The state of modern viruses - Smalltalk and my misinterpretations of life

January 25, 2004, 8:19:54 pm

"Back in my day" viruses were lethal buggers on a computer. These days they're harmless little executables that are run from emails or VB scripts. The state of viruses is disarray... let me explain.

I went over to help my folks out with their computer. They've been having trouble running programs lately. I immediately noticed a dodgy process in memory. I checked the registry and sure enough there was a weird looking program in there (weird as in, I'd never seen it before. This usually includes anything to do with scanners, internet connections or viruses).

I removed the registry entry and checked again a few seconds later.. it was back. This is most annoying as there's no easy way to remove something from the registry without being in windows - which will run those programs. The virus program was called winkmi.exe and it had hidden itself with hidden, system, readonly attributes in the windows system directory.

Very easily fixed with attrib, reboot in to windows and remove the registry entry and all is done. Except for the hundreds of copies of itself it'd made in the program files directory. Wiped those and the system has been cleansed.

Back in my day what I'd just done would have been impossible. Viruses would insert themselves at the start of other executables, in to system configurations, the boot sector, stay memory resident no matter what.. all sorts of things. Today's viruses are just horny rabbits, not deadly vipers.

"Back in my day" my friend David got a virus called TwoHalves. This was a very dangerous virus because it slowly encrypted your hard disk from the back to the front. What was truely innovative about this virus was that it intercepted attempts to read from the disk and decrypted the encrypted information on the fly.

That's right, remove TwoHalves and you lose a heap of your data. But wait, it gets worse - once it has finished it 'forgets' the encryption key, leaving you with a harddisk full of gibberish. The sooner you remove this virus the better off you are.. if you can call it that.

Compare that with todays viruses? they roam about on the internet gobbling network traffic. I suppose you can say this is a good state of affairs? If that's so why do virus scanners cost more now than they ever have? Conspiracy time...

Your Name:

Your Comment:

By Troy on January 29, 2004, 9:25:26 pm

Hey. There was a thread on slashdot about the cost of viri, and that's part of the reason for the cost of programs. More people, and less sophisticated people, are using computers than back in "your day." DDOS attacks hurt the targeted server, true, but what about the network impact if one of these nasties infects a whole floor of marketing droids? Businesses will pay more for virus protection because they see it as costing them more. Supply and demand.

And, mls, are you really complaining that today's virus writers are too whimpy? <grin>

By Michael Lucas-Smith on January 29, 2004, 11:22:54 pm

Comment on The state of modern viruses by Michael Lucas-Smith

Just playing devils advocate :)