Little Monsters

Ever since computer software came into existence, people have tried to develop programs that display the characteristics of life. One of the most intriguing characteristics to imitate has been the ability to reproduce. Developers with a less-than-considerate approach measured their success by how many computer systems their creations spread to, how quickly they spread, and how much damage they caused. The more reports developers read about the damage they caused, the more successful they felt. Such was the origin of the computer virus.

At first, viruses spread by diskette when users shared data or installed application software. The spread accelerated when LANs appeared in business offices and users began to use bulletin board services (BBSs) to share ideas and programs. Finally, the Internet gave the authors of these malicious programs access to an unprecedented number of machines in offices and homes around the world.

Today, many of the devices users carry with them--including Palm devices, Pocket PCs, and wireless phones--run software and can connect to some kind of network. Are these platforms the next battleground for computer viruses?

Over the years, I have taken what I think are decent measures to protect my laptop from viruses. But now I own a Web-enabled cell phone that is essential to my work. I have depended on electronic organizers for the last 10 years, and I currently own a Palm V that I regularly use to connect to the Internet and synchronize with my laptop. Should I worry about viruses affecting these devices? Yes.

So what do I do? How do I protect my connected devices from a virus attack? To address these questions, I'll examine what viruses are, the kinds of devices that could be affected by a virus, which viruses have appeared on these devices to date, and finally, what you can do about them.

What Is a Virus?

Several types of programs can damage your computer systems--not all are viruses. These programs are generally referred to as malapps (malicious applications). There are basically three types of malapps: viruses, worms, and Trojan horses.

A virus is a program that, when introduced into a host computer, replaces or attaches itself to another program. When that program executes, the virus replicates itself as part of its function. Viruses do not necessarily damage a computer system or application, and they are usually introduced without the user's knowledge. It is possible for your computer to host a number of viruses and for you to never know.

Worms are programs that replicate themselves from system to system just as viruses do but do not become part of other programs or files. The distinction here may seem trivial, but it is in fact quite significant. Suppose a worm named playball.exe has appeared on your computer. Generally, you have to choose to execute the potentially harmful program for the worm to do its damage. In this example, the user might notice the program name while looking for some other file and execute it, believing it is some innocuous video game. There are various techniques the creator uses for tricking you or your computer, but the worm is generally not as effective as a virus. However, suppose a worm appeared on your computer and attached itself to your word processing application. Every time you edit or create a new document, the worm will run, doing whatever it was written to do and attaching itself to yet another program on your computer.

When you think of a Trojan horse, you normally think of an application that pretends to be something other than what it really is in order to cause harm or mischief to your system. In the context that I'm discussing here, however, a Trojan horse may not necessarily be a destructive program, but rather something that merely causes unexpected behavior on your system. When the Trojan horse is introduced to your computer, it executes some kind of functionality--from something as seemingly harmless as displaying a message announcing its successful introduction to wreaking havoc on the operating system. A Trojan differs from a worm in that it does not replicate itself. In fact, it may even clean up after itself, leaving no trace of its existence.

To summarize, a virus is a malapp that replicates itself and becomes part of other applications or programs on your computer or device. A worm is a malapp that can replicate itself but does not become part of another program. And a Trojan is a malapp that neither becomes part of another program nor replicates itself, but does cause unexpected behavior.

How Do You Get a Virus?

Viruses do not appear out of thin air. Just as a person has to come in contact with another person or thing to catch a virus, so does a computer or device. If you take a Palm OS-based device as an example, contact occurs during a hot-sync, during an Internet connection, or when a user beams information to and receives information from another Palm device through an infrared data exchange.

Hot-sync? Beaming? What are these? A hot-sync is a method of synchronizing the information on a Palm device with a PC. To synchronize, you drop the Palm device into its hot-sync cradle, which is attached by wire to the PC, and then press the hot-sync button, which starts the synchronization programs on the Palm and PC. These programs access data stored on the Palm, such as datebook entries or even custom application data files, and typically update a database on the PC. Synchronization programs (called conduits) can also access information on the Internet via the PC and download it to the Palm device, or install new applications onto the Palm device.

