Creating a computer virus is like making a recipe for mischief on someone else’s computer. Imagine you want to bake a cake at someone else’s house without ruining your own kitchen. You study how their kitchen works, find a way to sneak in your ingredients, and then follow your recipe. The goal is to make their kitchen messy (infect their computer) while keeping yours clean.

Computer virus creators study computer systems to find vulnerabilities, just like you’d study someone’s kitchen. They then write code (the recipe) that can exploit these vulnerabilities on someone else’s computer, without harming their own. This way, they can infect other computers while protecting their own.

Every computer virus is different of course. It’s just a branch name for any malicious code that produces unwarranted effects.

But it all boils down to the difference between compiling and executing code.

When you write code on a machine, that code doesn’t necessarily run in that computer unless you actually execute it.

The producer of the virus never actually has to execute the instructions on their own machine, just compile it (which means; check it’s sound and ‘get it ready to launch’ in very layman’s terms).

Source: computer science grad and 10 years in programming.

Security researchers generally use the term Malware these days (malicious software). While the terms Malware and Computer Virus are generally used anonymously a computer virus refers to a specific type of Malware that infects files and self-replicates like a virus. While Malware can be any piece of software that runs on a machine for a nefarious purpose that doesn’t necessarily automatically spread. This is important to understand given your question.

Malware is not uncontrolled malicious code, it is meant to serve a specific purpose. When installed it doesn’t necessarily spread like a disease infecting every file and microchip in your computer like in the movies.

Malware and viruses are just computer programs like any other, they just happen to serve a nefarious purpose. They are written with computer code and often need to be compiled and run before they do anything. Like any other computer program it can sit on your computer and won’t do anything until something or someone runs it.

Hackers will use dedicated test machines and virtual machines to test malware rather than risking their own computers.

And yes sometimes they make mistakes, but running malware on your machine doesn’t automatically mean the machine is ruined. Running a keylogger for example that just records the keys on the keyboard, or stealing passwords from a computer are examples of viruses that won’t cripple a machine.

A cryptolocker virus on the other hand will destroy a machine in short order…

A hacker might also not be using Windows, it might be an Apple OS or Linux machine that they use to write malware for a Windows Computer. Hence that malware won’t even run on their own computer.

Creating a computer virus is like making a recipe for mischief on someone else’s computer. Imagine you want to bake a cake at someone else’s house without ruining your own kitchen. You study how their kitchen works, find a way to sneak in your ingredients, and then follow your recipe. The goal is to make their kitchen messy (infect their computer) while keeping yours clean.

Computer virus creators study computer systems to find vulnerabilities, just like you’d study someone’s kitchen. They then write code (the recipe) that can exploit these vulnerabilities on someone else’s computer, without harming their own. This way, they can infect other computers while protecting their own.

Every computer virus is different of course. It’s just a branch name for any malicious code that produces unwarranted effects.

But it all boils down to the difference between compiling and executing code.

When you write code on a machine, that code doesn’t necessarily run in that computer unless you actually execute it.

The producer of the virus never actually has to execute the instructions on their own machine, just compile it (which means; check it’s sound and ‘get it ready to launch’ in very layman’s terms).

Source: computer science grad and 10 years in programming.

Security researchers generally use the term Malware these days (malicious software). While the terms Malware and Computer Virus are generally used anonymously a computer virus refers to a specific type of Malware that infects files and self-replicates like a virus. While Malware can be any piece of software that runs on a machine for a nefarious purpose that doesn’t necessarily automatically spread. This is important to understand given your question.

Malware is not uncontrolled malicious code, it is meant to serve a specific purpose. When installed it doesn’t necessarily spread like a disease infecting every file and microchip in your computer like in the movies.

Malware and viruses are just computer programs like any other, they just happen to serve a nefarious purpose. They are written with computer code and often need to be compiled and run before they do anything. Like any other computer program it can sit on your computer and won’t do anything until something or someone runs it.

Hackers will use dedicated test machines and virtual machines to test malware rather than risking their own computers.

And yes sometimes they make mistakes, but running malware on your machine doesn’t automatically mean the machine is ruined. Running a keylogger for example that just records the keys on the keyboard, or stealing passwords from a computer are examples of viruses that won’t cripple a machine.

A cryptolocker virus on the other hand will destroy a machine in short order…

A hacker might also not be using Windows, it might be an Apple OS or Linux machine that they use to write malware for a Windows Computer. Hence that malware won’t even run on their own computer.

Possibly. Certainly the creator will want to test it. The simple answer is “use a sacrificial machine for this”. You could have an old machine that you just install the virus on while developing it and keep reinstalling fresh copies of the OS and development environment when it works and infects the machine. Alternatively you can build in a back door to deactivate the virus that only you know about and/or simply remove the deactivation code when building your final release.

>wouldn’t it infect and potentially destroy their system first before it’s spread to others?

Yes. When creating (or studying) computer viruses you need an environment to test it.

Virtual Machines (and entire Virtual networks) can simulate the infection and replication methods. You can “clone/pause/rewind/restart” virtual machines easily, without having to use “real” machines and risk unwanted spreading of malware.

Possibly. Certainly the creator will want to test it. The simple answer is “use a sacrificial machine for this”. You could have an old machine that you just install the virus on while developing it and keep reinstalling fresh copies of the OS and development environment when it works and infects the machine. Alternatively you can build in a back door to deactivate the virus that only you know about and/or simply remove the deactivation code when building your final release.

>wouldn’t it infect and potentially destroy their system first before it’s spread to others?

Yes. When creating (or studying) computer viruses you need an environment to test it.

Virtual Machines (and entire Virtual networks) can simulate the infection and replication methods. You can “clone/pause/rewind/restart” virtual machines easily, without having to use “real” machines and risk unwanted spreading of malware.