|
Top Security Sites
|
·
·
·
·
·
·
·
·
·
·
|
|
 |
Viruses FAQ
What is a computer virus?
There are many types of viruses that infect people and there are also a
lot of computer viruses that can infect your computer. These are
software, and are often attached to other software or documents you
might receive. When you run the virus's software or the file the virus
has infected, the virus can infect your computer's software.
There are many types of viruses and terms for them, but we'll use the general term 'virus' to make things easy.
Like the flu virus, a computer virus must spread from host to host to
survive. When we get the flu, we cough and sneeze, and tiny particles
carrying the virus spread the flu to other people.
With computer viruses, the virus is designed to spread from your
computer to other computers. Here are some of the most common ways they
spread:
1. Once the virus has infected your system, it may automatically send
out emails containing more copies of the virus using the address book
in your email program. This type of virus is called an Internet "Worm,"
because it is a self-propagating virus. For example, an Internet worm
crippled tens of thousands of computers and slowed down parts of the
Internet on the weekend of January 29, 2003.
2. If the virus is a macro virus (attached to a Microsoft Word
document, for example), it may attach itself to any document you create
or modify. If you send another document to someone by email, the virus
goes along with it.
3. Sometimes viruses masquerade as a fun program (like an electronic
greeting card) that secretly infects your system. If you pass the
program along, not realizing that it contains a virus, you will be
transmitting the virus manually to your friends, family, or colleagues.
Trojan Horses are closely related to computer viruses, but they differ
in that they do not attempt to replicate themselves. More specifically,
a Trojan Horse performs some undesired - yet intended - action while,
or in addition to, pretending to do something else. A common example is
a fake login program, which collects account information and passwords
by asking for this info just like a normal login program does.
Many computer viruses are malicious - in other words, they can erase
your files or lock up whole computer systems. Other computer viruses
are more benign - they don't do any direct damage other than by
spreading themselves locally or throughout the Internet.
Regardless, computer viruses should always be treated.
[top]
What kind of damage can computer viruses do?
The damage a computer virus can inflict on your system depends on many
things, including how sophisticated the virus is. Here is a short
listing of the types of damage viruses can do to your computer - they
can really hit you where it hurts:
- Some viruses can delete or change files. Some viruses will delete all
of your documents, or even reformat your hard drive, making your
computer unusable.
- Some viruses can release confidential information like credit card
information, account numbers, and passwords by emailing it to random
email addresses or the address of the virus writer.
- Some viruses can slow down your system dramatically.
- Some viruses plant monitoring software or change security settings
that allow hackers to enter your computer without you knowing about it
and steal information or control it.
Other viruses, like Internet worms they can also have effects on computer networks and the Internet.
[top]
Your computer may have a computer virus if ...
How do you know if you have been infected by a virus? If you are not
running an antivirus program, you may not know at all since many
viruses disguise there identity by renaming themselves or attaching
themselves to familiar programs that are already installed on your
system.
Some symptoms of a virus infection are:
- Your computer displays strange messages, begins to play music, or
shows odd graphical displays along with things opening and closing on
there own.
- Your computer takes longer to boot up, operates more slowly than usual, and takes longer to start programs.
- Your computer has much less memory or hard drive space available.
Some legitimate software can cause these symptoms, so the only way you
can be sure your computer is virus-free is to regularly scan it for
viruses using antivirus software. [top]
How can you protect your computer from viruses?
As we've indicated, you need antivirus software to be safe. You should
consider the cost of the software as part of the purchase of your
computer.
Once you've installed the antivirus software, you will need to obtain
regular updates from the manufacture that tells the antivirus software
about new viruses and how to detect them. Most antivirus programs come
with a year's worth of updates, and you can usually set the software to
either automatically download the updates, or display a reminder for
you to do so.
This is vital since there is approx. over 500 new viruses discovered each month!
Norton AntiVirus and McAfee VirusScan are the two best-known antivirus
programs for the Windows Operating System. For Macintosh users, Norton
AntiVirus and McAfee's Virex for Macintosh provide protection. For
Linux users, try RAV AntiVirus.
While the vast majority of viruses are written to infect Windows-based
systems, Macintosh and Linux users should still also have virus
protection.
All antivirus software lets you scan the computer's memory and hard
drive for viruses. Depending on the software package, the antivirus
program may also be able to protect against:
- Incoming emails and email attachments with viruses.
