Printer Friendly

Defending against computer viruses.

In a six-month study by the Computer Virus Industry Association of its members, a total of 61,795 infected computers were reported. From five to 816 computers were infected at individual organizations. Among the more infamous viruses were the Pakistani Brain virus, the Scores virus, and the Israeli virus. These three viruses are known to have infected 18,158; 14,207; and 3,575 computers, respectively. How can you protect your firm's computers from these and other viruses? Three basic categories of computer viruses exist: boot infectors, system infectors, and generic application infectors. Boot infectors are incorporated into the boot sectors of diskettes and hard disks. This type of virus gains control of a system when it is initially booted and retains control at all times. When a diskette is inserted and accessed for the first time, the virus transfers itself to sector 0 of the diskette, and it infects the subsequent system booted from this diskette. Only by booting from an infected diskette can this type of virus spread. Two infamous boot infectors are the Pakistani Brain virus and the Alameda virus.

System infectors are attached to either an operating system module or a system device driver. A well-known system infector virus is the Lehigh virus.

Generic application infectors make up the third and most widespread category of viruses. These viruses may attach to any application program. This type of virus gains control when an infected application program is run. At that point, the virus searches the system for additional host programs, either on hard disks or diskettes. After the search ends, usually with further spread of the virus, it returns control to the host program. Well-known generic application infectors include the Scores virus, Israeli virus, and nVir virus.

Virus-Related Terminology

There has been some difficulty in distinguishing among the different types of computer problems associated with viruses. Some common virus-related terms are as follows:

Mole. A mole is a program that gains access to a system using a method not usually allowed or known to exist.

Bomb. A bomb is a group of code statements that are engaged when certain logical or physical criteria are met. Time bombs are initiated by a date or time criteria. A logic bomb is initiated by some specific event.

Trap Door. The trap door is defined as a gap in programming code that is intentionally included in a system or program. A trap door can facilitate debugging a program but it may be used for malicious purposes as well.

Trojan Horse. A Trojan Horse is a type of trap door program. A Trojan Horse involves hidden programming code within a program to provide unauthorized entry into a system.

Problems Caused by a Virus

A computer virus can cause any number of problems for a company and its computer applications. A virus can cause significant harm by merely replicating itself many times. A program that only replicates itself without destroying other programs or data is referred to as a "worm." The replicating activity of a virus or worm program will quickly use up valuable disk space and bog down the computing power of a system.

A very critical concern to accountants is the possibility that a virus can delete or damage valuable computer files. Files containing payroll information, accounts receivable ledger listings, or purchase orders are all highly valuable information. Deletion or damage to these files could adversely affect a company's operations.

Infected computer systems pose a very significant problem. Time and company resources are required to remove a virus, replace important files with backup copies, update backup copies, and test the system. Perhaps the most significant problem a computer virus presents to an organization is the interruption of its operations. Once damage caused by a virus is discovered, the time involved in curing the problem can be massive. A virus can interrupt the day-to-day activity of the company and cause the firm difficulties in dealing with the public (such as taking customer orders, processing supplies, etc.).

Another significant problem is the bad publicity a firm may experience if the public becomes aware of the virus problem. No firm wants to be identified as the latest organization infected by a virus, particularly one that could spread to customers or suppliers through electronic billing procedures.

failure to discover a virus can have serious ramifications regarding financial reports. Reported financial information, both internal and external, can be significantly distorted if a virus has infected the system from which the reports are generated.

Prevention Measures

Accountants can take measures to prevent computer viruses from attacking their company's systems. The following guidelines should be disseminated to all company personnel involved in computer use or maintenance.

1. Backup copies of all programs and data files should be made at regular intervals, such as weekly or monthly.

2. Public-domain software such as freeware and shareware should be used with extreme care. Always test for virus presence before use.

3. Users should routinely test all software for viruses, both retail-purchased and public-domain programs.

4. Users should always boot a system from the original write-protected disk. In the case of hard disk systems, a user should avoid booting from an untested diskette.

5. Users should enter meaningful volume labels on all hard disks and diskettes, and routinely check volume labels when the DIR command is executed. Inspect the labels for changes.

