TechCenter

July 1999 Issue

TechCenter

Computer Virus Basics

After the three most recent major computer virus outbreaks--Melissa.A, Papa, and CIH-Chernobyl--the reality of what damage a virus can do became clear to people outside of the computer industry. When the Melissa virus struck, numerous companies had to shut down their e-mail servers because of infection or fear of one.

Simply put, a virus is software designed for the sole purpose of affecting a user's computer adversely. It alters the way the computer works or the condition of the computer's data. Viruses are either benign or malignant in form.

A benign virus does not do any true damage to the computer. It potentially annoys and inconveniences the computer user by displaying a message or some sort of graphic file on a set date or time.

A malignant virus attempts to cause damage to a computer. This type of virus may alter a program or operating system so that it no longer behaves properly. A weak virus may cause the program to crash or no longer accept commands; a powerful strain will alter the computer at the directory information level. This infection may prevent it from booting up.

Viruses spread by attaching themselves to another program (Melissa.A attached to Word) or to the boot sector of a diskette that holds the start-up instructions for the computer and operating system. When the infected file is executed or the computer is started from an infected disk, the virus itself is executed. Often, the virus sits in the memory waiting to infect the next program run or the next disk accessed.

Many viruses execute on a "trigger event," a variable set by the person who wrote the virus, such as a date (the DaVinci virus executed on Leonardo da Vinci's birthday). A trigger event virus may display a message or delete files once an infected program is run a certain number of times.

"File infector" viruses attach themselves to or replace .COM (DOS format) and .EXE (executable Word format) files. These viruses infect programs when they are executed with the virus in memory.

Leaving an infected diskette in a drive and rebooting the machine activates a "boot sector" virus. When the boot sector program is read and executed, the virus goes into memory and infects the hard drive. The computer cannot load its operating system once infected by a boot sector virus.

A "master boot record" (MBR) virus is spread in the same manner as a boot sector virus--by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects the MBR of the hard drive.

A "multi-partite" virus is a combination of the viruses listed above. It infects both files and master boot record, or files and boot sectors.

Viruses can cause substantial damage in the business community. Preventive measures are the only way to minimize the chance of infection. There is no longer any excuse for not having an updated anti-virus program on each server and workstation attached to a network. Most of the well-known anti-virus packages issue free updates during the warranty period. Once the warranty expires it is wise to purchase the support plan.

Society network administrators use Symantec's Norton Anti-Virus, which releases an updated definition file to help the program detect viruses each Tuesday and when warranted by the release of a major virus such as Melissa.A. Network administrators download the update onto the network and check with the server when each user logs on to determine whether the workstation has the newest definition file. If it does not, the update is installed. All of this is virtually unseen by the end user.

To submit suggestions, or for more information, contact Kevin Lewis, NYSSCPA Manager of Technology and Information Systems, at (212) 719-8340, (800) 633-6320, or klewis@nysscpa.org. *