A virus is a program that attaches itself to other programs and makes copies of itself without user intervention. Its ability to self-replicate is the defining characteristic among all computer viruses.

A virus doesn’t automatically move from computer to computer without user intervention. A user must copy the infected file in order for it to spread to another computer.

A worm is a program that replicates itself without user intervention and can copy itself from computer to computer. These can spread very quickly in a networked computer environment.

A Trojan horse, like the name suggests, is a seemingly normal or helpful piece of software that performs very malicious functions. An example would be a simple programming tool that, once activated, erases your hard drive. A Trojan horse doesn’t make copies of itself but it can contain a virus that does.

Viruses are not necessarily malicious. In fact, the majority of viruses are pranks. They make your keyboard beep, or they display a fake error message (saying you’ve got water in your diskette drive, for example), or they do some other trivial thing.

The action a virus performs is called its payload. This action can be harmless or it can wreak havoc, completely destroying the information on your hard disk.

Payloads are often performed when a trigger event occurs. A trigger event can be anything from a specific date, a certain file size, or a sequence of keystrokes. When the trigger event happens, the payload is delivered.

The majority of viruses is found in laboratories and is used as research tools. These viruses are said to be “in the zoo” and are not in circulation to the public.

Approximately 551 viruses are currently in circulation and pose a threat to the public. The list of these viruses is compiled and maintained by Wildlist Organization International. (www.wildlist.org). These viruses are said to be “in the wild”. That is, it has been found on two or more computers and is in active circulation.

Tens of thousands of variations of these viruses exist. McAfee Associates, Inc., an anti-virus software vendor, now maintains a list of 53,000. Experts estimate that new viruses are being discovered at a rate of six per day.

Viruses are written for a specific type of computer, the PC or Macintosh, for example. So, a virus found on your PC will not infect your AS/400.

Any virus, even a prank, can compromise your system. This is because most viruses take up disk space and are not tested thoroughly. A virus that is harmless on a system running Windows 95 might cause serious damage to a system running Windows 98, for example.

Disturbingly, a growing number of viruses are intentionally destructive. Some experts claim that as many as 35 percent of viruses in circulation today are destructive. One destructive virus can shut down an entire enterprise. For this reason, viruses are not to be taken lightly.

Types of Viruses

Viruses usually attack four parts of your computer: its boot and system areas that are needed to start your computer; its executable files; its file-directory system that tracks all of your system’s files (without which your system won’t work); and its data files.

Boot sector. Boot sector viruses attaches itself to the portion of a diskette (or disk) that contains the startup instructions. It spreads from PC to PC on diskettes. Boot sector viruses were very popular when diskettes were often used.

File infector. The file virus is the most common type of virus. It attaches itself to an executable file and can be spread as an attachment to emails or from Internet downloads.

Macro viruses. Macro viruses are fairly new but have had a big impact. These viruses can attach themselves to the macros inside a Word document or Excel spreadsheet and are launched wheneve r a particular macro is run. One example is the virus named Melissa. Reports of this virus were first received on Friday, March 26, 1999. By Monday, March 29, more than 100,000 computers had been infected.

Methods of Deception

In an attempt to fool anti-virus software, viruses use various deception techniques.

A polymorphic virus uses a self-mutating, encrypted technology. Its code (called a signature) changes each time it copies itself to another file. Encryption techniques are used to compress and hide its code. This means that a virus might be detected in one file yet go completely undetected in another file by the anti-virus software.

Stealth technology uses special coding that enables the virus to hide within a computer’s operating system. It can attach itself to a file until you execute it, then it cleans the file, allows it to open normally, and re-attaches itself when you close the file.

Anti-virus software

The best defense against computer viruses is a good anti-virus software product that is regularly kept updated. A good anti-virus software product will detect viruses, remove them, and help repair the damaged files left behind.

Anti-virus software utilizes two main methods of detecting viruses. Heuristic scanning searches for virus type behavior (a file copying itself without prompting by the user, for example). The second method utilizes a virus pattern database that identifies known viruses. This database, sometimes called a virus signature file, is what needs to be updated regularly by the anti-virus vendor.

To further the fight against viruses, anti-virus software vendors are in the process of creating programs that can analyze new viruses, develop and test a cure, and return it to the user who submitted it. Their objective is to speed up the counter-attack against viruses. In a sense, they’ve declared war on computer viruses.