|Software that can help||Good for||Cow Rating|
|With PC Tools AntiVirus Free Edition you are protected against the most...|
|Kaspersky Anti-Virus 7.0 provides classic anti-virus protection from all types of...|
|This is a virus defense system designed for easy and dependable virus prevention on...|
Computer Viruses and Worms - Part 1
by Michael E. Callahan aka Dr. File Finder
This question submitted by Lisa Newman, Donna Zander, Bill Thompson,Alex Picard, Kate Cummings, Alton George, and numerous others
I receive questions about viruses, worms, trojans, time bombs, and othertype of malware from many users. The scope of the questions aresuch that I'm going to answer in three parts. Last week I talked inbasic terms about what viruses and worms are. Today I'll talkabout some of the different types of viruses, like email, boot sector,and the like. Finally, in Part 3, I'll look at the non-virus virus.
Types of Viruses
Types of viruses, you ask? Yes. Viruses are classified by a variety ofcriteria including what they attack on your computer, how they aretransmitted, and so on. It probably is no coincidence that many virusestarget Microsoft and products created by Microsoft. Microsoft productslike Outlook, Internet Explorer, SQL Server, Windows 2000, MicrosoftServer, and others have been the targets of specific attacks. Many ofthese attacks have involved worms which go after a weaknesses inthe programs. In general, viruses tend to be classified into thefollowing categories:
- File or Executable
- Boot Sector
- Macro virus
- Non-virus virus or Hoax virus
Lets take a brief look at these different types of viruses. I'm savingdiscussion of the non-virus virus for next week, because I thinkit deserves space on it's own for examination.
File or Executable Viruses
The majority of viruses fall into this category. Certainly all of theearly viruses did. These viruses are tiny programs generally hidden onanother program. Kind of a "piggyback" action which requires thatyou execute or run the main program. So, for example, the virusis attached to a popular game. Users download the game unaware that thevirus is attached. When you run the game, the virus comes "alive."At that point it begins to follow its programming. Generally this meansthat it will look for other programs to infect. The virus attached tothe game you wanted to play quickly spreads to other programs and files.So, for example, the text editor that was running in the background whenyou were playing the game becomes infected. Then, when you run the texteditor the next time, it infects your database, the database infectsanother game, and so on and so on. Viruses spread very rapidly over anetwork because computers are linked and numerous programs are running.
In 1993 I spoke with John McAfee, of McAfee Associates, about virusesand how they spread. At that time he told me that the number one sourceof viruses was, and I quote, "... pirated copies of commercialsoftware." Not shareware, not freeware, but copies of things likeMicrosoft Word, Excel, Outlook, QuickBooks, Quicken, and many more. Why?Well, it seems that the people who create viruses find it humorous toinfect those who obtain software illegally.
Comments - PRN - During the past 25 years I'vedownloaded about a quarter of a million programs. I've downloaded themfrom sources all over the world. From bulletin boards, from sites likeAOL, CompuServe, American PeopleLink, Genie, and others. And in thattime I have never encountered a virus. Not one. Do I use anti-virus software? You bet, and I'm glad to know that it's on my computerand working. Am I saying there are no viruses? Not at all. I havefriends whose computers have been destroyed by viruses. What I'm sayingis that based on my experience one could see why I might not use ananti-virus program. I do, however, because like the old sayingsays, "It's better to be safe than sorry!" Remember that.Use anti-virus software and keep it up-to-date! -- Doc
So, once the carrier program is executed or run, the virus springs tolife and infects other programs. Some viruses are triggered by a certainevent, like a particular program running or even a certain calendar datearriving. Some viruses are very destructive and will destroy data, eraseit, or make it useless. I've had friends whose computers were so badlyinfected that all I could do was reformat their hard drive andreinstall everything.
Boot Sector Viruses
These were an evolution in the world of viruses, a step up if you will.These viruses didn't just load themselves onto a file. Instead, the bootsector viruses can load themselves into your computers memory or RAM.Some may ask, "So what?" Well, by being in RAM, the virus is runningor "on" as long as the computer is on. As the name implies, bootsector viruses also infect the boot sector of a disk. Without gettingtoo technical, the boot sector a key section a a hard disk. It gets readas soon as you start your computer and basically tells the computerwhat's what. By residing in this sector, the boot sector viruses werealways loaded and always in memory. That made it easy to infect floppydisks, which would then infect other computers.
