I have a feeling there’s an obvious answer to this question, but I’ve never started a GQ thread before, so I’m revelling in the chance. :o
Having been soundly scolded by our computer lady at work to NEVER, EVER, under ANY circumstances put a floppy disk into my office computer if the disk had been in any other machine, for fear of viruses, a sensible precaution, and having received a CD today from the school I’m attending in the fall, with the attached note “please bring this with you when you come to school,” which I looked at on my home computer…
[deep breath]
…it occurs to me to wonder if computer viruses are transmittable by compact disc. I think that CD’s wouldn’t get infected from a computer they are used in because they are read-only, unlike floppies. Of course the manufacturer could always sneak a bug onto the disk, but that’s not what I’m talking about here. But then I remember seeing ads for to “Burn your own CD’s!” (generally accompanied by a claim for instant riches…or is that the other CD spam I get?) so I know that at least some CD’s are writeable.
So my question is, what is the difference between readable and writeable CD’s, and would there ever be a situation where you would get or transmit a computer virus by this medium? I do pretty much know how CD’s work (laser interference etc etc) but any comments from more knowledgeable folks would be useful on that topic too.
CDs from “the store” should be virus free. Certainlly it’s possible to put a virus on one, but that’d be awful malicious, sort of like injecting Tylenol with polio.
CDs are writeable and re-writeable now. They are called CDRs and CDRWs. If you don’t have a CD burner, you can’t write to a CD. Anyone can read a properly “burned” CD on their regular CD Drive.
You can take however many infected files from your system and burn them to a CD and pass them on to someone else and have that person execute the files from the CD and also pass along a virus. Think of a CD as a floppy disk with 650x the space. Do it happen often? No. Most people like to spread viruses via email which is quicker and hits more people. What fun!
Even though a CD is read-only, your hard drive isn’t. You can burn something malicious onto a CD and then write it to your hard drive. But you are right. If you have a CD and put it in your CD drive to view it, it is not writeable (unless you have an open session on a CDRW drive and a CDRW disk, which is not your case) and thus cannot be infected by your computer.
Also, tell your Computer Lady at work to get her department to spend a few dollars on a virus program for your workplace. Transmitting viruses via floppy is the least of her concerns, especially if you’re all using Outlook. It sounds like she went to the 1986 school of technology.
You can’t get a virus (usually) by just putting an infected disk into a machine. Something has to happen. Some program has to run. Granted, there are self-starting CDs (autorun) but I think you can tell the difference between a malicious CD and a harmless one (ie Don’t worry about things from a package). Most importantly, just don’t run suspicious files or programs. A lot of viruses are spread because of user action (opening files, deleting files when told to by hoaxes, etc) even though most people swear up and down they didn’t “do anything.”
Thanks much. So, you generally can’t get/spread virii accidentally by CD (if you don’t have a CD burner), right? Good.
Just wanted to comment on this:
You see, she’s very good about the virus protection software, so that’s not a problem. I guess I deserved the scolding because I had just given my computer a virus by downloading a Word document from Hotmail. At least I think it was me. I share the computer but no one else on that machine uses the Net much if at all. Thankfully it was a fairly innocuous critter and only affected my computer, not the LAN. But, while she was giving me my well-deserved wet-noodle thrashing, she made sure to remind me about floppies, particularly because she says our local college is notorious for having viruses. I attend there and occasionally I will work on school stuff at work on my off time. What she doesn’t know, though, is that I haven’t owned a floppy for transferring between computers for over a year–both because of viruses and because it’s a pain to have to carry the thing around. Mostly what I’ve been doing lately is just copying and pasting the text of what I am writing into an email, mailing it to myself at Hotmail, and then C & P’ing it into another document when I’m somewhere else. Unwieldy, I know, but useful when home & school have different word proccessing systems. Sometimes I will attach a Word document, and I guess this was what happened this time–it was a doc. I’d gotten from someone else, too…Hotmail said it was clear but of course there’s no guarantee they were right.
One of the relatively few malignant Macintosh viruses, the “Autostart Worm”, was transmitted quite often via CD. Macs are used often in the production of creative materials, and files made available on a semi-commercial or associate-partner sort of basis by burning CDs and distributing them. The worm spread by exploiting the CD autostart option. (It also spread via Zip cartridge).
You can’t spread a CD-borne virus if you’re not making your own CDs on a CD burner, but you can still receive CD-borne viruses, if you should be so unfortunate as to be acquainted with some Evil Person who, for reasons best known to himself, decides to include a virus on his homemade CDs of his “My Trip To Bermuda” pix that he’s giving away at work. When you put the CD in your machine, it installs the virus on your computer, whether or not you have a CD burner yourself.
Just be sure what kind of CDs you’re putting in your computer, and everything will be okay. I’m betting that the college’s “Insert this in your computer” CD is fine, if extremely dull.
Also, many anti-virus scanners actually scan for small fragments of executable code that viruses share (rather than matching up all the bytes in an entire virus). If you have your virus scanner set up to scan non-executable files, then it’s more likely that you’ll get a “false positive” alarm because the fragments the virus scanner is checking for just happen to match several bytes in a data file or picture file.