THE SANDRIN ANTI VIRUS CONNECTIONGENERAL VIRUS INFORMATION (FAQ)
- What is a computer virus?
- How do I get a virus?
- What do viruses do?
- Types of viruses
- Why do people make viruses?
- How do I know I have a virus?
- How do I prevent getting a virus?
- What are virus scanner definition files & why do I need to update them regularly?
A computer virus is a program, a piece of code or script inserted into programming with the intent to vandalize your computer. Viruses will lie dormant until something occurs to ‘trigger’ the virus at which time it delivers its payload.
The most common ways viruses are transmitted are by diskette, downloading, or executing email attachments. Recently, you can also encounter a virus by visiting certain types of webpages which utilize a component called Active X or Java. In addition, you can now get a virus simply by reading an email within certain types of email clients such as Outlook, Outlook Express, Netscape Mail or Eudora Pro (see the Bubbleboy virus).
* A note about Microsoft products: recently there have been an increased number of people who have made it their life’s ambition to undermine Bill Gates and Microsoft’s work by developing viruses which will only affect Microsoft’s operating systems, email clients, browsers and programs. Since Microsoft is by far the most popular operating system in the world with over 90% of the market, you will notice that the vast majority of viruses are written for Windows based systems. As a result, you can now get a virus from reading Microsoft Excel/Word Documents laced with malicious Macros embedded in them. You can also get one by merely reading an email in Microsoft Outlook or Outlook Express (see the Bubbleboy virus). In addition, if you have a certain feature called Active X enabled in the Internet Explorer web browser, you are also susceptible to getting a virus by simply surfing the net.
When a virus performs the action it was created to do, it is said to execute its ‘payload’. When delivering their payload, most viruses are relatively harmless doing nothing more than replicating and displaying messages of sorts. Others can be quite malicious by nature and attempt to cause irreparable damage to a person’s computer by destroying files, moving/overwriting the master boot record, erasing the contents of a hard drive or even writing to a computer’s basic input/output system (BIOS) rendering it useless (see CIH, Spacefiller, Win32.CIH).
Arguably, most viruses will not have a tendency to erase all files on a hard drive. The reason for this is that once a hard drive is erased, the virus will be destroyed along with it thus bringing an end to the virus’ plight.
There are generally 3 main types of viruses:
- File infectors: These viruses contaminate program files with the extensions .exe, com, .sys, .ovl, .prg. and .mnu . When you run the program or read the file with these extensions, the virus loads.
- MBR (master boot record), Multi-partite or System infectors: These viruses get their name by infecting the boot sector on a floppy disk. If you happen to have the diskette in your floppy drive while restarting your computer, it will likely check your floppy drive, find the infected disk, load the boot disk virus, and make it temporarily impossible to use your hard drive. You will also likely get a message such as ‘non-system disk’ error displayed. At this point, your hard drive will be infected making it impossible to reboot your computer without an emergency boot disk.
- Macro virus infectors: Macros are a set of instructions that everyday-users of Microsoft Word or Excel create to automate tasks. Macro Viruses use the code within these instructions to induce malicious activity. They are among the most common yet least harmful viruses in the wild. Most Macro Viruses will simply embed unwanted words or phrases into your document.
Other virus-like threats are:
- Worms: are by definition not actually viruses. They are a form of replicative code that maneuvers itself into a computer so that it can do damage. It is typical that they will disguise themselves inside some type of innocent looking programming or code. They usually spread themselves via email or Internet Relay Chat (IRC). Examples of worms are the infamous Melissa and the popular Worm.Explore.Zip.
- Back Orifice: is not a virus, rather it is a remote administration tool. It gives control of your computer to a remote-user by way of an internet connection. The remote-user takes control of your computer and can do anything that you can do from your keyboard including some things you can’t do. It can arrive disguised as a component of practically any software installation. It can be attached to other files or programs or run on its own. Most anti-virus software manufacturers have now included the ability to detect this culprit.
There are also various virus techniques that have been developed to help viruses avoid being detected by anti-virus scanners. Viruses can incorporate one or more of these methods. They are listed as follows:
Polymorphic Viruses: attempt to avoid detection by modifying itself. Essentially they change with each infection so anti-virus scanners will not be able to pick up on their signatures.
Spawning/Companion Viruses: do not actually intertwine itself with a file or program rather it uses a comparable file name and the rules of the program it infects to associate itself with it.
Stealth Viruses: like the aircraft which shares the same name, this virus will use various methods to avoid detection. A typical technique is to embed its code within a file that would normally increase the size of the file, however, the virus will conceal the increased file length by registering the original uninfected file length.
Trojan Horse Viruses: attempt to disguise themselves as something else. They are referred to as Trojan Horses in regard to the Trojan War where the Greeks, tired of attempting to infiltrate the city of Troy’s impenetrable walls, presented the inhabitants of Troy with a gift of a large wooden horse. The people of Troy accepted the gift and brought it within the walls of their city. However, inside the horse hid Greek soldiers that emerged from the horse during the night to capture the city.
It’s anyone’s guess at why people create viruses and only the creators know for certain. Some viruses are created for the technological challenge of creating a threat that is unique, undetectable, undefeatable, or simply devastating to its victim. However, it is arguable that most people create viruses as a form of vanity. The creator hopes that their virus will spread such that it will earn the creator the publicity. The notoriety is furthered when their virus is deemed to be such a threat that anti-virus manufacturers must devise a solution.
Many viruses may announce themselves by playing a sound or displaying a message on your screen or print-out but it is also not uncommon for a virus to show no signs of its presence at all. Viruses behave in many different ways and there is no all-purpose telltale sign to let you know that you have a virus.
Some symptoms of having a virus can be an overall decrease in computer performance, a decrease in memory, changes to files, or your hard drive spinning for no apparent reason. However, legitimate software can also cause your computer to display these characteristics as well. It is suggested that you install anti-virus software that can scan and detect the presence of most viruses.
How do I prevent getting a virus?
- The best tool for combating viruses is knowledge about how they act, infect, and spread.
- Know the origin of each program that you load into your computer and ensure that it comes from a trustworthy source.
- Always back up your data in the event that a poorly written virus irreparably damages your files.
- Have a write-protected boot diskette that was created on a computer free of viruses in the event that your computer may become infected in the future. This way, you will be able to still access and diagnose your computer in the event it fails to start after being infected.
- The last line of defense is having anti-virus software installed on your computer. Ideally, having 2 or more different pieces of anti-virus software is best. Anti-virus software isn’t effective unless it is kept up-to-date. Scanners rely on information from their manufactures to keep them informed on what the newest viruses in the wild are and how to combat them. This information arrives in the form of something called a definition file. A virus scanner’s definition file should be updated regularly (as frequently as every 2 weeks). This will ensure that your scanner is running at peak performance when scanning and cleaning the new viruses.
What are virus scanner definition, DAT or DEF files and why do I need to update them regularly?
Definition files are essentially the instruction set for anti-virus scanners to detect and remove viruses. New viruses are created everyday and scanners rely on definition files to inform them what signatures new viruses leave behind to be detected. It is for this reason that you should check regularly (roughly every 2 weeks) to see if there have been revised definition files for your anti-virus scanner to ensure that it is looking for the most current viruses.
Copyright© 1994-2008
This page was last updated
