Talk:Computer virus/Archive 1

Archive 1

Archive 2

Archive 3

Ironic

The sentence that says that it is ironic because as more people buy macs, they will be targeted more shouldn't belong. This is not a known fact, and this is not an editorial. Only known facts should be here.

Virus and Worms

Virus and worms are not the same thing as implied in the opening statements, and a virus is a piece of code that is attached to some other program, etc... while a worm doesn't need to be attached to other code but propagates itself through a network searching for vulnerable computers.

Rather than assuming that infectious programs fall strictly into one of those two categories, it's probably more useful to consider those to be two possible behaviors. --FOo 03:28, 19 January 2007 (UTC)

Accidental creation of viruses

Yes a destructive/harmfull program can be created as a result of a programming error (bug) including a fairly simplistic virus. But most of today's viruses are too complex to be created at random. While random code generators have produced trivial viruses, there are no reported cases of randomly produced viruses in the wild. "Coppying errors", have never beenseen to produce viruses because computers are very good at making pefect copies of sequences of bits and data being coppied over a network or other medium is usually subjected to checksums meaning a random change would have almost know chance of matching the checksum. how to kill the virus and worm? —The preceding unsigned comment was added by 58.54.62.152 (talk) 03:52, August 20, 2007 (UTC)

compression virus

Didn't know where to put this so sorry in advance if it is in the wrong place. Can i suggest if something could be added about a 'compression virus' as opposed to a 'polymorphic virus'. Just so that it outlines the difference between the different methods. The reason i am suggesting it is because they are harder to pick up that other viruses (size doesn't change etc.) ... i wouldn't be the best person to do it though, so i guess i am passing the buck, sorry.

Link spam

I edited the following line out of the page it was in there like 50 times. Someone thought they'd be smart and spam the crap out of this article.

"(most important sites to to remove spyware and viruses suggested by tony philip devassy of spyware and virus support dell helpdesk. prevention is better . http://tonyphilip.cjb.cc/ http://philip286.cjb.cc/ http://tonydevassy.cjb.cc/)"

←== Macro viruses versus Trojans ==

"Since the mid-1990s, viruses which infect operating systems or applications directly have been eclipsed by macro viruses. Written in the scripting languages for Microsoft programs such as Word and Outlook, these viruses spread in the Windows monoculture by infecting documents and sending infected e-mail. "

Whoa wait a second, a "macro virus" isn't a virus in the strict sense of the word as defined earlier in the article (which by definition inserts itself into innocent code in a different program). It is only a virus in the larger sense of malware. For example, a .bat attachment which is attached to an email is essentially a trojan horse. Many microsoft programs had a design flaw that automatically made them run these trojan horses. In fact, I think it should be made clear that viruses under the more strict definition are extremely much more rare then other malware.

Apple (NeXT) started the problem

It's interesting that the first virus according to the article was for an Apple OS. It's also interesting, though not in the article, that it was NeXT, through their MIME standard that paved the way for the email virus.

==

Headline text

compannion virus is a companion file that is excecutable virus whioch is infwect to it ==

Origins of the term 'Computer virus'

I think the term Computer Virus originated much earlier than 1985. My high school maths teacher explained the concept to me and used the term in 1979 or 1980. I got the impression it was not exactly a new thing then, although the actual number of viruses that had spread in the wild at that early date must have been very small.

Perhaps the worm paragraph should make the distinction between viruses and worms clear while also noting that the two concepts are often conflated in general use. -- Taral

The term computer virus was around in 1973 according to the imdb.

http://www.imdb.com/title/tt0070909/trivia <a href="http://www.mariegriffiths.co.uk">Marie<a>

IMDB is hardly authoritative. But I do recall hearing the term (and being very taken by the biological metaphor) as early as 1976. Isaac R 06:21, 16 Apr 2005 (UTC)

there was also a science fiction story "The Scarred Man" written by Gregory Benford that features programms called VIRUS and VACCINE. the story was published in 1970.

Advice regarding prevention of viruses

How about some advice on how to protect your computer from a virus? Such as: turn off the feature in Microsoft Office that automatically runs a virus (er, macro) when you open the document. Ed Poor

How is this pertinent to an encyclopedia? What you are suggesting seems more suitable for a tutorial. Perhaps there's a Wiki for practical, DIY type information.--branko

Microsoft as a monopoly

Instead of branding Microsoft as a monopoly (which may provoke controversy), why not research its market share in the types of programs that tend to spread viruses? For example, you could say that 83.7% of American workers use Microsoft Office and are thus vulnerable. Ed Poor

What about the Microsoft antitrust case? Kind of official "branding"!

The only reason Microsoft has all the viruses is because they have ~85% of market share. All programs have security flaws, it is only a matter of how many people they can target. Just my two cents. FA from Astral

No, that isn't the only reason. Microsoft has a history of going for "features" rather than security in their software. The Word macro viruses and the exploitation of vulnerabilities in Outlook express are the result of inattention to security, not market domination. Word and Outlook could both have easily been designed without the vulnerable features that virus writers have taken advantage of, but Microsoft wanted "power", and handed over too much. TheNameWithNoMan (talk) 17:20, 30 April 2008 (UTC)

Link to Elk Cloner source code

Why was the link to Elk Cloner's source code removed? GregLindahl

---

I probably did that accidentally when I reorganized the article. I restored the link. I also cleaned up some of the text at the end about Microsoft vulnerability. Sure, it's something that ought to be said, but it doesn't need to be said three times in different ways. Just the facts. --LDC

Reasons for the vulnerability of the MS Windows platform ; Microsoft's monopoly position

Cunc, I think you're way overstating the Microsoft case, to point of absurdity. It is a true, accurate, and useful observation about computer viruses that whoever has a market-share lead in desktop OSes is going to have the most viruses. That used to be Apple DOS 3.3; now it's Microsoft Windows. It's not at all appropriate to single out Microsoft in an article that's not really about them: it just happens that they have a current monopoly position that makes them vulnerable. It's also totally incorrect to single out their "closed source" development environment, because almost every commercial software company has that problem: MacOS viruses and Solaris viruses are more dangerous than they might be if the OSes they infected were more open and easier to update. I've been personally Microsoft-free for years, running Linux on two machines at home, and the lax security of Microsoft products is a big reason for that. But let's not change an encyclopedia article into a platform for preaching the Linux religion, shall we? --LDC

There are a couple of issues here:

-There are two reasons for vulnerability of Microsoft software, one being that MS have got the monopoly on the desktop, the other that MS apps have holes in them the size of a something very large. Together they form a potent brew.

-Never before has so much virus damage been inflicted on the world. I have no exact numbers at hand, but I am sure you will be astonished once you find out. Why does everybody remember the Titanic? Surely, boats have sunk before? And what's so special about Galileo saying the earth revolves around the sun? Surely many others have said it before him? It's the impact that counts. Of course, the Titanic and Galileo are subjects close to Western culture and I would not want to advocate that a page about great disasters should link to the sinking of the Titanic, nor would I argue that a page about astronomy should link to Galileo. But computing is pretty much an originally Western affair, and the vulnerability of Microsoft product users to virusses, whatever may be the reason, should be mentioned, IMHO.

