Facts and fables about computer viruses.While dangerous, they're not as contagious as rumor would have it. Computer viruses are dangerous--there's no question about that. They can corrupt or erase data and even knock out a computer. But the contagion Contagion The likelihood of significant economic changes in one country spreading to other countries. This can refer to either economic booms or economic crises. Notes: An infamous example is the "Asian Contagion" that occurred in 1997 and started in Thailand. risk to users, contrary to rumor, is not as serious as some would have you believe. This article's goal is threefold: to confirm the danger of viruses, to set the record straight about the fables and to advise you on how to protect your computer systems. Fact: Your computer can't get infected by a virus simply by displaying an e-mail message--but beware, there are exceptions, as you will discover later in this article. Viruses cannot invade your computer when you browse the Internet or download text files from electronic bulletin boards. Nor can they scan your computer for personal information. Not even the most virulent virus can destroy the electronic circuitry of your processor, but it can stall a computer by duplicating so many files that the hard disk quickly reaches capacity and halts. The fables that have grown up about viruses are more than innocent, amusing stories; their impact is costly. Vast sums are spent for virus protection when there is little or no threat, and some people, in fear of viruses' contagion from the Internet, won't use e-mail. Even people who are otherwise computer savvy have been taken in by some outrageous stories about viruses, further inflaming in·flame v. in·flamed, in·flam·ing, in·flames v.tr. 1. To arouse to passionate feeling or action: crimes that inflamed the entire community. 2. the hysteria. FRIGHTFUL, BUT FICTION A rumor circulated on the Internet last year claiming that if you opened an e-mail message with the words "Good Times" in the subject line, a virus would invade your computer's memory and destroy its microprocessor by setting it into an "nth complexity infinite loop A series of instructions that are constantly repeated. Also called an "endless loop," it can be caused by an error in the program or be intentional, such as demo on screen that keeps repeating. ." That sounds frightful--but it's fiction. First of all, a virus is not transmitted by simply opening an e-mail message and there is no such thing as an "nth complexity infinite loop." Furthermore, a virus cannot destroy a computer; it can only destroy, duplicate or erase data on the hard disk or block some of the machine's functionality. To gain credibility for these scary stories, those who launched the hoax Hoax Balloon Hoax, The news story in 1844, reporting the transatlantic crossing of a balloon with eight passengers. [Am. Lit.: The Balloon Hoax in Poe] Piltdown man missing link turned out to be orangutan. [Br. Hist. claimed that the Federal Communications Commission Federal Communications Commission (FCC), independent executive agency of the U.S. government established in 1934 to regulate interstate and foreign communications in the public interest. (FCC (1) (Federal Communications Commission, Washington, DC, www.fcc.gov) The U.S. government agency that regulates interstate and international communications including wire, cable, radio, TV and satellite. The FCC was created under the U.S. ) had issued a public notice warning about the dreadful virus; in fact, the FCC does not disseminate information on viruses. The "Good Times" hoax spawned a variety of imitation alarms for such viruses as "Death 69," "Deeyenda," "Irina," "MMF See multimode fiber. ," "Penpal Greetings," "Red Baron Red Baron nickname given to Baron Richthofen. [Aviation: EB, VIII: 574] See : Aviation ," "Valentines Greetings" and "Ghost.exe." Some of the fables that have grown up around viruses border on the ludicrous. One has them as biological mutant strains of alien DNA DNA: see nucleic acid. DNA or deoxyribonucleic acid One of two types of nucleic acid (the other is RNA); a complex organic compound found in all living cells and many viruses. It is the chemical substance of genes. floating in outer space waiting to wreak wreak tr.v. wreaked, wreak·ing, wreaks 1. To inflict (vengeance or punishment) upon a person. 2. To express or gratify (anger, malevolence, or resentment); vent. 3. havoc on unsuspecting planets. Generally, computer hoaxes exhibit two common characteristics: (t) They make startling star·tle v. star·tled, star·tling, star·tles v.tr. 1. To cause to make a quick involuntary movement or start. 