There is a myth going around that, if a computer virus does not have a payload, then it is not dangerous, and is in fact harmless. Some people even refer to these as toys. I want to examine this in more detail, and show why it is a myth, but we first need to do a short history of warfare.

Once upon a time, a long time ago, Og woke up to find Gonta playing rather closely with Sheema, who was what we would call Og's wife. Og got rather upset, and punched Gonta. Unfortunately Gonta was rather larger than Og, and puched him back, knocking him out, before turning his attention once again to Sheema.

When Og woke up, he made a plan. He went outside the cave, and climbed up above it. When Gonta came out, Og dropped a large rock on Gonta's head, killing him. And thus was born the principle of *long range violence* - whereby a person can inflict violence on another with little or no danger to themselves.

As time went by, improvements were made in the methodology - spears, bows and arrows, catapults, guns, bombs, missiles. While most of these were used in conventional warfare, a new breed of Ogs arose - the terrorist. They use long range violence against innocent people, with little care about WHO actually gets hurt. Their favourite tool is the time bomb.
Then came computers, and a new twist for the terrorists: computer viruses and trojans.

The term 'virus writer' needs clarification.

There are three groups of people who might write viruses:

1) a computer scientist working for a company developing a new operating system, and who has to test just how secure the operating system is.
2) a programmer working for the military, who has to develop programs designed to knock out enemy computer systems. (Although I can't see HOW they will (a) introduce it to the enemy systems; (b) expect it to remain undetected; and (c) activate all copies at the same time (except by time/date))

These two groups work in carefully controlled labs, and their creations do not get out, and thus do not bother the rest of us. While people in both these groups can be described as 'virus writers', they are not the cause of the current computer virus problem.

3) the underground and people of similar mindset, who think it is 'cute', 'neat', 'k00l', 'fun', or whatever the current slang phrase is, to write and distribute computer viruses and other rogue code (trojans, ansi bombs etc). To avoid confusion when referring to this group as opposed to the other two above, I have coined a new word - compterr (computer terrorist) - to refer to such people. The plural is compterrs, not compterri.

Now, to the subject of the 'harmless' computer virus.
There are basically four types of computer viruses: file infectors, boot record infectors, companion infectors, and FAT infectors. Let us look at each of these in turn.

File infectors: assume that a 'harmless' file infector exists. It has no payload, i.e. it has no code specifically written to do damage, like formatting C:. It infects .com and .exe files perfectly - the host program should always run after infection. Surely this virus is 'harmless'?

No.
(1) On a purely non-physical level, it harmful in two ways:
Firstly, it is unethical to modify someone elses programs without permission. Secondly, it destroys the trust that the user has in his machine and the software on it. Now he is never sure if running a program will result in a virus spreading or activating. Remember, the user does not know that the virus has no payload. And even if he did, do you suppose that he really wants all the files on his disk infected? The situation is that people have more implicit trust in a $5 calculator than in a $2000 computer.

(2) On the physical level, there is also damage. Firstly, the virus has to alter the code of the infected host, to ensure that the virus is executed. Viruses usually change the beginning of the host to allow the virus code to be executed first, before returning control to the host. So, the original file is damaged. Even running an anti-virus repair program is unlikely to restore the program to its original state.

(3) Then there are legal implications. Altering a program may be in violation of copyright. It may also invalidate the warranty on a program. Some programs which check themselves before running will refuse to run if infected by a virus. The user is denied the use of the programs for which he paid.

(4) Then there is the matter of trespassing. A hard disk is private property. You decide what you want to store on it. A virus removes that choice from you, and just invades.

(5) Consider the implications for a company which gives it's clients diskettes which have infected files on. The client detects the virus. Now do they still trust their supplier? A vital relationship has been damaged.

(6) The user has the inconvenience of checking every file and disk that he receives, and the hassle of cleaning the virus off of his system. This is wasteful of both time and money.

(7) Computer viruses waste disk space with useless code.