Well, yes, Microsoft's monopoly causes something of a monoculture; yes, Microsoft software has bugs and security holes you can drive a truck through. But let's not pretend that the media's present virus-mania represents any major change in the nature of virus attacks, or that it's specifically due to Microsoft. Indeed, the first time the news media made a big deal about a virus that caused a lot of damage was the Morris worm, and that only infected Vaxen. The last few major viruses were macroviruses for Microsoft Excel, Word, Outlook, Outlook, and Outlook. OK, so Microsoft Outlook sucks. That's hardly big news to folks in the business, and it certainly doesn't represent anything like a major flaw in the nature of the Internet (after all, Microsoft servers are still a minority on the Internet), or a threat to national security or something. I think the article does a good job now of explaining why you might want to consider not having the same e-mail program as your neighbor, and that's a good thing. --LDC

---

In reference to the term "monopoly", I already did weasel out and say "near monopoly", but I think it is important to the point being made that we use much stronger language than "market leader", because mere market leadership isn't enough to cause the monoculture problem. The problem really is caused by the fact that a huge majority of people have Word, etc. Besides, the term "monopoly" is a legal fact now, even though they can't yet decide what to do about it, so Microsoft has utterly no standing to complain about it (as if they would anyway) You can't let irrational and uninformed fear of libel suits guide production of encyclopedia articles. Grow a damned spine and write the facts; after they sue, maybe we can change things. --LDC

---

OK, OK, I see where you're coming from. I just didn't want to see Wikipedia become the place where Linux and Mac advocates voice their bitter hatred towards Microsoft... it is an encyclopedia areticle, after all. Anyway, I was thinking, shouldn't we mention something about antivirus programs? Surely that in itself has become one of the larger software selling points- most new computers come with an antivirus program.

---

Yes, there should be more on that than the present brief mention. I'll see what I can do. --LDC

---

Cunc, I still think "near monopoly" is the better term here, because I'm using "monopoly" in the sense of "no alternative" to emphasize the monoculture problem, not in the legal sense of "anti-competitive business" which is irrelevant to this article (except to the degree that the latter leads to the former). In that sense, clearly unadorned "monopoly" isn't true, because there have always been alternatives, they're just not commonly used. In other words, what I'm trying to say here is that a Word macrovirus is especially dangerous because almost everybody has Word and passes documents around. That "almost" isn't just a weasel-word thrown in to be PC, it's important to keep the statement factual. --LDC

Article formatting

Just curious, Cunc, but what do you have against paragraphs? Each of your edits seems to add subheads every few sentences, and every sentence its own paragraph. You're stealing all my screen space!  :-)

Paragraphs are evil. I'm not really against paragraphs, but I feel it's important to separate individual ideas as much as possible, so that we don't let confusion/vagueness/ambiguity of one idea infect another. Sometimes I'll try to recombine things into paragraphs; sometimes I try to break things apart. This entry seemed to need some breaking apart to discern the separate issues, which could then be broken off into separate entries. --TheCunctator

The ideas are separated: by periods, into sentences. Sentences are then grouped into overall topics, which are called paragraphs. It has worked quite well for centuries, and I suggest you try it. Certainly macro viruses as a separate entry makes sense, and other topics will split off as more information about them is provided. But a paragraph of only one sentence shows a basic misunderstanding of English prose structure, and subheads every 2-3 sentences is just silly. Please, let the writers write. --LDC

Microsoft's market position

The legal sense of "monopoly" is not "anti-competitive business". It's "having enough market share to be a) immune from competitive pressures and/or b) able to act anti-competitively." It's certainly true that b) doesn't have much to do with computer viruses, but a) does.

"Near-monopoly" doesn't seem to quite capture what you mean; I don't think one can reasonably talk about near monopoly, just degrees of monopoly.

In that sense, clearly unadorned "monopoly" isn't true, because there have always been alternatives, they're just not commonly used.

Rather, I'd say it certainly is. "Monopoly" doesn't mean no alternatives, it just means not enough alternatives for free market pressures to be effective: it means exactly what you wrote after "because".

If you don't buy my argument, we could always change it to "market dominance". --TheCunctator

---

"Monopoly" is not one of those words that has degrees--it's like "unique", either it is or it ain't. It's not possible to be "very unique" or "slightly unique", but it is possible to be "almost unique" or "nearly unique". Likewise "near monopoly". I realize it's been watered down a bit now that its meaning has been usurped by the economic version, but that's not the primary meaning of the word. The word really does literally mean "no alternatives", and it still has that connotation to my ears (and probably to others of my age). That's a fine point of English usage, but I want to get it right. --LDC

First you said something is either unique or it isn't then you said something can be "almost unique". "Very unique" and "slightly unique" make a lot more sense than "almost unique" which is a clear impossibility.

If MS has been found guilty of running a monopoly then you can say they have a monopoly. If not, it doesn't matter how it hits your ears or which definition you're using, it's a legal term and has legal connotations. 68.166.68.188 (talk) 07:12, 23 January 2008 (UTC)

Viruses on the Linux platform

Is it correct that Linux has far less viruses than Windows? --User:Hirzel

Bluntly, yes. There are several thousand known viruses for Windows, as can be seen in browsing Symantec's encyclopedia of viruses. In contrast, there have been only a handful of true viruses that run under Linux, all of them confined to experimental settings.

(Numbers out of date- a recent news report claimed the number of computer viruses has hit the one million mark^[1], mostly Microsoft platform based of course. There is much variation in the way different experts count them. There were certainly a few thousand 15 years ago. On a more pedantic point, it is never correct to say "less viruses"; it should be "fewer viruses". TheNameWithNoMan (talk) 23:26, 24 April 2008 (UTC))

A true virus is unlikely under Linux, because it must be run by a user and infect either an executable file, a library, or the boot sector. All of these are owned by root, and an ordinary user doesn't have write access to them! The distinction between root and an ordinary user in Linux is much stronger than that between the Administrator user (or "system context") and an ordinary user in Windows. (It could also be said that the Linux/Unix permissions system is much less flexible than Windows's!)

There have, however, been a number of network worms infecting Linux systems, such as the Ramen worm and the recent Slapper worm. Windows, however, has had a great many more worms, including last year's infamous Code Red and Nimda, and the endless torrent of email-based worms such as Klez, Snowhite, and ILOVEYOU.

The media have been making comparisons between Slapper and Code Red as if they were similar in their spread. They aren't. Slapper has infected a few thousand systems in a week or so. Code Red infected that many in an hour, and within a few days had spread to over half a million systems! Slapper's innovation is not its spread, but its payload -- a unique sort of DDoS program based on P2P design principles.