Synchronization provides one opportunity for a virus to appear on your Palm. If a virus or other malapp gets into your PC, it can then position itself to install onto your Palm during the next hot-sync operation.

What about beaming? One of the most common methods for two people with Palm devices to share information and programs is to beam that information using the infrared ports built into every Palm device. Suppose I meet you at a business lunch and you have a Palm. After lunch, I might offer to beam you my business card, which is essentially just an address book entry that has my name, company, and phone number. After I beam it to you, you accept it into your address book. Suppose I then show you a great Palm program for managing sales contacts and you want the program on your Palm. I could easily beam that program to you just as I did my business card. If a virus or malapp has attached itself to an application that you are receiving from another Palm user, you will download that virus to your Palm device.

Some newer digital cellular phones also have infrared interfaces for sharing things such as phone book entries or even ring styles--those musical tunes that you sometimes hear cellular phones play--and simple arcade games. My phone lets me program my phone list over the Internet. In addition, by attaching a cable to my phone, I can change phone book entries from my laptop. In each of these cases, a virus has an opportunity to infect the software on the device.

The future will present more opportunities for viruses to travel to wireless devices. An example is a new radio technology called Bluetooth, a localized wireless network that promises to let users connect to peripherals and other users within several yards of them. In a worst-case scenario, the technology will let us send and receive viruses unwittingly.

How Can Viruses Affect a Wireless Device?

So I have a virus on my Palm. What's the big deal? The device holds only some address information and maybe some appointments. For many people, that on its own would be a big deal. I depend on my Palm to schedule dozens of meetings, weeks in advance, all over North America. If a meeting is deleted from my Palm, I don't go to the meeting. I lose the trust of that customer, and I lose my airfare when I don't show up for my flight.

Some people carry all their credit/debit card information, account passwords, and a host of confidential company and personal information on their Palms or other personal digital assistants (PDAs). If a Trojan installed itself on your PDA, one of the things it could do is send your password lists to the virus author every time you hot-sync or connect to the Internet--all without your knowledge. This would be especially disturbing if the PDA belongs to a computer operator who keeps the company's mainframe security officer account name and password on it.

The electronic phone book is one of the features of the cell phone that can cause the most damage to users today. If your phone book names and numbers were scrambled, you could find yourself dialing your mother's phone number when you think you're dialing the president of your biggest customer for that urgent conference call.

Some viruses may make their way to your PDA or phone without any intent to damage the information or programs on the device: The malapp's author may have something a little more sinister planned. For example, many companies issue PDAs to their sales force or their executive team as a means to plan meetings and keep in touch with one another about important company issues. To accomplish this, users synchronize the information on their PDAs with consolidated company schedule and information databases, which involves the hot-syncing process I discussed. If a user has contracted a malapp on his device or laptop, the malapp will then have an opportunity to replicate itself to the company's server and eventually to any devices that later hot-sync to that server.

What Viruses Have Appeared on Wireless Devices?

It may seem as if there are many opportunities for viruses to appear on wireless devices, but the applications most users run on them today are quite simple and don't make for very attractive hosts. Currently, the most complex programs are arcade-style games, which are also the programs most likely to be shared among PDA owners.

The first malapp to appear on any of these devices was a Trojan called Liberty Crack, which appeared on a Palm device back in August 2000. This malapp was directed at individuals who wanted to "crack" a shareware version of a program called Liberty (a program that lets users play Nintendo GameBoy games on a Palm) into a fully registered version of the software. A "crack" is a program that "fixes" (i.e., patches) a shareware program so that it behaves as a registered version without the user having to pay for it. This Trojan deleted the application data on the Palm. Users installed the malapp onto the Palm by hot-syncing to their laptop, by having it beamed by another unsuspecting user, or by downloading it to the Palm as an email attachment.

The next malapp to be identified was also a Palm Trojan and appeared in September 2000. This malapp arrived on the user's laptop using the normal techniques, such as email or untrusted software download, and then reached the Palm device through a hot-sync operation with the laptop. When executed, the program changed a flag on the icons of all the Palm programs so that the icons didn't appear, leading the user to believe that all of the programs were gone. This malapp written specifically for the Palm was detected before it could install itself onto any devices; there are no reports that it has affected any users. As with the Liberty Trojan, a user had to choose to download the program to the Palm device.

