Friday, June 10, 2011

Computer Viruses

Computer Viruses

A computer virus is a potentially damaging computer program designed to affect, or infect, your computer negatively by altering the way it works without your knowledge or permission. More specifically, a computer virus is a segment of program code that implants itself in a computer file and spreads systematically from one file to another. Viruses can spread to your computer if an infected floppy disk is in the disk drive when you boot the computer, if you run an infected program, or if you open an infected data file in a program.

Computer viruses, however, do not generate by chance. Creators, or programmers, of computer virus programs write them for a specific purpose – usually to cause a certain type of symptom or damage. Some viruses are harmless pranks that simply freeze a computer temporarily or display sounds or messages. When the Music Bug virus is triggered, for example, it instructs the computer to play a few chords of music. Other viruses, by contrast, are designed to destroy or corrupt data stored on the infected computer. Thus, the symptom or damage caused by a virus can be harmless or cause significant damage, as planned by its creator.

Viruses have become a serious problem in recent years. Currently, more than 45,000 known virus programs exist and an estimated six new virus programs are discovered each day. The increased use of networks, the Internet, and e-mail has accelerated the spread of computer viruses, by allowing individuals to share files – and any related viruses – more easily than ever.

Types of Viruses

Although numerous variations are known, four main types of viruses exist: boot sector viruses, file viruses, Trojan horse viruses, and macro viruses. A boot sector virus replaces the boot program used to start a computer with a modified, infected version of the boot program. When the computer runs the infected boot program, the computer loads the virus into its memory. Once the virus is in memory, it spreads to any disk inserted into the computer. A file virus attaches itself to or replaces program files; the virus then spreads to any file that accesses the infected program. A Trojan horse virus (named after the Greek myth) is a virus that hides within or is designed to look like a legitimate program. A macro virus uses the macro language of an application, such as word processing or spreadsheet, to hide virus code. When you open a document that contains an infected macro, the macro virus loads into memory. Certain actions, such as opening the document, activate the virus. The creators of macro viruses often hide them in templates so they will infect any document created using the template.

Depending on the virus, certain actions can trigger the virus. Many viruses activate as soon as a computer accesses or runs an infected file or program. Other viruses, called logic bombs or time bombs, activate based on specific criteria. A logic bomb is a computer virus that activates when it detects a certain condition. One disgruntled worker, for example, planted a logic bomb that began destroying files when his name appeared on a list of terminated employees. A time bomb is a type of logic bomb that activates on a particular date. A well-known time bomb is the Michelangelo virus, which destroys data on a hard disk on March 6, Michelangelo’s birthday.

Another type of malicious program is a worm. Although often it is called a virus, a worm, unlike a virus, does not attach itself to another program. Instead, a worm program copies itself repeatedly in memory or on a disk drive until no memory or disk space remains. When no memory or disk space remains, the computer stops working. Some worm programs even copy themselves to other computers on a network.

Virus Detection and Removal

No completely effective methods exist to ensure that a computer or network is safe from computer viruses. You can take precautions, however, to protect your home and work computers from virus infections. These precautions are discussed in the following paragraphs.

An antivirus program protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming files. Most antivirus programs also protect against malicious ActiveX code and Java applets that might be included in files you download from the Web. An antivirus program scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified.

Antivirus programs also identify a virus by looking for specific patterns of known virus code, called a virus signature, which they compare to a virus signature file. You should update your antivirus program’s virus signature files frequently so they include the virus signatures for newly discovered viruses and can protect against viruses written after the antivirus program was released.

Even with an updated virus signature file, however, antivirus programs can have difficulty detecting some viruses. One such virus is a polymorphic virus, which modifies its program code each time it attaches itself to another program or file. Because its code never looks the same, an antivirus program cannot detect a polymorphic virus by its virus signature.

Another technique that antivirus programs use to detect viruses is to inoculate existing program files. To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file. The antivirus program then can use this information to detect if a computer virus tampers with the inoculated program file. Some sophisticated viruses, however, take steps to avoid detection. Such a virus, called a stealth virus, can infect a program file, but still report the size and creation date of the original, uninfected program.

Once an antivirus program identifies an infected file, it can remove the virus or quarantine the infected file. When a file is quarantined, the antivirus program places the infected file in a separate area of your computer until you can remove the virus, thus insuring that other files will not become infected.

In addition to detecting and inoculating against viruses, most antivirus programs also have utilities to remove or repair infected programs and files. If the virus has infected the boot program, however, the antivirus program first will require you to restart the computer with a floppy disk called a rescue disk. The rescue disk, or emergency disk, is a disk that contains an uninfected copy of key operating system commands and startup information that enables the computer to restart correctly. Once you have restarted the computer using a rescue disk, you can run repair and removal programs to remove infected files and repair damaged files. If the program cannot repair the damaged files, you may have to replace, or restore, them with uninfected backup copies of the file.