| EXECUTIVE SUMMARY |
- COMPUTER VIRUSES CAN corrupt or erase data and even seize up a computer. But the risk of contagion is not as severe as some would have you believe.
- YOUR COMPUTER CAN'T get infected simply by displaying an e-mail message. Nor can even the most virulent virus destroy the electronic circuitry of your processor.
- VIRUSES CANNOT INVADE your computer when you browse the Internet, download text files from electronic bulletin boards or read e-mail messages. Nor can they scan your computer for personal information.
- EVEN THOUGH SOME viruses are designed just to amuse, as a practical matter all should be considered malicious since they invade your computer environment without your invitation or knowledge.
- HAVE AT LEAST TWO backups of all your files so you can recover from possible damage caused by viruses.
|
| James E. Hunton , CPA, PhD, is an associate professor of accounting at the University of South Florida, Tampa. He won the 1992 Lawler Award for the best article in the Journal of Accountancy . His e-mail address is jhunton@coba.usf.edu . |
Computer viruses are dangerous—there's no question about that. They can corrupt or erase data and even knock out a computer. But the contagion risk to users, contrary to rumor, is not as serious as some would have you believe. This article's goal is threefold: to confirm the danger of viruses, to set the record straight about the fables and to advise you on how to protect your computer systems.
Fact: Your computer can't get infected by a virus simply by displaying an e-mail message—but beware, there are exceptions, as you will discover later in this article. Viruses cannot invade your computer when you browse the Internet or download text files from electronic bulletin boards. Nor can they scan your computer for personal information. Not even the most virulent virus can destroy the electronic circuitry of your processor, but it can stall a computer by duplicating so many files that the hard disk quickly reaches capacity and halts.
The fables that have grown up about viruses are more than innocent, amusing stories; their impact is costly. Vast sums are spent for virus protection when there is little or no threat, and some people, in fear of viruses' contagion from the Internet, won't use e-mail. Even people who are otherwise computer savvy have been taken in by some outrageous stories about viruses, further inflaming the hysteria.
A rumor circulated on the Internet last year claiming that if you opened an e-mail message with the words "Good Times" in the subject line, a virus would invade your computer's memory and destroy its microprocessor by setting it into an "nth complexity infinite loop." That sounds frightful—but it's fiction. First of all, a virus is not transmitted by simply opening an e-mail message and there is no such thing as an "nth complexity infinite loop." Furthermore, a virus cannot destroy a computer; it can only destroy, duplicate or erase data on the hard disk or block some of the machine's functionality. To gain credibility for these scary stories, those who launched the hoax claimed that the Federal Communications Commission (FCC) had issued a public notice warning about the dreadful virus; in fact, the FCC does not disseminate information on viruses.
The "Good Times" hoax spawned a variety of imitation alarms for such viruses as "Death 69," "Deeyenda," "Irina," "MMF," "Penpal Greetings," "Red Baron," "Valentines Greetings" and "Ghost.exe."
Some of the fables that have grown up around viruses border on the ludicrous. One has them as biological mutant strains of alien DNA floating in outer space waiting to wreak havoc on unsuspecting planets. Generally, computer hoaxes exhibit two common characteristics: (1) They make startling claims and assertions using complex sounding technical jargon. (2) They attempt to gain credibility by false association with authoritative sources.
If you want more authoritative technical information about viruses, here are three places on the Internet to check out:
| Symptoms of a Computer Virus |
- Unexpected read/write operations to floppy disks or hard drives or both.
- Inability to save files to the A drive.
- Long program load times.
- Slow system operation.
- Unusual screen activity.
- Bad sectors appearing on diskettes.
- Unusual error messages.
- Programs that fail to execute.
- Computer that will not boot.
- High number of 32-bit errors using Windows 95.
- Larger program file sizes.
- Appearance of strange file names.
|
A virus is a segment of programming code designed to attach itself to software. Once there, it waits to be executed and then sets to work doing what it was programmed to do. That could include displaying a humorous greeting on the screen, reformatting the hard disk (and thus erasing everything), terminating the execution of any number of software programs and intercepting transmissions to and from input/output devices.
Even though some viruses are designed just to amuse, as a practical matter all viruses should be considered malicious since they invade your computer environment without your invitation or knowledge.
The first viruses were written by experienced programmers seeking to prove their computer skills to their cohorts, and typically the programs were benign, humorous exercises. Today, because there are abundant underground application programs that can create fairly complex viruses, anybody—including novices—can become involved in the exercise. Now many viruses are designed not to amuse but, rather, to destroy. Many of these new virus creators are arguably emotionally unbalanced people, and some even exhibit terrorist leanings.
A computer can get infected in one of two ways:
- By booting up (starting) your computer from an infected diskette, which is called a boot sector virus .
- By executing an infected program already resident in your computer—that's called a program file virus .
You cannot tell by just a casual examination whether a file is infected. While there are many different forms of computer viruses, once executed they typically engage in two common activities. During the first activity (propagation), the virus spreads to other boot sector executable programs (for an explanation of technical terms used in this article, see the sidebar "Defining the Jargon of Viruses" on page 41).
It's important to understand that computer viruses cannot begin spontaneously on their own: They must wait until the user either boots from an infected disk or executes an infected program. You cannot predict the precise timing of this replication because a virus uses a "triggering event" known only to the author. For example, once an infected boot sector is read or an infected program is executed, the virus looks for a specific event trigger such as the time of day or a counter contained within the virus code. Hence, viruses can be dormant until the programmed event is triggered, and then they begin replicating to other programs.
During the second phase (assault), the virus attacks the computer. As with propagation, timing of the assault activity depends on the specific event trigger chosen by the author. Therefore, the attack may be delayed for seconds, minutes, hours—even years.
However, there's a relatively new virus strain—a macro virus—that works in a different way: It actually hides within documents and waits for a triggering event before engaging in propagation and assault activities. But unlike program file viruses that typically attach themselves to exe, com, or bat files, the executable macro is buried within a word processing or spreadsheet document. A macro virus can instruct your computer to do any number of things—for example, delete or rename files and directories, change the content of existing files, change screen colors or instruct your computer to format your hard drive.
Macro viruses are primarily written in WordBasic, which is the macro language used by Microsoft Word 6.0 (Windows and Macintosh) and Word 7.0 (Windows). Macro viruses also have been discovered in Microsoft Excel and AmiPro documents. The triggering events that activate the viruses include
- Launching an application.
- Creating a new document.
- Opening an existing document.
- Closing a document.
- Quitting the application.
For example, say you receive a Word document as an attachment to an e-mail. You can read your e-mail and save the attachment without incident. However, once you open the document the virus can spread to the file that holds all your macros and, as a result, all new documents are infected when they are created and saved. For a more in-depth discussion of macro viruses and their cures, visit the following Web sites:
What should you do to cope with the threat of virus infections? There are several steps you can take:
| Defining the Jargon of Viruses |
- Boot sector viruses: Every executable diskette and hard disk contains an area called a boot sector, which contains information that instructs the computer how to start up. Each time you boot up, your computer initially searches that sector. If the boot sector is infected, the virus loads itself into your computer's RAM and spreads to whatever application you subsequently open.
- Program file viruses: Program file viruses plant themselves in executable programs whose names usually end with com, exe or bat. Once an infected program file is executed, the virus loads itself into RAM, replicates itself to other program files and attacks the computer. For the most part, infected program files are relatively easy to identify because the virus code increases the length of the file. However, more sophisticated viruses, called stealth viruses, first save the initial file length, attach themselves to the program file and hide their presence by reporting the initial file length.
- Multipartite viruses: These viruses exhibit the characteristics of both boot sector and program file viruses. A multipartite virus can be transmitted either by booting from an infected disk or by executing an infected program. The virus loads itself into RAM and then randomly infects both boot sectors and program files.
|
The ICSA attempts to recertify products a minimum of four times a year without vendors' prior knowledge. The certification list changes periodically, so you should visit the ICSA Internet site at www.ncsa.com for the latest list of certified products.
Although prices for antivirus programs vary, most sell for about $50. For that, you also get free updates for one year that you can download directly from the vendor's Internet site.
However, be aware that no antivirus software is foolproof. New viruses are created daily-and one of them can on occasion slip through your protective net. So, while you certainly should use such an antivirus program, it's prudent also to follow the additional guidelines listed here. Compared with the amount of damage that can result from a virus infection, these recommendations are well worth the added effort.
| Antivirus Software Products |
|