This invention relates to a computer system that aids in the behavior modification of computer users who unknowingly and innocently spread computer viruses, specifically by teaching computer users to avoid computer viruses with the use of mock computer viruses and feedback measurements.
The Battle Against Computer Viruses:
Computer viruses pose significant threats to computer systems. Viruses cause loss of data, destroy computer hardware, create negative impacts to computer networks and systems, and disrupt business, government, and personal affairs. In the battle against computer viruses, an entire industry was created to develop and sell “anti-virus” software to detect, remove, and insulate computers from viruses. Numerous patents have been granted to achieve these same goals. Examples of corporations within the anti-virus industry are Symantec and Network Associates. Currently, the control of viruses is dependent upon companies such as these to identify characteristics of viruses, write anti-virus software to detect viruses when encountered, and insulate computers from viruses. However, viruses are created faster than anti-virus software, and anti-virus software cannot always prevent outbreaks of virus infections. It is desirable to avoid the negative impacts of virus infections without reliance on software that needs to continually adapt to detect new specific viruses.
What Are Computer Viruses?
A computer virus is a program that invades computer host systems. Once inside a host system, the virus may replicate and create copies of itself. The virus may also cause damage to the host system. Viral programs can damage host systems by using the host file system to overwrite data in host systems, or over-write data stored in networks attached to host systems, or create numerous other disruptions or damage. In addition to damaging the host system, the virus may perpetuate itself by transmitting replicated copies to other computer systems. Most computer viruses use e-mail systems to transmit the replicated copies to other computer systems. By transmitting replicated copies of itself to other computer systems, the virus invades new host systems and continues the life-cycle of viral replication, host system damage, and transmission of duplicate virus programs.
How Computer Users Spread Viruses:
E-mail systems alone cannot activate viral programs within host systems. Viral programs require activation by computer users, and therefore viral programs are sent as file attachments to e-mail messages. The creators of the viral programs rely on computer users to open the infected file attachments. The viral programs activate when users open infected attached files. The term “open” means the user starts the program in the attachment or starts a program associated with the attachment. In Microsoft Windows and NT operating systems, data files are named in a two part format of the form xxxxxxxx.yyy, where the “.” separates the user given name, “xxxxxxxx”, from the extension, “yyy”. The operating system uses the extension, “yyy”, to select how the data file is to be treated when opened. For example if the extension is “exe”, then the operating system treats the data file as an executable program and passes control to it when opened. Or, if the extension is “doc”, the operating system associates the document with the Microsoft Word program, loads the Microsoft Word program, and passes control to the Microsoft Word program with the data file as an input file.
What Are Viral Infected E-Mail Attachments?
Viral infected e-mail attachments are of two types: 1) programs that execute when opened or 2) “macros” that execute when data files are opened as documents in other programs such as Microsoft Word. A macro is a program that is written in a language specific to another program such as Microsoft Word. Macros are used to automate sets of “user actions”. Examples of macro “user actions” are the ability to open and write data files, and to send e-mail messages with attachments to recipients in the users' e-mail directories. Viral macros may use the previously described user actions and other functions to send replicated copies of itself as attachments to other e-mail users. The infected attachments may cause damage to data in the host system or to data in a network that is attached to the host system.
Life-Cycle of Computer Viruses:
The key to life or the goal of viruses is to replicate and transmit copies of itself to other computer systems. There are viral programs that can access the computer users' e-mail directory and the computer users' e-mail folders. This access allows the virus to send additional replicated viral attachments to associates of the user. The viral e-mail messages appear to originate from someone the recipient knows and trusts, when in fact the virus sends the e-mail message itself. The unsuspecting recipient opens the infected files due to the mistaken belief that the file is virus-free merely because the e-mail was sent from a familiar e-mail address. The opened and activated virus file repeats its cycle, and the virus succeeds in its continuous spread to other computer systems.
What Is Being Done?
Anti-virus companies such as Symantec and Network Associates attempt to stop viruses with the detection, removal, and insulation of computer viruses. Additionally, software creators of e-mail systems attempt to curb the spread of viruses by building features into e-mail programs that attempt to prevent the opening of viral attachments. For example, Microsoft Corporation added capabilities to recent releases of Outlook and Exchange e-mail programs that makes opening attachments with executable programs a two-step process. In the Microsoft Outlook e-mail program, an attachment to an e-mail appears as an icon in the body of the e-mail. The file name appears as text in the icon. The user “opens” the attachment by double clicking on the icon. The first step consists of a warning message that is displayed when the icon is double-clicked. The user must perform a second action to actually open the file. Consistent with this, recent releases of Microsoft Word and Excel have a similar two-step document opening process if there is a macro in the document. First the user is warned that there is a macro in the document. The second step requires the user to choose to not open the document, disable the macro and open the document, or open the document with an active macro. In spite of these virus avoidance measures, computer users continue to open attachments with viruses, which in turn harms their systems, and sends replicated viral copies to other unsuspecting computer systems. An article written by David L. Wilson and published in the Dec. 4, 1999 edition of the San Jose Mercury News is included as background information on how computer viruses damage, replicate and spread.