(8) Computer viruses slow the machine down with useless code.

(9) Memory resident viruses waste memory.

Some analogies to put the matter in perspective:
You have a letterbox. Everytime you get a letter, you also get an invisible letter with it. You remove the visible letter, but not the invisible letter. Pretty soon, your letterbox is full of invisible letters, and there is no space for your legitimate normal mail.

Or I come into your bedroom and spraypaint graffitti (Iron Maiden Rulez!) all over the walls. According to the compterrs, I have not damaged your walls - the original walls are still there, under the graffitti. Anyone agree that the walls are not damaged? How about if the original of the Mona Lisa was hanging on the wall at the time?

Or I come into your room, remove the blankets from your bed, place them under your bed, and put a small black suitcase on your bed. The compterrs say that the bed is not damaged, just rearranged. Time for you to go to bed. How do you? You have no way of knowing if the suitcase contains pressure-sensitive explosives or not. I have denied you access to your bed.

Some of the examples used about file damage also apply to the other forms of virus infection.

Boot sector infectors: Assume that a perfect boot sector infector exists. It does not matter whether it is a Main Boot Record (Partition Table) or DOS Boot Record infector - the operation is similar. The virus will move the original boot sector elsewhere, and insert itself where the boot sector was. Let us assume that the virus is well written and does not accidently put the moved boot sector over the directory table or the FAT. Surely such a virus is harmless?

No. See points (1), (4), (5), (6), (7), (8) and (9) above. In addition, the boot sector is no longer where it should be. The user might do certain operations assuming that it WAS still there, with disasterous consequences. In addition, some Main Boot Record viruses use that part of the first sector reserved for the partition table. If a user booted off a diskette, his hard drive would be inaccessible to DOS. Also, most boot sector viruses manage to wreck part of the FAT or directory tables on diskettes.

Analogy: I come into your room, move your bed out into the passageway, and put a camping bed in its place. Now when you want to go to bed, you find your bed is not what you thought it was.

Companion Virus infectors: These viruses create matching, usually hidden, .com files with the same name as .exe files. The .com files contain the virus code. Since DOS executes filename.com before filename.exe, the virus gets executed first. Now assume that a perfect such virus exists, with no malicious code. Is it harmless?

No. See points (1), (4), (5), (6), (7) and (8) above. In addition, this method of infection wastes more disk space than normal file infectors, since it creates new files. This clogs up the directory table with junk, and, since viruses are usually short, leads to lots of small files. For example, assume the virus is around 1000 bytes long, and your hard disk has allocation units of 2048 bytes. This is the minimum amount of space that DOS will allocate to a file, even if it is smaller. So for every copy of the virus, around 1k is totally wasted space. Now if you had 100 infected files on your hard disk...you lose 200k, half of which is empty..

Analogy: same as boot sector viruses.

File Allocation Table / Directory infectors: These are a variant of companion infectors. The difference is that instead of using DOS to execute the virus, the virus creates a copy of itself, and alters the pointers to a real executable to point to the virus instead. So when you execute filename.exe, you actually execute the virus, which replicates, and then passes control to filename.exe.

Again, assume such a perfect virus exists. It is harmless?

No. All points raised in the discussion about companion infectors also apply. Worse, cleaning up such a virus is often a nightmare, and can result in major data loss. This is because the virus manipulates the FAT directly, totally destroying what was there before.

Conclusion: there is no such thing as a 'harmless' virus.

The second bottom line: Viruses destroy time.

Users have to waste time checking all files and disks, and cleaning up after an infection. Remember too that time costs money...

The bottom line: Viruses destroy money.

Users are forced into taking expensive security measures, which costs money: the cost of the product, the cost of obtaining the product, cost of training, cost of cleaning up after an infection, cost of liability insurance. This money could have been put to more productive use. The cost is recovered by increasing the price of goods and services to the consumer. In the end, the consumer in the street (YOU!) ends up paying for the virus problem...