Computer viruses

The difference between a computer virus and other programs is that viruses are designed to self-replicate (that is to say, make copies of themselves). They usually self-replicate without the knowledge of the user. Viruses often contain 'payloads', actions that the virus carries out separately from replication. Payloads can vary from the annoying (for example, the WM97/Class-D virus, which repeatedly displays messages such as "I think 'username' is a big stupid jerk"), to the disastrous (for example, the CIH virus, which attempts to overwrite the Flash BIOS, which can cause irreparable damage to certain machines).

Viruses can be hidden in programs available on floppy disks or CDs, hidden in email attachments or in material downloaded from the web. If the virus has no obvious payload, a user without anti-virus software may not even be aware that a computer is infected.

A computer that has an active copy of a virus on its machine is considered infected. The way in which a virus becomes active depends on how the virus has been designed, e.g. macro viruses can become active if the user simply opens, closes or saves an infected document.

How infection occurs

Once the virus is active on the computer, it can copy itself to (infect) other files or disks as they are accessed by the user. Different types of viruses infect computers in particular ways; the most widespread types are Macro, Boot and Parasitic viruses.

A macro is an instruction that carries out program commands automatically. Many common applications (e.g. word processing, spreadsheet, and slide presentation applications) make use of macros. Macro viruses are macros that self-replicate. If a user accesses a document containing a viral macro and unwittingly executes this macro virus, it can then copy itself into that application's startup files. The computer is now infected--a copy of the macro virus resides on the machine.

Any document on that machine that uses the same application can then become infected. If the infected computer is on a network, the infection is likely to spread rapidly to other machines on the network. Moreover, if a copy of an infected file is passed to anyone else (for example, by email or floppy disk), the virus can spread to the recipient's computer. This process of infection will end only when the virus is noticed and all viral macros are eradicated. Macro viruses are the most common type of viruses. Many popular modern applications allow macros. Macro viruses can be written with very little specialist knowledge, and these viruses can spread to any platform on which the application is running. However, the main reason for their 'success' is that documents are exchanged far more frequently than executables or disks, a direct result of email's popularity and web use.

Boot sector viruses

The boot sector is the first software loaded onto your computer. This program resides on a disk, and this disk can be either the hard disk inside the computer, a floppy disk or a CD. When a computer is switched on, the hardware automatically locates and runs the boot sector program. This program then loads the rest of the operating system into memory. Without a boot sector, a computer cannot run software.

A boot sector virus infects computers by modifying the contents of the boot sector program. It replaces the legitimate contents with its own infected version. A boot sector virus can only infect a machine if it is used to boot-up your computer, e.g. if you start your computer by using a floppy disk with an infected boot sector, your computer is likely to be infected. A boot sector cannot infect a computer if it is introduced after the machine is running the operating system.

An example of a boot sector virus is Parity Boot. This virus's payload displays the message PARITY CHECK and freezes the operating system, rendering the computer useless. This virus message is taken from an actual error message which is displayed to users when a computer's memory is faulty. As a result, a user whose computer is infected with the Parity Boot virus is led to believe that the machine has a memory fault rather than an disruptive virus infection.

Parasitic viruses

Prevention

The best way for users to protect themselves against viruses is to apply the following anti-virus measures:

• Make backups of all software (including operating systems), so if a virus attack has been made, you can retrieve safe copies of your files and software.
• Inform all users that the risk of infection grows exponentially when people exchange floppy disks, download web material or open email attachments without caution.
• Have anti-virus (AV) software installed and updated regularly to detect, report and (where appropriate) disinfect viruses.

If you use the Internet and download files there is a risk of contracting a computer virus. 

In order to minimise the risk, you should obtain a virus checking program and use it frequently. The virus checker should also be updated regularly. There are sites on the Internet where you can find low cost (shareware) virus checkers.

 Virus checkers

The web sites listed below offer trial versions of their commercial virus scanning programs. If you visit either of these sites, you can download the program.  You might care to try either of the following:

http://www.sophos.com/

(30 day trial)

http://www.norman.com/
http://www.mcafee.com

Has your computer caught a virus?

Do not be too hasty to blame a virus. In our experience, provided you are sensible about the source of foreign files (please not not from a University Pool) viruses are unlikely causes of difficulty.