Peter Denning says in Computers under attack that rogue programs possess four attributes. They
are present on the system without the consent of the system owner; have the capability of moving from one computer to another; potentially have the capability of destroying or altering files; [and] have the capability of denying service to legitimate users (p. 5).
Among the categories of rogue programs, he distinguishes the following:
A Trojan horse is a block of undesired code intentionally hidden within a desirable block of code. Examples of Trojan horses are logic bombs and time bombs, which perform some function based on a logical condition or a time condition, respectively.A virus is a specific type of Trojan horse that attaches itself to another block of code in order to propagate, has the capability to replicate itself (whether or not it does so), and is damaging or at best neutral (dormant).
A worm is similar to a virus in that it is not constructive and also may create replicas of itself; however, worms are independently operating programs that attempt to actively propagate themselves and their replicas throughout [a] network (pp. 5–6).
While definitions vary among authors, Denning’s definitions provide a starting point for the reader who wishes to explore the emerging field.
Since publication of the books in this review, the popular computer monthlies and weeklies have continued to publish cautionary articles on rogue software, and several software houses have introduced new or enhanced anti-viral products. Thus it appears that viruses and others of that notorious ilk may become a perduring scourge of the computing industry. In this world of infectious diseases, where all are regularly cautioned to avoid perilous contacts, computer professionals must also monitor their hygiene. But the books in this review are not only for those at risk; rogue software has apparently become a legitimate field, which scholars may investigate and students may study.
Although the books are aimed at different audiences (Denning, Hoffman, and Hruska are written for a technical audience, while Levin and Lundell are more broadly oriented, though they contain some technical discussions), they share at least one common concern: protecting computer systems from attack. In the three nonreaders, Hruska, Levin, and Lundell, this concern manifests itself in laundry lists of anti-virus measures, while in the two readers--Denning and Hoffman--the “medical” advice is dispersed among many articles. (Readers are collections of papers or book excerpts collected and organized by an editor for classroom use.) While all volumes give attention to MS-DOS viruses, the two readers are especially concerned about network infestation, with the infamous Internet worm receiving special attention. The hacker subculture--the principal source of rogue software and a fascinating topic in its own right--is addressed by all the books except Levin.
Lundell
A former BYTE editor has written a generally nontechnical, journalistic history of viruses and worms. Rambling, repetitious, uneven, and full of trendy prose, this superficial book, though occasionally provocative, often lacks credibility and ultimately doesn’t satisfy one’s curiosity on any level. It does, however, offer some interesting details on particular viruses and their creators, as well as a few pungent, speculative comments, especially on social issues and the hacker cyberpunk culture responsible for rogue software. The following excerpt is typical of the book:
[Hacking] has to happen because there are far more people who want to experiment with science than can be trained, funded, and monitored. …[T]he next generation of hackers will probably be genetic experimenters. …We would probably already have amateur nuclear weapons developed by hackers if it weren’t for the difficulty of obtaining fissionable material. Biological materials required for genetic engineering don’t demand the same enormous capital investment to refine plutonium.
| Table 1: Objective data |
| Lundell | Hruska | Levin | Hoffman | Denning |
| Audience | General | Technical | General | Technical | Technical |
| Bibliography | Yes | Yes | Yes | Yes | Yes |
| Glossary | Yes | Yes | Yes | No | No |
| Index | No | Yes | Yes | Yes | Yes |
| Number of chapters | 9 | 7 | 17 | 27 | 40 |
| Number of pages | 189 | 128 | 411 | 384 | 567 |
Hruska
Focusing on MS-DOS and the 8086 family, this brief but thorough review of anti-virus methods by a scholar and administrator from the United Kingdom is a highly disciplined effort. Technically impeccable, containing hardly a single superfluous word, carefully written and meticulously organized, the book is a pleasure to read and eminently useful.
