Patch Tuesday

On the second Tuesday of every month, Microsoft releases a list of known vulnerabilities in the Windows operating system. The company issues patches for those security holes at the same time, which is why the day is known as Patch Tuesday. Viruses written and launched on Patch Tuesday to hit unpatched systems are known as "zero-day" attacks. Thankfully, the major anti-virus vendors work with Microsoft to identify holes ahead of time, so if you keep your software up to date and patch your system promptly, you shouldn't have to worry about zero-day problems.

Virus Origins

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.

Unlike a cell, a virus has no way to reproduce by itself. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.

Similar to the way a biological virus must hitch a ride on a cell, a computer virus must piggyback on top of some other program or document in order to launch. Once a computer virus is running, it can infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.

People write computer viruses. A person has to write the code, test it to make sure it spreads properly and then release it. A person also designs the virus's attack phase, whether it's a silly message or the destruction of a hard disk. Why do they do it?

There are at least four reasons. The first is the same psychology that drives vandals and arsonists. Why would someone want to break a window on someone's car, paint signs on buildings or burn down a beautiful forest? For some people, that seems to be a thrill. If that sort of person knows computer programming, then he or she may funnel energy into the creation of destructive viruses.

The second reason has to do with the thrill of watching things blow up. Some people have a fascination with things like explosions and car wrecks. When you were growing up, there might have been a kid in your neighborhood who learned how to make gunpowder. And that kid probably built bigger and bigger bombs until he either got bored or did some serious damage to himself. Creating a virus is a little like that -- it creates a virtual bomb inside a computer, and the more computers that get infected, the more "fun" the explosion.

The third reason involves bragging rights. Sort of like Mount Everest -- the mountain is there, so someone is compelled to climb it. If you are a certain type of programmer who sees a security hole that could be exploited, you might simply be compelled to exploit the hole yourself before someone else beats you to it.

And then there's cold, hard cash. Viruses can trick you into buying fake software, steal your personal information and use it to get to your money, or be sold on the digital equivalent of the black market. Powerful viruses are valuable -- and potentially lucrative -- tools.

Of course, most virus creators seem to miss the point that they cause real damage to real people with their creations. Destroying everything on a person's hard disk is real damage. Forcing a large company to waste thousands of hours cleaning up after a virus attack is real damage. Even a silly message is real damage because someone has to waste time getting rid of it. For this reason, the legal system continues to develop more rigorous penalties for people who create viruses.