I hope this clears things up a little. --Fubar Obfusco

Name of the article

Why on earth was this article renamed from computer virus to Virus (computing)? --Brion 11:23 Oct 23, 2002 (UTC)

Good question! That sounds like a better place for it to me ... --FOo

I've moved it back here. No one would ever spontaneously link virus (computing) or let it appear in the text of an article without piping it, while computer virus is used constantly. --Brion 01:05 Oct 24, 2002 (UTC)

Spontaneous creation of computer viruses

A small percentage of viruses are the result of computer code that operates in an unexpected manner,

Can anyone support this rather shocking statement? Tempshill 05:26, 29 Jan 2004 (UTC)

I am convinced that this claim is false. It is certainly possible that bugs in legitimate programs can result in damage that is similar to the effects of some malware. However, I can't imagine a legitimate piece of code that is so similar to a virus that just a small modification (bug) can cause it to self-replicate. Bugs can cause much unexpected behavior, but self-replication of a complete application seems practically impossible to me. I have replaced the claim by "Viruses are deliberately written from scratch by people, are made by people who use virus creation software, or can be the result of modification of an existing virus. Computer viruses cannot come into existence spontaneously, or as a result of bugs in regular program. " Sietse 17:22, 15 Sep 2004 (UTC)

I would have to agree with the original statement but place emphasis on the "small percentage" aspect when regarding prior incidents in the past.

Recent advances in polymorphic coding (circa 2005) and more specifically metamorphic coding allow viral patterns to autonomously generate themselves with random mutations.

This technique in conjunction with randomized encryption tactics is an attempt to mask string signatures that may otherwise be detectable via standard Anti-Virus scanners.

Typically all the potential programming parameters and routines are encoded in the "shell" of a metamorphic virus, along with a compiler that allows the virus to "construct" a new variant of itself in a self replicating fashion.

Alternatively, autonomously generate executables have been created based upon the simple self mutating ASM code known as "Gloeobacter Violaceus" which is located here:

http://spth.host.sk/programs.htm

Unlike true polymorphic and metamorphic viruses, which are rather complex, this simple self replicating code randomly generates mutations in it's own procedure initially with no expressed viral intent.

Many "siblings" of this code malfunction since there is little to no error control or instruction set to guide mutation but occasionally some variants are prone to exhibit viral behavior.

The chances of that happening may be one in a million but the code can replicate fast enough on the modern multi GHz processor based system that the statistical chances become an eventuality rather than a probability.

Recombinant coding, a division of "evolutionary programming" is another example of an autonomous self programing tactic that can lead to spontaneous viral patterns and behaviour.

Although this technique is not very well documented at this time- the premise is based on the automated decompiling, evaluation and amalgamation of existing subroutines from salvaged applications.

--Burns 12:55, 04 May 2006 (UTC)

VIRUS Backronym

I always thought that VIRUS was an acronym for "Vital Information Resources Under Siege". But could not find a mention of it on the page. Jay 17:52, 2 Mar 2004 (UTC)

It isn't. Someone may have thought of that later, certainly, but that's not anything to do with the initial use of the term nor most people's definition of it now or at any other time. —Morven 18:11, 2 Mar 2004 (UTC)

Ok so its a backronym. I'll mention this in the article. Jay 06:33, 3 Mar 2004 (UTC)

One I've never heard of, and I worked at an anti-virus firm for three years. Are you sure this is at all a common one? —Morven 09:52, 3 Mar 2004 (UTC)

Thats how I was taught at school. Google gives 134 hits. The variety of the sites thrown up show that the myth/usage has spread wide. Its encyclopedic anyways. Jay 18:12, 3 Mar 2004 (UTC)

134 hits? That's not very many, considering that there are millions of hits relating to computer viruses. 134 is just enough to sustain the theory that it's folklore. If enough people buy this folklore, than you it becomes common usage, and you can call it a backronym. Meanwhile, it's just a cute story, and I vote to keep it out of Wikipedia. Isaac R 06:00, 16 Apr 2005 (UTC)

I believe this was originally coined by an author as the title of her (not very good or technically accurate) 1989 book about computer viruses[1]. era 09 May 2006

Common targets of computer viruses

"Common targets are executable files that are part of application programs, documents that can contain macro scripts, and the boot sectors of floppy disks. "

Isn't the "floppy disk" part a bit... well, archaic? Probably superceded by email as the big transmission medium.

--Sockatume 02:50, 20 Sep 2004 (UTC)

You do have a point. Boot sector infectors are less common than they used to be. However, according to the the wildlist, anti-virus researchers still regularly encounter bootsector viruses such as Form, Ripper and AntiCMOS in the wild. I think that's a good reason for including it in the "common targets" list. On the other hand, much malware that uses e-mail as a replication medium is technically a worm (not a virus), so that's why e-mail is not mentioned in the list. On the other hand, I guess it would be a good idea to add some information about the growth and decline of the various virus types in, say, the history section. Sietse 05:50, 20 Sep 2004 (UTC)

Virus page has been vandalized - and fixed

I'm not equipped to fix it. 209.155.42.7 14:52, 8 Oct 2004 (UTC) (ebear422 not logged in)

Fixed. Brendan 8 Oct 2004 (I wasn't logged in either)

Prescriptivism is not encyclopedic

Please keep in mind that the rules for making plurals and conjugating verbs were made up out of whole cloth to explain how already existing lanuages work. They do not exist to to "rule" languages. Languages are dynamic. In order for Wikipedia to become a leader and authority as a reference it has to lead, not follow.

Example, The OED just added 'bootyliscous' to its online dictionary. Prescriptivists would insist that it is not a word, but words are... whatever people are using, whether they follow the static rules or not. When the words people are using don't follow the rules then it is the rules which are incorrect and out of date, not the word. (Note - yes it is understood that not all made up words enter a given language. There has to be some minimum amount of large scale adoption, but how much adoption it takes is a grey area.)

The reference to viri has been in this page for quite some time, albiet in a non-NPOV form. Please don't remove it without some discussion here first so we can reach a consensus. Also please see Plural of Virus for discussion on the form. Jjk 21:12, 17 Nov 2004 (UTC)

Note to Fubar Obfusco, Please use logic rather than insults to promote your arguments. Saying "This is the English Wikipedia, not the Script-Kiddie k3wl d00d Slang Wikipedi" is clearly meant to be insulting and has no place in the Wikipedia.

I propose that we just note that there are tree forms in use, and that we leave the arguments and judgements about their correctness to the plural of virus article that was specially written for this purpose. No need to have this discussion in two places, in my opinion. Hence my edit. Sietse 21:31, 20 Nov 2004 (UTC)

I agree with Jjk's anti-prescriptivism, but that particular discussion needs to be in some more central place. As for virus versus viri -- you can justify either, whether you're a prscriptivist or not. "Viri" is good Latin, but when I learned how to be a technical communicator, I learned that you don't want to work too hard to maintain non-English inflections. This is partly because it's impossible to get it right all the time ("Octopi" is not good Latin, or even bad Latin -- it's a Greek word with a Latin ending!) But mainly because using non-English grammar is an invitation to confusion, unless the non-English usage is so well-established as to be idiomatic English. (Data, plural of datum, for example.) That said, people have a natural tendency to "correct" words like "viruses" and "styluses". There's no harm in this, as long is it doesn't get too silly ("abaci" will never get past my red pen!). Isaac R 06:02, 16 Apr 2005 (UTC)

Did you even read the plural of virus article?