Macro viruses are different from the others we've looked at. They tendto infect a document in Microsoft Word, taking advantage of the built-inmacro feature of Word. This type of "virus" performs certain functions,but generally isn't terribly destructive. Many of you may remember whatmay be the most famous macro virus, called "Melissa." "Melissa"was inserted into Word documents. If you received a document with thismacro virus in it, and opened the document, the virus was activated. Thevirus altered the main "template" used in Word documents so that everydocument created from that point on would also have the virus inside it.Ahh, but that isn't all. "Melissa" also sent out 50 emails topeople in the users Outlook address book, and sent them the virus aswell.
Oddly enough, the number of executable and boot sector viruses hastapered off. There's actually a good reason for this which some of youmay not realize. These types of viruses tended to spread via floppydisk. Well, ask yourself, how many floppy discs to do you see? Somecomputers no longer come with floppy drives. With nearly every programcoming on CD, these types of viruses aren't spread as easily as theyonce were. Why, you ask? Because a CD is burned with the contentit's supposed to have, which means they can't be change or modified likea floppy disc. This isn't to say there are no boot sector viruses outthere, but now even the operating system protects the boot sector sosuch infection are much less likely.
Nearly everyone is familiar with viruses coming by email. The"Melissa" virus, mentioned earlier, was spread by email. Thereason it spread so quickly was because the emails it sent looked likethey were sent by someone you knew. They seemed personal in nature andeven had your name in it. Hence, people opened the attached file thatcontained the virus. And then 50 more people would get the virus.
Those who create and spread viruses via email want you to open theattachment. They try many ways to entice you into doing so. The emailswill sound like they know you. They are phrased to try to pull you in,something like this:
"Hey, it's Jenny ... sorry I didn't get back to you earlier, I wasbusy with work and you know how that goes. I really miss seeing you.I've attached some pictures of us running naked on the beach. See whatyou think - I think I look pretty sexy. Catch you later, baby"
or words to that effect. They want you to open the file that supposedlycontains pictures of you and someone you know running naked on thebeach. And millions of people open those "pictures" and find themselvesinfected with a virus. What's always puzzled me is this. If youdon't know someone by that name and you haven't been runningnaked with anyone on a beach, then why would you open the email? Simpleanswer is curiosity. People want to see the pictures. Or thefancy car, or win the money, or whatever the email promises to deliver.
Doc's Rule #3 - Never download, much less open, ANYfile from someone you don't know!
This goes hand-in-hand with another one of my rules. These are rulesthat I've come up with over the years, that I've taught to my family andfriends.
Doc's Rule #4 - Don't open emails, or attachmentsin emails that request strange things, even if the email address says it'sfrom a friend, because it may not be.
Summing It Up!In this segment of the 3-part series on viruses and worms we've lookedat the most common types of viruses. Viruses have gradually evolved fromexecutable types, to boot sector to macro and to email viruses. Thosewho create email viruses try to lure you into opening the file thatwill activate the virus. Don't fall for it. Remember the rules and theywill serve you well. Use anti-virus software on your computers and keepit updated. Use a program to check for adware and spyware. Whilethese are not viruses in the true sense, they are harmful in other ways.
By using your computer wisely, following a few basic rules, and runningsoftware to protect you from danger, you can have a much more worry-freecomputer experience. Join me next week for Part 3, which covers what Icall the Non-virus virus. I hope you'll join me.
I'd like to thank Lisa Newman, Donna Zander, Bill Thompson, AlexPicard, Kate Cummings, Alton George, and numerous others for askingthis question.
If you have a question on any technology topic that you'd like someoneto tell you about you can submit it via email by clicking HERE You will not receive a reply, but all topics will be considered.
Michael E. Callahan, known around the world by the trademarked name Dr. File Finder, is regarded as the world's leading expert on shareware. Dr. File Finder works with software programs and developers full-time, and in the average year he evaluates 10,000 programs. Since 1982 he has evaluated over 250,000 software and hardware products. Mr. Callahan began evaluating software online in 1982 and no one has been at it longer. He currently works doing online PR and marketing for software companies, and is the Senior Content Producer for Butterscotch.Com.