|
|
|
What
is a Computer Virus?
A computer virus is a program that has the ability to replicate, or make
copies of itself, and spread to other files. Viruses can attach themselves
to many types of files and programs and spread as files are copied and
sent from one computer to another. Just like biological viruses, computer
viruses spread quickly and can be difficult to eradicate. Viruses are
never accidents, or caused by computer glitches. All viruses are created
deliberately.
In addition to replication, many computer viruses deliver a
"payload". While some virus payloads merely display messages or
images, others can destroy files, reformat your hard drive or send
unintended email messages. Even if a virus doesn't contain a damage
routine, it can still cause trouble by wasting storage space and memory.
Additionally, some viruses are poorly written, and may cause a computer to
stop, or damage files. Many viruses make the computer's memory unstable,
or cause programs to run improperly.
Viruses will not go away any time soon. More than 30,000 have been
identified, and hundreds of new ones are created every month. With numbers
like these, no one who uses computers is immune from viruses.
What Kind
of Files Can Spread a Virus?
Viruses can infect any type of file that contains executable code.
Originally, these were just "program files," which were, and
still are, directly executed by the computer, such as files with .COM or
.EXE extensions in Windows/DOS. Today, many other file types can contain
executable code, such as word processing and spreadsheet documents that
use macros, which are simple embedded programs.
Other viruses infect
executable code in the boot sector of floppy disks or in system areas of
hard drives. And it's possible for HTML documents to spread viruses or
carry other forms of malicious code through JavaScript or other similar
types of script.
Since virus code must be
executed, files that are recognized by the computer as pure data files are
generally safe. These include graphics and sound files, such as .gif, .jpg,
.mp3 or .wav files, as well as plain text in .txt files. Just opening a
text file or viewing picture files won't infect your computer with a
virus. The virus code has to be in a form that the computer will actually
try to execute.
How do
Viruses Spread?
Many years ago, most viruses spread mainly through floppy disks. Infection
happened when users swapped files or borrowed diskettes from friends,
school, or work. Among PCs on a network, viruses can spread very quickly
when users share an infected file. More recently, the Internet has
introduced new and more efficient ways to distribute viruses. With the
ubiquity of email in both businesses and homes, viruses are spreading
faster than ever. Viruses attached to email messages can infect an entire
network in a matter of minutes, costing companies millions of dollars in
damaged data, lost productivity, and clean-up expenses.
What do
Viruses do to Computers?
Viruses run on your computer just like software programs. Their actions
depend on the programming written by the virus writer. Some viruses are
deliberately designed to cause damage. For example, by deleting
certain types of files, or even reformatting a hard drive and destroying
all data. Others interfere with your computer's operations in various
ways. Many viruses don't do anything but spread themselves. But these are
still harmful, since they may damage files or cause problems in the
process of spreading. Viruses also take up space in your computer's memory
and reduce its performance.
Viruses, however, can not damage hardware. They won't burn out your CPU or
cause a meltdown in your hard drive. Warnings about viruses that will
physically destroy your computer are hoaxes, not legitimate virus
warnings.
What
are the Symptoms of Virus Infection?
They vary widely. Some viruses announce themselves openly, displaying a
message, flashing graphics, or even playing music. Others cause severe
damage or carry out other actions that quickly attract attention, such as
sending out a large number of email messages. However, some viruses are
designed to remain hidden. In certain cases, these viruses cause strange
things to happen to a computer -- like a slowdown in operations, decreases
in memory, or a disk drive LED lighting up for no apparent reason. You
should also watch for files that change in size or disappear.
However, legitimate software
programs or hardware glitches can also cause many of these effects, so
don't immediately jump to the conclusion that your computer is infected
just because unusual things happen.
How Can I
Avoid Virus Infections?
Install antivirus software from a well-known, reputable company, such as
Trend Micro's PC-cillin 2000. Use it as recommended and be sure to update
it regularly! PC-cillin will remind you of the need to update; it will
even perform the update for you -- if you let it. New viruses come out
every day, so if your software is out of date it may not protect you.
Scan all new programs or files that may contain executable code before you
open or run them, no matter where they come from. Although rare, there
have been cases where retail software floppy disks and CD-ROMs sold in
stores have spread viruses.
If you receive a message with an attached file from an unknown source,
simply delete it. If you receive an attached file from a friend or
acquaintance unexpectedly, verify that it is genuine before opening it.
Remember, the Melissa and ILOVEYOU viruses mailed themselves to addresses
in the user's address book, so they often appeared to come from friends or
associates.
Be extremely careful about downloading files and documents from unknown or
"dubious" sources, such as newsgroups or web/ftp sites that you
do not know well. Never open executable files unexpectedly received as
either attachments in email messages or during an online chat session.
Maintain high security settings on your operating system and Internet
applications. For example, if your email program automatically executes
JavaScript or if Word does not warn you about macros embedded in documents
that you open, you should increase your program's security level.
Perform regular backups in case a virus or trojan erases or corrupts files
on your hard drive. This will also protect you from disk failure. In
either of these cases, a recent backup may be the only way to recover lost
data. If you cannot backup your entire system, at least backup files that
you can't afford to lose or that would be difficult to replace like:
documents, bookmark files, address books, important E-mail, etc.
