Computer viruses – background
Computer viruses have been around for almost as long as the PC itself. Over this time the words “computer virus” have come to mean many different things. The method for distributing a virus and getting the virus to actually do something has evolved, what was true yesterday is not necessarily true today – and vice versa.
Most users are aware of the possibility of “getting a virus” but they are not aware of the various stages involved in this process. A virus does not just appear out of nowhere and it is possible to try and “minimise the risk.”
The first stage of becoming infected with a virus involves virus replication and distribution. In other words, the way that the virus is passed on from user to user. Typically this is by email, but it can be by browsing an infected website, by being connected to the internet, or by swapping or using an infected disk or memory stick.
The second stage of becoming infected with a virus involves virus activation – or the virus having arrived on your machine actually starting to do its work.
What are malware, viruses, spyware and cookies and what differentiates them?
"Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a standalone computer or a networked PC, so wherever a malware term is used it means a program which is designed to damage your computer - it may be a virus, worm or Trojan.
Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It does not harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems.
Virus is a program written to enter your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicate themselves without making changes to your files/data.
Viruses can enter your computer as an attachment of images, greeting, or audio / video files. Viruses also enter through downloads on the internet. They can be hidden in free/trial software or other files that you download.
So before you download anything from the internet be sure about it first. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, such as running an infected program to keep it going.
There are various different types of viruses, as follows:-
- File viruses
- Macro viruses
- Master boot record viruses
- Boot sector viruses
- Multipartite viruses
- Polymorphic viruses
- Stealth viruses
Trojans: - A Trojan horse is not a virus. It is a destructive program that looks like a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be stolen.
Adware: - Generically adware is a software application in which advertising banners are displayed while any program is running. Adware can automatically get downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on a computer screen automatically. Adware is used by companies for marketing purpose.
Spywares: - Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to a remote user. It also can download other malicious programs from the internet and install it on the computer. Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware type program or application.
Spam: - Spamming is a method of flooding the internet with copies of the same message. Most spam is commercial advertisements which are sent as an unwanted email to users. Spam is also known as electronic junk mails or junk newsgroup postings. These spam mails are very annoying as they keep coming every day and keep your mailbox full.
Tracking cookies: - A cookie is a plain text file that is stored on your computer in a cookies folder and stores data about your browsing session. Cookies are used by many websites to track visitor information. A tracking cookie is a cookie which keeps track of all your browsing information and this is used by hackers and companies to know all your personal details like bank account details, your credit card information etc. which is dangerous.
Is your computer infected with a virus?
If you can answer "yes" to any of the following questions, your computer might have a virus.
Is your computer running very slowly? A common symptom of a virus is much slower than normal computer performance. However, there can be other reasons for slow performance, including a hard disk that needs defragmenting, a computer that needs more memory (RAM), or the existence of spyware or adware.
Are you getting unexpected messages, or are programs starting automatically? Some viruses can cause damage to Windows or some of your programs. The results of this damage might include messages appearing unexpectedly, programs starting or closing automatically, or Windows shutting down suddenly.
Is your modem or hard disk working overtime? An e‑mail virus works by sending many copies of itself by e‑mail. One indicator of this is that the activity light on your broadband or external modem is constantly lit; another is the sound of your computer's hard disk continually working. These are not always symptoms of a computer virus, but when combined with other problems, can indicate a virus infection.
To check for viruses, scan your computer with an antivirus program. New viruses appear every day, so keeping your antivirus program updated is important.
These days, stage one means email!
Virus writers realised very quickly that the easiest way to get someone to open a virus email was to make it look like it had come from a friend – so they wrote viruses that look at user’s address books and randomly generate messages that look as if someone in the address book sent them.
For example, it is quite possible that Alice, Bob and Charles all know each other. Alice gets a virus that sends an email to Bob and makes it look as if it came from Charles. Bob sees the email apparently from Charles and opens it, getting the virus! Email is easy to “spoof” (make it look like it came from somewhere else.) You could easily forge a message from whoever that would appear to almost everyone as if it came from him. It takes significant knowledge to be able to read and understand email headers well enough to tell if a message is real or fake.