'The viri form is also incorrect in Latin. The ending –i is used only for masculine nouns, not neuter ones such as virus; moreover, viri is the plural of vir, and means "men".' --Darksasami 21:33, 17 Apr 2005 (UTC)

Sorry, I overlooked plural of viruss. Sorry for pontificating without referring to it. But now that you mention it, I think it's a good candidate for deletion. Grammatical flame wars are not encylopedic.

Viri is a pun in Latin. Not that it matters, since, as I said, "correct Latin" is not the point. Isaac R 23:12, 17 Apr 2005 (UTC)

So are we using Virii or Viruses? I've always seen it as virii, so when I went through and did some grammatical edits I changed it to that. I can change it back, though. I just need to know which plural form we're using. And even if we choose the "wrong" plural form, let's try and only use that plural form. Xgamer4 12 Feb 2006

The only plural that makes sense in English is viruses. Virii is wrong in Latin, and its use has been deprecated in English so that it is not becoming valid English usage. Viri would be a valid plural for a second-declension masculine Latin noun; however, virus belongs to the less familiar fifth declension. The correct Latin plural of virus is virus, just as the plural of census is census. This leaves only one reasonable English option, which is to use the usual English method of forming plurals. That is viruses. Prescriptivism is not encyclopedic, but documenting the fact that a word has been considered incorrect is. Robert McClenon 16:35, 12 February 2006 (UTC)

You also changed the capitalization of the headings. According to WP:MOSHEAD, the house style is to "Capitalise the first letter of the first word and any proper nouns in headings, but leave the rest lower case." --RainR 16:57, 12 February 2006 (UTC)

Yep. I did. I've always used the way that has everything but words like "the" and such capitalised. There's a few sentences in there I made slightly more understandable, though, so don't just revert it back a few steps. I'll fix my mistake.EDIT: Titles are fixed. Personally, I think it looks better the way I'm used to seeing it, but it's really not my place to judge. Xgamer4 12 Feb. 2006

Add some virus code

I'd like to see some source samples in this page. In my opinion, famous viruses belong to the global human knowledge, and therefore NEED to enter encyclopedias. So it would be great if someone can find very famous source codes (such as brain of I love you)

King Mike 11:52, 28 October 2005 (UTC)

Wikipedia isn't a repository of source works. We should link to sites that show virus source code, just as our article Bible links to sites that have copies of the Bible, rather than including the whole Bible in the article. :) --FOo 15:48, 28 October 2005 (UTC)

Nov. 16 2005

Unfortunately I'm going to have to revert a large edit by the anonymous user 69.90.173.4 who reverted a total deletion by 212.135.1.84. It seems to have no wiki links at all.

Recombination

Some versions of Word have had bugs in the calls by which macros replicate themselves, causing occasional replication errors, which has sometimes resulted in actual evolution by natural selection. Also, again closely analogous to biological viruses, sometimes when a system gets infected with two Word macro viruses at the same time, recombination can produce a new virus (much as an animal host infected with multiple strains of influenza can produce a novel strain of influenza).

• Is there a single known case of recombination ? If so, it should be cited.
• Is there a single known case where replication errors produced some novel behaviour ? If so, it should be cited.
• Are there any cases of other interesting replication errors ? Like at least being able to avoid detection by anti-virus software because of being replicated in a weird version of Word. If so, it should be cited.

And if the answer to all 3 question is no, then this part should just be removed. Taw 06:01, 4 December 2005 (UTC)

It's true. I've added a cite. --RainR 06:10, 4 December 2005 (UTC)

I read [2], cited by RainR, and I have adjusted the wording in the History section to be less sensational. There is no evolution or natural selection occurring. It's a misleading analogy. I conceded "mating" because the cited researcher himself uses the term. But please, let's not get carried away with the metaphor. <>< tbc 22:06, 24 December 2005 (UTC)

mac viruses

I don't know who cited that guy at Newsweak but this is a naive and wreckless statement: ""Symantec's security team has yet to find a single Mac virus; by contrast, it spotted almost 11,000 new Windows viruses in the first half of 2005 alone.""

as is this sentence immediately following the quote:

"The fact that Symantec has found no viruses for Mac indicates that there is little if any reason to even bother running anti-virus software on computers running Mac OS X or Linux."

If you go and read the actual article, he wonders why Apple doesn't promote the hell out of the fact that viruses don't affect mac users. Here's one reason smart guy, it's not true! The quote is hearsay to start with and it's likely he misunderstood the context or misquoted his source. I really doubt symantec is that stupid. There was a particularly vicious one in October 2004. [3]

There are probably somewhere between 50-100 viruses for macs. Furthermore, the Microsoft Office software available and often included with macs is quite capable of spreading the macro viruses that are generally thought of as a Windows only phenomenon. It is recommended that mac users turn off macros and scan word documents and email attachments because even though it may not harm them, they can infect those they communicate with. Windows based Non-macro viruses can also exist in emulators, virtual disks, etc. clamXav is a virus scanner for macs. clamxav.com tells a few of the obvious reasons why mac users should We should probably delete that whole paragraph and add something about mac viruses. I think it's going to be an important and controversial edit so that's why I posted here instead of just doing it. --Victoria h 07:23, 5 December 2005 (UTC)

I agree, delete it. That paragraph is just misinformation.

$250,000 bounty

Microsoft's virus bounty: $250,000 to sing like a canary... by Will Sturgeon. Is this notable enough to add to the article?

Boot sector virus section

The section on boot sector viruses needs substantial cleanup. Throughout the article, it referred to "boat viruses" or "boat sector viruses". I have fixed that. However, portions of it appear to be garbled, or may have been badly translated from another language. Robert McClenon 19:35, 9 January 2006 (UTC)

Forgive me, please

I have read the german article and translade it using a translator, so please forgive me Anonimus --201.254.180.158 21:22, 9 January 2006 (UTC)

At least that explains why "boot" was changed to "boat". It was assuming that a non-German word was a German word. Robert McClenon 21:56, 9 January 2006 (UTC)

Please read Wikipedia:Copyrights. --RainR 21:25, 9 January 2006 (UTC)

Was it translated from the German Wikipedia, in which case its translation is within the scope of the GPDL, or was it translated from a German reference document that was copyrighted? Robert McClenon 21:56, 9 January 2006 (UTC)

It does look copied from the German Wikipedia. So not copyvio as far as I can see. I've thought about trying to correct it, but there's few english-language references, so I can't be sure that my interpretation of the translation is correct. Some of it is also a duplicate of existing content in the english article. If someone wants to bring over properly translated, non-duplicate content, with english-language references, that's fine as far as I can see. --RainR 23:42, 9 January 2006 (UTC)

I think I will revert it, and then slowly, painfully put it into English. There are reasons to have an M.S. in Computer Science, besides that it gets me paid slightly more. Robert McClenon 02:33, 10 January 2006 (UTC)

We are still waiting your translation Mr. Robert McCleon.

What happened to the following paragraph?

This paragraph seems to have disappeared: "Some people incorrectly argue that malware is only classified as a virus if it both meets the above definition and can infect a computer without user activation. By this definition, malware that requires user activation to run would be classified as a trojan or a worm. But, before computers were networked together, the only way a virus would activate (excluding boot sector viruses) was by user activation, so this never was part of the definition of a virus."

