How come viruses work?

That leads directly to a major part of my question: when the virus asked your PC to do whatever it was that it did, how come your PC acceded to the request? Why didn't it say "who the hell are you?" or "not without proper authority I don't" or something like that?

Presumably you opened the torrent, which ran a torrent opening program you'd previously installed from the internet somewhere...

Strictly speaking, IE's HTML renderer is itself an ActiveX control: it's possible to embed a new HTML document inside an HTML document using an <object> tag in IE

Various other things are also implemented as ActiveX controls, such as Media Player plugins, QuickTime, Java applet runners. Then there's things like MSXML, which are ActiveX controls that don't have a UI.


In addition IE has Browser Helper Objects, which are used for things like toolbars, as well as assorted pieces of malware and spyware.

Which is why there have been no new PC viruses now for well over 15 years.

If you are running on an account with administrator privileges, which has historically been the default setting in Windows, then how is the system supposed to distinguish between you running a program and something else running it? Your account provides the authority.

Modern applications aren't just monolithic blocks of code: they rely on a multitude of components working together. When your web browser wants to look up the IP address of a web site, or your email client wants to look up the IP address of a mail server, they both rely on the DNS lookup component of the operating system. That in turn doesn't know how to communicate with your Ethernet card or your wireless router: it relies on other components to do that. When the DNS service gets the IP address back from the Internet, and wants to save that address so it doesn't have to look it up again, how does the system know that its attempt to write to the disk is the result of you hitting return after typing "example.com" into your browser a second before? How does it know that what is being written to disk is a string of characters, rather than a piece of executable code?

Meanwhile, your network drivers are logging messages, your mail client is downloading mail, your feed reader is updating feeds, your Windows Update is modifying core OS files and telling you to reboot or else, Word is autosaving in the background, Media Player is streaming video ready for when you unpause it... the number of interactions going on within the average PC is so great that it's very difficult for the system to know what instigated any given one - was it you, or a virus?

What if it's a virus that intercepts the keyboard entry point and sends fake keystrokes into the system? How can it tell that those keystrokes came from the virus, rather than you typing? What if it sends fake mouse messages, so that when an alert pops up saying "Are you sure you want to send donkey porn to your boss and then trash the hard drive?" it clicks "OK" without human intervention? How does it know that it wasn't you clicking OK?

Your best bets are:

• Keep up-to-date with Windows Updates;
• Don't forget your other software: most things will let you know if they have an update available, but what about those that don't - check the web site;
• Always read warning messsages, and be sure you know what you're doing before saying "OK";
• Don't visit any even slightly suspect web site: they have a habit of installing things even if you click "Cancel" or use the "X" to close the confirmation dialog;
• Don't ever open an email attachment unless you're absolutely certain you know what it is.

You'll notice that everything in that list is something that puts the onus on you. The computer is just a machine; it can't make reliable judgements for you.

Obligatory car analogy: it goes where you steer it, at the speed you dictate; it can't stop you driving into a wall. Even those new-fangled collision avoidance systems couldn't save somebody who drove off a cliff at ten miles an hour. Similarly, no matter how many safety systems are added to an operating system, they'll never be perfect if it's to remain usable (see UAC), so you'll have to be perfect for it

Many thanks for an extended analysis.

Trouble is (to continue the car analogy) that some of those pieces of advice are equivalent to saying "don't drive on any road where you even slightly suspect that there may be dangerous drivers", or "never drive a car unless you know personally the people who built it".

Which is accurate enough, I suppose: when you get on the net, you're driving in Iraq, not in Hertfordshire.

So you mitigate that risk by taking out insurance: "I bet I have an accident".

Take backups.

A "drive by virus"? If you're PC sits behind a hardware firewall in a router, shouldn't it stop things like that happening?

Indeed, but the reasons are nothing to do with what you said, which was almost completely wrong. Or possibly completely wrong, I'd have to go back and check.

In truth the NT line of Windows (i.e. NT, Win2K, XP..) have all had pretty good security, and the OS is well protected from rogue applications. The problem has always been as Nick says, most users, even in corporate environments with IT departments who should know better, logon with an administrator account and so bypass the whole lot.

The real problem is that windows and windows programs are constantly doing whatever they feel like. If all these damn background tasks and updaters did not keep chugging away all the time it would be easier to notice anything unusual. Most of it seems completely unecessary.

I'd like reserved areas of memory and hard disc that could only be write accessed if I flipped a switch. One could then check the common areas thoroughly before allowing use.