Remember that email is the easiest way to pass a virus around.
Browsing an infected web site can give you a virus! How do you know if the site is infected or otherwise dangerous? Well you don’t! You have to make sure you stay up to date with your machine’s security – this is explained in more detail under stage two.
Stage two really refers to the user opening an email that contains a virus. A virus can be on your machine, but not actually doing any damage because it has not been activated. This is why IT support desks tell you to delete any suspicious email; by deleting it you are actually deleting the virus and with it the possibility of infection.
So how do you know what is a virus and what is not? The thing to remember is that if you receive an email that you are not expecting and you can see no reason to have received it, then it is probably a virus. There is no simple way of knowing for sure, but certain things can help.
For historical reasons (in other words, they always did it that way) computer files have a special part called an “extension.” Sounds complicated, but it is not! When you write that memo in Microsoft Word and save it on your computer, you may well have noticed that the file is referred to as a “.DOC” file. Sometimes you might get asked to save a file as Rich Text Format or “.RTF”. Microsoft Excel uses “.XLS” files – these three letter acronyms are all file extensions and only certain types of file extension can carry and activate a virus. As the file extension dictates just how much the file can do on your computer, certain file extensions (otherwise called file types) are better for sending a virus than others. If a nasty virus was written it might have a .COM, .EXE, or .VBS file extension. You should not open this kind of file attachment. Soon getting switched on to this, the virus writers started sending out viruses with .PIF, and .SCR extensions. Again, you should never open these!
Remember ‘social engineering?’ Do you really think that your boss is going to send you a file called “my naughty holiday pics.pif”? Do not open it!
Stage two is not required in every case. Yes, there are viruses that will infect a machine and start working if that machine is connected to the internet and left unprotected. This sounds very alarmist and it is worth explaining in a bit more detail why this can happen.
Some viruses are actually very clever bits of programming. They “exploit” an inherent weakness of an operating system such as Microsoft Windows. (An operating system is the suite of software that allows you to run other programs.) If you consider that Windows XP was first released over 10 years ago and that 10 years is a long time in IT, a brand new machine left open to the internet is like a new born baby without any immune system – virtually every known bug can infect it. It is our responsibility as the computer users to try and build up our computer’s immune systems by doing certain things - applying the latest Microsoft security patches, installing anti – virus software and using firewalls when connecting to the internet. You need not worry about what a firewall is at this stage and a “security patch” is just a way of saying that you have updated your systems so that they know all about the latest problems – a bit like an immune system learning about diseases.
So conversely, if you have a machine with the latest security patches, a firewall and anti virus software installed, it is actually quite unlikely that the machine will get a virus.
Now we know a bit about viruses and how they become active, the question to focus on is “what can I do to prevent them?” The need for vigilance has already been mentioned when opening emails and this next section deals with keeping Windows up to date.
You should refer to your computer user guide for information on how to check that you have the latest software version.
There is a small risk involved with this process – when installing the very latest software updates it has been known for machines to stop working all together. The risk however is very small and the benefit of having protected machines outweighs the risk of a machine becoming unusable. All the more reason to check that you are doing your back ups and storing important work on the file server!
A computer firewall is basically a system, be it software or hardware that prevents uncontrolled information flowing between two connected systems. In other words it’s a sieve! Putting this in computer terms, it stops your local network traffic (i.e. patient confidential information) getting sent out over the internet and more importantly, it stops evil things from the internet getting onto your local network.
Subscribers to the Members section of the FPM website will find a variety of a draft policies and protocols in the Information Management & Technology Index of the Protocols Library. If you are not a Member, have a look at the information about the benefits of membership and how to subscribe.
- Microsoft - Safety and Security Centre
- is4profit - Computer Virus Guide
- Anti-virus software providers