Some of my thoughts on virii
Q. Who makes them?
A. "Testosterone plagued script kiddies" Twenty years ago they'd be working on the cheby (junker) in the backyard. Today the Internet is the new back yard - and your pc is a piece of the transmission.
Q. How easy is it to write a virus or worm?
A. Ten years ago, virii were created to be resident at a much lower level on your system - usually within the bios and were created not by these kids, but by computer engineers and scientists fluent in assembler and microcode programming ( a lost art today). Today virii typically take the form of worms or macros created in a much higher language - visual basic, c++, or c. They typically interact with the applications that you use - not the operating system kernel or bios. There are 54 virus creation toolkits available at
http://vx.netlux.org/. Anyone can download these and use them - and many require a minimal amount of programming knowledge.
Q. Where did the first Macro virus come from?
A. Microsoft. The first worm - known as Concept was shipped by MS on thousands of CDs to members of the Microsoft developer network - and was contained within a word document.
Q. I have anti-virus software. Am I safe?
A good starting point for home users is
http://www.stormranger.net . Investigate the use of a personal firewall - Black Ice - as I recall is a good one for Windows users ( I am not one - use OpenBSD) - so there may be others. Recent attacks and remote compromise of your computer are focused on exploiting lower level holes in the operating system (Windows XP in this case) and the means in which they interact with the network. Simply put - some folks at Microsoft made a mistake when writing a small piece of the Plug and Play code. Keep your operating system updated on at least a weekly basis. I believe that
http://windowsupdate.microsoft.com will do this easily for you.
The crux of this whole badguy (virus writer, exploit writer) / goodguy (antivirus software, firewall, intrusion detection companies and individuals) situation is that today protecting oneself is based upon something known. Anti virus software must know with a priori knowledge that a certain virus exists. Hopefully soon that will change. Certain individuals ( myself included) and companies are deep in research looking at the otherside, namely the unknown by examining end user and system anomolies. Microsoft outlook should never write to certain portions of the filesystem during normal use, or Doc would never send 300 emails within the span of 10 seconds, or that . scr file ( a screen saver) would never interact with any part of the Windows subsystem except except the user's display. Products today that do this are raw to say the least, but should be arriving within a year or two. I started down this track four years ago, when writing information warfare attack and protection mechanisms for DARPA and the DoD - and it has taken this long for commercially viable implementations to begin to emerge.
But for today:
1. Use Anti-Virus
2. Use a personal firewall
3. Keep your system and applications updated and patched. Windowsupdate. microsoft.com
But most importantly, use common sense, which we all obviously have, since were not discussing powerstrokes.
Andrew
Chief Technology Officer / Chief Scientist of an Information Security firm
BTW I am actuallgygoing to write some new virii today for work for testing some new software.
Attention: TDR Forum Junkies 
