Computer security is a critical part of IT services, and a major component of the consistent work a support partner will do is ensure that your computer hardware and software are up to date and protected from potential threats to your network and your business.
A computer virus, whether it comes from an infected pen drive, a phishing link an employee inadvertently clicks on a network virus that gets through a protective firewall, can potentially be incredibly disruptive to businesses even before it deletes files, copies sensitive information or captures keystrokes to steal passwords.
Viruses are just one type of malware, but they are one of the most difficult to remove and most destructive, in no small part because they are designed to be difficult to remove.
To understand why, here are some of the techniques viruses have used historically to make it difficult for them to be detected and hard for non-professionals to remove without risking damage to data or making a device unusable.
Programs In Disguise
Viruses will typically disguise themselves both when dormant on a computer or piece of removable media, as well as whilst in operation, making them difficult to detect and difficult to stop.
There are various ways in which this works, but the most common is to design a virus to resemble a legitimate piece of software, typically one that runs in the background when a computer starts, such as a system file.
Not every virus will bother hiding like this; the infamous Byte Bandit and Lamer Exterminator viruses in the late 1980s made themselves very clear when they were in operation, using headers that showed themselves to be a virus and sometimes even having an author’s credit.
This is a technique that only works on users, however. Antivirus software tends not to be fooled by a virus just because it claims to be a system file or monitoring component, so modern viruses use more sophisticated means to hide from malware detectors.
Trojan Horse Social Engineering
Modern IT systems are generally much more secure because they will typically not allow software to be launched without the permission of the user or the administrator.
This means that a lot of virus and malware attacks in recent years have focused on finding a weakness not just in terms of security software but in end users, and a major example of this was the ILOVEYOU virus attack.
A virus attack so famous it inspired a Pet Shop Boys song, the ILOVEYOU virus cost over £10bn to remove, and allegedly was so prolific that one in ten computers connected to the internet were infected by it.
Due to the way in which Microsoft Outlook displayed files at the time, the VBScript file looked like a standard text file ostensibly containing a love letter from a trusted contact. This could be enough for someone to click it out of curiosity, and then have their files corrupted and passwords stolen.
With a virus such as this, the only option is to restore the data from a backup, and the scale of ILOVEYOU led to businesses taking data management far more seriously than they previously had.
Encryption And Polymorphic Code
A more direct way in which computer viruses make themselves difficult to remove is through the use of encryption and polymorphic code to make it significantly more difficult for a more basic virus scanner to detect a particular piece of malware.
Antivirus software typically works because viruses tend to have parts of their code which are unique enough to act as the fingerprint of a virus. This is typically known as a virus signature, and it allows antivirus software to find and stop malware before it begins.
However, because a virus signature is just a piece of code, if you encrypt the code to make it impossible for the computer to read before it is decrypted, a virus scanner will find it harder to read.
Polymorphic code takes this a step further by changing the code of both the virus itself and the decryption algorithm with each activation, effectively creating a new program with the same effects as the virus.
This defeats basic antivirus scanners and can make it hard to remove some viruses, but there are many other ways to detect viruses.
Modern malware detectors focus on pattern recognition, although so-called metamorphic malware can sometimes go even further, although due to the difficulties in programming them and the need for extensive, dedicated knowledge in cryptography, they are typically fairly rare.
In these cases, prevention is much better than cure, and preventing unknown attachments and software from being installed in the first place will typically stop a polymorphic virus attack before it can start.