Discussion: The historically and logically incorrect "a 'true' virus requires no user activation" argument is used far too often, and needs to be directly addressed in this entry. Second, the seminal work on computer viruses (the original being his doctoral dissertation), Fred Cohen's <http://all.net/books/virus/index.html> "Computer Viruses - Theory and Experiments" gives the reasoning behind the plural, the origin of the term and who coined it, and the pseudocode for the first viruses.

--70.171.196.171 08:45, 30 June 2006 (UTC)

Reference Section

The reference section in this article needs fixing. It reads "author. title. work." as of now for most of its sources. Unless this is some new idiotic format. Quadzilla99 13:27, 29 August 2006 (UTC)

history

There seems to be missing important info here. According to http://www.etymonline.com/index.php?term=virus The computer sense is from 1972. We need to ask an expert or find an Internet page with relevant info. --Espoo 22:28, 24 September 2006 (UTC)

Can viruses harm hardware?

I had a virus infection, and when i formated the disk i could not boot from it to continue the OS installation. The computer restarts when it should boot from hard disk. Has that something to do with the virus infection?

--Unlikely, I wouldn't have thought that a piece of software could cause hardware damage. On the other hand, it might be possible for malicious software to put strain on hardware such as the CPU, hard drive. But like I said, highly unlikely.

--M Yelland

NumbNull (talk) 17:22, 18 April 2008 (UTC) Heat is the big killer of hardware, and a CPU's thermal generation goes up as number crunching increases (coolest when idling). Increased Reads/Writes to RAM probably increases the thermal waste of RAM chips and modules too. Hard disks spin at a theoretically constant rpm rate, but read and writes cause head & armature activity and the related EM fields in the mechanisms' actuators to pulse, all of which might result in increased waste heat.

So my experienced guess is it's probably trivial to write code to keep all of the above looping continuously (Compute the value of Pi to an infinite number of decimal places, Spock.) and constantly write and erase some value to the disks at random locations... etc. but that type of attack could not be GUARANTEED to melt down or do any harm to any properly designed, and maintained PC system with adequate cooling and ventilation. (Some systems can even survive marathon gaming parties with all GPUs maxed out and clock cycles blazing, after all.) Then again, an inadequate system may be close to overheating and smoking out when just sitting idling and petting its farm of internal dust bunnies. ;-)

Can anyone out there provide any definitive answer or case history of any soft code changing mobo or BIOS values for "overclocking" parameters, e.g. CPU core voltages, clock rates or similar? Those are usually tweaked manually in a BIOS or with hardware jumpers, etc. If code could do that on the fly, then that might be the primary definitive case example of viral hard targeting.

This issue has been endlessly argued in other places. Before there were webpages, the wrangling raged for years on the alt.virus newsgroup. I don't propose to go through it all again, but have fun. If you do think your computer hardware can be damaged by a program, I would suggest complaining to the manufacturer.

To the original question, what you describe is not characteristic of damaged hardware. You can't boot from a disk that has merely been formatted. If you format a DOS disk with the /sys parameter there may be enough of a system to boot into a command line on a text screen, but not much more. Nowadays, one would boot from the operating system installation CDROM, and install the system on the hard disk from there. Incidentally, reformatting your disk is generally useless as a method of virus removal, despite oft repeated myths. --TheNameWithNoMan (talk) 02:23, 21 April 2008 (UTC)

Link to my website

Hi, I am wondering if you could provide an external link to my webpage within this article. The page is Stopmyvirus.com it is a new site, and its main function right now is a virus/computer discussion forum. So please let me know if this would be possible. My name is Kevin, you can contact me at personal details removed. Thank you I appreciate it.

66.253.218.73 17:29, 1 November 2006 (UTC)Kevin (stopmyvirus.com)

Possible Copyright Violation

Certain parts of this article (such as most of the classification text) appear to be copied directly from a Symatec knowledge base article. Is there any reason for this, or have the edits just slipped through the net? Kel-nage 15:00, 3 November 2006 (UTC)

I dont believe it is a copyright violation. Unless the text is exactly the same as the Symantec document. Its understandable to note similarities in 2 documents talking about the same thing. Sspecter 13:32, 4 December 2006 (UTC)

Evolving virus.

Has there ever been a virus that evolves? It seems to me that if a virus could modify it's source code just like its biological equivalent, then it could be debated as to whether computer viruses are alive. A life form is self-replicating and evolving. A virus could meet that by using computer's to make copies of itself and changing a few things in its source randomly every time. The viruses that evolved poorly would be caught by anti-virus software and the ones that evolved well would propagate. It could even differentiate itself into different strains, evolving to something completely different than what was originally created. Just like skynet.

This is a cool idea, but I think it's pretty impractical. Viruses have been known to generate random content, but this is only through use of inputting a Random() function into a set of predefined cases and strings. This would be a great leap in innovation if it were to be pulled off. I'll keep this idea in mind when I'm writing code.

That would require some breakthroughs in Genetic Programming. To make it short: Up to now its impossible to make evolving programs without a set environment (programmed environment, to apply natural selection to the virus), and without evolution rules (definition of sets of basic commands that can be mixed, and rules to the mix). Sspecter 13:21, 4 December 2006 (UTC)

NumbNull (talk) 18:21, 24 April 2008 (UTC)

 To address your original premise...

"...if a virus could modify it's source code just like its biological equivalent..."

 I'm no microbiologist, but I think a biological virus is NOT capable of modifying

it's code (RNA). My understanding is as follows: 1.) a virus is a protein-like structure (wadded up) and it carries only RNA, and is incapable of self-replication without invading some host cell containing the requisite DNA for the raw material of nucleotides (A,D,G,T), of which nucleic acid chains (and therefore genes) are composed. 2.) that the natural process of replication is (can only be) an exact, (invariant) sequence replication if successful (uninterrupted and uncorrupted), and 3.) that evolution occurs through mutation, caused by some external mutagenic agent or event, which disrupts the natural replication process or else breaks the chains of some extant RNA or DNA molecule when it's not replicating. Thus the life code is not modified internally, but due to external stressors, agents, or events. So my guess is that a living virus never self-modifies, nor is coded to evolve. But my understanding may be flawed. If it's so, then it's abusing the analogy to state that computer viral code is like a bio-virus if it ever modifies its own code. No? Yes? (~ Merill Vingian)

Frequent Vandalism

This page is the target of frequent vandalism from many unlisted IPs. Can we get an admin to block unregistered edits to this page? I'm about to revert the page (again) and it seems its been reverted about 20 times already this month.

- wgh 21:15, 11 November 2006 (UTC) dialectric

The first step is to always warn the anon IP by placing {{subst:test1}} ~~~~ on their talk page (incrementing to test2, test3, test4 if there are already previous warnings—see WP:VANDAL for more about these and other variations). They almost always get the message the first or second time and stop their unhelpful behavior. It is important to do this each time, because if they strike again soon after test4, the final step is to report them at WP:AIV and an admin will block them. If anon IPs are continually vandalising an article, one can request semi-protection at Wikipedia:Requests for page protection. Semi-protection prevents anon IPs and very new editors from changing a page. I don't believe an admin would consider this particular article to be at that stage yet. JonHarder 01:05, 12 November 2006 (UTC)

I've been watching this article (and reverting vandalism to it) for a while and I'd agree with that. Follow Jon's excellent advice for now. This does seem to be a popular article to vandalise, but enough people watch it that vandalism doesn't usually stay up for long. --Guinnog 01:12, 12 November 2006 (UTC)

Logical bomb as virus type?

