- What is a virus?
A virus is a piece of code that uses a computer's resources to spread and replicate. The replication occurs without the user's knowledge.
- How does my computer get infected by a virus?
Different viruses have different ways of infecting a computer or floppy disk. Infection can occur if you start your computer from an already infected disk, use an infected file or application on your computer, or use your disk in an infected computer that then spreads the infection to your disk.
- What are the most common types of viruses?
The most common type of virus currently is the macro virus. The second most common is the boot sector infector. Other common viruses that infect applications are called file infectors. Most viruses now prevalent are one of these types or are a combination of them.
- What is a macro virus?
Any virus that uses "higher level" programming features can be considered a macro virus. Previously, many viruses were created using lower level system code to infect and damage computer files. Occasionally, viruses would be created using macro language tools,
but the tools were not very powerful or flexible. Viruses were hard to create.
To allow users the ability to write custom routines (macros) in applications like Word and Excel, Microsoft included with these applications a version of Visual BASIC, a "higher level" programming language that was powerful and easy to use -- and easy to create viruses with.
The prevalence of Visual BASIC and Microsoft Office means that most macro viruses affect either Word or Excel. There are other macro viruses written for non-Microsoft Office products but they are a small number in comparison.
- What is a boot sector infector?
A boot sector infector is a virus that exists in the bootstrap record of a floppy or hard disk. It loads into memory when the computer is "booted" from an infected disk. Boot sector infectors spread when you access a writable floppy disk from an infected computer. The infected copy then becomes a carrier for the virus. The virus is spread to other hard drives when an infected disk is used to start up the computer. This happens most often when a floppy disk is left in the disk drive of a computer and then the computer is turned on or rebooted.
- What is a file infector?
A file infector is a virus that attaches itself to, or is associated with, an executable file. An executable file can be a program file, like Word or Excel, or a system file, like command.com or the Macintosh's Desktop file or Finder. A file infector spreads when an infected executable file is run; other application files that are run subsequently then become infected. The infection can also spread to executable files, which are run from writable floppies on an infected computer. The infection is usually spread to other computers by sharing infected executables.
- What does antiviral software do?
Antiviral software attempts to prevent, detect, and remove viral infections. There are three ways in which antiviral software attempts to do this:
activity monitoring, change detection, and scanning.
Most antiviral software uses, or makes available, all three. The
University-supported antiviral software packages (Virex for
Macintosh, Vi-Spy for DOS/Win 3.x and Win 95) offer the ability to
use all three types of strategies to combat viruses.
Activity monitoring does what the name implies; it monitors your computer for any activity that is "virus-like." When it detects this activity it can either notify you of the activity, so that you can determine if it is "legitimate" activity or not, or it may prevent the activity until the monitor is "turned off." This allows you to keep track of activity that you may not be aware of and to determine whether you want the activity to continue or be prevented.
Change detection monitors your system against a previously saved "snapshot" of your system to determine if anything has changed. Common areas that are frequently checked this way are the memory map, what is loaded into memory and where it is, and executable file sizes. More often than not these items are relatively static and most unexplained changes should be investigated.
Scanning is the lynchpin of most antiviral software. Scanning checks your system against a listing of code in known viruses, called "signature scanning." When a signature is discovered the application notifies you of the possible presence of a virus.
These strategies have flaws, but when used in combination they are usually very effective.
The key to making sure your system is virus-free is to use antiviral software and keep it up to date. Old software is not, and cannot be, aware of new viruses.
- I think that my system may have a virus but my software doesn't detect it. My friend's software package detects a virus but my antiviral software doesn't see anything. What should I do?
If you think that your system has a virus, don't panic. Make sure that you have the most current version of antiviral software. If one package sees something that another doesn't, make sure that both packages are up to date. If you are using the current version of antiviral software and it still doesn't see anything, bring a copy of the suspect files to your local support provider; he or she can have the files examined.
If you suspect that you have a boot sector infector, format a disk on the system and bring it to your support provider.
If you don't know who your support provider is check the support look-up table on the web.