2. To alarm, frighten, or surprise suddenly. See Synonyms at frighten. claims and assertions using complex sounding technical jargon. (2) They attempt to gain credibility by false association with authoritative sources. If you want more authoritative technical information about viruses, here are three places on the Internet to check out: * www.kumite Kumite (組手) means sparring, and is one of the three main sections of karate training, along with kata and kihon. Kumite is the part of karate in which you train against an opponent, using the techniques learnt from the kihon and kata. .com/myths/ * ciac.llnl.gov/ (maintained by the Department of Energy) * www.ncsa.com/ (maintained by the International Computer Security Association [ICSA See TruSecure. ]) BEYOND ANNOYANCE A virus is a segment of programming code designed to attach itself to software. Once there, it waits to be executed and then sets to work doing what it was programmed to do. That could include displaying a humorous greeting on the screen, reformatting the hard disk (and thus erasing everything), terminating the execution of any number of software programs and intercepting transmissions to and from input/output devices. Even though some viruses are designed just to amuse, as a practical matter all viruses should be considered malicious since they invade your computer environment without your invitation or knowledge. The first viruses were written by experienced programmers seeking to prove their computer skills to their cohorts, and typically the programs were benign, humorous exercises. Today, because there are abundant underground application programs that can create fairly complex viruses, anybody--including novices--can become involved in the exercise. Now many viruses are designed not to amuse but, rather, to destroy. Many of these new virus creators are arguably ar·gu·a·ble adj. 1. Open to argument: an arguable question, still unresolved. 2. That can be argued plausibly; defensible in argument: three arguable points of law. emotionally unbalanced people, and some even exhibit terrorist leanings. CHECKING OUT A VIRUS A computer can get infected in one of two ways: * By booting up See boot. (starting) your computer from an infected diskette The official name for the floppy disk. See floppy disk. diskette - floppy disk , which is called a boot sector Reserved sectors on disk that are used to load the operating system. On startup, the computer looks for the master boot record (MBR) or something similarly named, which is typically the first sector in the first partition of the disk. virus. * By executing an infected program already resident in your computer--that's called a program file virus. You cannot tell by just a casual examination whether a file is infected. While there are many different forms of computer viruses, once executed they typically engage in two common activities. During the first activity (propagation), the virus spreads to other boot sector executable programs (for an explanation of technical terms used in this article, see the sidebar "Defining the jargon of Viruses" on page 41). It's important to understand that computer viruses cannot begin spontaneously on their own: They must wait until the user either boots from an infected disk or executes an infected program. You cannot predict the precise timing of this replication because a virus uses a "triggering event Triggering Event A certain milestone or event that a participant in a qualified plan must experience in order to be eligible to receive a distribution from a qualified plan. " known only to the author. For example, once an infected boot sector is read or an infected program is executed, the virus looks for a specific event trigger such as the time of day or a counter contained within the virus code. Hence, viruses can be dormant until the programmed event is triggered, and then they begin replicating to other programs. During the second phase (assault), the virus attacks the computer. As with propagation, timing of the assault activity depends on the specific event trigger chosen by the author. Therefore, the attack may be delayed for seconds, minutes, hours--even years. BEWARE, THE MACRO VIRUS A virus that is written in a macro language and placed within a document. Viruses have to be "run" in order to do things. When the document is opened and the macro is executed, commands in the macro language do the destruction or the prank. Thankfully, most viruses are harmless. However, there's a relatively new virus strain--a macro virus--that works in a different way: It actually hides within documents and waits for a triggering event before engaging in propagation and assault activities. But unlike program file viruses that typically attach themselves to exe, com, or bat files, the executable macro is buried within a word processing word processing, use of a computer program or a dedicated hardware and software package