The Internet brings a new dimension to the virus problem.
Before, viruses generally spread from system to system on physical
media, often the floppy disk. This is a fundamentally slow way for
viruses to spread; if they are bad at reproduction or they are too
obvious, then they are unlikely to become widespread this way. The
Internet changes all this.
Most of the danger on the Internet currently comes from old
viruses exploiting new paths for transmission. There are basically
two ways they can do this: innocent and malicious distribution.
Innocent virus distribution
Sharing software over the Net is simple and easy; a simple mouse
click attaches a program to an email, and it is just as easy to
detach and run it. People can place a program on their web page
almost as simply, and this can be downloaded by anyone anywhere.
Any one of these programs could be infected.
What kinds of viruses could these practices spread? Purely boot
sector viruses are out. Parasitic file viruses work well in this
environment, although many (but no means all) users are cautious
about obtaining programs from places they do not trust.
The viruses that really win in the Internet environment
are the macro viruses. They are attached to data, not code, making
them harder to avoid. An increasing number of documents on the Net
are available as Word files, for example, with no alternative
format, and Word documents are frequently exchanged via email.
The only solution here is to obtain viewer programs which read
the data in the file but ignore the macros. Such programs are
available for Word and Excel among others. Never open a file you do
not trust with the application that created it.
Malicious virus distribution
Viruses may also be spread by malicious individuals, knowingly
passing on infected programs. Virus authors and others find the
Internet perfect for giving a new virus a start in life, by means
of hundreds of unsuspecting Internet users; by infecting an
attractive-looking file that then gets placed in a public download
area, the virus can spread far in a short time.
As before, caution is your protection here. Although less common
than innocent distribution, maliciously distributed viruses are
more likely to be new, maybe even previously unknown. Do not
download programs unless you completely trust the source, and do
not view documents in the creating application - use a viewer.
Programs written in Java have one of two forms: applets or
Java applets are run by another application (e.g. a web browser)
which is responsible for executing them in a secure environment
from which they cannot escape.
This requires a flawless, bug-free Java environment, which is
unlikely to exist yet. Faults have already been found (and fixed),
and more probably lurk undetected. Some of the known flaws have
been serious, allowing the applet to escape completely and do
everything a normal program could, although such flaws have been
Java applets generally flow in one direction; from server to
client, where they stop. Users do not generally give Java applets
to their friends; instead, they tell them where to go and see them.
Java applets do not get saved to local disk, except as web cache.
They are not good candidates for infection; if an applet escaped
from the cage Java is meant to keep it in, there would be no point
in it trying to infect other applets, since they would never
A harmful Java applet is likely to be in the form of a Trojan
horse instead; an intentionally malicious piece of code
masquerading as an innocent one. Given the speed with which Sun
Microsystems, Netscape and other Java vendors have fixed security
problems once they have been discovered, any such applet is
unlikely to work for long.
In contrast to Java applets, Java applications can do the things
that you would expect applications to do, such as saving files to
the disk. They could therefore perform operations that could
See The first Java
virus for more information.
Cookies have also been the subject of a number of uninformed
scares. In reality, the only problem with them is a privacy issue;
they cannot do any damage to your system. Cookies enable sites to
remember you, and keep track of your visits. Some people do not
want them to do this, and prefer the greater anonymity they used to
have. This is the only real problem with cookies.
There have been an increasing number of hoaxes and scares
stories about email viruses in recent years. See Hoaxes section for the latest examples of
With current email technology, it is not possible to become
infected with a virus simply by reading an email, as many of the
A virus could be carried within a file attached to an email, but
this could only be spread by detaching the file and executing it or
(if it contains macros) opening it with an application that could
execute the viral macros.
However, some new email software, such as MS Outlook, does
provide a mechanism for automatically executing macros whenever an
email is read, so there is the possibility of email viruses in the