| What is a virus? | What is a Trojan Horse?|
How do I Avoid a Computer Virus? | General Information | Misconceptions ||
| Myths, Hoaxes, and Urban Legends | Origins | Virus Protection Products |
What is a virus?
A virus is an unwanted software program (application) that unknowingly attaches itself to your computer. It attempts to reproduce itself under specific
circumstances. For example, each time a specific day of the month is encountered, the virus is activated. This is referred to as the "payload". Some
viruses do nothing but reproduce themselves. Some perform trivial extras like beeping the keyboard, or forcing the file to be saved in a specific
format. Some are more destructive and attempt to rename or erase files or destroy the hard drive. There are many varieties of viruses, but the most
common are the macro virus and the boot sector virus.
Macro viruses are programming code, created by hackers or unethical programmers, which is either annoying, prankish or harmful. The macros are
written to attach themselves to the default document of a software package such as Word or Excel. When an unsuspecting user opens a document
containing a macro virus, the virus attaches itself to the default document. Each time a document is created or edited from this time forward, the virus
attaches itself to that document. The problem escalates as the document is passed on to other computers by file sharing or e-mail. The virus continues
to spread until it is removed.
Boot sector viruses attach themselves to the part of the disk that is read by the computer when it starts up. The boot sector contains important
information about the disk. In most cases, the virus relocates this information to another location and displays its own code. A boot sector virus can
be present on a diskette or a hard drive. It is spread by placing a clean diskette in to an infected computerís diskette drive,. The virus is copied to the
boot sector of the diskette, and the diskette becomes infected. The diskette is then moved to another computer, and the cycle continues until the virus
What is a Trojan Horse?
A Trojan Horse is a malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! When these programs are executed, the embedded virus is executed too, thus propagating the `infection'. This normally happens invisibly to the user.
This is unlike a worm, a virus that cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends. The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing cute messages on the terminal or playing strange tricks with the display (some viruses include nice display hacks). Many nasty viruses, written by particularly perversely minded crackers, do irreversible damage, like nuking all the user's files.
How do I Avoid a Computer Virus?
A computer virus is a program and not a microorganism, but
it is infectious and can be highly complex. Viruses implant
instructions in other programs or storage devices that can
attack, scramble, or erase computer data. The following
activities are among the most common ways of getting
computer viruses. Minimizing the frequency of these
activities will reduce your risk of getting a computer virus:
- Freely sharing computer programs and system disks
- Downloading executable software from public-access
- Using floppy disks, etc. with public computers that
are used by more than one person.
It is usually the unwary who get computer viruses. The
following is a list of some recommendations for safe
- 1.Install virus detection software on your computer.
- 2.Back up your files.
- 3.If you must insert one of your "floppies" into an
unknown machine, lock (write protect) it first, and
unlock your application disk only after verifying that
the machine is "clean".
- 4.Obtain public-domain software from reputable
sources. Check new software with virus detection
software before you copy it to a hard disk.
- 5.Quarantine infected systems. If you discover a
system is infected with a virus, immediately isolate it
from other systems.
More about viruses from Peter Tippett including information such as:
- The Virus Problem is Exceedingly Costly:
Despite the fact that viruses don't often cause the kinds of damage we
originally feared, they are indeed a very expensive and
productivity-draining problem which is only getting worse. NCSA's
"Computer Virus Cost Analysis" shows the average computer site (with
1000 PCs) will spend more than $300,000 on computer virus clean-up
this year! As a group, computer viruses have conservatively cost US
computer users over a billion dollars in the past two years!
- The Data Super Highway Could Make Things Considerably Worse:
Unless we address the right problems, not the misconceived virus,
security and system management issues, the increased connectivity that
a nationwide data path will provide will inevitably spell total
chaos--not only with regard to computer viruses, but also from other
computer security, management and ethical issues. Since computers,
televisions, radio, telephone, libraries, money, credit, and a host of
other things that we think of today as separate entities will soon all
converge into the same or co-existing digital systems, the chaos may
potentially extend to society-crippling proportions.
The Misconceptions:If the virus issue has generated anything, it has generated
misconceptions. Sadly, even most technical computer users and
analysts still adhere to many of these. The fact that most
organizations who experience computer virus problems will not talk
about them for fear of hurting their public image furthers the
problem. The result is that most approaches we collectively take to
combat the virus problem are based on premises which simply are not
- Misconception #1: Computer bulletin board software should be avoided
because BBSs are a leading source of computer viruses. The fact is
that the most common viruses (the boot track type) could not possibly
be either loaded to or downloaded from a bulletin board by any normal
or accidental means. Of the computer viruses which could move this
way, most simply do not. Bulletin board operators and users are
actually a very conscientious lot. This means that any policy against
using modems, bulletin boards, public-domain software, or shareware
will have no significant benefit in reducing an organization's virus
- Misconception #2: Software piracy is the leading cause of virus
spread. Viruses travel more with program diskettes than with
data-only diskettes. The fact is that bootlegged software does
contribute to the virus problem, but the much more significant
contributor is diskettes which contain only data (or even no data,
like blank formatted diskettes). Although it is true that computer
viruses cannot infect data per se and survive to reproduce, the most
common viruses can and do infect the diskettes carrying only data.