6. Users should be wary of unusual system activities such as less available system memory than normal, or turned-on access lights on a system device when there should be no activity.

Finally, internal security policies should ensure that the company's disaster recovery plan takes into account the risk of damage to records from computer viruses.

Anti-Viral Software

In addition to routine security procedures, special antiviral programs can help combat the virus threat. There are three categories of antiviral programs: infection preventers, infection detectors, and infection identifiers. Programs in the first group, infection preventers, monitor system activities and watch for signs of attempted replication. The programs monitor up-loading and down-loading procedures and watch for indications of a virus trying to gain access to executable programs. When a virus is detected, the infection preventer program freezes system activity before the virus completes infiltration, and notifies the user so that the virus can be removed. Unfortunately, boot infectors cannot be prevented in this manner because they occur before the prevention program is loaded.

The second group of anti-viral programs is referred to as infection detectors. These programs can detect viruses soon after the initial infection has occurred. Detectors are effective against most generic viruses and have two forms. One is called a vaccination, which will place a self-test mechanism in each program. The self-test is executed each time a program is run and checks for any alteration of the sequence of instructions. However, vaccinated programs can become reinfected. The other type of detector program is called a snapshot. Snapshots are one of the most effective means of defense. This program makes a log of all important information when a system is initially installed. This allows the system to be periodically compared with the log to check for changes that might have occurred because of a virus. However, using a snapshot can be very time-consuming.

The third group of anti-viral programs is known as infection identifiers. These programs are basically antidotes for specific viruses. The main disadvantage of these programs is that a great deal of time is usually required to produce an antidote.

The number of powerful anti-viral programs is growing rapidly, but so are the types of viruses. Anti-viral programs range in cost from a few dollars to hundreds of dollars. Several popular programs are listed in Exhibit 1. Exhibit 2 offers a brief comparison of selected features.


Central Point Anti-Virus

Central Point Software, Inc.

15220 NW Greenbrier Pkwy. #200

Beaverton OR 97006

(800) 445-4208


F-Prot Professional

Command Software Systems

1061 Indian Town Road #500

Jupiter FL 33477

(407) 575-3200


The Norton AntiVirus

Symantec Corp.

10201 Torre Ave.

Cupertino CA 95014

(800) 441-7234



Trend Mirco Devices, Inc.

2421 W. 205th St. #D-100

Torrance CA 90501

(800) 228-5651



Fifth Generation Systems, Inc.

10049 N. Reiger Road

Baton Rouge LA 70809

(800) 873-4384


Software        Detection    Removal     Prevention
Central Point    Excellent    Good        Excellent
   F-Prot        Excellent   Excellent     Good
   Norton        Excellent    Good        Excellent
   PC Rx         Excellent    Fair          Fair
Untouchable      Excellent    Fair        Excellent

(Range: Poor, Fair, Good, Excellent)

Source: PC Magazine, March 16, 1993

Legal Consequences

The accountant may be concerned about whether there is any legal recourse for the victims of a virus attack. People who write virus programs are somewhat insulated from prosecution because no law exists specifically making computer viruses a crime. Fortunately, the Computer Fraud and Abuse Act of 1986 makes it a felony to gain unauthorized access to classified information. The act also makes it a misdemeanor to access financial records and credit histories in financial institutions or to trespass into a federal government computer system.

Victims of computer viruses also have legal recourse against the person who perpetrated the virus because disseminating a virus can be construed as a malicious act. Recourse against a commercial software producer who unwittingly sells a program containing a virus depends on the particular state laws' stance on "shrink-wrap" contracts. Although some law experts specify that a manufacturer could be liable, shrinkwrap contracts state that the software is sold "as is," and that the manufacturer is not liable for defects or damage to the user's system. Although popular media coverage has diminished, the computer virus threat is still very real. By taking protective steps such as adopting virus prevention measures and using anti-viral software for the detection, identification, and prevention of computer viruses, accountants can help safeguard their company's systems from infection and damage.
COPYRIGHT 1994 New York State Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1994 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Smith, L. Murphy; McDuffie, R. Steve
Publication:The CPA Journal
Date:Aug 1, 1994
Previous Article:Building rainmakers.
Next Article:Tax strategies after the Revenue Reconciliation Act of 1993.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters