What
is a Computer Virus?
By Thomas Hobbs, MS Computer viruses are engineered by real people, usually advanced software programmers, simply to create havoc and disruption. This year the financial damage that has resulted worldwide from such maligned programming endeavors is estimated to be over $2.5 billion. Why are so many trained minds bent on delivering such mayhem to us, the innocent bystanders and users of this software technology? There are as many reasons for creating viruses as there are programmers creating them, so it helps to gain a basic understanding of how viruses deliver their twisted little payload. Simply put, a computer virus is a memory-resident piece of code that reproduces itself, and it includes itself in other computer code without permission. It does unforgiveable things, mostly unnoticeable to the victim --until it's too late! Then you can't help but notice. Virus Attacks The experience of a virus attack is not obvious in most organizational settings. First, it is a logarithmic structure. The initial infection can go unseen for months. It is most certain that by the time someone educated in recognizing the problem sees it, the damage is already widespread. The key must be education. The earlier in the reproductive cycle that virus infection is detected, the easier it is to stop. Secondly, a single source point of infection can carry several different viruses, with different paths of infection. Clearly, the more dependent an organization is on the computer facilities it uses for information storage and retrieval, the more vulnerable it is to virus attack. Part of the key in fighting computer viruses is to identify the possible paths of virus infection. These an be entirely legitimate - such as shrink-wrap software from a distributor - or entirely illicit. Clearly a strong, and enforced, company policy against any illegal software is the simplest step in preventing virus infection. The possibility of a virus infection from legitimate sources - commercial or share-ware - is very small. Virus Infections Most users who experience a virus infection don't even know that there is a virus present; until files are discovered damaged or missing. Once a problem is perceived, it is often interpreted as a hard drive error, and the drive is reformatted - taking out the virus. Or, a low-level format is performed, again removing the problem. The difficulty is that, first, far more "surgery" has been performed than necessary, and secondly, the cause has not been identified, and therefore the problem has not been solved. Realistically, virus infections are rare in most cases. However, when they occur, they must be dealt with quickly and with proper knowledge. Lack of understanding is deadly, because both ignorance and the virus infection are lethal, but so is the friendly fire . Much more damage is done by ill-advised attempts to clean up viruses that may - or may not exist -than has ever been caused by the viruses themselves. So the primary issue in virus management is recognition. The management problem is one of both setting up adequate controls to trap and eliminate computer viruses, and dissemination of the knowledge of software so that a distinction between normal control structures and viruses is available. Virus Classes From a functional point of view, any computer viruse can be broken down into a number of simple classes. These classes center on where one would look for virus infection. Not surprisingly, that has become everywhere in a PC's software. Pick any defined part of a PC's software, and there is a virus that will attack it. Boot blocks, Allocation Tables, EXE and COM files, ordinary files just masquerading as functional files, even in a few cases, BAT files, and most recently meta viruses such as "WinWord.CONCEPT." The basic problem is very simple - Viruses come in all sizes and shapes. Currently, computer viruses are categorized by their mode of infection. This centers on the path used to replicate the virus and the type of system infected: Boot Sector Viruses - These infect the boot sector on a floppy or hard disk. Typical examples are STONED and MICHAELANGELO. These usually replace the boot sector with all or part of a virus program which stashes itself in memory and moves the boot sector on the disk to another location. Often the damage is done because the boot block is moved blindly to another disk location, over-writing what ever is resident there. File Viruses - File Viruses infect ordinary *.EXE or *.COM files. Usually they just append the virus code to the file; but recent versions have gotten trickier, and better hide their additions. Friday the 13th loads into memory on execution of the infected file, and if the date matches Friday the 13th, deletes *.exe files - often itself included! Systemic Viruses - These viruses focus on the system files necessary for DOS. These are files which control the allocation of system resources, such as directories, and files. In some cases a much more basic level of attack against CMOS structures is attempted. Stealth viruses - A stealth virus tries to conceal its presence on your system. This may be as simple as modifying the file structure to conceal the additional code added to a file. It may go so far as making sure that when added to machine code in the *.COM file that the CRC is not changed (a technically very tricky bit of work). Meta Viruses - This is a newer for of Virus that execute their nasty work in the very helpful meta languages embedded in powerful modern programs like Microsoft Word. These are also sometimes referred to as Macro Viruses. Trojan Horses - These types of viruses are crude, front door attacks. They rely on simple naiveté. The level of the threat can be very potent, however, because this type of virus does not require any backdoor - you gave them the key! PC Paramedic has the right prescription With over 75,000 known computer viruses already identified by January 2003, and 10-20 new variants uncovered each week, you have to maintain a proactive approach to avoiding them. To avert the disaster of losing of your valuable files, perform system backups at a frequent and regular intervals. Install the latest Virus protection software on your system and be sure to choose one that has a memory-resident component that looks for virus signatures at all times.
Be tenacious about protecting your file system or you could learn the hard way! |
Software | Hardware | Bulletin | Repairs | Tips | About Us | Contact
©2010
Copyright by PC Paramedic Services.
All rights reserved.