My friend Mary was on the phone with a colleague when I dropped by her office one afternoon. "I don't think I gave you a virus, Cyndy," she was saying with a chuckle.
All she had done was send Cyndy back an e-mail with an attached spreadsheet that the two of them had been working on. The conversation continued a minute or two longer and in the end Mary offered a tongue-in-cheek apology, just in case she somehow might have passed on a virus.
A computer virus, that is. Turned out it was a small virus, easily fixed. No harm, no foul. But the wonder is that the average computer user isn't involved in many such conversations every working day.
There are thousands upon thousands of viruses out there, in addition to their exotically named partners in crime -- "Trojan horses" and "worms." The good news is that they're not all necessarily out to get you. Most viruses are benign. One estimate, by the National Computer Security Association, puts the proportion of harmful viruses at only 5 percent.
Darren Kessner, a senior virus researcher at the Symantec AntiVirus Research Center in Santa Monica, Calif., a leading computer security firm, said: "Most viruses don't have a malicious payload." No? Then what do they do?
"They just replicate themselves," Kessner said.
What about the nasty ones? What do they do? A virus is software that intentionally infects a computer by inserting code in one program and then attaching copies of itself to other programs. A virus can cause major damage, such as deleting files or erasing entire hard drives, or it can perform relatively innocuous but annoying cyberpranks.
One virus unleashed this summer, called Worm.ExploreZip, responds to e-mails in your electronic in-box. When someone sends you a message, it replies to the sender: "Hi, (sender's name). I received your e-mail and shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Sincerely, (you)." Then when the unsuspecting victim opens the attachment . . . ka-boom! There go all the Excel and Word files on his hard drive.
Another ugly customer that has come along recently is a Trojan horse called Back Orifice 2000. It can be sent as an
e-mail attachment or hidden in programs on the Internet. Once activated, it can look at your files, lock up your computer, transfer files to and from your machine, even log your keystrokes so it knows what you're doing on your computer.
A Trojan horse is a "program that pretends to be a good program but then does bad things to your computer," Kessner said. It differs from a virus in that it doesn't automatically replicate itself.
To guard against all this potential mayhem, computer systems rely on anti-virus software, which is the realm of a whole new breed of detective. These cybersleuths tend to use terminology familiar to anyone who has ever watched a television crime drama. The names of the programs they write to find and identify electronic miscreants have a ring of the gun-toting detective or sheriff about them: "Bloodhound" and "Scan and Deliver." Those who do this kind of work for a living say they find it every bit as exciting -- even though to the outside observer it would appear that their job involves hours and hours of staring at a computer screen filled with endless rows of 1s and 0s.
Those 1s and 0s are lines of code -- the "fingerprints" of virus detection. A virus-checker program scans your files and compares them with a large database of known viruses, much the way an investigator at a murder scene would lift fingerprints and send them to a lab to be compared with fingerprints of known offenders.
But new viruses are being written every day, so virus-checkers also have to be on the lookout for fingerprints that may not be in any database yet. "You'll have a teenager who can change one line and create a new variant," Kessner said.
Here is where the science of heuristics comes in. This type of virus-checking technology looks at the behavior and the logic in the file instead of comparing lines of codes with a database. If it walks like a virus and quacks like a virus, it's probably a virus.
Carrying the detective analogy a step further: Suppose the murderer was a first-time criminal and the fingerprints lifted at the crime scene were useless. What would any experienced investigator do? More than likely, he or she would observe the appearance and behavior of individuals who were at the scene. Chances are that the little girl in pigtails skipping rope across the street would be eliminated from the list of suspects. However, the guy seen jumping into a car that pulled up moments after the murder and then sped off, tires screeching, might be a logical candidate. Similarly, an anti-virus program that uses heuristics can tell the little girl from the suspicious guy among the 1s and 0s.
A typical watchdog at Symantec's anti-virus research center examines a dozen viruses a day. For Kessner, a 26-year-old with a master's degree in mathematics from Princeton, the excitement is in the cat-and-mouse game with the virus writers.
The mean-spirited Worm.ExploreZip virus that uses e-mail to obliterate people's files was neutralized in less than an hour, Kessner said. "Even if they have a nasty payload, we can fix it pretty quick," he said. "It's what we do all day." What you can do, what you really should do, is update and run your anti-virus program regularly.
Don Podesta is The Post's information technology editor.