- Viruses received through instant messaging, such as ICQ.
- Infected downloaded files, before you open the file.
[top]
How can your computer catch a virus?
There are only two ways for your computer to get a virus:
1. You load the virus onto your computer through an infected floppy, CD-ROM, or other storage device.
2. The virus arrives by a downloaded file, email attachment, or other method from the Internet or a network.
At this point, an infected file is on your computer's hard drive, but
remember, your computer will only become infected if you launch or view
the file, or run the infected program.
So an important tip is to always scan new files for viruses before you use them.
If you do scan your computer and you find a virus. Clean the infected
file. Most times it will either clean the file or quarantine it for
deletion. If you do become infected "DO NOT" reboot your computer. Some
viruses will infect your boot programs that will allow it to spread
upon reboot.
Take these precautions when working with files and the Internet:
- Before you load a file or install software onto your computer from a
floppy disk or CD-ROM, use your antivirus program to scan the floppy or
CD.
- If you receive an email attachment from an unfamiliar email address,
or an attachment you were not expecting, either scan it or delete it
(preferred).
- If you receive an email attachment from someone you know, and your
antivirus program does not automatically scan incoming emails, save the
attachment to your hard drive and scan it with the antivirus program.
Your friend or colleague's computer may be infected with a virus.
- When you download software from the Internet, be sure to download it
from the software company's site or a recognized download site
(http://downloads-zdnet.com.com/, http://www.download.com or
http://www.tucows.com for example). Download the file to your hard
drive and scan it using your antivirus program before you run or
decompress it.
- If someone sends you a 'joke' file or electronic greeting card that
you must launch to view, be very wary a lot of times they can contain
javascript viruses which allow other viruses to bypass your virus
scanner.
They security division of BytesCanada have come across a number of
places saying DO NOT use Outlook or Outlook Express as they are the
most targeted for viruses. Almost all windows based programs are
acceptable to viruses whether it be Outlook, Eudora or any other email
program. Ensure that you set your virus scanner to scan incoming and
outgoing emails for viruses.
Many experts now feel that the dangers of being infected by a virus are
so great that it just isn't worth receiving email attachments. You can
set your email program to stop accepting them. [top]
Do we have to fear virus?
Computer viruses are not Devils. They are just computer programs with
self-replication function. That means they are able to make copy of itself. Since
the process is automatic, the program is able to spread inside a computer or
inside a network.
Anti-virus software is designed by international companies to detect and clean
such virus programs. With up-to-date virus signature, almost all viruses can be
detected and removed easily. For new viruses not detected by anti-virus
software, a new virus signature update will usually be available within a week.
[top]
Can data files be infected?
Usually not. The exception is data files that contain executable code, which
can be infected by viruses. A good example of this is a Microsoft Word file
(.DOC, .DOT). Although Word files are technically data files, they may contain
macros, which are executable and therefore susceptible to infection. Most of
the virus infections reported today are from macro viruses.
[top]
What is scan engine? Why do I have to update signature
file as well as the scan engine of my antivirus software?
A virus scanning engine is the program that does the actual work of scanning
and detecting viruses while signature files are the ' fingerprints ' used by the
scanning engines to identify viruses. New scan engine versions are released
for a number of reasons. About 6 to 8 new viruses are found everyday around
the world. New types of viruses may not be detected by the old engine. New
versions of scanning engine usually also enhance scanning performance and
detection rates. Some vendors provide updates for both the scanning engine
and signature file in a single file while others will provide them in separate
files .
[top]
What is a clean boot disk. How to create a clean boot disk?
A boot disk is one which contains the necessary files to boot the machine. It is useful in scanning and cleaning virus, so
that if the hard disk becomes inaccessible, you can still boot the machine to
attempt some repairs. If you are running DOS / Windows 3.x, you could create
a boot disk (in drive A) using the following command:
FORMAT /S A:
If you' re running Windows 95 / 98, you could create a system disk by selecting
' Add / Remove Programs ' in Control Panel,choose the ' Startup Disk ' tab, and
then click the ' Create Disk ' button.
After creating the boot disk, make sure it is *write-protected* so that it would
not be infected by virus.
[top]
What are rescue disks?
Many anti-virus and disk repair utilities can make up a (usually bootable)
rescue disk for a specific system. This needs a certain amount of care and
maintenance, especially if you make up more than one of these for a single PC
with more than one utility. Make sure you update *all* your rescue disks when
you make a significant change, and that you understand what a rescue disk
does and how it does it before you try to use it.
