Once revered as hackers, technopaths threaten security of computer-dependent society Its a sign of the times that as human viruses affecting the immune system are multiplying, computer viruses are also on the upturn. Some may feel that the computer world has brought its afflictions upon itself with all this permissive talk of Open Systems and networking. But at a recent seminar on computer viruses organised by IBC Technical Services Ltd in London, the finger was pointed at the real perpetrators of the infection the technopaths. Once revered as hackers, these highly skilled users are now the scourge of computer literate societies everywhere as they unleash plagues on software. So what is the background to this Black Death of the personal computer, and what, if anything, can be done about it?

The ins and outs of viruses, worms Robert Jacobson of International Security Technology Inc, started the proceedings by outlining the background to the virus phenomenon. The two events that silenced those that had passed off viruses as a passing media fashion were the worm of November 1988 which shut down 6,000 computers on the Internet network, and the Jerusalem virus which wiped out thousands of personal computers in Silicon Valley, California on Friday the thirteenth of January, 1989. (By the way, a virus is generally defined as a code segment in an otherwise normal program which when executed, seeks to propagate itself into some other uninfected program; it has the potential to spread by replication and its action is covert. A worm, on the other hand, while also covert, usually exists as a program in its own right, tending to spread over networks via electronic mail). At the moment personal computers are the main target of viruses because there are so many of them – therefore a virus is likely to spread; the vast majority of personal computers use the MS-DOS operating system which does not have any facilities to isolate user processes from system resources – programs are consequently at liberty to behave as they like; personal computers do not have physical and logical access controls typical of mainframe computer systems; and lastly personal computer users are not often technically trained and so are not adept at implementing controls and safeguards. Apple Computer Inc machines have been targeted for the same reasons. It also seems likely that the IBM AS/400 and small DEC VAXs will soon become virus targets as well. Jacobson, however, is a connoisseur of MS-DOS personal computer viruses – the number of which, he claims, has grown from one in 1986 to 19 by last April. Furthermore, viruses are getting subtler and more insidious, and are increasingly being used as a highly unethical business tool. For example, viruses have been discovered that latched onto the software of several vendors but did not infect that of one specific vendor. Aside from attacking the products of competitors, viruses have been used to attack files and programs of a rival within an organisation, scramble the data of an accounting system to delay the discovery of a fraud; or to trigger system crashes to create a demand for the perpetrator’s technical recovery services.

The insidious methods of infiltration Viruses can be introduced into a personal computer in a variety of ways: through the installation and execution of infected software, from booting using a floppy disk with an infected boot track record, via data floppies without a ROM code that are left in the A drive while the personal computer is re-booted, or by the DOS FDISK.COM program entering information into a partition record. A variety of safeguards against viruses were discussed at the seminar, the most popular solution being permanent status records with suitable audit trails to detect viruses and help in both the recovery from and investigation into the infection. Anti-viral disks met with a mixed response on several counts: firstly they tend to slow down the computer, as well as hindering any innovative use of computing; secondly, viruses are rapidly developed to circumvent the latest

cure. Jan Hruska of Sophos Ltd suggested that all companies should have a dirty personal computer for employees to play games on and for using bulletin board software – David Frost of Price Waterhouse felt this was a far too lenient approach and advocated instant dismissal for anyone using non-corporate software. Whichever strategy is chosen data hygiene and responsible management would appear to be the best cure-alls on offer at the moment.

Redress under the law is doubtful Once a viral infection is identified and the perpetrator is known one would assume the law would be able to take its course. In fact as barrister Alistair Kelman made clear it is legally very difficult to prosecute the information terrorist. Firstly, under the Criminal Damage Act of 1977, damage has to be of a tangible nature – viruses, however, cause things to happen without necessarily tangibly damaging either the hardware or the disk itself. Consequently, if you are subject to a virus make sure the indictment is very carefully drawn up. Secondly, if prosecution is sought under the civil liability of the escape of a dangerous thing, a judge is not likely to believe that computer viruses can be likened to smoke, gas and floodwater. Furthermore, under the defence of act of stranger a defendant can claim that a third party was liable, and since viruses are normally introduced by third parties, this defence will be available to everyone except the viral source who is unlikely to have any assets to be seized in compensation. The best line of prosecution to follow is that of negligence against, say, an engineer who did not follow strict data hygiene. This type of prosecution is likely to provide licensed users of software some compensation – users of pirated versions of software, however, beware you have no property rights in the software and, therefore, no legal grounds for redress. – Katy Ring