PDA

View Full Version : About Virus Execution



xor_chad
11-22-2000, 01:16 PM
Hello
Second on the topic list at my new job is Virus Execution.
I believe my self to be fairly knowlegable about how programs work.
I know that when you double click a file then Windows looks up that file extention and does whatever task is associated with it. If that task is to RUN the file as Instructions then the program is sent to the processor and is given control. If the file is data for some OTHER program to process then THAT application is launched and given control and the data file is NOT processed, it simply sits on the heap(never sent to the instruction stack.) All that said, there are some at my job who believe that, as an example, a virus could be disguised as a jpeg or wav file. They believe that even tho it has a .jpeg extension, that when you double-click it Windows will RUN it as an Application! I again say this is absurd. I know that MAYBE that file could be a DATA file or LOG file for some OTHER virus application, but that there is NO WAY a jpeg itself could be a virus. I further explained that SOME non-application files that are processed can indeed tirgger a virus, such as macros inserted in documents that are actually Interpreted by some other application. Also i explained how a virus could 'attach' itself to other common applications by taking that other applications Name and Icon and such and then after executing ITSELF it launches the contained REAL application. All this said, I am still the challenged on this matter because they SWEAR up and down that once a Jpeg and Once a Wav file gave them a virus! Can anyone please settle this issue for me. I Thank you again...

Paleo Pete
11-22-2000, 03:19 PM
Here is an excerpt from This Article (http://www.pcguide.com/care/data/virus/bg.htm) in the PC Guide that may help. The article is interesting reading, maybe you could provide a link for coworkers in an attempt to dispel the myths...I added the bold text.



As time goes on and virus writers get more clever, new strains and variations show up. For example, there are some viruses, termed multipartite, that infect both boot sectors and files. There are some things that are fairly universal, however: a virus is a program, and it therefore can only exist in a form that allows it to be executed as a program by the PC in some form. This means that, in general, viruses cannot exist in data files. There are a lot of myths about viruses that infect graphics pictures or email messages or recipe files. Just remember that a virus cannot do anything unless you run it, so unless you have a PC that can execute pictures or email messages somehow, it's doubtful that these can contain a virus. (Of course, you can have a virus in a program that is attached to an email message. But here again, this is a program, just in encoded form.)




------------------
Soon as I come up with all the answers...they change the questions!!

Computer Information Links (http://www.geocities.com/paleopete/)

xor_chad
11-22-2000, 03:28 PM
Thank You! That is all i need. Since i am not considered an "authority" on such topics, I just needed someone to confirm my statement OR to tell me i was/am wrong. I had little doubt that it was possible to exsist as a picture, but when you are out numbered, its hard to not doubt yourself! Thanks. I will definately print out the article for them.

Charles Kozierok
11-23-2000, 09:00 AM
As the author of that piece, I should add one caveat: data files can contain instructions sometimes, which can sometimes be used as "backdoors" for bad behavior. This wouldn't apply to a JPEG file, but could for other programs, depending on what they are doing.
This is in fact exactly what Microsoft Word macro viruses do: Word documents are of course data files, but MS made Word into a virus time bomb by including low-security macro programmming features.

------------------
Charles M. Kozierok
Webslave, The PC Guide (http://www.PCGuide.com)
Comprehensive PC Reference, Troubleshooting, Optimization and Buyer's Guides...
Note: Please reply to my forum postings here on the forums. Thanks.