And when those diskettes are used, the virus can infect the next
computer's hard drive or files.
- Misconception #3: Most viruses intentionally cause damage by erasing
files, formatting disks, etc. The fact is that most viruses do not
intentionally cause any explicit damage. And even the viruses which
are programmed to trigger a damaging activity almost never cause harm
by this programmed activity. This is because most virus instances are
discovered before the programmed "trigger date." Once discovered, the
real costs of computer viruses come into play--the work in trying to
find all instances of them in your computer and at your site, and in
trying to remove them and de-contaminate the computers, disks, and
programs that the viruses have infected.
- Misconception #4: There are good viruses and bad ones. This is a
very common misconception. Those who write and distribute computer
viruses commonly claim that theirs is a "benign" virus because it has
no malicious trigger event and does no intentional harm. They are
duped by the same set of misconceptions that have duped the rest of
us--that the problems computer viruses cause are mainly due to the
trigger events. In fact, because all viruses replicate without the
computer user's or owner's knowledge or consent (by definition), the
very act of replicating is an act of contamination and is itself
harmful. It is much like cancer. The cancer cells themselves are
normally not harmful or poisonous, but the fact that they keep growing
and cannot be easily discerned or separated from the non-cancer cells
makes finding and getting rid of the invasion particularly difficult.
- Misconception #5: The virus problem waxes and wanes every few years.
Despite the fact that the news about computer viruses comes in waves
(mainly the Friday the 13th--Columbus day wave in October 1989, and
the Michelangelo wave in February/March 1992), the computer virus
problem has grown rather steadily and predictably since it began.
During the Michelangelo "crisis", 95 percent of problems that users
experienced from computer viruses were actually (and predictably)
caused by virus strains other than Michelangelo!
- Misconception #6: Computer security is effective against computer
viruses. One would think that the reason we have so many computer
viruses is that our computers are not "secure". In fact, traditional
computer security--that is, computer secrecy including access controls
and encryptio--have almost no effect on computer viruses. During
Desert Shield, a significant part of our own command and control
network (a quite "secure" network, as you might imagine) was, in fact,
infected by the then most common computer virus. The virus, called
Jerusalem, works quite well in a system where everything is
encrypted--it too becomes encrypted, and only becomes unencrypted when
it needs to infect something.
- Misconception #7: Another common misconception is that the computer
hardware manufacturers or the computer operating software vendors
ought to provide us with systems which cannot become infected. The
fact is that computer viruses are just computer programs. Computers
are designed to run computer programs. And there is nothing universal
about computer viruses that would allow them to be distinguished in
advance from any other program. Then we arrive at the unfortunate
truth that--computers are made to run computer viruses! Although it
is possible to make it more challenging for computer virus creators,
it is not possible to make a virus-proof computer (unless we do not
let that computer run any new programs).
Some sample virus information:
- Lovebug Virus
- W32/Bagle.f@MM Virus
- Spam-Skull.dll Virus
- Crypt Newsletter
- Virus Bulletin
- Woody's Office Virus Page
- McAfee's Threat Center
- Tips to Avoid Spam
- What is a Computer Virus
- SearchSecurity.com Definitions
Myths, Hoaxes, and Urban Legends
- McAffee Hoax Index
- Snope's Urban Legends
- McAfee Threat Library
- Word viruses
- CA Security Advisor
- CIAC Department of Energy Bulletin
- On the Origin and Evolution of Computer Viruses
- Viruses and Other Infections
- Interview with a Virus Writer
Anti-virus packages are quite similar.
Whichever you select, the key is to install it, use it, and
KEEP UPDATED your virus patterns updated.
However, know your products so you don't ask,
I'm Protected. Right?
- McAfee VirusScan
- Norton Anti-Virus
- Dr. Solomon's
Viruses in the News!
NEW VIRUSES TARGET STRONGLY ENCRYPTED FILES:
Two cryptographers have published a paper describing a new generation of
computer viruses that seek out the long keys used by "strong" encryption
programs and attach themselves to documents protected by those keys. The
randomness of the bits in encryption keys is what makes them stand out, as
most information on a computer's hard drive is stored in an orderly fashion.
The cryptographers recommend that network managers store keys on smart cards
rather than on a computer's hard drive, and securely delete them every time
they're used. For added protection, encryption programs could spread a key
among different memory locations, or all the data on a computer's hard drive
could be encrypted, so that the entire contents appear to be random. (Data
Communications 15 Mar 99)