frisk@rhi.hi.is (Fridrik Skulason) (11/15/89)
I spent a part of last evening reading the book "Computer Viruses, a
high-tech disease". This book has been mentioned here several times
before, in most cases because it contains a (slightly crippled)
disassembly of the Vienna virus.
This disassembly, and other that have been (and will be) made
generally available will become a major source of problems in the
future. The reason is quite simple. It takes a GOOD assembly language
programmer at least a couple of days to write and debug an original
virus. Given a disassembly to start from, he can complete the job in a
few hours instead. A novice may spend a bit longer time creating a new
virus built on a disassembly, but it will be MUCH harder for him to
write a new virus from scratch. It takes no genius to write a virus,
only an experienced assembly language programmer, but since the
novices outnumber the experienced ones, the availability of a virus
disassembly will result in a far greater number of people being able
to write viruses with less effort.
My opinion of the book is very simple.
I can not recommend it. This is not due to the fact that it contains
listings of "real" viruses, but rather that the information in the
book is inaccurate and out of date.
Consider for example the different virus types described. They are:
Overwriting viruses.
Non-overwriting viruses.
Memory-resident viruses.
Calling viruses.
Hardware viruses.
Buffered viruses.
"Live and Die" viruses.
"Hide and Seek" viruses.
Boot sector viruses are not mentioned in this list, or anywhere else
in the book. This is of course because they only appeared in 1988, but
the book was written in 1987. Some of the virus types mentioned are
unknown and VERY unlikely to appear at all.
Some time is spent on the subject of "Randomly occurring viruses"...
"who can say that his software cannot be turned into a virus by
changing a single bit ?".
.. and that sort of stuff.
Still, this book is l lot better than the two other books I saw here
at the university bookstore. I guess we will never get a "good" book
on viruses, since they will probably have become obsolete by the time
they appear.
But who needs a book when we have VIRUS-L and comp/virus ? :-)
- -frisk