- Internet & the Web
What are Viruses and Torjans
The first step for keeping your computer safe is understanding the threats that are out there
We've have all heard of computer viruses. For most of us, these nasty little programs have been causing trouble for as long as we've had PCs. Whenever a computer malfunctions, there's a good chance the finger of blame will be pointed at a virus. And it's a role that's firmly entrenched in popular culture - as far back as the 1996 Hollywood blockbuster independence Day, the hero used a computer virus to infect and shut down the attacking aliens' systems.
When we talk about viruses in this way, we're using the word in a loose sense, to refer to malicious software of all sorts. But if you want to keep your PC safe, it's important to realise that, to computer experts, the word "virus" describes only one specific type of threat.
There are many other dangers out there - hiding away on web servers or lurking on USB flash drives - that aren't, strictly speaking, viruses, but which can still ruin your day. We'll cover all of these, but for now we'll focus on "classical" viruses - those that meet the original, technical definition of a virus - and on another very common type of threat, popularly known as a Trojan.
What is a Virus?
A virus is a computer program that makes copies of its own program code, enabling it to spread like a disease. The best way to explain the process is by example: one of the first viruses to hit the headlines was the SCA virus, which appeared in 1987 and targeted the Commodore Amiga system. It lodged in the computer's memory whenever the system was started from an infected floppy disk, and from that point on, it quietly wrote copies of itself to other floppy disks that were inserted into the computer's disk drive. Borrowing a single infected disk from a friend could thus lead to your own disk collection being thoroughly infected by the SCA virus.
This particular virus was comparatively harmless. All it did was occasionally surprise the user with a jokey message from the "Swiss Cracking Association" who created the virus, declaring facetiously that "your Amiga is alive!".
Unfortunately, not all virus creators have been so good humoured. Since the early 1990s, viruses have appeared on many computer platforms that deliberately attempt to destroy files, or even wipe disks completely. In a few cases virus authors have tried to extort money from victims to make their data accessible again - called "ransomware" attacks. We'll discuss the full range of dangers overleaf, and some possible explanations for the virus writers' motivations; but for now let's just say you don't want to expose your PC to the imagination of a virus writer.
Protection against viruses is therefore essential for anyone who values the safety and security of their computer. However, it's important to remember that viruses aren't the only threat you need to look out for. Indeed, as we'll explain on the following pages, these days viruses ought to be comparatively low on your list of concerns.
What is a Torjan?
A Trojan is a similar type of threat to a virus. Like a virus, a Trojan lodges unseen in the memory of your PC and does its nefarious business in secret. You don't want a Trojan on your PC any more than you want a virus. The difference is how the infection spreads. Virus infections typically come from running an infected program, or booting your system from an infected disk. Once your system is infected, the virus code then sets about subverting other programs or disks into vehicles for infection.
Trojans work differently. Rather than attempting to covertly distribute their code, Trojans disguise themselves as legitimate programs. For example, a malicious website might advertise a free trial of a popular game. Many visitors to the site will probably be tempted to download and run the installer, not realising that the the download contains a dangerous executable that will infect their computer. If the creator is cunning, the download will also include a real trial of the game, which launches once the Trojan has infected the system, so to the user the download appears legitimate. They may even go on to share the installer with others, helping the Trojan author infect even more computers. We'll cover this in more detail on the following pages.
It's probably clear now why Trojans are so called. They're named after the Trojan horse of legend - a betrayal disguised as a gift.
Drive by downloads
A classical Trojan relies on what's called "social engineering" to spread (it basically means exploiting human nature). There's a second category of threats which are sometimes also referred to as Trojans, but which work in a slightly different way.
A common or garden Trojan might work by trying to trick you into downloading and running a particular file from a particular website. This second type of Trojan works by using technical measures to trick your web browser into downloading and running a file, without your permission or knowledge. When this works, it's called a "drive-by download".
The attraction of the drive-by download approach to malware creators is obvious. There's no need to worry about persuading the user to download the malicious file, and because there's normally no outward sign that anything's happened, the user is less likely to get suspicious and start checking their system for possible infections.
The big limitation of drive-by downloads is that they can only work by taking advantage of weaknesses in the web browser's security (so-called exploits). The developers of all the major web browsers issue regular security updates to close off exploits as they're discovered, so malware distributors have to stay one step ahead of the browser developers - or they have to satisfy themselves with infecting only people who haven't updated their browsers. With a social-engineering approach, things are easier for the bad guys: it's difficult for a browser or security program to stop you from downloading and running malware if you're convinced you want to do so.