What is a computer virus?
A computer virus is a special kind of computer program
which:
- Spreads across disks and networks by making copies of itself,
usually surreptitiously.
- Can produce undesired side-effects in computers in which it is
active.
How infection occurs
In order to infect a computer, a virus has to have the chance to
execute its code.
Viruses usually ensure that this happens by behaving like a
parasite, i.e. by modifying another item so that the virus code is
executed when the legitimate item is run or opened.
Good vehicles for viruses include the parts of a disk which
contain code executed whenever that disk is booted, and documents
which contain macros executed whenever that document is opened with
the relevant application.
As long as the virus is active on the computer, it can copy
itself to other files or disks that are accessed.
How viruses escape detection
The successful spread of a virus depends on how long it can
replicate unnoticed, before its presence is made known by the
activation of side-effects. Viruses use two main methods of
disguise:
- Encrypting (scrambling) their code to avoid recognition.
- Preventing applications from seeing the virus in memory, by
interrupt interception or (in the case of macro viruses) by
disabling the options to view macros.
Virus side-effects
As well as self-replicating code, a virus normally contains a
'payload'. The former is like the propulsion unit of a missile; the
latter is like the warhead it delivers. The payload can be
programmed to have malicious side-effects.
These effects can range from harmless messages to data
corruption or destruction.
How viruses spread
Infections spread from machine to machine, and from organisation
to organisation, in a number of ways.
Viruses can be transmitted by:
- Booting a PC from an infected medium.
- Executing an infected program.
- Opening an infected file.
Common routes for virus infiltration include:
- Floppy disks or other media that users can exchange.
- Email attachments.
- Pirated software.
- Shareware.
Anti-virus measures
The fight against computer viruses involves five kinds of
counter-measure:
Preparation includes making backups of all software
(including operating systems) and making a contingency plan.
Prevention includes creating user awareness, implementing
hygiene rules, using disk authorisation software, or providing
isolated 'quarantine' PCs.
Detection involves the use of anti-virus software to
detect, report and (sometimes) disinfect viruses.
Containment involves identifying and isolating the
infected items.
Recovery involves disinfecting or removing infected
items, and recovering or replacing corrupted data.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.