Intro To Computer Virus Essay, Research Paper
What is a Virus?
The computer virus is something that has been around almost as long as the Personal Computer (PC) and certainly since the advent of the affordable home computer, but what exactly is a virus? And how does it affect your PC? Is there any way to prevent your hard drive becoming infected and just where do they come from anyway?
A virus is computer program, usually a very small program, that interferes with the smooth running of a computer’s operating system and hardware. Viruses are designed to copy themselves and hide within your computer to avoid detection.
In 1995 Ernst & Young released a security survey that showed that 67% of all companies had virus attacks. That was a rise from 54% in 1994. The cost of each attack was estimated at $13, 000.
The NSCA (National Computer Security Association) reported in January of 1997 that 200 macro viruses had been discovered. Six months later the amount of macro viruses had risen by over 300%.
At this stage it is estimated that 90% of all companies have at least one macro virus resident somewhere in their computer systems.
Types of Viruses
Under the main heading of viruses are three types of harmful computer programs, not all of which hide and replicate.
The first of these is the Trojan Horse programs, the name of which comes from the Greek legend that told how Greek soldiers gained entry to the city of Troy in a giant, hollow wooden horse and thus captured the city, ending the Trojan War. Though not technically a virus it is still dangerous and could cause permanent damage to your operating system. A Trojan Horse program is a program disguised as a game, a utility or an application. When run, a Trojan Horse will do something devious to your computer while appearing to do something useful, such as deleting every file beginning with the letter ‘H’ while you are running a word processing program.
A logic bomb is a program that lies dormant in a computer’s memory until certain conditions are met, such as a date is reached, a certain program is activated, or a combination of letters is typed. An example of this is the ‘Bomber’ virus. Every August 31st this virus activates, emits a beep and writes the message ‘I am the stealth bomber’ to the computer screen.
A worm program replicates itself across computer systems, usually leaving copies of itself in the memory of any computer it comes across. Sometimes a worm copies itself so much that it fills up the computer’s memory, slowing it down and sometimes causing it too crash.
Within these main types there are sub-types including, but not limited to:
Boot Viruses that can affect the start up procedure of your computer and disks. Anthrax is a boot virus that infects both .COM and .EXE files, which are the files that cause programs to run. (COM being an abbreviation of command, EXE being an abbreviation of execution.) The text “Anthrax” and “Damage, Inc.” is contained within the infected programs. The virus writes itself onto the last few sectors of the hard disk. Any data in its way is deleted.
Stealth Viruses that hide themselves from detection by anti-viral programs. An example of this is the MacGyver virus, a memory resident virus that infects .EXE files. Once this file is executed into memory, it infects .EXE files as they are run or opened.
Polymorphic Viruses that change themselves every time they replicate, making finding them that much harder. One such virus is Kampana.3748. It also infects .COM files. After 401 boots the virus overwrites all sectors on the first and second hard drives with gibberish as it displays the message “Campana Anti-TELEFONICA (Barcelona).” While it overwrites your hard drive it places a boot sector version of itself on your hard drive.
Multipartite Viruses that affect both the start -up procedure and program files. The “Junkie” virus also infects .COM files and contains the encrypted messages “Sweden 1994″ and “The Junkie Virus – written in Malmo”. It actually contains no intentionally damaging code, but corrupts .COM files over 64 kilobytes and disables the anti-virus included with MS-DOS 6.
Macro Viruses that can infect Microsoft Word and Excel documents. Macro viruses are a newer breed of virus that can affect data files and not just programs. These load into memory once a file infected with the virus is opened. The virus may simply write a message to the screen, delete files or even format your hard-drive. When a new document is saved, the virus is saved with it. If this file is opened on another computer the new computer becomes infected as well. A good example of this is the virus WM.WAZZU.CA which randomly passwords Microsoft Word or Excel documents or inserts the text “only lucky ONE gets mad cow”.
Despite all of the above, most viruses are not designed to do damage, they only replicate themselves and display messages. It is only a few bored and destructive programmers that would design programs to randomly format people’s hard drives.
Anti Virus Programs
But how do you keep your computer free of viral infection? Well, buying an Anti-Virus program is always a good step and most new computers now come with one. Most new Anti-Viral programs now have Internet links so they can keep tabs on newer viruses coming onto the net.
Anti Virus programs work in a set number of ways using memory checking and complex algorithms.
Signature Scanning compares a file and it’s contents against a database of signatures that the program creates so it can identify each of the files. The downside of this method is that the program requires it’s database of signatures to be updated frequently, tying up the systems resources.
Heuristic Analysis works by detecting virus like activity within the system. Unfortunately this causes a large amount of false alarms. Even installing a new program on your computer can be mistaken for virus like activity.
Check Sum Analysis is similar in its detection of virus like activity, but instead of looking within the system, the check sum looks for activity within a file. A virus must change a file when it infects it. The check sum runs a mathematical check comparing the sum every time the program is run. This too can incur false alarms as even loading a program can cause changes. An inexperienced user could have trouble telling the difference between this and a real virus. Also it can only detect a virus after it has occurred
A Polymorphic Analysis is used to detect polymorphic viruses. Polymorphic viruses change as they replicate so the polymorphic analysis checks in secluded locations.
And finally a Macro Analysis will intercept macros (such as Word( and Excel( documents) before they are opened and scan them for viruses.
A relatively new twist on all of this is the hoax virus. These are e-mail messages displaying apocalyptic warnings such as
Virus Warning!! If you receive an e-mail
titled “Win a Holiday” DO NOT open it.
It will erase everything on your hard drive!
Forward this letter!
A well-meaning employee of the U.S. Postal Service forwarded the above e-mail to every U.S. Postal Service government e-mail account. When several employees hit the ‘reply to all’ button the servers overloaded and the Postal Service had to call in emergency engineers to get the systems up and running again.
Staying Ahead of the Virus
Nothing can help your computer stay virus-free unless you take action yourself.
If at all possible you should change your CMOS, the computer’s resident memory, to boot first from your C: drive, otherwise you may get a boot virus off a floppy disk if it is accidentally left in your drive when the computer is turned on.
Always keep virus-free, write protected back up copies of everything on your computer in case, if worse comes to worst, you have to format your hard drive. Backing-up your computer regularly can also guard against accidental formatting or loss of data through human error, disk crashes, power failure and so on.
Use your Anti-virus program regularly. It can’t do its job if it is never run. It’s probably a good idea to include it on the Start Up Menu so it boots up with your computer (if you have Windows(, that is).
If you can set it to scan your floppy drive every time files are read from, or transferred from, disk, especially if you share disks or use them on more than one machine, it would cut off one major source of infection. Similar precautions should be used when using the Internet, especially if you use the Internet regularly.
In conclusion, viruses are preventable, and can be erased if your system becomes infected, but no matter how bad your system is hit remember that viruses don’t damage hardware. Even if you have to format your hard drive and your floppy disks all the virus can damage is data. Virus can sometimes cause your keyboard to type the wrong characters or distortion on your screen but it is the programs controlling these functions and not the monitor or keyboard that is affected. Not even your disks can be physically damaged, only the data on them. This, if it comes to it, is your last line of defence.