"Logical bomb" IS NOT a type of virus. It is a feature in a virus. this "type" don't have spread characteristics by itself, so it need to be in another "type" of virus to call itself a virus. Someone please fix it.Sspecter 13:28, 4 December 2006 (UTC)

BHUDDA: ANTIQUITY:... this virus is almost impossible to destroy - () - so therefore it is used to protect where sentinal ||| however it has the weakness if you realise the myth or legend of antiquity the witch '... she gets old very fast...';;; of being owed this legacy,, the next virus is grandfather clock --- this is antioch to ephasus: virus after this equation has been manufactured\ (An>=<W{w}<=Eg)PI=X; ; ; it is here bombs start to appear... BOMB ONE: ;;; VOLCANO; ; this virus uses password protected viralistics ?SONYX? in this way it motifs an ordinance towards destruction ; ; however where it would multiply or 'breed' it trapeziums the basic instincts of it's reproductive codes; ; in this way you realise that there is either many of them or where you find this bomb at all you find all of them; ; because of this it is virtually indestructible being able to time-warp and recollect itself to avoid infiltration & disarming; ; it's weakness however is in it's legacy --- it automatically knows this however and becomes a grandfather-clock to protect itself; ; then it time-warps, and leaves plague-geishas behind; ; ; the fact that it does become and systematically is a grandmother clock [also called museum clocks] realises that it hides a fundamental leprosy to the fact it is that dangerous to itself; ; ; it is like now the wolf-in-grandmas-clothing as long as you are willing to convict this arguement where it is ultimate paradox; ; ; once it becomes an unwound grandmother clock from this augmentation it is safe to dismantle it and there find the vulcanite or 'first virus' it used to become a volcano-bomb; ; ; EQ; ; ; {((V[FEl=xy]v)W{Zw}a)fA}=Bb... BOMB TWO: ;;; TON; ; ; ton has two viralistic equations protecting it & therefore an AI sensitive anglian-typical-voyager, ; ; appearing after Volcano for two reasons,,, the first is that it has the cellular virus indistinctive of capability from invention DAEDALUS 'this is the virus that changes the date', also existing after the rescueing of !SONYX! in this dichotomy to paelientological-idium-satire; ; ; the second reason is that it uses the unfinishing &SONYRADAR& to realise bigger and better virus' now realising annointment-pegasus; ; ; you might think that now it will infect your computer but the fact that it utilises AI in the way it does templarises it into spiderweb fascinations, in this way it then realises an annointment programme which develops itself as more web --- ASTAROTH --- in this way it then fools other unannointable attatchments into thinking it is another computer, and it uses them to protect itself with venacula accuracy; ; ; however this is the weakness that is delicacy, and it is the way to proceed to disarm it - treading gently on what would become panic-equus-evacuation; ; once near enough to it as of --- QUDOS ELVIRA --- it is realised as a weighting-programme, however inside it is the SuperviruS it is using to explore; ;; ; Mhow does it explode - it explodes by dropping then sanctoverifying the biological quantum reaction 'it dive bombs like a seagulls beak' and it tends to survive depending on the type of fishM; ; ; once as close as possible it is simple enough to realise it can be unhandled of the weight-it-is, carefully and there the sanguin-wires are able to be cut, of three that realise the weight it has, it is detirmined that it is usually the live wire that is super-procedure; ; ; {(T=f(Dr)[xX])Gh}Qe}-U=Nn... AHA: ; ; ; ;::: I have found that virus' after this are usually also part of control-programme development... —Preceding unsigned comment added by 217.44.109.234 (talk) 11:08, 22 February 2008 (UTC)

Definition

Though the term is commonly used to refer to a range of malware, a true virus must do these two things:
* replicate itself
* execute itself

• What's the source?
• Wouldn't a virus need to execute in order to replicate? Are there viruses that don't execute, but do replicate?

Qevlarr 20:58, 3 January 2007 (UTC)

While it's true that viruses need to be executed before replication, it's a bit difficult for it to replicate without execution. As a definition, it doesn't need a source as it is easily identified - although improving the definition is welcome (even though the current one could work as it stands.) --Sigma 7 15:35, 4 January 2007 (UTC)

I would like to see a source, nonetheless. Most people think of computer viruses as malware, so I would like to know exactly who is telling them they are all wrong.

Still, I would like to know if it is theoretically possible to create a virus that replicates without executing. For now, I will assume it is not.

My humble attempt at a definion: "A computer virus is a computer program which distributes copies of itself without the permission or knowledge of the user. A computer virus is often simply called a virus. The term is commonly used to refer to a range of malware, but a true virus does not need to be harmful. To distribute itself, a virus needs to execute. Viruses often hide itself inside other programs to be executed."

Thoughts on a definion very much appreciated. Qevlarr 12:07, 5 January 2007 (UTC)

A virus has to subvert a normal execution process in order to get itself executed. The infection process is when the subversion is put into place. I think there is some confusion here in the style of a chicken and egg race as to which came first. The virus must be executed before it can infect other executables. However, many viruses in the early DOS days were terminate-and-stay-resident (TSR) programs, which come to life intermittently when certain interrupts become active. I think the first quote above was simply clumsily expressed; he probably was saying the virus needs to subvert the execution path of the infected executable (boot disk, executable file) to ensure its replicated code is run. TheNameWithNoMan (talk) 01:19, 21 April 2008 (UTC)

VINCE virus

In the definion section:

The latter criteria are often met by a virus which replaces existing executable files with a vi and VINCE virus.

Call me stupid, but I do not know what they are. I commented it out, please give a reference to what these types of viruses are before putting it back in. I could not find one myself.

Comments in header

In reply to Daishokaioshin's reverts.

A definition is the most important part of an article. It describes what we are talking about, and what we are not talking about. Definitions should be carefully worded, precise and well-defined.

When I first saw this article's definition, it was a mess. It was extremely vague, and the definition could refer to any computer program ever created. I took great care and pride in making a new lead section, only to see it changed to other equally vague definitions! So, I reverted it, and put in comments for future editors to concider when changing the definition. Please leave them there. I think -- even though you do not see them directly -- they are a useful contribution to the article:

A computer virus is a computer program which <!--"REPRODUCES" IS TOO VAGUE-->distributes copies of itself, <!--WITHOUT A PART LIKE THIS IN THE DEFINITION, *EVERY* PROGRAM IS A VIRUS:-->even without permission or knowledge of the user.