to write, edit, format, and print a document. Text is most commonly entered using a keyboard similar to a typewriter's, although handwritten input (see pen-based computer) and or spreadsheet document. A macro virus can instruct your computer to do any number of things--for example, delete or rename Re`name´ v. t. 1. To give a new name to. Verb 1. rename - assign a new name to; "Many streets in the former East Germany were renamed in 1990" files and directories, change the content of existing files, change screen colors or instruct your computer to format your hard drive. Macro viruses are primarily written in WordBasic, which is the macro language (1) A special-purpose command language used to automate sequences within an application such as a spreadsheet or word processor. Macro languages often include programming controls (IF THEN, GOTO, WHILE, etc.), but rarely have the capabilities of a full-blown programming language. used by Microsoft Word A full-featured word processing program for Windows and the Macintosh from Microsoft. Included in the Microsoft application suite, it is a sophisticated program with rudimentary desktop publishing capabilities that has become the most widely used word processing application on the market. 6.0 (Windows and Macintosh) and Word 7.0 (Windows). Macro viruses also have been discovered in Microsoft Excel (tool) Microsoft Excel - A spreadsheet program from Microsoft, part of their Microsoft Office suite of productivity tools for Microsoft Windows and Macintosh. Excel is probably the most widely used spreadsheet in the world. Latest version: Excel 97, as of 1997-01-14. and ArmPro documents. The triggering events that activate the viruses include * Launching an application. * Creating a new document. * Opening an existing document. * Closing a document. * Quitting the application. For example, say you receive a Word document as an attachment to an e-mail. You can read your e-mail and save the attachment without incident. However, once you open the document the virus can spread to the file that holds all your macros and, as a result, all new documents are infected when they are created and saved. For a more in-depth discussion of macro viruses and their cures, visit the following Web sites: * ciac.llnl.gov/ciac/bulletins/g-10a.shtml * gasp.berkeley.edu/virus/wordmacro.html * www.drsolomon.com/vircen/danger.html VIRUS PROTECTION What should you do to cope with the threat of virus infections? There are several steps you can take: * Purchase a reliable antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. application that scans for, identifies and eradicates viruses. For the most popular programs, see the list on page 42. * Scan a diskette beforehand with antivirus software if you boot from it. * Change your computer's order of booting from drive A (floppy drive See floppy disk. floppy drive - disk drive ) to drive C (hard drive). * Scan all files on a diskette before you load them on your hard drive. Pay particular attention to executable program files (which end with the names exe, com or bat). * Suggest that your network administrator remove all diskette drives from workstations if the threat of transmitting viruses via diskettes is a major concern in your organization. If users need to copy files onto diskettes, they must use specially secured computers. * Scan all new diskettes as a precaution. Even new, shrink-wrapped software Refers to store-bought software, implying a standard platform that is widely supported. has been known to have viruses. * Scan all files that come from others. That includes all files downloaded from local area networks and the Internet. Of course, if you have antivirus software and set its default to operate when you boot up, the program will take on this chore automatically. * Have at least two backups of all your files so you can recover from possible damage caused by viruses. Selecting an antivirus software package can be confusing. Naturally, all antivirus product vendors claim their products are superior to the competitions'. The products listed below meet three important criteria: * They offer updates at least quarterly. This is critical since new viruses are identified frequently and antivirus software can recognize and remove only known viruses. * The vendors offer a version that is compatible with Windows 95. Most listed vendors also have products that will run in DOS, Windows 3.x Windows 3.x can refer to either an individual or all of the following versions of Microsoft Windows:
