Viruses in Graphics Files

"Avoid detection and dodge selection."
--What Charles Darwin might have said if asked about the fundamental
behavior of computer viruses.

Every computer user worries about computer viruses. These often harmful and sometimes nearly undetectable programs are the subject of much consumer literature and urban folklore.

It is hard to generalize about computer viruses, but they typically are not very complex. In most cases, a virus is just a program that is written to replicate itself, avoid detection by both the computer user and the operating environment, and perhaps do a few other things along the way. Some viruses are meant to cause harm (e.g., destroy files and bring networks to a screeching halt), of course, but others are only inadvertently harmful due to logic errors in their own code or because of incompatibilities between the code and the system on which it is running. Still other viruses are programmed to be merely annoying; in some cases, they taunt their victim, who realizes to his dismay that something alien has at least partial control over his computer.

Why do we use the term computer virus? At first, the term may seem to be simply a play on the well-known phrase software bug. But there's more to it than that. The operational characteristics of computer viruses bear an amazing similarity to those of biological viruses. The primary goal of a biological virus is to reproduce. A virus is only a fragment of RNA or DNA, and therefore does not constitute what most people consider to be a living organism. Because it cannot reproduce on its own, a biological virus must infect a living host in which to reproduce--a process which may result in the disease or death of the host.

When an infected host program is executed by the operating system, the operating system unknowingly executes the viral code as well. The executed viral code is designed to seek out other compatible host programs and to attach copies of itself to them as well. When the code in a virus infects another program, the virus is said to have reproduced. Most executable programs, such as .COM and .EXE files on MS-DOS systems, contain machine code and are directly executed by an operating system. A virus can only infect files that it is designed to infect.

Some viruses are designed so they can attach themselves to batch files, shell scripts, the boot sectors on hard and floppy disks, and even spreadsheet and word processor macros. If it is code that can be executed by a software program, it is fair game for infection by a virus.

What about graphics files? Can they be infected with a virus? Is your computer system in any danger from infected graphics files?

Graphics files are generally collections of data and as such are not executed by a computer's operating system. Programs that use graphics files, such as display and editing programs, simply read the data in a graphics file into memory and then modify it for rendering to an output device. Graphics files that consist of data cannot be infected by a virus because the code is not executed. Static graphics files (i.e., those containing no code) are safe from infection.

Some graphics files, such as those used in multimedia applications, do have the capability of storing instructions that can be executed by specific software applications. Such instructions might display text, create sound, pop up menus, and read data from other files. Object-oriented files containing data and the code necessary to render the data are also in this category. These types of files are theoretically susceptible to virus infection. At this point, however, none to our knowledge have been attacked by viruses. This may change, however, as instruction sequences necessary for the proper rendering of a particular file become more complex. However, none of the file formats in common use support this level of complexity.


What about page description languages (PDLs) such as PostScript and hypertext languages such as HTML? Such languages are not actually graphics file formats, but are instead collections of interpreted statements that may contain or reference graphics data. Although the graphics data itself is not a target for a virus, the interpreted language code can be altered, and known security holes in the programming language can be exploited.

In summary, graphics files are very unlikely candidates for infection by computer viruses. In fact, most virus detection programs will not even bother to scan graphics files unless told explicitly to do so. Of course, a virus could still do nasty things to a graphics file, just as it could to any other type of file--for example, it could copy, move, alter, corrupt, or delete a graphics file, or it could append data to the file to cause it to grow in size. But a computer virus cannot use a data-only graphics file--or any data file, for that matter--to reproduce.

Copyright © 1996, 1994 O'Reilly & Associates, Inc. All Rights Reserved.

Hosted by uCoz