One definition for a computer virus is
A virus is a
self replicating computer program that interferes with the
- a computer's hardware, software and/or
- a network's hardware, software and/or
Viruses are designed to be difficult to
replicate by attaching to another piece of executable code.
When the executable code with the attached virus is run it gives the
virus the chance to attach itself to other executables and/or engage
in whatever activities it was designed for.
A virus must be executed in order to function.
This is one of the few aspects of viruses that can help prevent
their spread. There are more and more ways to detect viruses
and deal with them before they are executed. If a virus is
executed, it is loaded into the host device's memory and its
instructions will be followed.
Viruses are usually classified based on a number
- the types of files it infects
- the ways it infects other files and/or
- writing itself to floppy disks
- writing itself to hard drives
- attaching itself to emails
- get distributed through legitimate
- across the Internet
- across some other network
- where it locates
There are a number of different basic types of
viruses that can be identified.
- infect executable files or programs. Parasitic
viruses usually leave the contents of the host file
unchanged. But they almost always append in such a way
to guarantee they execute before the host.
- boot sector - infects the boot sector
of either a floppy or hard drive. Such a virus
replaces either the programs that start the computer or the
information about the disk contents.
- this type of virus is almost always
transmitted by the exchange of floppy disks
- these exhibit characteristics of both boot sector viruses
and parasitic viruses and can infect wither
files/executables and/or boot sectors.
- instead of modifying an existing program, companion
viruses create a new program with the same name as an
already existing program. A companion virus is
designed to trick the operating system into running this
companion program which delivers the virus payload.
- link -
these function by modifying the ways an operating systems
finds a program. The operating system will be tricked
into first running the link virus and then the desired
program. Entire directories can be infected since any
executable program accessed within the host directory will
cause the virus to execute.
- data file
- these viruses can open, manipulate and then close data
files. Data file viruses are almost always written in
some macro language and designed to automatically execute
when a legitimate program is accessed.
- some data file viruses
- Melissa - which operated within the
Microsoft Word 97 and/or Word 2000 framework.
- macro -
these did not appear until the late 1990's, but they account
for most of the viruses. The proliferation of macro
languages accounts for the increasing number of these
- virus hoaxes
- Internet users have become so cautious and suspicious that
even rumors of viruses can diminish system functioning
- some hoaxes have warned users to
delete certain files that were actually important to system
- some virus hoaxes
- Good Times - this caused
widespread panic as users read about the sorts of
destruction it could do. It threatened to put your
processing into an "nth complexity infinite binary loop"
and overheat your systems.
More About Boot Sector Viruses.
Whenever a computer is first turned on
a small portion of the operating system is loaded from the
hardware. Once this portion has been loaded it
looks to find the remainder of the operating system in
particular boot sectors of the hard or floppy drive. A virus can be placed in one of these
boot sectors so that it supplants what should be there.
- Stoned Virus - placed itself in sector
one of the MBR - Master Boot Record and moved what was
supposed to be there to sector seven. It then would
usually do fairly silly things such as print a "stoned"
message on the monitor. It would also try to spread to
other sectors and computers.
More About Macro Viruses.
Microsoft has made a lot of money from developing their Windows
based systems. Regardless of whether you think they ripped
many of their ideas off from others such as Apple and/or Xerox, the
Windows approach has proliferated around the world.
Microsoft was also one of the first companies
to unify much of their productivity software within a single larger
framework. Microsoft calls their system Microsoft Office.
For example, Microsoft Office can contain the following productivity
- Word - word processing
- Excel - spreadsheets
- PowerPoint - presentations
- Outlook - email
- Access - client databases
- FrontPage - web development
In order to improve the functionality of this
productivity software, Microsoft developed something called
macros. It is my opinion that
Microsoft was generally very intelligent when they developed their
macro capabilities based on VisualBasic since this meant more
proficient users could do more and more with their macros and
programming across the entire suite of Office products as they
Unfortunately, this also gives undue influence
to people who understand VisualBasic and how macros can be used.
It is possible to attach and/or embed macros into certain Microsoft
products so that they will execute when other users receive certain
files. This means that someone can spread a malicious macro
based virus when they share things such as emails and spreadsheets
and so on.
I think it is important to remember that
Microsoft's biggest money earning products are
- Windows Operating System
- Office Suite
But you also need to remember that these were
largely developed within a context of a single user on their own
computer. When thinking about so many of the features they
think users will want they were often very sloppy about assessing
the implications these developments would have on networks of
computers that might often contain users with malicious intentions.
While not all macro viruses take advantage of
Microsoft systems, they seem to be the vast majority.
There are a number of basic approaches that help ensure a system is
not infected with viruses. One of the most basic and universal
if you don't know where something came from
or where it has been -
DO NOT OPEN OR RUN IT!
- be careful about opening documents
- be careful about executing programs
- install and run antivirus software
- keep your antivirus software up to
- make sure you have source executables
on CDs whenever reasonable
- make sure your software sources are
legitimate and can be verified
- test software on a test machine before
installing on other machines
- create regular backups of what is on
- use write only secondary storage
More will be added.