The third malapp to appear on any of these devices was a true virus. Appearing on a Palm in September 2000, the virus overwrote a portion of every third-party program on the device. When a user called one of these programs, the newly injected code executed, draw a rectangle on the Palm screen, made sure all uninfected programs installed on the Palm were then infected, and finally failed. The virus affected only a small number of PDAs and was contained quickly.

You may have noticed that all of the malapps I've described target Palm devices. Why is this? Any explanation would be speculation at best, but you could say that the odds are against the Palm devices. According to Palm, Palm OS devices account for more than 75% of all PDAs sold and more than 95% of all corporate-issued PDAs. Given that virus authors tend to write viruses for maximum feedback (i.e., anonymous notoriety), if there is a PDA platform to infiltrate, Palm is it.

There are many more digital cellular phones than PDAs, so why are there no reported viruses for those devices? Based on the same analysis I used for PDAs, this wouldn't seem to make sense. But in reality, there are relatively few Web-enabled phones, and many of the owners of these devices do not use this capability. So writing viruses and malapps for digital cellular phones is a low-yield undertaking.

More than 53,000 viruses have been identified in the Windows world to date. Assuming only three viruses have been found for wireless devices so far, you might think I have exaggerated the possibilities. This is not true. One of the reasons for the disparity is that Windows has been around much longer than these wireless devices. There are many more installations of Windows, too. Another factor is that successful wireless malapps must be written in such a way that they can replicate themselves across a network of computers and eventually cross the boundary from one operating system (Windows) into another (Palm OS, Windows for Pocket PC, etc.).

How Can You Protect Your Wireless Device?

More than anything else, caution and common sense are your best protection against viruses. If you depend on your PDA or phone to make your appointments, keep your appointments, make your flights, etc., don't install every cool utility or game you come across, especially if you are unsure of the source and reliability of the programs.

Antivirus software has been available for PCs and PC servers for many years. Some of these tools have extensions built to watch over the information being sent to and from a PDA during a hot-sync operation. Still others have virus checkers that reside on the device to help prevent viruses from being installed by network connections, hot-sync operations, or infrared transfer.

McAfee.com (www.mcafee.com) and Symantec (www.norton.com), two leading antivirus software companies, offer software you can install on PC servers and on your laptop. The software can protect your network from viruses that might reach you through email or through files copied to the server by a client PC. When installed on your laptop, such products can protect your computer from viruses coming from unprotected networks or email. In addition, McAfee.com has a program called MARS (McAfee.com Anti-Virus Resident Scanner) that you install on your Palm device and use to scan your Palm for viruses.

These programs are not foolproof and will not always detect a virus. The reason for this is quite simple: A virus or malapp is really just a program like any other program, except that the author has intended for the program to cause some sort of mischief. It may be difficult for antivirus software to determine the intent of a program, but it is possible to recognize software that has caused havoc in the past. The way to do this is to keep a reference database of patterns that you can compare to anything you may be receiving on your computer or that is already on your computer--a fingerprint, if you will. It is important to keep this database as up-to-date as possible through your antivirus software provider.

If wireless viruses grow in number from three to anywhere near the 53,000 viruses known to exist in the PC world, users will have to think of more clever ways to detect malapps as they attempt to invade our devices, as the devices typically don't have the memory to store a large database of virus fingerprints.

A Modern-Day Frankenstein

If there is antivirus software available to protect your computer systems and writing malicious applications to attack wireless devices is so complex, why would anyone try to write such software? Dr. Frankenstein, in all his insecurity, persisted and succeeded to some extent in creating new life, even though he paid for his success in the end with his own life at the hands of his creation. Although it's not guaranteed, many virus authors meet their end, too, at the hands of law officers. Don't give them a chance: Protect yourself. Install antivirus software for your computer and your PDA, and treat all applications obtained from unknown sources as potential virus threats.

Andrew Vaiciunas is manager of presales (Canada and Eastern U.S.) at LANSA Inc. Andrew can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

Also Read

TechTip: A Primer to Bootstrap 4, Part 2

TechTip: A Primer to Bootstrap 4, Part 1

A Hand-Holding App Builder for Handheld Devices