If virii are so dangerous, why is the internet still runing?

[dinsmoc () MEDIAONE NET (Christopher Dinsmore)]

If virii are so dangerous, why is the internet still runing?

Because for the most part, virus writers arent very good programmers...

Or at least the famous ones that is.

I know for a fact that there are lot's of very nasty little bugs out there
that no-one ever hears about unless they get infected. Ingenious things
really, written by incredibly smart people to do a very specific thing,
steal information, but those viruses never get the attention of a Melissa,
or the recent "Love bug".

In fact neither of the two examples I mentioned were really viruses at all
in the classic sense. A computer virus is strictly defined as any code that
replicates and distributes itself without direct user interaction. Melissa
was in essence a macro based virus, which only affects users running
programs using those macro type functions. Unfortunately since most people
check their email using Microsoft Outlook, or Outlook express, which of
course use those functions, that means most people are susceptible to
Melissa type virii.

"Love bug" is even less of a virus. It's a very simple visual basic script.
Anyone with a cursory knowledge of visual basic could have written that
code. Strictly speaking these bits of what in the securty industry are known
as hostile code or "malware" are amazingly easy to write. More than 90% of
all virii that I have seen are written with astonishingly bad code. Inifnite
loops, bad memory allocation, bad cleanup. Essentially just very poor
programming.

In fact, if you belive Robert Morris, the programmer who wrote the first
major "internet worm" that's exactly what happened to him accidentally. He
was trying to write a program to map and test the internet, and because of
some really bad code he had written it took down 80% of the worlds servers
instead.

But if that is the case why isnt the entire internet always in a total
shambles?

Two reasons. First, there are a goodly nubmer of people who know not to open
suspicios files. Most virii can only be spread by opening or executing an
infected piece of code.

And second, most people with the skill to program good virii aren't
interested in doing so. If they are that good, and want to program virii,
then they are also smart enough to make their code undetectable. The second
someone knows they have a virus, you can't do anything useful with it. All
you can really do is annoy someone. Assuming they kept good backups that is
(thats a discussion for another time.)

Yes folks, really the  only thing keeping the internet from a total meltdown
is that the people who have the programming skills necessary to take the
entire net down, really arent interested in doing so. They like the net,
they use it for their work, their play, and their lives in general. Not only
do they not want to take the net down, they tend to activley hunt down
anyone who does.

The real problem becomes, what happens when someone who truly hates the net,
say the government of Myanmar for example where it is illegal to even own a
modem without a license, pays a skilled and slightly insane programmer (we
all know a few of them) to write a truly nasty piece of code that could take
down the entire net.

As Michael Zalewski said in his post "I don't really thingk I love you" it
is not even very difficult to write a program that replicates itself, runs
it's instructions, which may even be downloaded from another location, then
erases all traces of it's own existence once it's finished. I have read
literally dozens of explanations, papers, specs et al about how this can be
accomplished.

My whole take on this, and the reason I'm wiritng this is becasue I believe
we need to develop technologies that will allow us to deal with this kind of
malicious code. Not only that but it is our responsibility as security
professionals to educate our users in the proper practices for preventing,
or at least reducing the impact of this type of program.

Okay, rant over. flame on ....

Christopher Dinsmore
============================
The eyes may be the windows on the soul
But the word is the doorway to the mind
============================