* The ICSA certifies all the products, which must have passed critical tests to obtain certification. The ICSA attempts to recertify re·cer·ti·fy tr.v. re·cer·ti·fied, re·cer·ti·fy·ing, re·cer·ti·fies To renew the certification of, especially certification given by a licensing board. products a minimum of four times a year without vendors' prior knowledge. The certification list changes periodically, so you should visit the ICSA Internet site at www.ncsa.com for the latest list of certified products. Although prices for antivirus programs vary, most sell for about $50. For that, you also get free updates for one year that you can down load directly from the vendor's Internet site. However, be aware that no antivirus software is foolproof. New viruses are created daily--and one of them can on occasion slip through your protective net. So, while you certainly should use such an antivirus program, it's prudent also to follow the additional guidelines listed here. Compared with the amount of damage that can result from a virus infection, these recommendations are well worth the added effort. RELATED ARTICLE: Symptoms of a Computer Virus Infection * Unexpected read/write operations to floppy disks or hard drives or both. * Inability to save files to the A drive. * Long program load times. * Slow system operation. * Unusual screen activity. * Bad sectors appearing on diskettes. * Unusual error messages DOS and Windows error messages are listed individually in this database by the message that is displayed when they occur. See also DOS error messages and Application Error.  .* Programs that fail to execute. * Computer that will not boot. * High number of 32-bit errors using Windows 95. * Larger program file sizes. * Appearance of strange file names. RELATED ARTICLE: EXECUTIVE SUMMARY * COMPUTER VIRUSES CAN CORRUPT or erase data and even seize up a computer. But the risk of contagion is not as severe as some would have you believe. * YOUR COMPUTER CAN'T get infected simply by displaying an e-mail message. Nor can even the most virulent virus destroy the electronic circuitry of your processor. * VIRUSES CANNOT INVADE your computer when you browse the Internet, download text files from electronic bulletin boards or read e-mail messages. Nor can they scan your computer for personal information. * EVEN THOUGH SOME VIRUSES are designed just to amuse, as a practical matter all should be considered malicious since they invade your computer environment without your invitation or knowledge. * HAVE AT LEAST TWO BACKUPS of all your files so you can recover from possible damage caused by viruses. RELATED ARTICLE: Defining the Jargon of Viruses * Boot sector viruses: Every executable diskette and hard disk contains an area called a boot sector, which contains information that instructs the computer how to start up. Each time you boot up, your computer initially searches that sector. If the boot sector is infected, the virus loads itself into your computer's RAM and spreads to whatever application you subsequently open. * Program file viruses: Program file viruses plant themselves in executable programs whose names usually end with com, exe or bat. Once an infected program file is executed, the virus loads itself into RAM, replicates itself to other program files and attacks the computer. For the most part, infected program files are relatively easy to identify because the virus code increases the length of the file. However, more sophisticated viruses, called stealth viruses, first save the initial file length, attach themselves to the program file and hide their presence by reporting the initial file length. * Multipartite viruses: These viruses exhibit the characteristics of both boot sector and program file. viruses. A multipartite virus can be transmitted either by booting from an infected disk or by executing an infected program. The virus loads itself into RAM and then randomly infects both boot sectors and program files. RELATED ARTICLE: Antivirus Software Products
Product Vendor Internet Address
Carmel Antivirus Carmel cws.icorp.net/
Dr. Solomon's Anti
Virus Toolkit Dr. Solomon Software,
International www.drsolomon.com/
eSafe Protect ESafe www.eprotect.com/
F-Prot Professional Command Software
Systems www.commandcom.com/
IBM AntiVirus IBM www.av.ibm.com/
InocuLan Cheyenne www.cheyenne.com/
McAffee VirusScan Network Associates www.nai.com
Norton AntiVirus Symantec www.symantec.com/
PCcillin II Trend Micro www.antivirus.com/
Thunderbyte Virus
control ThunderBYTE www.thunderbyte.com/
Vet Anti-Virus Cybec Pry Ltd. www.cybec.com.au/
ViniSweep Quarterdeck www.quarterdeck.com/
Wprotect Intel www.intel.com/
JAMES E. HUNTON, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , PhD, is an associate professor of accounting at the University of South Florida • • [ , Tampa. He won the 1992 Lawler Award for the best article in the Journal of Accountancy His e-mail address See Internet address. e-mail address - electronic mail address is jhunton@coba.usfedu. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion