What is a virus?

A virus is an unwanted software program (application) that unknowingly attaches itself to your computer. It attempts to reproduce itself under specific circumstances. For example, each time a specific day of the month is encountered, the virus is activated. This is referred to as the "payload". Some viruses do nothing but reproduce themselves. Some perform trivial extras like beeping the keyboard, or forcing the file to be saved in a specific format. Some are more destructive and attempt to rename or erase files or destroy the hard drive. There are many varieties of viruses, but the most common are the macro virus and the boot sector virus.

Macro viruses are programming code, created by hackers or unethical programmers, which is either annoying, prankish or harmful. The macros are written to attach themselves to the default document of a software package such as Word or Excel. When an unsuspecting user opens a document containing a macro virus, the virus attaches itself to the default document. Each time a document is created or edited from this time forward, the virus attaches itself to that document. The problem escalates as the document is passed on to other computers by file sharing or e-mail. The virus continues to spread until it is removed.

Boot sector viruses attach themselves to the part of the disk that is read by the computer when it starts up. The boot sector contains important information about the disk. In most cases, the virus relocates this information to another location and displays its own code. A boot sector virus can be present on a diskette or a hard drive. It is spread by placing a clean diskette in to an infected computer’s diskette drive,. The virus is copied to the boot sector of the diskette, and the diskette becomes infected. The diskette is then moved to another computer, and the cycle continues until the virus is removed.

What is a Trojan Horse?

A Trojan Horse is a malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! When these programs are executed, the embedded virus is executed too, thus propagating the `infection'. This normally happens invisibly to the user.

This is unlike a worm, a virus that cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends. The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing cute messages on the terminal or playing strange tricks with the display (some viruses include nice display hacks). Many nasty viruses, written by particularly perversely minded crackers, do irreversible damage, like nuking all the user's files.

How do I Avoid a Computer Virus?

A computer virus is a program and not a microorganism, but it is infectious and can be highly complex. Viruses implant instructions in other programs or storage devices that can attack, scramble, or erase computer data. The following activities are among the most common ways of getting computer viruses. Minimizing the frequency of these activities will reduce your risk of getting a computer virus:

Freely sharing computer programs and system disks

Downloading executable software from public-access bulletin boards

Using floppy disks, etc. with public computers that are used by more than one person.

It is usually the unwary who get computer viruses. The following is a list of some recommendations for safe computing:

1.Install virus detection software on your computer.

2.Back up your files.

3.If you must insert one of your "floppies" into an unknown machine, lock (write protect) it first, and unlock your application disk only after verifying that the machine is "clean".

4.Obtain public-domain software from reputable sources. Check new software with virus detection software before you copy it to a hard disk.

5.Quarantine infected systems. If you discover a system is infected with a virus, immediately isolate it from other systems.

More about viruses from Peter Tippett including information such as:

The Virus Problem is Exceedingly Costly: Despite the fact that viruses don't often cause the kinds of damage we originally feared, they are indeed a very expensive and productivity-draining problem which is only getting worse. NCSA's "Computer Virus Cost Analysis" shows the average computer site (with 1000 PCs) will spend more than $300,000 on computer virus clean-up this year! As a group, computer viruses have conservatively cost US computer users over a billion dollars in the past two years!

The Data Super Highway Could Make Things Considerably Worse: Unless we address the right problems, not the misconceived virus, security and system management issues, the increased connectivity that a nationwide data path will provide will inevitably spell total chaos--not only with regard to computer viruses, but also from other computer security, management and ethical issues. Since computers, televisions, radio, telephone, libraries, money, credit, and a host of other things that we think of today as separate entities will soon all converge into the same or co-existing digital systems, the chaos may potentially extend to society-crippling proportions.

The Misconceptions:If the virus issue has generated anything, it has generated misconceptions. Sadly, even most technical computer users and analysts still adhere to many of these. The fact that most organizations who experience computer virus problems will not talk about them for fear of hurting their public image furthers the problem. The result is that most approaches we collectively take to combat the virus problem are based on premises which simply are not true.

Misconception #1: Computer bulletin board software should be avoided because BBSs are a leading source of computer viruses. The fact is that the most common viruses (the boot track type) could not possibly be either loaded to or downloaded from a bulletin board by any normal or accidental means. Of the computer viruses which could move this way, most simply do not. Bulletin board operators and users are actually a very conscientious lot. This means that any policy against using modems, bulletin boards, public-domain software, or shareware will have no significant benefit in reducing an organization's virus problem.

