Published on 10/23/2005

Ever since the dawn of computing and users started to write their own software there has been there have been viruses however it wasn't until the 1980s that the potential threat of computer viruses became common knowledge. Stephen gives his explanation of the computer virus in this article...

Viruses!

Every since the dawn of computing and users started to write their own software there has been there have been viruses however it wasn't until the 1980s that the potential threat of computer viruses became common knowledge. The action of a virus is not too dissimilar to that of its name, it is a small computer program that makes its way onto a computer with the aim of duplicating itself and infecting other computer systems. Although a virus doesn't have to have bad intentions it is unfortunate that almost all of them have.

In the past viruses would spread by hiding within files downloaded from bulletin boards or on floppy disks used to store and transfer documents. As computer technology advanced the introduction of computer networks, the internet and email provided ample opportunities for a virus to spread amongst systems. Initially a virus makes its way onto a computer in the form of a trojan.

A trojan, taken from the term trojan horse, is essentially a file or program that appears appealing enough for somebody to download it or execute it. Hidden within this file however is a virus which once activated spreads onto the host computer system and hides. Once it has infected the system the virus can set about spreading amongst files and applications and can even utilise existing network and internet connections to reach as many other computers as possible.

Virus Types:

Although countless viruses exist they can generally be categorised into one of the following:

Standard Virus - As mentioned above a virus is a small piece of code that infects an application and is executed each time that program is used. A popular method of viruses to ensure activation was to attach themselves to the boot sector of a floppy disk or hard disk. The boot sector contains important information regarding the disk and is executed when a computer first accesses the disk. By hiding here the virus is guaranteed to be activated each time the computer boots up or each time an infected floppy disk is used. Viruses also infect popular applications such as word processors, the result is that each time the application is used the virus is running and a clever virus will attach itself to documents that are saved and will spread to whomever next reads those files.

Email viruses - An emails virus is one which attaches itself to email messages either in the form of some hidden code in the body of mail which is executed when the email is read or as an attachment that is linked to the email - note that attachments can also be used as trojan files! Email viruses are particularly clever as they automatically attach themselves to every outgoing email that is sent and some also have the capability of sending themselves to all contacts in the users address book!

Worms - A worm is similar to a virus in as much as it is again a small piece of software however a worm will utilise a computer network by looking for security holes in the setup or the software that is being used. Worms tend to be written to take advantage of known bugs or secuirty issues in popular software packages and force the software developers to quickly release a security patch to rectify the fault. Once a worm has found its way into a system or computer network it duplicates itself and then continues to utilise the same security holes to spread further!

Trojan Horses - As mentioned earlier a trojan horse is a piece of code which looks to be a normal computer application, and is usually one which will make the user want to download and install it. However once the 'fake' program is run the trojan code is executed and does its damage which may, in extreme cases, be to erase the contents of the hard disk it is being executed from. Trojans do not usually have the ability to replicate unless they have a virus or worm hidden within them also.

Headline Virus Attacks!

The potential power of a virus or worm should never be underestimated as was proved on July 19th 2001 when the Code Red Worm managed to replicate some 250,000 times in under 9 hours. The Code Red worm was written to take advantage of a security bug in Windows NT4/2000 servers running Microsoft Internet Information Server versions 4.0 or 5.0. Although Microsoft had released a security patch for the bug the Code Red worm scanned the internet looking for systems that hadn't applied the patch. The worm then duplicated itself onto the unprotected server and from there continued to scan the internet for further systems it could infect. The effect of Code Red was so destructive and caused such an impact in performance on the internet that some ISP had to temporarily disable internet access for infected customers whilst they informed them of the problem and what they needed to do to rectify it.

By far the most effective way of keeping your system safe is to run some form of Anti Virus software which is a piece of software that is installed onto a computer system with the purpose of monitoring all files and data which are read from or written to any of the systems devices, memory or network connections and also emails as the are sent and received accross the internet.

By monitoring all data transfers and comparing them to its database of known viruses, the software is capable of detecting a virus, worm or trojan based on its data signiature or by other traits that have been recorded. Once detected the virus can be removed and any infected files can be cleaned or confined before the virus has a chance to spread. Similarly, if the virus is detected in memory then that portiion memory can be isolated and cleaned. If an infected file is found and it cannot be cleaned then it may be necessary to quarrantine and delete the infected file to ensure that the virus cannot spread.

So What Precautions Can I Take?

Since Anti Virus programs work by monitoring data transfers and comparing them to its database there are two main factors which will help ensure maximum protection. The first is that the Anti Virus program must be running at all times so that viruses can be detected as soon as they enter the system rather than after they have spread. And secondly the virus database must be updated regularly as new viruses are detected almost daily and if the virus isn't listed in the database then it is unlikey that the Anti Virus software will detect its prescence.

There are many leading Anti Virus programs on the market today and most come with 6 months or 1 year of free updates. As well as protecting the system with Anti Virus software the user should always ensure floppy disks are write protected if they are only being read from, that email attachements are not opened unless they come from a trusted source, and that all files downloaded from the internet are scanned throghly before opening them.