Viruses, Virus Solutions, and Malicious Software

Previous page
Table of content
Next page

Viruses, spyware, worms, and other malicious code are an unfortunate part of modern computing. In today's world, an unprotected computer is at high risk of having some form of malicious software installed on the system: A protected system is still at risk; the risk is just lower.

By definition, a virus is a program that is self-replicating and operates on a computer system without the user's knowledge. These viruses will either attach to or replace system files, system executables, and data files. Once in, the virus can perform many different functions. It might completely consume system resources making the system basically too slow to use, it might completely corrupt and down a computer, or it might compromise data integrity and availability.

In order to be considered a virus, the malicious code must meet two criteria: It must be self-replicating, and it must be capable of executing itself. Three common virus types are listed below:

  • Boot sector virus Boot sector viruses target the boot record of hard disks or floppy disks. In order to boot, floppy disks or hard drives contain an initial set of instructions that start the boot process. Boot sector viruses infect this program and activate when the system boots. This enables the virus to stay hidden in memory and operate in the background.

  • File viruses Very common are the file viruses. File viruses attack applications and program files. This type of virus often targets the .exe, .com, and .bat by either destroying them, preventing applications to run, or by modifying them and using them to propagate the virus.

    Viruses are not necessarily a file virus or a boot sector virus; they can be both. One virus can be designed to both attack the boot sector and the applications.


  • Macro viruses The actual datasuch as documents, spreadsheets, and so onrepresents the most important and irreplaceable elements on a computer system. Macro viruses are designed to attack documents and files and therefore are particularly nasty.

Trojans, Worms, Spyware, and Hoaxes

There are other forms of malicious programs, which by definition are not a virus but still threaten our computer systems.

Trojan horse is a program that appears harmless or even helpful, but after being executed performs an undesirable and malicious action. For instance, a Trojan horse can be a program advertised to be a patch, harmless application such as a calculator or a product upgrade or enhancement. The trick is to fool the user to download and install the program. Once executed, the Trojan horse can perform the function it was actually designed to do. This might include crashing a system, stealing data, and corrupting data.

Trojan horses are not viruses, as they do not replicate; they are installed by the user mistakenly. Trojan horses are often delivered through email or by downloading applications from the Internet.


Worms are similar to viruses in that they replicate, but they do not require a host file to spread from system to system. The difference between viruses and worms is that a worm does not attach itself to an executable program as do viruses: A worm is self-contained and does not need to be part of another program to propagate itself. This makes a worm capable of replicating at incredible speeds. This can cause significant network slowdowns as the worm spreads.

A worm can do any number of malicious actions, including deleting files and sending documents via email without the user knowing. A worm can also carry another program designed to open a backdoor in the system used by spam senders to send junk mail and notices to a computer. Once this backdoor access is open to the computer, your system, it is vulnerable and open to data theft, modification, or worse.

Spyware is a new threat that can be very hidden and easy to get. Spyware is designed to monitor activity on a computer, such as Web surfing activity, and send that information to a remote source. It is commonly installed along with a free program that might have been downloaded.

Spyware detection software is becoming increasingly popular and given the information that can be stolen, should be considered an important part of a secure system.

One final consideration is that of virus hoaxes. The threat of virus activity is very real, and, as such, we are alerted to it. Some take advantage of this to create elaborate virus hoaxes. Hoaxes will often pop up on the computer screen or arrive in the email warning of a virus or claiming that your system has contracted a virus. These are more annoying than dangerous but serve to confuse and complicate the virus issue.

Malicious code varies by the type of virus and also how they operate. For instance, polymorphic viruses change themselves each time they infect a system. This makes them very difficult to scan for as they are always changing their look. Stealth viruses become part of a program and make it appear as if the program is operating normally when in fact there is a virus at work. This too makes them difficult to scan for.


Protecting Computers from Viruses

The threat from malicious code is a very real concern. We need to take the steps to protect our systems, and although it might not be possible to eliminate the threat, it is possible to significantly reduce the threat.

One of the primary tools used in the fight against malicious software is antivirus software. Antivirus software is available from a number of companies, and each offers similar features and capabilities. The following is a list of the common features and characteristics of antivirus software.

  • Real-time protection An installed antivirus program should continuously monitor the system looking for viruses. If a program is downloaded, an application opened, or a suspicious email received, the real-time virus monitor will detect and remove the threat. The virus application will sit in the background and will be largely unnoticed by the user.

  • Virus scanning An antivirus program must be capable of scanning selected drives and disk either locally or remotely. Scans can either be run manually, or they can be scheduled to run at a particular time.

  • Scheduling It is a best practice to schedule virus scanning to occur automatically at a predetermined time. In a network environment, this would typically occur off hours when the overhead of the scanning process won't impact users.

  • Live updates New viruses and malicious software are released with alarming frequency. It is recommended that the antivirus software be configured to receive virus updates regularly.

  • Email vetting Emails represent one of the primary sources for virus delivery. It is essential to use antivirus software that provides email scanning for both inbound and outbound email.

  • Centralized management If used in a network environment, it is a good idea to use software that supports centralized management of the virus program from the server. Virus updates and configurations only need to be made on the server and not on each individual client station.

Software is only part of the solution in a proactive virus solution. A complete virus protection strategy requires many aspects to help limit the risk of viruses and includes the following:

  • Develop in-house policies and rules In a corporate environment or even a small office, it is important to establish what information can be placed onto a system. For example, should users be able to download programs from the Internet? Can users bring in their own floppy disks or other storage media?

  • Monitoring virus threats With new viruses coming out all the time, it is important to check to see if new viruses have been released and what they are designed to do.

  • Educate users One of the keys to a complete antivirus solution is to train users in virus prevention and recognition techniques. If users know what they are looking for, it can prevent a virus from entering the system or the network.

  • Back up copies of important documents It should be mentioned that no solution is absolute and care should be taken to ensure that the data is backed up. In the event of a malicious attack, redundant information is available in a secure location.

  • Automate virus scanning and updates Today's antivirus software can be configured to scan and update itself automatically. Because such tasks can be forgotten and overlooked, it is recommended to have these processes scheduled to run at predetermined times.

  • Email vetting Email is one of the commonly used virus delivery mechanisms. Antivirus software can be used to check inbound and outbound emails for virus activity.


    Previous page
    Table of content
    Next page
    Network+ Exam Cram 2
    Network+ Exam Cram 2
    ISBN: 078974905X
    EAN: N/A
    Year: 2003
    Pages: 194
    BUY ON AMAZON
    OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
    Certified Ethical Hacker Exam Prep
    Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
    .NET-A Complete Development Cycle
    VBScript in a Nutshell, 2nd Edition
    User Interfaces in C#: Windows Forms and Custom Controls
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy