When viruses attack

The concept of viruses is exaggerated by media hype and urban legends. In this Daily Drill Down, Talainia Posey discusses the anatomy of a virus and examines methods of virus prevention and removal.

If you’re a computer user, then having your hard work wiped out by a virus has to rank as one of life’s most frustrating experiences. Although it’s relatively easy to protect your computer from viruses, most people outside the IT community don’t have a clue about how to do so. The concept of viruses is constantly exaggerated by media hype and urban legends. In this Daily Drill Down, I’ll discuss viruses in detail. I’ll describe the anatomy of a virus and then examine methods of virus prevention and removal.

Where do viruses come from?
A virus is nothing more than a computer program. Although most viruses are written with malicious intent, some viruses simply display a message or a cartoon. One example of such a virus is the Cookie Monster virus, which was common about ten years ago. The Cookie Monster virus displayed a picture of Cookie Monster at random times, along with a message that said something like “Give me a cookie.” If you typed the word “COOKIE,” the picture would go away for a while. You could remove the virus completely by typing “OREO.”

Other viruses are more hostile. They may do things like delete or corrupt data, destroy executable programs, or prevent your computer from booting. There are many types of viruses, and they all have at least two things in common: They’re annoying, and they’re nothing more than a simple computer program that’s designed to attach itself to or overwrite your normal programs.

How common are viruses?
Viruses are much more common than most people realize. It’s always amusing to watch some clueless anchorperson on the news freak out over some new virus that just happened to catch the attention of the media. The media focuses so strongly on such viruses that they totally overlook two crucial facts. First, whatever virus they’re making people paranoid about is usually no more destructive than any other virus. Second, several new viruses are created every single day.

As you probably guessed from that last statement, there are thousands of known viruses in circulation. Companies, such as Symantec and McAfee, have employees who do nothing but write antidotes to every new virus that comes along.

Anatomy of a virus
As I mentioned earlier, there are several types of viruses. Before you can truly prevent a viral infection, you need to understand at least a little bit about how these viruses work. The major types of viruses are
  • boot sector viruses
  • executable file viruses
  • macro viruses
  • e-mail viruses

Boot sector viruses are probably the most common. As the name implies, a boot sector virus infects the boot sector of a hard disk or a floppy disk. When the computer is booted, the virus loads into memory. Once the virus is resident in memory, it can inflict damage, even if you’ve removed it from the hard disk. Typically, the memory-resident portion of the virus contains instructions for the virus to copy itself to any floppy disk that’s inserted into the computer. It usually contains instructions to do some sort of damage to the hard disk. These instructions may include doing anything from erasing files over time to setting up a time bomb algorithm that will eventually prevent the computer from booting after it has been booted a specified number of times.

Other viruses infect executable files. These viruses automatically attach themselves to target files. Usually, such a virus makes the executable file unusable. When someone tries to execute an infected file, the virus is loaded into memory. Once in memory, the virus will infect any other executable file that you try to run.

Macro viruses infect document files, such as Microsoft Word and Excel documents. These viruses use the macro functions that are built into the various applications to attack your documents. For example, one such macro virus goes through your Microsoft Word documents and boldfaces random letters. Typically, a macro virus is contracted by opening an infected document. When such a document is opened, the macro is executed automatically. Code within the macro damages your document and usually appends the menacing macros to your master document template. All future documents created with the now infected program will also be infected—and will have the ability to infect other computers.

E-mail viruses are one of the newest types of viruses. Typically, an e-mail virus is attached to an inbound e-mail message in the form of an executable file. If you try to execute this file, the virus will be activated. Many e-mail viruses examine the contents of your address book and spread automatically by e-mailing themselves to names from your address book. Your friends will receive the virus attached to a message from you that says something like, “Hey, check out this cool file that I found.” Obviously, if they open the file, the virus will spread to everyone in their address book. As you can imagine, e-mail viruses can spread very rapidly.

Of course, there also are hybrid viruses. For example, viruses exist that can infect executable files and boot sectors. There are macro viruses that spread automatically via e-mail. Although these hybrid viruses exist, it’s important to understand that the same basic concepts apply to the way that such viruses function.

