What is a virus?

New search engine optimisation site now running; if you see this please click here Cravenplan supply web design and on line marketing services including:
web design
search engine promotion
search engine optimisation
search engine marketing
homes and houses for sale property promotion Associated sites include
E-Dog
Fairclough Homes and Houses
My Property for Sale
new housing contracts

what is a virus?

Technical Support

RAM

Computer Viruses

Backing up

What is a virus?
A program that copies itself - if it does not replicate it may be a trojan which is a program that does something more than you were expecting and that extra function is damaging - for example formatting the hard disk.

Things that are not viruses

Trojans		These can be worse than a virus - they are programs which do nasty things but do not replicate. The AIDS disk (20,000 distributed by post in 1989) encrypts the hard disk and hides all the filenames then demands a license fee after you have rebooted the PC 90 times. Trojans are difficult to detect - how does anti virus software know what a program is supposed to do. The AIDS program is detected and removed by good anti-virus software.
Intended viruses		Not all virus writers are as clever as they would like to be
Jokes & Hoaxes		These are not very funny but not as unfunny as a real virus.
False alarms		Even anti-virus software is not infallible. It is possible a virus will be reported even though it is not present. Worse still, no anti-virus software will find 100% of viruses - the best will find about 99% whilst the free software which is supplied with DOS will find about 30%
Bugs		Programmers are human (despite the rumours) and make mistakes. They do not make their software go wrong on purpose.
Corrupted programs		These may cause the PC to hang - try reinstalling the program (you may loose preference settings)

How do computers get viruses?

Diskettes		Booting from an infected disk or just running infected programs from it.
E-mail		Macro viruses are now the most common type of virus, particularly MS Word (version 6 or later) files. Macro virus are also spread on diskettes and over networks.
Internet		It is possible, although rare, for someone to access your computer whilst you are online. Beware also when downloading programs or documents.
Pirated Software		In particular games. Probably the most compelling reason to buy the kids a PC of their own.
Magazine cover disks		Despite claims they have been checked thoroughly some viruses slip through.

What level of damage can I expect if I get a virus?

Trivial:		e.g. the Form V virus causes the keys to beep on the 18th of each month.
Minor:		e.g. the Jerusalem virus which deletes program files on Friday the 13th - this would necessitate reinstalling any affected programs.
Moderate:		possibly formats the hard disk or overwrites the hard disk, some will scramble the FAT (File allocation table which is the disks index). The level of damage is only moderate because it is obvious something is wrong and providing you backup your data you can restore it.
Major:		e.g. "Dark Avenger" - every 16th time the infected program is run it overwrites a random sector on the hard disk. Files then get backed up with damage.
Severe:		some viruses cause gradual progressive changes but without a regular pattern. There is then no way of knowing if the data is correct or not.
Unlimited:		if a virus can obtain the system manager password and pass it on to an unauthorised person they can then get into the system and do what they like.

Types of Virus

Boot Sector		These are the most common form of virus - typically an infected disk is unintentionally left in the A: drive. When the PC is rebooted the virus on the diskette infects the hard disk, thereafter all diskettes placed in drive A: are liable to be infected (unless they are write protected).
Macro Virus		The 2nd most common type of virus. First introduced in 1995 - mainly Microsoft Word files (version 6 or later).
Multipartite		the 3rd most common type of virus - these infect both programs and the boot sector.
TSR		Terminate & Stay Resident - these infect a program. When run the virus stays in memory after the program ends, it can then infect other programs.
Companion virus		relies on the fact that DOS will run a .com file in preference to a .exe file. The virus is a .com file which does it's damage then runs the .exe file leaving you none the wiser.
Overwriting virus		these overwrite the original program with the virus program - the disadvantage to the virus writer is that this is glaringly obvious as the original program no longer works.

Characteristics

Fast infector		infects many files - this is not necessarily as bad as it sounds, a good anti-virus program will clean 1000 files just as easily as 10.
Slow infector		infects files only occasionally in the hope that you won't notice. "Starship" virus infects files as they are copied to floppy disks so they never change on the hard disk and therefore anti-virus programs don't detect any changes to files on the hard disk.
Stealth		these viruses copy the boot sector of the disk and hook into the interrupt so that the system is reading a copy not looking at the original location.
Polymorphic		no two infected files contain common code - this makes these viruses difficult to detect.