These comments should really be concidered when changing the lead section. If just one editor had not concidered the information in the comments and overthinks his decision, it will have helped. I am not trying to stop people from changing the lead section. I am merely worried by seemingly thoughtless changes to the most vital section in this article. Please leave the comments where they are and help future editors make useful contributions to this article. Qevlarr 11:23, 9 February 2007 (UTC)

I've been watching what you've been doing and it's essentially vandalism, if there is nothing wrong with the introduction at the moment then why keep inserting comments? if you're so concerned that in the future someone will make the article more vague then you can watch the article for changes. like Daishokaioshin said in the comments for the edits, "wikipedia is not an essay in progress" it does not require marking or evaluation. Also your comments make no sense unless an editor checks back over the last 100 or so edits, please consider removing them and leaving them removed, because someone else is just going to do it for you. --Kejoxen 15:58, 9 February 2007 (UTC)

There was something wrong with the article at the moment I added the comments. I am not only afraid that someone in the future will violate essential rules to writing definitions, I have also seen it happen. That was the moment I decided I wanted to address the editors. I am not turning this article into an essay, and the "essay" change comment from Daishokaioshin was not directed at any one of my edits.

It just sucks that there is no place for any marking or evaluation on wikipedia. I am not at all happy with the way such an idea is being rendered useless by pure conservatism. Nobody ever checks the talk pages. As it appears, the only way to improve an article is to revert thoughtless edits made by other people, instead of stopping them from doing it in the first place. Maybe that is the way things have always been, but can you see why I think that is the wrong way?

This is moving into meta-wiki, so I will stop here. I will not put the edits in again, should someone think they need to be removed. But I do not agree.

Say?

what do you say? Jeremybub 00:57, 29 March 2007 (UTC)

I would guess so--Justinphd 23:18, 9 April 2007 (UTC)

It's generally a bad idea to post links to viruses on 'public' sites like this. There are sites out there where you can upload the file to them and they will scan it with about 20-30 different anti-virus programs and send you back the results free.Abedia (talk) 16:35, 29 February 2008 (UTC)

Commercial software

Please change instance of "commercial software" to "retail software" in the "History" section to increase the precision of the term. Thanks, --71.169.150.172 04:44, 18 April 2007 (UTC)

NumbNull (talk) 18:44, 24 April 2008 (UTC) NumbNull (talk) 18:43, 24 April 2008 (UTC) Apparently your requested change was done some time this past year. However, I disagree with your choice of terminology. Being myself, a non-business person, never associated with marketing, just an average Joe Public consumer, IMHO the appropriate term is "commercial", meaning 'intended for sale', rather than a more specialized, distinctive term e.g. "retail" which is understood to distinguish goods or services from "wholesale" status in the production-distribution-sale-consumption chain. Therefore I hope someone reverts the term to the original, since in context of the article, pirates may acquire wares anywhere in the production-marketing sequence, even directly from a factory or manufacturer's warehouse, regardless of status of marketing, advertising, or "buzz word" labeling to an audience or consumer. While advertisers love to broadcast such terms as "retail" and "sale" ad nauseum to the general public, I feel we on the receiving end cringe every time we hear or read those. (BTW, in my backwater USA here, our common Americanese jargon is "commercials" for commercial advertising. We rarely use the term "adverts" either, though we are familiar with the term.) Can I change it back, folks?

Vandalism

There is a vandal altering from: 23:50, 2 June 2007 71.191.46.84 (Talk) (39,400 bytes) (→See also)

Quite at the text end, there is an "Orgasm"-link, and the 3 or 4 subsequent editors didn't fix it till now.

regards from europe (german speaking) --213.202.44.175 01:38, 4 June 2007 (UTC)

Screenshots?

I would appreciate some screenshots of computer viruses in action being added to this article.

What for? Amusement? Not only would it not add to an understanding of what a computer virus is, it would tend to promote the general misunderstanding. Most computer viruses don't do anything on the computer screen at all, and for those that do, it is a sideshow that has nothing to do with the basic characteristics of a virus. TheNameWithNoMan (talk) 00:43, 21 April 2008 (UTC)

Yes, screenshots of a computer virus would only generate misunderstandings of the functions of most viruses.--DavidD4scnrt (talk) 20:16, 27 April 2008 (UTC)

Virus Signatures

I was reading the article to see if I could find anything about the signatures and the only link returns back to this article. Is there likely to be an article or section on them. Robotboy2008 11:22, 24 September 2007 (UTC)

Despite the use of the word in the encyclopaedia entry, computer viruses do not have signatures in the sense that people do. A "signature" is just a portion of the code that a particular anti-virus program uses to identify the virus. Whoever wrote the anti-virus software would have picked out a piece of the code which he was sure (a) would always be present in the virus, and (b) would never be found in any other legitimate file. The first requirement is difficult in more advanced viruses such as the polymorphics and the second can cause a lot of problems when it fails; you can get rid of a virus more easily than you can get rid of a false alarm. This piece of code would be better named as a "search string" as two different anti-virus software programmers are quite unlikely to choose the same set of bytes or the same way of searching for it. "Signature" implies a uniquely identifying string that everyone will associate with the same virus, and such a thing does not exist. In the same way, different AV programmers and researchers will give the same virus different names more often than not.

Long ago when there were only a few thousand viruses, there was a guy who thought he could test anti-virus software by putting all the virus "signatures" in one big file and trying various anti-virus programs on the file to see how many viruses they each found. Of course most found none at all. Only anti-virus programs that used exactly the same search strings as his "signatures", and used a very unsophisticated searching method, would identify this completely benign file as containing viruses. The anti-virus software writer that supplied this guy with his "signatures" did rather well in the test! TheNameWithNoMan (talk) 01:00, 21 April 2008 (UTC)

Copyright of computer viruses themselves

I just came across the article of the (c)Brain virus, and the image of its contents says that it is copyrighted. Heh; thoughts come to mind of an unlikely event that a virus author sues another for stealing his/her code, even though viruses are typically criminal in nature. What is the legal status of viruses, and how do we illustrate one with a free image? Are there even viruses actually released under the GPL or other free license? Don't they already distribute themselves? (In a forceful manner...) --Geopgeop (T) 05:54, 12 November 2007 (UTC)

NumbNull (talk) 18:58, 24 April 2008 (UTC) Your line of thought raises the question/challenge in my mind, that one might present a theoretical argument that viruses are not "typically criminal in nature", only in execution. All good questions, which make me wonder if it's not perfectly legal (at least in some countries are jurisdictions) to merely possess viruses (e.g. on storage media), even if one publicizes that fact, perhaps on the Internet. Unless the authorities could present evidence that a suspect person had actually executed some harmful code, or perhaps distributed it with the intention of it being executed, would they be considered criminal or guilty in any way? Maybe not, or... "it depends". Does anyone know specific legal cases, where posession of viruses was prosecuted as illegal? Even under scenarios of "cyber-crime" or "cyber-terr0r1sm"? It would be good public knowledge to know. Or is it "no harm, no foul", the world around???

I still have about three thousand computer viruses in a box in my attic, left from my time as a researcher for an anti-virus software company. I got them through the company, who got most of them via an exchange program with other anti-virus researchers (some came from customers who would send in files they thought suspicious). There is nothing at all illegal about possessing these, or exchanging them in this way. It is in fact necessary in order for anti-virus software to be produced and updated.

