## Viruses on Windows, Macs and Unix

The most powerful force in the universe is compound interest.
– Albert Einstein

Einstein may not have said that, but compounding is really powerful. I’ll get to the point in a bit, so just read on…

There’s this story I read about a rich man employing a young lady to count his fortune. She took 6 days to complete the task, and the result was that the man was 42 million dollars rich. The man then asked her how she wanted to be paid.

[For the purposes of the story, 100 pennies equal a dollar.]

The young woman asked to be paid 2 pennies for her 1st day. Then pay her the amount paid the previous day, multiplied by itself, for the next day. So her 2nd day costs 2 * 2 = 4 pennies. Her 3rd day costs 4 * 4 = 16 pennies. And so on till her 6th day.

The rich man thought, “Such a foolish girl!”, and promptly agreed.

So for her 4th day, she had 16 * 16 = 256 pennies. Her 5th day costs 256 * 256 = 65536 pennies. And her 6th day? 65536 * 65536 = 4294967296 pennies.

Wait a minute! 4294967296 pennies is just over 42 million dollars! And so the young woman took all of the rich man’s money. The end.

The point is, small things can add up (or in the clever woman’s case, multiply up). What’s that got to do with computer viruses? What is the primary ability a computer virus needs? To spread to as many computers as possible.

[For the purposes of the following discussion, “computer virus” encompasses all the bad things coded by a human being that could happen on a computer. That should cover viruses, worms, hacks and so on…]

This is why I find people’s reactions to the “susceptibility” of Windows machines towards computer viruses, … confusing. They might say that Macs don’t have this problem, or Unix machines have that security clamped down. There will be rabid fans supporting their favourite operating system.

The thing is, I’m sure there are computer viruses on Macs and Unix. Why is there a lack of mass destruction and mayhem on those platforms? My answer might be deflating for those supporters.

There simply aren’t that many people using those platforms.

As far as I know, Windows is used by most people on a computer. The path of least resistance for a virus writer is to target Windows. And he won! For a while at least… then another outbreak, then fixed and so on.

Each “win” sort of amplifies the “susceptibility” of Windows. Virus writers get a little bolder, a little more creative. People get scared, news stories (in the early days) sort of “glorifies” the damage done, and the difference in platforms got a little wider (even if it’s just people’s perceptions).

Bit by bit, Windows come under fire for things such as the blue screen of death, the ease with which an attacker disrupts, and poor security models. I believe it’s just a scaling factor. Web browsers are now targeted, and that means the operating system doesn’t matter as much anymore.

This is why I find it amusing whenever I encounter what’s known as an Apple fanboy. The praises showered on Apple products for their beauty and elegance. Granted, that’s true. It’s when they also show their disdain for Windows that’s amusing. Why such a strong emotion?

I admit right now. I don’t really have overwhelming love for Windows. Hey I’ve got an iPhone! I just find it useful for me. I like using .NET because it allows me to do what I want quickly and easily (I have a friend who “eewws” at the mention of .NET …).

And I’ve only been seriously wounded by computer viruses a couple of times in my entire life of using computers (probably protected by my positive aura). So I’m offering another reason, and drawing a broad generalisation in the process… Mac and Unix users are generally fairly competent with computers. They are designers, so using image editors is second nature to them. They are system administrators, and let’s face it, if you can do command line stuff, you’re competent.

It’s the not-so-competent users that get hit by computer viruses. Broadly speaking of course, and I don’t know if it’s true, so this is just my conjecture. Where are most of those users? On Windows machines.

So based on small reasons, a twist of fate here and there, and compounding all that, and Windows seem to be riddled with security loopholes, wide open for any attack. But I don’t see it that way.

## Computer virus behaviour thesis

I was going through some web site logs, and found an interesting combination of search terms. This site was listed in search results for “computer virus”, “dissertation” and “thesis”. I racked my brain for the reason why. Then I remembered I wrote something about the computer virus behaviour thesis for my final year project in university.

I rummaged through my collection of important CDs, and found it. With a small slip of paper that reads “Vincent’s Honours project — DO NOT ERASE!!!”, it’s easy to guess what’s inside that CD. Alas, it didn’t contain a PDF of my dissertation. It did contain all the source LaTeX and PostScript files. I wasn’t really in the mood to install a converter, so I went for the easy way out: ps2pdf.com.

Download the computer virus behaviour thesis in PDF (372 KB). I’d appreciate some credit if you find anything useful.

In fact, I’m feeling generous. Here, download the whole shebang (525 KB). The zip file contains all the program source code, MATLAB code files, LaTeX source files, PostScript files, some image files and even the PowerPoint slides I used for my presentation.

It’s been what, 6 years? So don’t expect me to remember a lot of stuff… A short breakdown then.

The “program” folder contains the source code for the simulation program running on Unix. Note the accompanying MATLAB files. This was where I used the output of the C program to generate data files usable by the MATLAB code to generate graphs. Note the narcissistic name of vince.c *smile*.

The “winprog” folder contains the source code for the simulation program running on a Windows computer. I used this version for the presentation. It’s more interesting when the audience could see the infection in “real” time. The code was written in Dev-C++ IDE. The code was based off a game template I was working on, hence the use of DirectX and the game-related comments and code structure.

You’ll find a few files with the .pfn extension. If I remember correctly, that’s my custom font file format, and it stands for “Phantasy Font”. I was running a web site phantasyrealm.com then. Don’t bother looking, the site’s not there anymore; I took it down. If you look through the code, and find any references to phantasyrealm, you’ll know what it is.

Question: Can you figure out the structure of the .pfn files?
Hint: It has something to do with bits, where 0 is black and 1 is white. It also has something to do with a 256 by 256 pixel grid. Or was it 128 by 128? *smile*

The discussion on spatial graphs is interesting. Imagine an entire grid of nodes, each node connected to the node above it, below it, to the left and right of it. If the grid wraps vertically and horizontally, the topology effectively becomes a torus (aka donut).

To visualise this, imagine you have a sheet of paper. Roll it so it becomes a cylinder with open ends. Then imagine bending the ends towards each other to form a loop. Tada! Torus formed.

I presented 4 points in the thesis

• Topology
• Advanced alarm system (foreknowledge of the virus epidemic)
• Natural response system (higher vigilance after infection, decreased immunity over time)
• Periodic activity system (computers and users are not “on” all the time)

I also remember my thesis advisor asking if any one point could be taken out and still produce the desired results. I said no. It’s only now that I realise he was referring to irreducible complexity.

So, I hope I’ve given you some useful information, some points to ponder and a fun computer virus simulation program to play with. Have fun!