ad info




CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:

COMPUTING

From...
PC World

Windows 2000 virus: Stunt or preview?

windows

January 17, 2000
Web posted at: 9:57 a.m. EST (1457 GMT)

by Stan Miastkowski

(IDG) -- The discovery this week of the first computer virus that works specifically with Windows 2000 initially brought questions about the soon-to-be-unveiled operating system's security.

But experts who have taken a closer look at the virus, officially dubbed W2K.Installer.1676, say it doesn't take advantage of any potential security holes. In fact, it's a relatively conventional file virus that only infects Windows 2000 for the simple reason that it checks to see which OS it's running on, and spreads only if it's Windows 2000.
MESSAGE BOARD
Microsoft

The virus isn't in actual circulation yet, nor do virus researchers expect it to ever be. Research labs found out about W2K.Installer.1676 when it was sent to them, apparently by its author. In addition, it lacks a damage-causing payload. The only thing it does is spread itself.

Despite the virus being characterized as "rare," major antivirus software makers say their existing packages will detect W2K.Installer.1676 because of the way it works, although they plan to add specific protection against it in their next virus signature updates.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
  E-BusinessWorld
  Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for computer geniuses (& newbies)
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Vincent Weafer, director of the Symantec Antivirus Research Center, says that W2K.Installer.1676 may simply be a "proof of concepts," a typical first-generation virus where the dark fraternity of (mainly male) virus writers explore a new OS, looking for holes or just proving that they can write a virus that works only with that OS, which they were able to do in this case.

Or it may just be an ego thing, according to Weafer, with the author wanting to be the first to write a Windows 2000 virus.

No antivirus magic in W2K

While Weafer says that Windows 2000 is "overall a more secure operating system," he says that users still need to be careful, because most viruses that can infect Windows 98 and NT can also infect the new OS.

Under the hood, W2K.Installer.1676 is what's known as a "cavity infector," a common type of virus that looks through files to find unused spaces in the code. When it finds a space big enough, it inserts itself in the file. And because it doesn't actually change the size of the file, it attempts to work around the "heuristic" protection in most antivirus software, which looks for unexpected changes in the sizes of files.

In one way, W2K.Installer.1676 is almost a step back to reusing earlier virus technology in a new context. Cavity infectors were widely used in early DOS viruses, but fell out of favor with virus writers.

When asked about Microsoft's reaction to W2K.Installer.1676, a spokesperson said it's nothing but "a publicity stunt." She added that "a virus is by definition just an application that does something malevolent, and Windows 2000 runs applications."


RELATED STORIES:
First Windows 2000 virus detected
January 14, 2000
Microsoft partners reveal Win 2000 exploits
November 23, 1999
Windows 2000 reliable, says Microsoft
November 16, 1999

RELATED IDG.net STORIES:
First Windows 2000 virus debuts
(PC World Online)
Windows 2000 to open in February
(PC World Online)
Preorder Windows 2000
(PC World Online)
Windows 2000 VPN technology causes stir
(Network World Fusion)
Exchange 2000 won't ship with Windows 2000
(Computerworld)
Windows 2000 code complete
(Network World Fusion)
Prepare for Windows 2000
(Computerworld)
Moving to Windows 2000
(Computerworld)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
Microsoft Corp.
FedCIRC virus center
ICSA 2000
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.