There was (in Britain) a bloke who tried to sell copies of a similar collection via an advertisement in a computer magazine. He was arrested, but I'm not sure that any prosecution resulted or that any law was violated. __TheNameWithNoMan (talk) 23:06, 24 April 2008 (UTC)

More vandalism to page

Found more vandalism on page from IPs 212.248.245.252 and 212.248.245.18. Reverted to Brianga's previous version. Bolmedias (talk) 15:17, 11 December 2007 (UTC)

thank you joinging us today! —Preceding unsigned comment added by 198.166.21.209 (talk) 02:47, 12 December 2007 (UTC) == by learn direct

Slow infectors

In the section where it discusses fast/slow infection, it has an afterthought saying that the slow infection method is somewhat unsuccessful. This has some truth to it, especially in todays world where some sort of warhol worm demonstrates the power of fast spreading, but it also needs to be said that a virus which replicates via removable media is more successful if it uses a slower spreading method in order to stay undetected for long enough that the media is still considered trustworthy enough to be distributed. —Preceding unsigned comment added by 203.97.61.80 (talk) 21:37, 12 February 2008 (UTC)

There is a direct parallel with biological viruses. If infected subjects die too quickly, the likelihood of them passing on the infection to many others is reduced. This tends to cause viruses to evolve to become less deadly (not quite the same as less infectious of course).

There is also a slow payload found in some computer viruses. Most people think that a virus that wipes your hard disk does the worst possible damage, but there are viruses that only change a few bytes in a few files every so often, perhaps swapping two adjacent numerals in database files. By the time this is noticed, the corruption goes back months or years into your backup files, and you have no idea which files are good and which riddled with errors. A wiped database disk can be recovered with the latest backup, but a subtly corrupted one may never be completely trustworthy again. TheNameWithNoMan (talk) 01:50, 21 April 2008 (UTC)

Virus Theory

This article is quite extensive, but it doesn't seem to include anything on virus theory. With that I mean the mathematical / computer theoretic perspective on computer viruses. One article by Fred Cohen is in the external links list. To my knowledge it was Cohen who first used the name "computer viruses" and he attributes it to Adleman. Both authors have come up with modelings (with Turing machines and recursive function). Other seminal work is by Bonfante and by Thimbleby. See:

• On Abstract Computer Virology from a Recursion Theoretic Perspective (or Toward an abstract computer virology)
• A Framework for Modeling Trojans and Computer Virus Infection (or here)
• An abstract theory of computer viruses (or here)
• Computational Aspects of Computer Viruses

I'm writing my MSC thesis on the subject at the moment. I would not want to include my own research. Still I could try to give a short overview from a neutral point of view.

What do you think? —Preceding unsigned comment added by Luite (talk • contribs) 07:59, 17 February 2008 (UTC)

NumbNull (talk) 20:43, 16 April 2008 (UTC) I think the following:

(1.) Generally these techie articles are targeted at the audience of the general public, including newbies, and young school kids doing educational research, rather than at either IT pros (like myself) or advanced academics (like yourself).

(B.) From my perspective, the article is already full of good "theory" on viruses. Even I'm learning new & refresher stuff reading it. That being said, in my own college educated ignorance, I don't know if your "virus theory" is a modern specialty discipline studied by mathematicians and/or Comp. Sci. majors or not. If it is, I've learned something else new today and please pardon my ignorance, so I say... I guess such contribution from a focused sub-specialty discipline would probably be beyond the grasp of the typical reader audience (not to mention those of us non-formulaic college grads and career pros. ;-)

(Gamma.) This raises the question "Does math theory add or subtract to the understandability of science/tech knowledge?" I propose the answer would be "both" and "it depends". This recalls for me the history of my years course studies under the College of Arts & Sciences, at a large midwestern university (in USA) where students were offered in the natural sciences such as physics and chemistry, either a series of courses that excluded nearly all math (and stuck purely to the applied theory of the science), or else alternatively one could enroll in the more rigorous courses of study, as required of majors in those science fields, where all the math of the science was included in great detail and presented from Day 1 forward. The idea being that non-majors could learn, enjoy, and apply the science without the math innards. I think this Wikipediarticle should remain targeted at the 'non-majors' out there beyond cyberspace. But feel free to disagree... it's just my 2 scents worth.

...what?!

I found this under recovery options title near the end of the article:

"If your system is a Microsoft product and you have your 20 digit registration number, you can go to the Microsoft web site, and they will do a free scan and most likely remove any known virus such as Trojan win32.murlo."

Now my question is, where is this? I mean, they have OneCare now, but that costs money. I wouldn't call the Malicious Software removal tool a very useful tool for removing most viruses. Can we get a citation for this or a link to this service from Microsoft?Abedia (talk) 19:17, 27 February 2008 (UTC)

Win32/HackAV.AX

anyone has any idea what this malware or virus does ? —Preceding unsigned comment added by Vinay118 (talk • contribs) 14:55, 27 March 2008 (UTC)

To "harm" or not to "harm"... as the worm turns...

I feel motivated to question the technical accuracy of the concluding statement in the article's first paragraph: "Both worms and Trojans will cause harm to computers when executed." since it seems to contradict the statements in the 'Computer worm' article: "Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer."

It has been my understanding (professional career IT specialist here) that basically the designed intention of a worm is not to harm the locally infected computer, but rather to covertly scavenge or harvest useful information (e.g. address book entries) in order to propagate itself or otherwise spread across networks.

I guess one may ask or argue about the definition of the term "harm". Nevertheless, I wish to draw a distinction between a PC system (hardware + software) itself, in contrast to it's operability or performance or connectivity or throughput (whatever). I'd state that both are distinct, mutually exclusive, and both are subject to hindrance, harm or permanent damage. If that's agreed, then wouldn't it be true, as implied in the worm article statement, that a worm typically does NOT harm a "computer", but rather, only hinders or harms it operations, (connectivity, throughput, productivity, performance, whatever), and then not permanently?

If I've made the case clearly, I'd suggest an alternate wording for the opening conclusion, for instance perhaps something like the following: "Worms and Trojans may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when executed. In general, a worm does not actually harm either the system's hardware or software, while at least in theory, a Trojan's payload may be capable of almost any type of harm if executed."

--NumbNull (talk) 20:10, 16 April 2008 (UTC)

First define "harm". There is a school of thought that defines harm in financial terms, the cost of dealing with the problem. This can be considerable in a commercial setting, often involving the loss of business and employee's work while a virus outbreak is dealt with. In this definition, it probably doesn't matter whether the threat is technically a worm, virus, trojan or even a false alarm.

The wiping of stored data, which many neophytes automatically assume to be the most serious possible harm, is actually one of the less serious consequences of an outbreak, assuming that sensible backup procedures are in place. Most businesses have off-site backups for their essential data these days. An example of much more serious harm would be the theft of logins and passwords by keystroke loggers, which has been used to steal from bank accounts or to steal confidential files. The financial consequences to a company or individual of such theft can be unlimited. Does it matter if the agent is technically defined as a worm, virus, or spyware? TheNameWithNoMan (talk) 12:11, 8 May 2008 (UTC)

Archive 1

Archive 2

Archive 3

1. http://news.bbc.co.uk/2/hi/technology/7340315.stm