1. What are computer virusesWhat are computer viruses
A program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes.
A computer virus is a computer program that can copy itself and infect a
computer. The term "virus" is also commonly but erroneously used to
refer to other types of malware, adware, and spyware programs that do
not have the reproductive ability. A true virus can only spread from one
computer to another (in some form of executable code) when its host is
taken to the target computer.
The major difference between a computer virus and spyware is that
spyware does not replicate itself. A computer virus will gain entry onto
your computer using only one file and replicate its code many times
onto other files in your computer. Spyware is generally contained to one
file and can easily be deleted to rid your system of the problem.
2. What viruses don't doWhat viruses don't do
Computer viruses can not infect write protected disks or infect written
documents.
Viruses do not infect compressed files, unless the file was infected prior
to the compression. [Compressed files are programs or files with its
common characters, etc. removed to take up less space on a disk.]
Viruses do not infect computer hardware, such as monitors or computer
chips; they only infect software.
In addition, Macintosh viruses do not infect DOS / Window computer
software and vice versa. For example, the Melissa virus incident of late
1998 and the ILOVEYOU virus of 2000 worked only on Window based
machines and could not operate on Macintosh computers
WHAT VIRUSES CAN DO
An annoying message appearing on the computer screen.
Reduced memory or disk space.
Modification of data.
Files overwritten or damaged.
Hard drive erased.
3. How viruses spreadHow viruses spread
Viruses begin to work and spread when you start up the program or
application of which the virus is present. For example, a word processing
program that contains a virus will place the virus in memory every time
the word processing program is run.
Once in memory, one of a number of things can happen. The virus may
be programmed to attach to other applications, disks or folders. It may
infect a network if given the opportunity.
Viruses behave in different ways. Some viruses stay active only when the
application it is part of is running. Turn the computer off and the virus is
inactive. Other viruses will operate every time you turn on your
computer after infecting a system file or network.
4. Types of computer virusesTypes of computer viruses
1. Macro Viruses:
Macro Viruses are one of the most commonly seen computer viruses. These are
platform independent viruses and hence they are seen in applications. They will be
making the application malfunctioning and thus we won’t be getting the desired
results out of it. These viruses are ported directly into the desired applications for
which it has been written. But don’t think that they won’t be doing any harm to
other parts of your system. They will surely be harming the whole performance of
your computer.
Examples: DMV, Nuclear, Word Concept.
2. Boot viruses:
These viruses infect floppy disk boot records or master boot records in hard disks.
They replace the boot record program (which is responsible for loading the
operating system in memory) copying it elsewhere on the disk or overwriting it.
Boot viruses load into memory if the computer tries to read the disk while it is
booting.
Examples: Form, Disk Killer, Michelangelo, and Stone virus
3. Polymorphic viruses:
A virus that can encrypt its code in different ways so that it appears differently in
each infection. These viruses are more difficult to detect.
Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101
5. 4. Trojan Horse:
Strictly speaking, a Trojan horse is NOT a virus because it does not replicate like
ordinary viruses do. A Trojan horse is an unfriendly program which will appear to
be something other than what it is, for example a program that is disguised as a
legitimate software program. The Trojan virus once on your computer, doesn't
reproduce, but instead makes your computer susceptible to malicious intruders by
allowing them to access and read your files. Making this type of virus extremely
dangerous to your computer's security and your personal privacy. Therefore, you
should avoid downloading programs or files from sites if you're not 100 percent
positive of what the file or program does. Below are some common Trojans:
Back Orifice 2000 : BO2K allows outsiders to access and modify any information
on a Windows 95, 98 and NT machines through an invisible server program
installed by the program. It also allows outsiders to spy on what user is doing.
BO2K is expected to be released on 10/7/1999.
5. Program viruses:
These infect executable program files, such as those with extensions like .BIN,
.COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are
loaded in memory during execution, taking the virus with them. The virus becomes
active in memory, making copies of itself and infecting files on disk.
Examples: Sunday, Cascade
6. 6. Stealth viruses:
These viruses use certain techniques to avoid detection. They may either redirect the
disk head to read another sector instead of the one in which they reside or they may
alter the reading of the infected file’s size shown in the directory listing. A stealth
virus actively hides the changes it has made to the hard disk so that it appears that it
has not infected the system.
