Viruses - Network Security Scapegoats?
Viruses - Network Security Scapegoats?
"Virus" by coachdanny
Next time you find yourself working on a user's computer or fighting a particularly troubling network issue, sit back and count the number of times that someone asks you, "Could this be a virus?" I think it's the only question that is asked more often than "Have we been hacked?" I think the term "virus" has been expanded far past its original meaning and is now used as an umbrella scapegoat for anything and everything that is wrong with computers in general.
The first reference to a self-replicating program spreading itself around actually comes from a 1970 short story from Gregory Benford. The program (amusingly enough called VIRUS) spread via modem connections. In the late 70s, the ARPANET found itself beset by pranks like Creeper and later Elk Cloner. Even the first IBM PC virus, (c)Brain, was created as an anti-piracy measure and not as a malicious destructive program. Given that viruses originally spread across computers via floppy disks and other removable media, they had to be quite good at hiding, which left little room for any kind of real insidious programming. It wasn't until we starting hooking computers together via BBS services and local area networks that the ability of a virus to replicate autonomously became the norm.
Today's world is so far removed from where the computer virus originated that I even hesitate to call these kinds of programs "viruses" any longer. The closest relative that we have to a self-replicating program today is called a "worm", as its self replication function is several orders of magnitude larger than simply copying code to a system boot sector. Worms also need not be executed from a specific program but instead can operate independently of the system. We also still have trojan horse programs that hide in executable shells and can provide things like remote access to a system for an enterprising hacker or criminal. Even these programs are classified separately than a traditional virus, due to their unique properties such as not infecting other files on a system and attempting to stay very quiet and unassuming.
Today's problematic programs are much more diverse than simple viruses. You have things like malware that attempts to utilize your system as a spam relay or ad-clicking robot, ransomware that encrypts your system files and extorts money to decrypt information, or even crimeware that harvests passwords and other sensitive data for later exploitation. These programs are the frontier of computer software exploitation. And yet none of them are called "viruses" by professionals. The only people that refer to them as viruses are those that aren't familiar with the differences between what a virus actually does and what these programs attempt to accomplish. Given that these threats are stopped by security programs that have historically been called "anti-virus" it's not surprising that there is some misidentification by the public. However, note that more of the vendors that supply these programs have started rebranding them as security suites and have begun deemphasizing the "virus" part of the name.
Still, everyone wants to think that there must be some kind of rogue program running wild in the network that's causing problems before they will believe in misconfiguration or other plausible explanation. I'm not sure if it's Hollywood, urban legend, or even mystery that causes everyone to reach down and assume that a virus has to be the root cause of disaster. Yes, worms can bring down networks. Yes, malware of all kinds can make using a computer difficult. But the general public seems to want to fall back on the virus much too often as the source of all ills. I think network security professionals have done a poor job of educating users when it comes to the differences in various destructive programs. Instead, it's just been easier to say "It's a virus" to the unwashed masses and hope that they don't ask for more details.
I think it's time that computer security professionals stop using the term "virus." It needs to be relegated to the same historical pile as the 8" floppy disk and ARCnet. Yes, it does describe a specific kind of computer program that causes infection. However, that specific kind of infection hasn't been seen for years (that I'm aware of). It would be like a doctor claiming that heart disease and brain tumors are caused by viruses. Those are ailments that affect the human body and cause suffering, but the root cause isn't a virus. We need to be more specific with people so they know what they are fighting and how best to combat it. Precision means a higher probability of success. Who knows? If we stop calling every little problem a virus, the results might be..infectious.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.