What You
Can Do to Protect Against Viruses
There are many things you can do to protect against viruses. At the top of
the list is using a powerful antivirus product, such as Trend Micro's PC-cillin
2000 for home users. Corporate users can learn how viruses can infiltrate
their networks by viewing our interactive "Trend Enterprise
Solution" diagram. For further suggestions, see the International
Computer Security Association's website.
Virus
Pattern
A "virus pattern" (also known as a "virus signature"),
is the digital fingerprint that identifies a file as being infected with a
computer virus. When an antivirus company receives a new virus, they take
a binary pattern of the file and add it to a database called the virus
pattern file. During scanning, the binary code inside the virus pattern
file is compared to the code of the files on your computer , and if there
is a match, the file is deemed to be infected with a virus.
All input to a computer is converted into binary numbers, made up of the
digits "0" and "1". When programs tell a computer what
to do, the instructions are in machine language, expressed in binary
code.
How
is a Virus Pattern Created?
A virus pattern is a short piece of binary code that is used to identify a
virus-infected file. These are generated according to the specific file
format and means of virus infection. When any Windows file is infected, we
carefully follow the process that Windows uses to handle this file type
until we locate the virus' entry point. Once its "hidden" place
is discovered, a virus pattern for the scanning program will be generated
from this part of the file.
Antivirus companies like Trend Micro have teams of specialized antivirus
engineers who collect the virus patterns of all newly detected viruses.
However, with the number of viruses growing so rapidly, finding every
unique virus pattern becomes a difficult job. An incomplete virus pattern
could incorrectly identify normal, i.e., non-infected, files as being
virus-infected. When a new virus pattern is isolated, it is rigorously
tested by scanning many types of files to ensure that it does not cause
false alarms. Only after the testing is successful will the virus pattern
be complete.
Scan
Engine
The scan engine is the heart of any antivirus software, and the true
measure of its quality. It is the part of the program that scans your
files and detects viruses.
No matter how attractive an antivirus program's user interface, its ease
of use, or its function set, it is the scan engine that determines how
good it is at catching viruses. When an antivirus program scans a disk
drive or directory, it sends the files one-by-one to the scan engine for
comparison with the virus pattern file. A superior scan engine will
perform this checking quickly, while using relatively little system
resources.
International
Computer Security Association (ICSA)
The ICSA is an organization that provides information and helps define
standards on computer security issues. It conducts research on virus
infection rates every year. In addition, it is one of several
organizations that tests antivirus software and certifies the products
which meet its rigid standards. ICSA certification provides consumers with
an impartial, objective standard when choosing virus protection software
products. When you purchase antivirus software, verify that it is "ICSA
Certified" to ensure its reliability.
The ICSA maintains a database of tens of thousands of known viruses. Some
exist only in computer labs for research purposes. The ICSA tests
antivirus software against this database.
An antivirus program's
effectiveness is the benchmark used to compare virus protection software.
In recent years, the ICSA has steadily raised the standards it requires
for security certification. Today, antivirus software products are
required to detect 100% of the viruses classified as "in the
wild" -- meaning viruses that pose a threat to computer systems. They
are also required to detect 90% of "in the zoo", i.e.,
experimental, viruses.
As a leading antivirus software developer, Trend Micro Inc. actively
participates in programs to certify its products' high detection ratio.
Since PC-cillin is ICSA-certified, you can rest assured that it will
detect and clean viruses known at the time of its release, including the
famous Melissa and Chernobyl viruses and the ExploreZip and Bubbleboy
worms. To catch viruses that were discovered after your version of PC-cillin
was released, and to protect yourself against new viruses, it is essential
that you UPDATE your virus pattern files and scan engine regularly. We
recommend updating your pattern files every week, or immediately upon news
of a virus outbreak.
Hackers,
Crackers and Virus Writers
Virus writers may or may not be hackers, but very few hackers are virus
writers. Some members of both groups may be crackers, but most of them
aren't. Here's a definition of the terminology:
Hackers
A slang term for a computer enthusiast. According to the Jargon File
compiled by long-time hacker and open source guru Eric Raymond, a hacker
"is a person who enjoys exploring the details of programmable systems
and how to stretch their capabilities, as opposed to most users, who
prefer to learn only the minimum necessary." Among professional
programmers, the term hacker implies an amateur or a programmer who lacks
formal training. Depending on how it is used, the term can be either
complimentary or derogatory, although it is developing an increasingly
derogatory connotation. The pejorative sense of hacker is becoming more
common because the mass media uses the term to refer to individuals who
gain unauthorized access to computer systems for the purpose of stealing
and corrupting data. Hackers, themselves, maintain that the proper term
for such individuals is cracker.
It should be noted that many people who call themselves hackers have a
strong interest in network security. "Ethical hackers" break
into networks to test their skills. Often they'll hack in, poke around a
bit and leave without causing damage.
Crackers
Crackers, on the other hand, break into networks to deface web
pages, corrupt data, and similar acts of vandalism. Hackers hate
crackers, even though the public tends to lump them together.
Virus Writers
Finally, there are virus writers. Instead of using network technology to
gain access and information, they focus on writing programs that can
replicate and spread throughout a single network or across the Internet.
They usually transmit viruses through email or web downloads.
"Very few hackers write viruses," says Space Rogue, editor of
the Hacker News Network, "and vice versa."
|
 |