For example, a file infector might stay memory resident and misreport the size of
infected files so they don't appear to be infected. Boot sector viruses can trap
attempts to read the boot sector and return forged data that makes them appear to be
"clean".
For instance, the Whale virus adds 9216 bytes to an infected file; then the virus
subtracts the same number of bytes (9216) from the size given in the directory.
Examples: Frodo, Joshi, Whale
7. WORM:
A Worm is a virus program that copies and multiplies itself by using computer networks
and security flaws. Worms are more complex than Trojan viruses, and usually attack multi-
user systems such as Unix environments and can spread over corporate networks via the
circulation of emails. Once multiplied, the copied worms scan the network for further
loopholes and flaws in the network. A classic example of a worm is the ILOVEYOU virus.
The best way you can protect yourself from worms is by updating your security patches.
Operating systems and application vendors normally provide these patches. In addition, you
should avoid opening email attachments from unknown senders.
7. AntivirusAntivirus
Antivirus (or anti-virus) software is used to prevent, detect, and remove
malware, including computer viruses, worms, and Trojan horses.. Such
programs may also prevent and remove adware, spyware and other forms
of malware(malicious software)
A software utility that searches a hard disk for viruses and removes any
that are found. Most antivirus programs include an auto-update feature
that enables the program to download profiles of new viruses so that it
can check for the new viruses as soon as they are discovered.
These programs scan the code of every file on your computer for traces
of viruses and spyware, and if found, the file is quarantined until the
code can be removed or the file deleted.
8. Functions Of Anti-viruses.Functions Of Anti-viruses.
Protection
Antivirus software can provide real-time protection, meaning it can prevent
unwanted processes from accessing your computer while you surf the Internet.
Cleanup
Antivirus software allows you to scan your computer for viruses and other
unwanted programs, and provides you with the tools to get rid of them.
Alerts
Antivirus programs can alert you when something is trying to access your computer,
or when something in your computer is trying to access something on the Internet.
Updates
Antivirus programs can update themselves, keeping your computer's protection up
to date without you having to manually update it.
Further Protection
If an antivirus software finds an infected file that cannot be deleted, it can
quarantine the file so that it cannot infect other files or programs on your computer.
9. DIFFERENT TYPES OF ANTIDIFFERENT TYPES OF ANTI
VIRUS SCANNERSVIRUS SCANNERS
10. Conventional disk scanners:
This is the standard virus check program. It is run when the user requests it, and it scans the
contents of the disks, directories or files that the user wants, for any boot sectors and/or
files that contain viruses that it recognizes, based on the virus description information in its
virus definition files. Usually run manually by the user either as a preventive maintenance
activity or when a virus is suspected, scanning can also be automated through the use of a
program scheduler. This is the most common type of virus scanning program
Memory resident scanners:
Some antivirus software now comes with a special program that sits in the background
while you use your PC and automatically scans for viruses based on different triggers.
These programs typically can be configured to automatically scan programs as they are run
or scan floppy disks when you issue a shutdown command to the operating system.
Start up scanners:
Antivirus products often come with a special program that is designed to be run every time
the PC is booted up. It does a quick scan of the disk's boot sectors and critical system files
(instead of a full disk scan which takes a long time). The idea is to catch critical viruses,
especially boot sector viruses, before the PC boots up (which can give the virus a chance to
spread).
Inoculation:
This is a totally different approach to virus detection. Instead of looking for the
viruses themselves, this technique looks for the changes that the viruses make to
files and boot sectors. Starting with a clean system, the software "inoculates" each
boot sector and program file by storing a snapshot of information about it based on
its content and size. Then, periodically, it re-examines these files to see if anything
has changed. If it has, then the utility will inform you; if you haven't made the
change, a virus may have.
11. Drawbacks of anti-virus:Drawbacks of anti-virus:
However, no matter how useful antivirus software is, it can sometimes
have drawbacks.
Antivirus software can degrade computer performance if it is not
designed efficiently.
Inexperienced users may have trouble understanding the prompts and
decisions that antivirus software presents them with. An incorrect
decision may lead to a security breach.
One study found that the detection success of major antivirus software
dropped over a one-year period.