History Lesson

1986-1987		Basit Amjad realised that the boot sector of a diskette contained executable code which would run whenever a PC was booted with a diskette in drive A:. They replaced this code with their own program. Thus the "Brain" virus was born - it merely placed the volume label "(c) Brain" on floppy disks. Meanwhile Ralf Burger realised that a file could be made to copy itself by attaching a copy to other files. He wrote a demonstration of this effect which he called "Virdem" - this was distributed at the Chaos Computer Club conference where the topic was viruses.
1988		Anti-virus software starts to become available.
1989		The Bulgarians started to get interested in virus writing. The media also caught up with viruses and began to predict the end of computing as we knew it. As with most things the truth tended to be rather less dramatic than the media would have you believe. Also in 1989 the first prison term was passed down, for the writer of the AIDS disk.
1990		the European Institute for Computer Anti-virus Research was born - by now there were about 150 viruses in the wild. The first polymorphic virus was created in 1990.
1991		By December of this year there were over 1000 viruses.
1992		The Michelangelo virus scare happened - a US anti-virus vendor forecast that 5 million computers would go down on March 6th - in the event between 5-10,000 PC's were affected.
1994		6,000 viruses by the end of the year.
1995		The first macro virus appears - the WM.Concept virus affects Word 6 documents and the normal.dot template.
1996		By July the WM.Concept macro virus accounted for about 50% of all reported viruses.
1998		Around 18,000 viruses, trojans and variants now in the wild.

Disclaimer: This document is provided by Cravenplan Computers Limited (01747 858000) and is intended as a quick overview of the subject - no responsibility will attach to Cravenplan for any inaccuracies contained within. Thanks are due to Dr Solomon's Software Limited for their help in compiling this sheet.

ENQUIRIES : mail@cravenplan.co.uk

or call : 01747 858000

Viruses : in brief

How do I know if my computer has a virus?
Buy a good anti virus software package. Make sure you do the check after booting from a known clean diskette (Dr Solomon's Anti-virus Toolkit contains a "Magic Bullet Diskette" ) - if you have a virus in memory when you run the anti-virus check then the virus will probably be able to hide itself.

How can I protect myself from viruses?
Buy a good anti virus software package - then USE IT regularly. In addition to checking from a floppy disk the anti-virus software must be installed on the hard disk to offer protection at all times.
Keep your anti-virus software up to date - new viruses are being written all the time.
Don't download program or document files from Internet sites unless you are confident that you are dealing with a reputable company, (even then scan the files before use).

If you use diskettes on a computer but do not need to write to the diskette then make sure the write protect tab is open (3.5" disks). Scan diskettes brought in by friends or computer engineers before use.
Report viruses to the police - the author of the "SMEG" virus got 18 months in jail.
Backup your data regularly - keep old backups.

What can I do if I get a virus?
DON'T PANIC ! - make a cup of tea and plan your actions. Most of the damage done by viruses is caused by users taking inappropriate action not directly by the virus. If unsure of the next step call an expert.

Don't format the hard disk - you will loose all your data but would not clear a boot sector virus. If you have to restore from a backup remember the backup will almost certainly contain the virus as well and the PC will need to be thoroughly checked and disinfected after the restore process.

What will a virus do?
95% of viruses do no more than replicate plus something trivial like causing a beep when using the keyboard or displaying a message on screen - at one time the "Stoned" virus was the most common virus in the World accounting for over 25% of all outbreaks - it displayed the message "Your PC is now Stoned" hence the name. The "Italian" virus displays a bouncing ball on screen on 8088 or 8086 PC's whilst the "Cascade" virus causes the letters on display to fall to the bottom of the screen.

Why are viruses bad?
Even the 95% which do very little can cause problems. 99% of viruses are memory resident and can clash with other programs. In Windows 95 a partition virus will cause loss of 32 bit disk access, slowing the PC.

Eventually you are likely to pass the virus on to a friend or customer thus making yourself unpopular. Viruses take time to remove. Imagine checking all the PC's and every diskette in a major corporate company then removing any viruses which are found.

All content on this page is copyright to Cravenplan Computers Limited unless otherwise stated.