Protection against computer viruses.A tiny rogue program could easily disable your computer and erase all your files--programs and data. Raymond W. Elliott, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , a partner in the national auditing directorate of Coopers & Lybrand, describes the danger of such programs and how to protect against them. He is chairman of the Information Technology Research Subcommittee of the American Institute of CPAs. Like their biological namesakes, computer viruses can cause either inconvenience or worse, death-loss of important electronic data. Although some viruses are just sophomoric soph·o·mor·ic adj. 1. Of or characteristic of a sophomore. 2. Exhibiting great immaturity and lack of judgment: sophomoric behavior. localized pranks, many of them get out of hand, triggering an epidemic fatal to thousands of computers. A virus is a small, stealthy stealth·y adj. stealth·i·er, stealth·i·est Marked by or acting with quiet, caution, and secrecy intended to avoid notice. See Synonyms at secret. program designed to perform some computer act or function, either immediately or at some future time. Any number of events can trigger the embedded virus to activate: the occurrence of Friday the 13th Friday the 13th regarded as unlucky day. [Western Folklore: Misc.] See : Luck, Bad or performing such a simple computer function as evoking a directory. In some cases, viruses simply display a harmless message on the screen; other times they destroy all the stored programs and data files; in extreme cases, they even can destroy computer components. What makes viruses especially dangerous is that they're highly contagious. Once one gets a foothold in a computer, it almost surely will infect many other computers-with just a brief contact. Viruses are spread in these ways: by transfering executable files from off a floppy disk, from off a network or by downloading an executable file through a modem. No computer is immune. There is no practical, infallible in·fal·li·ble adj. 1. Incapable of erring: an infallible guide; an infallible source of information. 2. way to guard against all possible viruses except through total "abstention ABSTENTION, French law. This is the tacit renunciation by an heir of a succession Merl. Rep. h.t. "-isolating a computer so it does not use any software or files but its own. For obvious reasons, that's not a practical solution for most CPAS. And once infected, there is no guarantee of an easy cure without "sterilizing" the computer's entire storage and memory, which means reformatting, or cleansing the hard disk, which results in the loss of all stored data and program files. However, fairly effective protection and cure techniques are available. Unfortunately, the more effective they are, the more demanding are the mandated safety rules and needed compliance. ANATOMY OF A VIRUS Until a few years ago, software pranks were unheard of-except in university computer-lab circles. Mischievous students would sneak a virus into a friend's computer so that at a predetermined pre·de·ter·mine v. pre·de·ter·mined, pre·de·ter·min·ing, pre·de·ter·mines v.tr. 1. To determine, decide, or establish in advance: moment a message would pop up on the screen-such as "Got ya! " or "Happy Birthday, nerd! " In a typical infection, a virus is hidden in what's called an executable file, which is a file that contains the instructions of a working program. Usually these files are labeled with a .EXE Exe (ĕks), river, c.55 mi (90 km) long, rising in the Exmoor, Somerset, SW England, and flowing S across the Cornwall peninsula, past Exeter to the English Channel at Exmouth. or COM (1) (Computer Output Microfilm) Creating microfilm or microfiche from the computer. A COM machine receives print-image output from the computer either online or via tape or disk and creates a film image of each page. extension, as in KEYBDRVR.EXE or COMMAND.COM. When the file is introduced to the computer-via a floppy disk, a download from a bulletin board, or through a network-the program causes itself to be implanted onto the computer, usually onto the hard disk. The virus then copies itself onto other stored programs each time one of those programs is evoked. As a result, the duplication process accelerates at exponential speeds. In some cases, the fertile little programs multiply so prolifically that they soon saturate sat·u·rate v. Abbr. sat. 1. To imbue or impregnate thoroughly. 2. To soak, fill, or load to capacity. 3. To cause a substance to unite with the greatest possible amount of another substance. the computer, grinding it to a halt. In network arrangements, where computers are linked, program sharing is allowed and proper operational and security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security are not consistently practiced, the speed of contagion Contagion The likelihood of significant economic changes in one country spreading to other countries. This can refer to either economic booms or economic crises. Notes: An infamous example is the "Asian Contagion" that occurred in 1997 and started in Thailand. is fastest. If a floppy disk is introduced into an infected computer, it does not necessarily have to contain an executable file for it to become infected or function as a carrier. A certain type of virus, known as a boot sector Reserved sectors on disk that are used to load the operating system. On startup, the computer looks for the master boot record (MBR) or something similarly named, which is typically the first sector in the first partition of the disk. virus, will infect computers when they are first booted up (turned on) with an infected disk in a drive. In recent years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time stealth and destructiveness of viruses has accelerated. An increasing number have infected the business world; at least one has paralyzed par·a·lyze tr.v. par·a·lyzed, par·a·lyz·ing, par·a·lyz·es 1. To affect with paralysis; cause to be paralytic. 