June 2001

Anti-Virus Basics

Given virus outbreaks of the last several months, like the one dubbed “Anna Kournikova,” I thought it was a good time to revisit some of the topics I covered in my June 2000 Trusted Professional article concerning computer viruses.

The New York State Society of CPAs has a virus-scanning gateway set up in its headquarters, and I am always amazed at the number of viruses that people unknowingly send the office. Most of the viruses are old and would not have been sent if the sender’s computer had updated virus protection.

Virus Defined

Simply put, a virus is software that is designed and written for the sole purpose of affecting a computer in an adverse manner. It alters the way in which a computer works or the condition of the data that is stored in a computer.

Viruses are either benign or malignant in form. A benign virus does not cause any serious damage to the computer, but it can annoy and inconvenience the user by displaying a message or some sort of graphic file at a particular date or time. A malignant virus, however, can cause significant damage. This type of virus can alter a program or operating system so that it no longer behaves properly. Even a weak malignant virus could cause a program to crash or refuse to accept commands. Some malignant viruses carry a strain that can alter the computer at the directory information level and prevent it from booting up.

Virus Types

Viruses like “Melissa A,” which attached to Word, spread by attaching themselves to another program or to the boot sector of a diskette. When the infected file is executed, or the computer is started from an infected disk, the virus itself is executed. Often, the virus sits in the memory waiting to infect the next program that is run, or the next disk that is accessed.

In addition, many viruses are triggered by an event that is based on a variable determined by the virus writer. A trigger event virus may display a message on a certain date or delete files after the infected program is run a certain number of times.

File infector viruses attach themselves to or replace .COM and .EXE files. With this type of virus, uninfected programs usually become infected when they are executed with the virus in memory.

Leaving an infected diskette in a drive and rebooting the machine activates a boot sector virus. When the boot sector program is read and executed, the virus goes into memory and infects the hard drive. If a boot sector virus infects the machine it will not be able to load the operating system.

A master boot record (MBR) virus is spread in exactly the same manner as a boot sector virus—by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects the MBR of the hard drive.

A multipartite virus is a combination of the viruses listed above. The virus can infect both files and master boot record, or both files and boot sectors.

The damage that viruses can cause in the business community is substantial. Preventive measures are the only way to minimize the chance of infection. There no longer is an excuse for not having an updated anti-virus program on each server and workstation attached to a network. Most of the well-known anti-virus packages come with free updates for the warranty period, and when that expires the support plan should be purchased.