Computer Viruses

1. What is a computer virus?

A virus is a program that propagates itself by infecting other programs on the same computer. Viruses can do serious damage, such as erasing your files or your whole hard drive, or they may just do silly/annoying things like pop up a window that says "Ha ha you are infected!" True viruses cannot spread to a new computer without human assistance, such as if you trade files with a friend and give him an infected file (such as on a floppy or by an email attachment).

2. What kind of files can spread viruses?

Viruses have the potential to infect any type of executable code, not just the files that are commonly called 'program files'. For example, some viruses infect executable code in the boot sector of floppy disks or in system areas of hard drives. Another type of virus, known as a 'macro' virus, can infect word processing and spreadsheet documents that use macros. And it's possible for HTML documents containing JavaScript or other types of executable code to spread viruses or other malicious code. Since virus code must be executed to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt files. For example, just viewing picture files won't infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file, that the computer will actually try to execute.

3. How do viruses spread?

When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network. And the newly infected programs will try to infect yet more programs. When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers. If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies. Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks.

4. What do viruses do to computers?

Viruses are software programs, and they can do the same things as any other programs running on a computer. The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus. Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation, while others don't do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading. Note that viruses can't do any damage to hardware: they won't melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.

5. What is a Trojan horse program?

A type of program that is often confused with viruses is a 'Trojan horse' program. This is not a virus, but simply a program (often harmful) that pretends to be something else. For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program emails your saved passwords to another person. Note: simply downloading a file to your computer won't activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document.

6. What's the story on viruses and email?

You can't get a virus just by reading a plain-text email message or Usenet post. What you have to watch out for are encoded messages containing embedded executable code (i.e., JavaScript in an HTML message) or messages that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, your computer has to execute some type of code. This could be a program attached to an email, a Word document you downloaded from the Internet, or something received on a floppy disk. There's no special hazard in files attached to Usenet posts or email messages: they're no more dangerous than any other file.

7. What can I do to reduce the chance of getting viruses from email?

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file.

If your email or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature.

My personal feeling is that if an executable file shows up unexpectedly attached to an email, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you.

The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive email with attached files or documents. Just because an email appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.


Some general tips on avoiding virus infections:

1. Install anti-virus software from a well-known, reputable company, UPDATE it regularly, and USE it regularly. New viruses come out every single day; an antivirus program that hasn't been updated for several months will not provide much protection against current viruses.

2. In addition to scanning for viruses on a regular basis, install an 'on access' scanner (included in most good antivirus software packages) and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file.

3. Virus scan any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.

4. Anti-virus programs aren't very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or 'dubious' sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren't well-known or don't have a good reputation, and executable files unexpectedly received as attachments to email or during an on-line chat session.

5. If your email or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature.

6. Be _extremely_ careful about accepting programs or other files during on-line chat sessions: this seems to be one of the more common means that people wind up with virus or Trojan horse problems. And if any other family members (especially younger ones) use the computer, make sure they know not to accept any files while using chat.

7. Do regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive, and a recent backup may be the only way to recover your data. Ideally, you should back up your entire system on a regular basis. If this isn't practical, at least backup files that you can't afford to lose or that would be difficult to replace: documents, bookmark files, address books, important email, etc.

8. Dealing with virus infections: First, keep in mind "Nick's First Law of Computer Virus Complaints": "Just because your computer is acting strangely or one of your programs doesn't work right, this does NOT mean that your computer has a virus".

9. If you haven't used a good, up-to-date anti-virus program on your computer, do that first. Many problems blamed on viruses are actually caused by software configuration errors or other problems that have nothing to do with a virus.

10. If you do get infected by a virus, follow the directions in your anti-virus program for cleaning it. If you have backup copies of the infected files, use those to restore the files. Check the files you restore to make sure your backups weren't infected.

11. For assistance, check the web site and support services for your anti-virus software.

Note: in general, drastic measures such as formatting your hard drive or using FDISK should be avoided. They are frequently useless at cleaning a virus infection, and may do more harm than good unless you're very knowledgeable about the effects of the particular virus you're dealing with.


Watch Out for Bubbleboy Virus

SAN FRANCISCO: Computer security experts are warning of a dangerous new email virus, one able to destroy information even when users don't fully open their messages.

"Bubbleboy," apparently nicknamed after an episode of the TV show Seinfeld, is the first known email virus that doesn't even need to be fully opened to be activated. Just highlighting the e-mail's subject line in Microsoft Outlook Express activates its hidden code.

It also takes every address in a computer's email program and passes the virus along.

Researchers at Network Associates, a Santa Clara computer security company, said "Bubbleboy" could become the framework for the easy delivery of a host of malicious programs.

"This ushers in the next evolution in viruses. It breaks one of the long-standing rules that you have to open an email attachment to become infected, spokesman Sal Viveros said. "That's all changed now."

"Bubbleboy" was emailed late Monday to Network Associates and the company put a free software patch capable of blocking the attack on its website the next day.

The company isn't certain who sent the virus, but researchers believed the threat is so serious that they notified the FBI, said Vincent Gullotto, director of the company's virus detection team.

"Bubbleboy" only requires that the email be previewed on the Inbox screen of Microsoft's Outlook Express, a popular email program. As soon as the email is highlighted, without so much as a click of a mouse, it infects the computer.

The virus appears as a black screen with the words "The Bubbleboy incident, pictures and sounds" in white letters.

It affects computers with Windows 98, Windows 2000 and some versions of Windows 95 that also use Microsoft's Internet Explorer 5.0 and Outlook Express web browser and email programs, Gullotto said. It apparently does not affect Netscape's email programs.

Even without Network Associates' software patch, there is an easy fix. Enabling Microsoft's highest-security email filter will keep the virus from entering.

Microsoft spokesman Adam Sohn said last Tuesday night that anyone who downloaded the August upgrade to Internet Explorer 5.0 already is protected from "Bubbleboy."--AP