2. To make unable to move or act: paralyzed by fear. a military computer network. Such database text services as Nexus or Lexus present no virus dangers because they provide only read-only, not executable, files. How vulnerable are a CPA firm's computers and their data files? Very vulnerable. VIRUS PRESCRIPTIONS So what should a CPA do for protection? Total quarantine is impractical because CPAs need to share data files. Many software developers sell commercial programs to guard against or cure a virus attack. While many are excellent products, CPAs shouldn't be lulled into thinking they are foolproof. The protective programs are effective only when used as part of an overall protection policy and if they have a defense against a known virus. What limits their protection is that more devious viruses are developed regularly, and yesterday's defenses usually are ineffective against new programs. The first defensive step is to develop some commonsense procedures that fit a CPA firm's working environment. Here are some practical guidelines: * Don't allow anyone to introduce a floppy disk into any office computer unless the disk has first been checked out (see sidebar "How to Sanitize To remove sensitive data from an information system, a database or an extract from a database. See sensitive. a Disk"). * Don't allow anyone to take a program or data file out of the office for use on another machine unless the returned disk is checked out before it's reused in the office. * Don't permit computer users to download an executable program See executable code. from a public bulletin board and run it on the firm's computers without first performing some software acceptance procedure to ensure it is virus-free. * Buy all software from trusted vendors and check that newly purchased disks are still in their original shrink-wrapped packaging. * Put a write-protect tab on questionable disks. The tab allows users to read off the disk, but not write to it. * After copying and loading newly bought software, put the original disks in a safe place. That way a clean copy of a program always is available. * If a virus is discovered on a floppy disk, physically destroy the disk. Reformatting may not be enough; some viruses survive reformat (1) To change the record layout of a file or database. (2) To initialize a disk over again. operations. * Follow all rules even when dealing with clients' files and computers unless it's known the client follows effective safety procedures. * Dedicate one computer in the office as the "clean machine." Do all software testing Software testing is the process used to measure the quality of developed computer software. Usually, quality is constrained to such topics as correctness, completeness, security, but can also include more technical requirements as described under the ISO standard ISO 9126, such on this machine. Only after a program gets an OK should it be allowed to move onto other computers in the office. The key to protection is awareness and vigilance. It takes only one lapse to defeat the whole protection system. n HOW TO SANITIZE A DISK If possible, avoid executable programs that come off bulletin boards. Because they are public-access programs, they often attract pranksters. Thus they're especially risky. It has been reported that some antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. obtained from a bulletin board actually contained a virus. But if such a program must be used, put it through a thorough sanitizing procedure. Begin by asking the software's writer for a copy of what's called the source code, which explains in programmer's language the executable orders. A qualified programmer usually can spot the signs of a virus in that code. If the source code is not available, a programmer can run the file. through a software utility, like Norton Utilities Widely used utility programs for Windows and Macintosh from Symantec. Used to fix problems and fine tune the machine, they include functions to restore deleted files, diagnose the disk for corrupted data, defragment the disk and clean up and track changes to the Registry. or PC Tools, to analyze the disk and the software. SAFETY STEPS WHEN WORKING AT CLIENTS'OFFICES When a CPA takes a portable computer to a client's office for on-site work, safety procedures are necessary. A checklist: * When running software developed by or licensed to your firm on a client's computer, load it from a copy-not the original disk. After the disk is used, clean it before using it again on another computer. * Never run software on your office computer if it was used on an outside computer-at home or at a client. If the software must be reloaded, only use a stored original. * Before leaving on an outside assignment, check the exact size of all program files through DOS. After executing them, check the size again. If a program has been infected, one of its files typically will be slightly larger-a telltale clue. BACKUP PROTECTION The only sure way to prevent a worst-case disaster-loss of all data-in the event of a lethal infection, is to regularly back up all files. If a proper backup policy is instituted, losses can be mitigated, even eliminated. Suggested advisories: * Prepare a manual for each computer or class of computer used in the office. The manual should show what's loaded on the machine and its configuration: the AUTOEXEC.BAT, CONFIG.SYS, etc. List the locations of all backup programs and files. * Better yet, make floppy disk copies of all files. In that way, after a disaster, the computer can be reloaded easily with those archived disks. * Prepare data file backups on floppy disks at least as frequently as data are changed. Store all these disks in a separate, secure location. There are many software utilities designed to perform backups automatically. * Never store data files in the same directories as application software. Keep them on separate disks. And if space is available, store them in different drives. It makes backups easier. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion