the platform does
succeed in climbing the consumer’s preference levels, the company could
monopolize the entire market with their products, and there would be no laws
(because we live in a truly capitalist world) against them.
Viruses specific to such vendors products are often the breakthroughs needed to
crack open the corporal conspiracy.

3. Application in preventing piracy of software: -


The Brain virus made by two Pakistani brothers in 1986 was the first computer
virus known to spread from computer-to-computer through floppy disks. This
virus was made in order to prevent piracy of the software that they sold. Computer
viruses may be used to prevent piracy of software, i.e. making illegal copies of the
software for the purpose of selling it.

4. For solving problems like cracking crypt keys: -


For a long time, the problem of cracking crypt keys using brute-force attack in a
small time has bewildered researchers. A solution to this problem was the use of a
distributed computing environment capable of generating the permutations in
parallel. The Internet can be used for this purpose, but the problem is to convince
the millions of users to allow the use of their system for this computing purpose.
Computer viruses can solve this problem, without the need for convincing the
computer users. An Internet worm that remains silently present on a million
systems, working to break a key when the systems are sitting idle, can be used for
this purpose.

APPLICATIONS OF THE VIRUS AS ARTIFICIAL LIFE: -

1. Applications to study of microorganisms


A computer virus may be deemed to be a form of artificial life. Although it lives in
a different world from ours, the rules of nature hold for it too. A virus cannot
survive too hostile an environment, and if cannot adapt, it perishes. This similarity
with microorganisms may be used to study, by means of simulation, the actual
chaotic behaviour of real viruses and other microorganism. It is very difficult to
associate computer viruses with any other creatures but microbes, because of the
fact that the functions of a microbe are limited to surviving, feeding, breeding and
responding to stimuli. But given a particular set of conditions, computer viruses
can actually provide vital statistical information about the behaviour of a real
biological microbe in that particular environment.

2. Applications to developing strategies for war: -


Computer viruses exhibit a non-deterministic behaviour, which very few programs
can. A computer virus can be designed to simulate the battlefield of modern times,
in which each virus would be an enemy and would possess powers ranging from
killing to wounding and destroying other objects. Trainees can then build
strategies around particular software, to win over the viral enemies.

ISSUES RELATED TO COMPUTER VIRUSES: -

1. FROM CONTROL TO CHAOS

Human beings always like staying in control of things. We have tried to build
technology that tries to bring even natural things under control, some for welfare
of mankind, some just to prove our power. It is difficult to shift our attitude from
that of controlling everything to infesting chaos in our environment.
A computer virus represents chaotic behaviour. This is one of the reasons why the
viruses are so despised. Controlling a virus is equivalent to building a dam on a
river when it is raging with flood.
Viruses are uncontrollable creatures, much like real viruses. The idea that the virus
introduces chaos in a computing environment is detested because human beings
love order, order that is not natural. Nature does not build gardens, we do.

2. VIRUS MAKING WIZARDRY or WITCHCRAFT?

Are virus makers a bunch of frustrated losers, or are they some of the most
brilliant programmers in the world? Such questions hold no meaning to the
corporate world. They lose their valuable data and time to viruses in the wild.
There is no reason for them to be in favour of making viruses. But they must
realize a few things about virus attacks: -
i) Viruses spread because of a monoculture in software usage. Most
organizations prefer the standardization of the platforms and the software
that everybody in the organization uses. Consider this fact – one of the
deadliest worms ever, Melissa, spreads to only those systems that use MS-
WORD 97, MS-Outlook mail-client and MS-Windows. Since these are
some of the most widely used software the virus did create havoc. But to
users of Linux, or Mac-OS, or other operating systems, the virus was just
plain news.
In a managed forest, where all the trees/plants are the same, a disease
spreads like wildfire, because all the victims have the same defenses and
the same biology. Thus, monoculture is a prime reason for virus attacks.

ii) Computer viruses are targeted at specific software vendors, often to break
their monopoly.

iii) A virus does not always mean damage. Computer viruses are creatures,
just like us. They live in their own world. Isolate them, and they are the
most interesting pieces of software.
Does anyone think about it – an average human being does not even do a single
thing for the welfare of another species of life on this planet. Why condemn the
computer virus when mankind itself is a ‘disease’ to this planet?

Computer virus making is an art. Not everyone can do it with the finesse of an
artist. Virus programming is one of the most sophisticated programming in the
software world. The keyword for a virus programmer should be responsibility.
Viruses can do a lot of harm, if they are let loose. But then, it is in the hands of the
creator to control the virus from spreading. After all, a virus must not do
intentional harm to others.
The author of the book ‘the little black book of computer viruses’, Mark Ludwig
says in his book – “I am convinced that computer viruses are not evil and that
programmers have a right to create them, possess them and experiment with
them”.

As long as it does not hurt others, virus making is pure programming genius.

You might also like