Getting the virus
Now that I’ve discussed the various types of viruses, let’s take a moment to review the ways that viruses spread. The most common ways of contracting a virus are by downloading files from the Internet and through software piracy. Any time that you download a file from the Internet, there’s a chance that the file could be infected. Likewise, if you acquire software through dubious means or use disks in someone else’s PC, there’s a chance of getting a virus.

Protecting your PC
With thousands of viruses floating around, it’s easy to come into contact with one. After all, few people avoid downloading a needed file just because there’s the remote possibility that the file may be infected. It’s much more practical to protect your PC. You can do so with one of the antivirus programs that exist. Some of the better ones are Norton AntiVirus by Symantec, McAfee’s antivirus suite, and the Panda antivirus program.

How do antivirus programs work?
With the wide array of viruses that exists, you may be wondering how an antivirus program can protect your PC. There are several things that an antivirus program must be able to do in order to be effective.

At the time that you install the antivirus program, it must test the integrity of your system to make sure that it’s not already infected. Usually, this procedure is done by scanning your memory for memory-resident programs that behave in a manner that’s typical of a virus.

Once the PC has been verified as being clean, the program begins installing. One of the first things that happens as the antivirus program installs is that the boot sector of your hard disk is inoculated. This process usually involves copying the boot sector to a compressed file and noting the dates and sizes of the files involved. Each time the computer is booted, the antivirus program compares the boot sector against the record that was made during the antivirus install. If any files involved in the boot sector have modified dates or sizes, the antivirus program will alert you and may give you the opportunity to revert to the backup copy.

Once the boot sector has been verified, many antivirus programs will run a scan against the main Windows files by comparing the contents of each file against a virus signature file. Each virus has unique characteristics. A virus’s signature is composed of a few bytes that uniquely identify that virus. Therefore, a virus signature file is a collection of the signatures from thousands of different viruses.

Once the low-level Windows files have been verified, Windows loads. Once Windows has loaded, the antivirus program goes into auto-protect mode, which means that the antivirus program stays in memory and scans certain types of files against the signature file each time they’re accessed. If a virus is encountered, the file is immediately isolated and optionally disinfected.

That takes care of keeping an eye on the system, but you may be wondering about e-mail. Some antivirus software includes server-side plug-ins for the e-mail server. These plug-ins will scan and disinfect e-mail before the recipient ever gets the messages. Such programs may even send a message to the sender of the infected e-mail and inform that person of the infection. If you don’t have or can’t afford this type of protection, the auto-protect feature will still protect you. The only difference is that it won’t delete infected e-mail automatically.

One final way that the antivirus programs can protect you is by constantly scanning for new viruses. All three of the antivirus programs that we mentioned earlier have the ability to connect automatically to the Internet and download updated signature files. You can set the program to download these updates weekly or daily—or whatever schedule meets your needs.

If you get a virus that you don’t have a signature file for, all is not lost. The programs we mentioned earlier have some capacity to monitor your system for virus-like activity. If the program suspects an unknown virus, it may alert you to the condition and/or send the code to the company that made the antivirus program so that the company can make an antidote for the potential virus.

If your computer gets a virus
Even with an antivirus program installed, it’s still possible to get a virus. For example, if you boot your computer from a floppy disk, your antivirus program isn’t in effect. If you encounter a virus while working, your PC is unprotected. Fortunately, you can still protect yourself. The next time you boot your computer normally, the computer will scan for boot sector viruses and file viruses as it encounters each file. If you want to make absolutely sure that your system is clean, then your antivirus program should have a manual scan function that you can use to scan every file on the hard disk.

Viruses can bring down your operating system or destroy your data. In this Daily Drill Down, I cut through the myths and explained how viruses really work. I then discussed how antivirus programs work to protect your computer against menacing viruses.

Talainia Posey learned to handle PCs the old-fashioned way: by reading manuals and doing on-the-job troubleshooting. Her experience also includes installing networks for several small companies. When she's not working on computers, Talainia loves to shop for toys and watch cartoons or to spend time with her cat, Beavis.

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks