WHAT IS A VIRUS?

TYPES OF VIRUSES

There are several types of viruses. How you catch them, how they behave and how you get rid of them varies depending on the type of virus.

MACRO VIRUS

For the last few years, many of the larger application programs such as word processors and spreadsheets have come equipped with a built-in programming language called macros. A macro is a list of instructions that might help you fill in a form or write a letter. Macros can be written such that they execute their list of instructions as soon as you open the document or close the document or they may execute on a predetermined date, such as the 1st of the month. If a document contains a macro that contains a virus, your computer will cheerfully execute the commands of the virus too. The commands in the virus might instruct your computer to erase files, insert a rude message or scramble your letter to Aunt Agnes.

Because the macro language is comparatively easy to use, these viruses are quite common and the damage done by a macro virus can be quite extensive. The danger is limited in that the virus can only become active when you open an infected document. Also, it's easy to tell your computer not to execute any macro without your permission hence avoiding the infection.

PROGRAM VIRUS

A program virus, like a macro virus, is simply a list of instructions that the computer will execute on command. The main difference is in the scope of the infection. Program viruses can infect almost any program file such as a word processor or even the program that runs your mouse. Because the virus is written in a low-level language it has access to more parts of the computer and therefore the damage it can do is much more serious. By example, it could reach into the roots of the computer, the BIOS, and permanently scramble everything it finds. This may render the computer useless and un-repairable.

Some the other things a program virus can do include:

Scramble the files on your hard drive causing you to lose all of the work you've done since your last back up. Reformat the hard drive causing you to lose everything on the computer. Reserve all of the computer's memory, forcing you to shut down repeatedly. Strange messages may pop up on the screen. Letters start falling off the bottom of the screen. The computer can't remember the date or time.

Some program viruses may also have the ability to hide themselves in several ways. One method is called Stealth. They do this by falsifying the amount of memory or disk space available for use. Another way is by encryption. The virus transforms itself into harmless looking gibberish until a specified date or event occurs then transforms itself back to the executable form. It then proceeds to do its damage. Still another method is the Polymorphic virus. With this method, the virus continually mutates into other versions of itself making it very difficult to recognize and remove.

BOOT RECORD VIRUS

Boot Record Viruses are the worst types of virus because they will infect the computer at the lowest levels using the lowest level language. This gives them access to the entire computer and the greatest ability to hide themselves and do greater damage.  Fortunately these viruses can only infect the computer if you leave an infected diskette in the computer while starting up. As diskettes are becoming less common, infections of this type are also less common.

MULTIPARTITE VIRUSES

These viruses have the ability to act as both a Program Virus and a Boot Sector Virus. This ability makes them very dangerous, very hard to detect and clean out.

HOW DO VIRUSES WORK?

Viruses are almost always written in two parts, the shell and the payload.

VIRUS SHELL

The shell of the virus contains the instructions to copy itself from one program or document to another. It can do this because the virus shell is composed of a list of instructions that the computer will follow as readily as it follows any other instruction. These instructions will say, for example "copy this list of instructions to all other accessible programs". The shell may also contain instructions on how to hide itself, like a Stealth virus or change itself like an Encrypted virus or a Polymorphic virus. The shell will also contain instructions regarding when to execute the payload. Many viruses are written such that they will wait for some special date or trigger before activating the payload. In this way your computer may be infected and spreading the virus for months before the virus payload activates and the symptoms become obvious.

Because the virus is simply a list of instructions, some types of files cannot be infected. A file that contains a picture cannot be infected because the picture file doesn't contain any instructions, only picture data.

PAYLOAD

The payload is the part that does the worst damage. These instructions may be very capricious. At the minimum, the payload will do nothing. At the worst, the payload can do permanent physical damage to your computer. Examples include re-writing your computers BIOS or causing the computers hard drive to crash. In either case the repair bill will be several hundred dollars plus the time and cost to replace all your programs and lost work. What is more common is that the payload will erase or rename files or perhaps just display an innocuous message such as "This virus code is copyrighted in Taiwan."

HOW DO YOU CATCH A VIRUS?

Most types of communication between computers can transmit viruses.

DISKETTE

Diskettes are often used to carry programs or files from one computer to another and therefore can carry a virus too. Once you have opened an infected file from a diskette the virus starts to do its job and copies itself to all other accessible files.

E-MAIL

Normal e-mail messages cannot carry viruses between computers. This is because the e-mail is composed of simple text, it doesn't include programming instructions in which the virus can hide.  The exception to this lies in attachments. An attachment is a way to send any file from one computer to another via e-mail. The attachment sort of piggybacks along with the e-mail but remains inactive until the recipient opens it. If the attachment contains a virus it will sit quietly until the attachment is opened, then start to do it's dirty work. (See the update below.)

DOWNLOADS

As with other types of infection, almost any file you download from the Internet could contain a virus. The most common exception to this would be a file that contains a picture.

WHAT CAN YOU DO ABOUT THEM?

FILE SWAPPING

Don't accept files from anyone. This has obvious disadvantages. You will do a lot of retyping.

ANTI-VIRUS PROGRAMS

There are several good anti-virus programs available. The leaders are McAfee VirusScan and Norton Anti-Virus. Both of these programs will provide a shield for your computer by insuring the computer is virus free on start up and then watching everything that the computer does.  Anti-virus programs provide protection by maintaining a list of all known viruses and comparing certain key phrases on their list against the activity in your computer. However, because of the viruses ability to encrypt itself the virus may be able to hide until its trigger date or event. The polymorphic ability of the virus also makes it difficult to catch. If any of the alternate versions of the virus are not on the anti-virus programs list of phrases, the virus will escape detection.  Anti-virus programs must be updated periodically. These updates are necessary because the virus authors are continually writing new viruses. Without the update your computer will not be protected against the new viruses and new versions of old viruses. Updates are available free of charge on the Internet, so far. Plans are in the works to start charging for the updates.  For now the updates and even the whole anti-virus program might still be available free as a trial/evaluation version from: www.McAfee.com or www.symantec.com

HOAXES

One interesting side effect of the virus issue is the virus hoax. Those of you that have e-mail may have received warnings about a piece of mail titled "Win a Holiday". This is one of the most popular hoaxes. Some well intentioned friend may send you this warning which says that if you receive a piece of e-mail titled "Win a Holiday" you should delete it immediately. You will be warned that if you open the mail the virus will immediately infect your computer with a virus, which, at this time is incurable. It's not true. As described above, simple e-mails cannot carry viruses, only attachments can. Feel free to return the message to your friend telling him that the whole thing is just a hoax. (Caveat: Did you hear about the update below?)

I've included, below, another sample hoax called the Badtimes virus. I hope you get a laugh out of it too.

URGENT VIRUS WARNING

If you receive e-mail with a subject line of "Badtimes," delete it immediately WITHOUT reading it. This is the most dangerous e-mail virus yet.

It will re-write your hard drive. Not only that, but it will scramble any disks that are even close to your computer. It will recalibrate your refrigerator's coolness setting so all your ice cream melts and milk curdles. It will demagnetize the strips on all your credit cards, reprogram your ATM access code, screw up the tracking on your VCR and use subspace field harmonics to scratch any CDs you try to play. It will give your ex-boy/girlfriend your new phone number. It will mix antifreeze into your fish tank. It will drink all your beer and leave its dirty socks on the coffee table when there's company coming over.

It will hide your car keys when you are late for work and interfere with your car radio so that you hear only static while stuck in traffic. It will give you nightmares about circus midgets. It will replace your shampoo with Nair and your Nair with Rogaine, all the while dating your current boy/girlfriend behind your back and billing their hotel rendezvous to your Visa card. It reaches out from beyond the grave to sully those things we hold most dear.

"Badtimes" will give you Dutch Elm disease. It will leave the toilet seat up and leave the hairdryer plugged in dangerously close to a full bathtub. It will wantonly remove the forbidden tags from your mattresses and pillows, and refill your skim milk with whole. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.

These are just a few signs.

Be very, very afraid.

Update: May 1, 2001

I have to get serious again for a second.  There has emerged a new virus infection strategy that I should tell you about.  This is a type of macro virus, aka. E-Mail Worm, which is sent in the signature portion of an e-mail.  This is significant because there is no attachment to open.  As soon as you open the e-mail, the virus is activated.  One example of this type of virus is the KAK.Worm.

To make matters worse, most people who use Outlook or Outlook Express to send and receive mail take advantage of the Preview Pane to read their mail.  This is a problem because, when the user clicks on a mail item in the Inbox (located in the upper right quadrant of the Outlook window) the mail is automatically opened in the Preview Pane (lower right quadrant).  Once the mail is thus opened, the virus is activated. It's therefore impossible to even delete the mail without opening it and running the risk of infection.  It's sort of a Catch 22, no? To avoid this problem, you can turn off the Preview Pane.  In Outlook Express, click View, Layout and remove the check mark from Show Preview Pane.

Another disturbing development is McAfee Anti-Virus seems to be falling behind in the race to identify new viruses. Recently, a friend of mine caught the VBS.Loveletter virus.  He had a current version of McAfee with the updated virus identification files, but this one got through!  We had to remove McAfee and install Norton Anti-Virus to detect and remove it.

Go figger!  I used to think that McAfee was way better than Norton, but now I vote for Norton.  Check back in a year or two, I'll probably have changed my mind again.

Here is a good reference on viruses: www.virusbtn.com