Science: It's gone down with a bug: Some are just silly, some plain nasty. Steve Homer reports on computer viruses

Sign up for a full digest of all the best opinions of the week in our Voices Dispatches email

Sign up to our free weekly Voices newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

There is bad news if you have a computer. Almost inevitably, one day it will catch a nasty bug and get sick.

'Computer viruses are really quite common now. The only way you won't have a problem is not to use your computer, but that's not really very helpful advice,' says Alan Solomon, author of Dr Solomon's PC Anti-Virus Book. 'Sooner or later it's going to happen and you have to take steps to minimise the consequences.'

Viruses are small computer programmes that copy themselves surreptitiously. The most common are forms of the so-called 'boot-sector virus', which are passed on by swapping floppy discs. They can even spread on apparently empty discs.

Your computer can also catch viruses by downloading programmes via a modem and across a network. And once on a network, a virus can spread like wildfire.

Phillip Zakas, a computer officer with a major international organisation that wishes to remain anonymous, faced a nightmare recently. 'It was a Friday and a technician called saying there was something wrong with a laptop computer he was preparing for travel. Within half an hour we had calls from about another 12 users who had exactly the same problem.

'Within six hours 250 workstations connected to our network had become infected and we predicted that within another two hours all 300 workstations would have been infected by the virus.'

Users were given 15 minutes' warning and the whole network had to be closed down. It had been infected with a new variety of the 'Athens' virus which could not be handled by the organisation's existing anti-virus software.

At its most basic, anti-virus software looks for a certain piece of computer code that it recognises and tells the user when it spots it. To do that it needs to have been told what to look out for. Inevitably, when new viruses are developed, the software will not recognise them. More sophisticated anti-virus programmes look for programmes that try to perform unusual actions, such as modifying existing programmes on a computer's hard disk.

'There are 100 to 200 new viruses every month,' says Dr Solomon, 'and they are getting more difficult to protect against.' Recently a man alleged to be the 'Black Baron' was arrested. The Black Baron's creation, the 'Smeg' virus, is particulary hard to detect.

'Viruses have become more difficult to deal with during the past several years, and the Smeg virus is arguably one of the most tricky from the point of view of the anti-virus community,' says Dr Solomon. 'The difficulty is detecting it without false alarms because Smeg is what we call a polymorphic virus. If you have two instances of the virus and put them side by side then they have nothing in common.

'So although each instance of the virus is the same virus, the appearance of each instance is completely different, and makes it harder for us to detect. It's a real pain.' Fortunately, Smeg is very rare in the wild.

There are at present some 4,800 different strains of computer virus. Very few of these are actually 'in the wild', out in the computer community and spreading. This is for two reasons.

If a virus is caught early it can be eradicated. But most viruses never get into the real world. 'The people who 'write' viruses will quite often send them to the anti-virus community to say, 'Here's a virus I've just written. Isn't it lovely,' ' says Dr Solomon.

While these are not then usually introduced into the wild, the anti-virus software has to be updated to include protection against them, just in case.

Virus writers face various trade-offs which in some way mimic the biological virus world. If the virus is very destructive, then a great deal of effort will be made to track down sources of infection and produce protection against it. And if a user knows they have been infected they will take steps to clean the virus from their computer. The way around this is for evidence of infection to be delayed. Most viruses only deliver their 'payload' on a specific date or after a delay of weeks or months, or if the computer has been switched on and off a certain number of times.

While some viruses are destructive, most are not. 'The virus problem is getting more and more serious, but it's not ground-shaking,' says Vesselin Bontchev, a researcher at Hamburg University's Computer Virus Test Centre. 'In general, the viruses are just an annoyance that can be costly but not extremely dangerous. I consider them as something like the common flu among humans.'

'About 90 per cent of viruses have a payload that is entirely trivial - like a silly message or beeping the keyboard, but there is a small percentage of viruses where the payload is deliberately wicked,' says Dr Solomon. These normally try to destroy all the data on the computer's hard disc.

Phillip Zakas was lucky. The virus he confronted was not corrupting data, but it was slowing up the network and causing computers to 'hang' or stop working, when the network's anti-virus software was running. While Mr Zakas was fighting his virus infection he felt he needed to know more about the 'philosophy' of the virus.

Logging on to various computer services he began to see a trail leading back to a certain computer bulletin board. He got the information he needed. But he stayed longer and eventually was accepted, although somewhat warily, as a fellow virus writer.

'Most of them were very young - 17, 18, 19 years old. A lot of them were university students. A lot of them are extremely intelligent and write viruses not for the sake of destroying computers but to have one of their creations running on hundred or thousands of computers all over the world.'

So did he have any sympathy for them? 'Absolutely not. They don't realise that a virus, even if it's benign, costs a lot of time and effort and resources on any system it is introduced on. Even viruses that are designed to be benign can act unintelligently and damage systems. Anything that causes inaccessibility to databases in hospitals, government agencies or even international organisations such as ours does cause some sort of damage. They can hold up projects, transfers of money and and the kind of things like that normally keep our world connected electronically.'

What can be done to minimise risk of infection? Detective Sergeant Simon James of the Metropolitan Police's Computer Crime Unit gives this advice. 'Regularly use anti-virus software and regularly update it because new viruses keep appearing. Be aware of the risk of infection from floppy discs from outside sources. Be especially wary of discs from unknown sources. Be aware that programmes downloaded from other computers, such as bulletin boards, can contain viruses.'

The good news is that most computer bulletin boards contain anti-virus software that you can download for free. If you practise safe computing you should have nothing to worry about.