Don' t try to use a rescue disk
made up on one PC on another PC, unless you' re very sure of what you' re
doing: you may lose data.
[top]
Can firewalls detect virus?
Firewalls don't screen computer viruses. As the location of firewalls is a good
place for scanning, some firewalls has plug-in virus scanning module. And
some programs scan virus at a point either before or after a firewall.
Note that scanning FTP or HTTP traffic adds heavy network overhead but
blocks only one of the sources of virus. Virus can get into the local intranet
through floppy disks, CDROM or even a brand new PC.
[top]
Are there CMOS viruses?
Although a virus can write to (and corrupt) a PC's CMOS memory, a virus can
NOT ' hide ' there. The CMOS memory is not ' addressable '. Data stored in
CMOS would not be loaded and executed in a PC.
A virus could use CMOS memory to store part of its code, but executable code
stored there must first be moved to DOS memory in order to be executed.
Therefore, a virus cannot spread from, or be hidden in CMOS memory. And
there is no known virus that store code in CMOS memory.
[top]
Are there BIOS viruses?
Theoretically, it is possible to have a virus that hide in BIOS and being
executed from BIOS. Current technology enables programs to write codes into
BIOS. BIOS is the place storing the first piece of program being executed
when a PC boot up.
[top]
Why some viruses can be detected but not cleaned with
the anti-virus software?
Anti-virus software not only detect viruses, but also other types of malicious
codes, which may not be cleanable. For example, trojan horse is a type of
malicious code that should be deleted instead of cleaned. In other cases, the
virus may have corrupted the file and made it impossible to clean / recover.
[top]
What is a macro virus and how does it spread?
Macro viruses are special macros that self-replicate in the data files of
applications such as Microsoft Word and Excel. The majority of macro viruses
infect Word document files. When a file containing infected macros is opened,
the virus usually copies into Word's global template file (typically
NORMAL.DOT). Any document opened or created later will be infected.
Macro viruses become part of the document itself, and are transferred with the
file via floppy disks, file transfer, and e-mail attachments. Macro viruses are
the most common type of computer virus found today.
[top]
Why are Word macro viruses so easy to create?
Prior to the macro virus era, creating a virus required some knowledge of
assembly language or other complex programming languages. Today, almost
anyone can write a macro virus using the macro language, which uses
English-like commands.
[top]
What's the worst damage a macro virus can do?
Like all computer viruses, macro viruses can destroy data. For most users, the
worst thing a macro virus might do is reformat their computer hard drive. While
most of the more than 500 known macro viruses are not destructive, many
cause a considerable loss of productivity and time.
[top]
How to minimize Word macro viruses' destruction to hard
disks and files?
Of course the most secure method is to backup your data regularly and use
antivirus software that is able to scan your documents before Word startup.
[top]
Will viruses infect Access?
Yes. The first Access macro virus JETDB_ACCESS-1 infects Access. This
virus once infects an infected database will search and infect all .MDB
file in the current directory. [top]
Can email message be infected?
Plain electronic mail messages with pure text and contain no executable code
will not be infected. However, files attached to the message may be infected. If
you receive an e-mail with attached files from an unknown source, the best
approach is to scan it before running the file or opening it in Word or Excel. If
you open the file attachments directly, you risk infecting your computer. The
latest generation of antivirus software can usually be configured to scan e-mail
attachments before you can open them.
[top]
Can e-card be infected?
It really depends on the types of greeting cards you receive. If someone emails
you a greeting card which requires you to view the card online at a web site,
this kind of greetings cards may not be infected. However, if the sender
attaches an HTML / EXE file (with the e-card) to an email, and you open the
attachment or forward the attachment to others, that attachment file may be
infected.
[top]
Will I be infected when I access Internet FTP Server? Will
virus be downloaded during file downloading?
The files in the FTP server may be infected with computer virus(es). Your
computer will be infected if you run / open the infected file(s). There, you
should scan files downloaded from the Internet before use.
[top]
Will virus infect my machine if I connect to the Internet and
view Web pages/download programs?
If you' re only viewing Web pages written with HTML only (i.e. no Active X,
JAVA, ..., etc.), the answer is ' NO ' . However, if you run Active X controls and
JAVA applets, or run programs downloaded from the Internet, it is possible that
these programs contain virus and affect your machine.
[top]
|