Misconception #2: Software piracy is the leading cause of virus spread. Viruses travel more with program diskettes than with data-only diskettes. The fact is that bootlegged software does contribute to the virus problem, but the much more significant contributor is diskettes which contain only data (or even no data, like blank formatted diskettes). Although it is true that computer viruses cannot infect data per se and survive to reproduce, the most common viruses can and do infect the diskettes carrying only data. And when those diskettes are used, the virus can infect the next computer's hard drive or files.

Misconception #3: Most viruses intentionally cause damage by erasing files, formatting disks, etc. The fact is that most viruses do not intentionally cause any explicit damage. And even the viruses which are programmed to trigger a damaging activity almost never cause harm by this programmed activity. This is because most virus instances are discovered before the programmed "trigger date." Once discovered, the real costs of computer viruses come into play--the work in trying to find all instances of them in your computer and at your site, and in trying to remove them and de-contaminate the computers, disks, and programs that the viruses have infected.

Misconception #4: There are good viruses and bad ones. This is a very common misconception. Those who write and distribute computer viruses commonly claim that theirs is a "benign" virus because it has no malicious trigger event and does no intentional harm. They are duped by the same set of misconceptions that have duped the rest of us--that the problems computer viruses cause are mainly due to the trigger events. In fact, because all viruses replicate without the computer user's or owner's knowledge or consent (by definition), the very act of replicating is an act of contamination and is itself harmful. It is much like cancer. The cancer cells themselves are normally not harmful or poisonous, but the fact that they keep growing and cannot be easily discerned or separated from the non-cancer cells makes finding and getting rid of the invasion particularly difficult.

Misconception #5: The virus problem waxes and wanes every few years. Despite the fact that the news about computer viruses comes in waves (mainly the Friday the 13th--Columbus day wave in October 1989, and the Michelangelo wave in February/March 1992), the computer virus problem has grown rather steadily and predictably since it began. During the Michelangelo "crisis", 95 percent of problems that users experienced from computer viruses were actually (and predictably) caused by virus strains other than Michelangelo!

Misconception #6: Computer security is effective against computer viruses. One would think that the reason we have so many computer viruses is that our computers are not "secure". In fact, traditional computer security--that is, computer secrecy including access controls and encryptio--have almost no effect on computer viruses. During Desert Shield, a significant part of our own command and control network (a quite "secure" network, as you might imagine) was, in fact, infected by the then most common computer virus. The virus, called Jerusalem, works quite well in a system where everything is encrypted--it too becomes encrypted, and only becomes unencrypted when it needs to infect something.

Misconception #7: Another common misconception is that the computer hardware manufacturers or the computer operating software vendors ought to provide us with systems which cannot become infected. The fact is that computer viruses are just computer programs. Computers are designed to run computer programs. And there is nothing universal about computer viruses that would allow them to be distinguished in advance from any other program. Then we arrive at the unfortunate truth that--computers are made to run computer viruses! Although it is possible to make it more challenging for computer virus creators, it is not possible to make a virus-proof computer (unless we do not let that computer run any new programs).

Some sample virus information:

Lovebug Virus

W32/Bagle.f@MM Virus

Spam-Skull.dll Virus

General Information

Crypt Newsletter

Virus Bulletin

Woody's Office Virus Page

McAfee's Threat Center

Tips to Avoid Spam

What is a Computer Virus

SearchSecurity.com Definitions

Myths, Hoaxes, and Urban Legends

McAffee Hoax Index

Snope's Urban Legends

Virus Descriptions

McAfee Threat Library

Glossary

Word viruses

CA Security Advisor

CIAC Department of Energy Bulletin

Origins

On the Origin and Evolution of Computer Viruses

Viruses and Other Infections

Interview with a Virus Writer

Products

McAfee VirusScan

Norton Anti-Virus

Dr. Solomon's

Viruses in the News!

NEW VIRUSES TARGET STRONGLY ENCRYPTED FILES: Two cryptographers have published a paper describing a new generation of computer viruses that seek out the long keys used by "strong" encryption programs and attach themselves to documents protected by those keys. The randomness of the bits in encryption keys is what makes them stand out, as most information on a computer's hard drive is stored in an orderly fashion. The cryptographers recommend that network managers store keys on smart cards rather than on a computer's hard drive, and securely delete them every time they're used. For added protection, encryption programs could spread a key among different memory locations, or all the data on a computer's hard drive could be encrypted, so that the entire contents appear to be random. (Data Communications 15 Mar 99)