The author clearly distinguishes different types of rogue software. Then, focusing mainly on the most serious threat--viruses--he systematically examines all points of attack within the computer and classifies viruses by point of attack. Common viruses are named, described, and analyzed; identifying hex patterns are given. Hruska spells out anti-virus procedures in some detail, and evaluates and classifies anti-virus software. The source code for two anti-virus programs is provided. The glossary and bibliography are genuinely helpful compared to the references and bibliographies in the other books.
Levin
The tone of this bloated “handbook” --written by a consultant and software developer with contributions by others--is distinctly entrepreneurial. From the admonitions in the introduction, “Why This Book Is for You,” to the software advertisements on the final pages, the readers are subjected to a hard sell. Some will regard it as only a venial sin that a bibliographic section contains books from the author’s publisher only, but it is simply unacceptable to devote four chapters to reproductions of anti-virus software manuals when the source code is not included and the reader is instead urged to purchase the software, using the coupons in the back of the book.
The book is shamelessly padded. Besides the four chapters on the absent software and the author’s verbose style, the book contains an irrelevant chapter on parking one’s hard disk; a long appendix containing unedited stories on rogue software from CompuServe Magazine; and a section written by a lawyer on the civil and criminal liability of virus writers that, in the absence of a single appellate citation, comes across as a fanciful though not unstimulating academic exercise.
If one looks very hard, one can find in this volume some very useful technical material on the two main issues in virus study: how viruses work and how they can be combatted. Also, apparently as a come-on, the author includes some serviceable anti-virus source code.
| Table 2: Topics covered |
| Lundell | Hruska | Levin | Hoffman | Denning |
| Anti-virus measures | Yes | Yes | Yes | Yes | Yes |
| Hacker culture | Yes | Yes | No | Yes | Yes |
| Internet worm | Yes | Yes | Yes | Yes | Yes |
| List of anti-virus vendors | No | Yes | Yes | No | No |
| List of virus hex patterns | No | Yes | No | No | No |
| Macintosh viruses | No | No | Yes | Yes | Yes |
| Network viruses | No | No | No | Yes | Yes |
| Social and legal issues | Yes | No | Yes | Yes | Yes |
| Source code for anti-virus programs | No | Yes | Yes | No | No |
| MS-DOS viruses | Yes | Yes | Yes | Yes | Yes |
| Trojan horses | Yes | Yes | Yes | Yes | Yes |
| Worms | Yes | Yes | Yes | Yes | Yes |
Hoffman, Denning
Most of the articles in these two readers were originally written by American academics for journals and research reports. The Hoffman collection, containing 27 items, emerged from graduate seminars on viruses given by the author at George Washington University. Denning, a NASA researcher and ACM editor, has put together 40 papers (mostly from ACM sources) in an attempt to bring these scholarly efforts to a wider audience. Hoffman’s and Denning’s books have seven pieces in common. Either volume would be suitable for adoption as a graduate-level text or resource.
While the readers are similar in tone and emphasis, they differ from the other books in this review. First, a substantial part of each book is devoted to social, moral, or legal matters (7 articles in Hoffman and 15 in Denning). Second, 7 articles in Hoffman are concerned with fighting network viruses and, while much of the Denning material is relevant to personal computers, the expressed main concern of the editor is also the protection of computer networks from “intruders” (that is, 7 pieces deal with worms and/or the Internet worm in particular). Finally, in contrast to the utilitarian slant of Hruska and Levin, many papers address more abstract, theoretical issues.
Comparison
Although both Lundell and Levin contain some useful and stimulating material, one cannot justify the time required to extract the wheat from the more dominant chaff; neither can be recommended. Between the two, Denning and Hoffman probably contain all of the best nonbook materials so far produced by American academics in this emerging specialty. Readers are, paradoxically, hard to read, however; no consistent viewpoint exists, and the context changes with each article. Thus, these volumes will probably be used as resources rather than as books to be read from cover to cover. Hruska is the clear choice for technically oriented readers looking for a succinct presentation that is also coherent, reliable, and intellectually satisfying.
Although the books examined here speak with different voices, one message comes through with remarkable clarity: no magic bullet can ever rid us of rogue software. The only ameliorative is constant vigilance supported by the broadest range of protective measures.
