How to Protect Against Computer Viruses
By Bruce Stewart, ZDNet Reviews & Solutions
April 27, 1999 4:00 PM PT

Some are as benign as the common cold, and others can be as deadly to your hard drive Ebola. We're talking computer viruses, and with more than 30,000 known strains, the chances that your computer will contract one at some point are pretty good.

Take into account that many PC owners don't use current anti-virus software, and that viruses can spread to your system easily from the Internet, bulletin boards, or e-mail attachments, and we're talking epidemic. Luckily, though, there are some powerful preventative measures and some equally effective antidotes once you've contracted a bug.

What Is A Virus?

A computer virus is a piece of software that has been written to surreptitiously enter your computer system and "infect" your files. Some viruses are benign and won't harm your system, while others are destructive and can damage or destroy your data.

Typically a computer virus will replicate itself and try to infect as many files and systems as possible. If your system is infected, when you save a file to a disk you will probably infect the disk, and in turn whoever uses that disk will infect their system. As you can see, it's a vicious cycle, not unlike the viruses that plague us humans.

New computer viruses are being written all the time, and it's important to understand how your system can be exposed to them, and what you can do to protect your computer.

Types Of Viruses

Computer viruses are categorized into four main types: boot sector, file or program, macro, and multipartite viruses.

Boot sector viruses are usually transmitted when an infected floppy disk is left in the drive and the system is rebooted. The virus is read from the infected boot sector of the floppy disk and written to the master boot record of the system's hard drive. The master boot sector is the first place your system reads from when booting up from the hard drive. Then, whenever the computer is booted up, the virus will be loaded into the system's memory.

Program or file viruses are pieces of viral code that attach themselves to executable programs. Once the infected program is run, the virus is transferred to your system's memory and may replicate itself further.

Macro viruses are currently the most commonly found viruses. They infect files run by applications that use macro languages, like Microsoft Word or Excel. The virus looks like a macro in the file, and when the file is opened, the virus can execute commands understood by the application's macro language.

Multipartite viruses have characteristics of both boot sector viruses and file viruses. They may start out in the boot sector and spread to applications, or vice versa.

While not technically viruses, other malicious programs like worms and Trojan horses usually get lumped in there too. They typically have the same type of results as viruses and are written to create havoc on your system or networks, or both.

A worm is a program that replicates itself, but does not necessarily infect other programs. Examples of recent worms are Melissa and LoveLetter, both of which caused widespread havoc. These worms replicated themselves by email, making use of any Outlook address books.

Just like in the Greek myth, Trojan horses contain a concealed surprise. A Trojan horse program resides hidden in another seemingly harmless piece of software until some condition triggers its awakening.

How Your Data Gets Infected

Viruses can be written into almost any type of file, so it's important to be aware of this when you add software to your system. There are known instances of viruses being accidentally included in licensed, shrink-wrapped software, but generally you are safe when installing legally purchased software that you've obtained through normal channels.

The two main ways viruses enter your system are through files added to your system via removable media such as floppy disks or Zip disks, and from downloading from the Internet. You can also get a virus through an e-mail attachment, and, in rare cases, through a plain text e-mail message alone.

Although historically viruses passed via e-mail show up as embedded scripts in attached files, the Kak worm actually hides itself in the signature file of an Outlook Express e-mail message. In this case, just opening an infected e-mail message is enough to infect your system. Microsoft has released a patch for Outlook Express to fix this signature file vulnerability. If you use Norton AntiVirus, make sure to set it to scan all files, rather than just program files, and it will catch these type of viruses as well.

A common myth regarding viruses is that they can only be passed into your system through executable program files, or files that are actually programs, not just data. You'd also think, then, that infection couldn't take place unless the program holding the virus is launched. With the advent of "macro" viruses, though, this distinction is getting blurred. Macro viruses can exist inside any document whose application uses a macro language, such as Melissa, which was passed in Microsoft Word documents. In this case, a user can have a clean version of Microsoft Word and simply open an infected Word document, which will then infect the application.

How To Check For Viruses

Some common symptoms that could indicate your system's been infected are:

  • Unusual messages or displays on your monitor
  • Unusual sounds or music played at random times
  • Your system has less available memory than it should
  • A disk or volume name has been changed
  • Programs or files are suddenly missing
  • Unknown programs or files have been created
  • Some of your files become corrupted or suddenly don't work properly
There are many programs (called virus protection software, anti-virus software, or virus checks) that will check your system for known viruses, scan incoming files, and warn you before any infected files are let in. An important fact about these programs is that they are only as good as their database of known viruses. Since new and different viruses are being introduced all the time, anti-virus databases need to be updated often.

If you have a system that is not currently running virus protection software, the first thing you should do is get your hands on one of these programs and have it scan your hard drive. It will identify any files that have been infected by any virus it recognizes and offer you the option to repair the file if it can. In some cases infected files can be "cleaned" by your virus protection software; in others, the files will have to be discarded.

Once you have determined that all the files in your system are virus-free, this would be a good time to do a complete backup of your system. If you get infected in the future, you will really appreciate having clean copies of your files.

Another method you can use to detect viruses is to monitor the byte size of the programs installed on your hard drive, particularly .exe and .com files. If you notice any unexplained change in file sizes, this is a good indication that your system has become infected. This can be a difficult and tedious method of checking your system, however, and installing anti-virus software is a better alternative.

How To Protect Your System From Viruses

Once you've scanned your system for viruses and determined it to be clean, it's a good idea to put in place procedures to protect your system. The number one thing to do -- be careful whenever you're installing software or downloading files.

Most anti-virus software can be set to scan all removable media inserted in your system and to scan files that are downloaded to your system, including email attachments. We highly recommended that you set up your software to do this. This is the most important thing you can do to protect your system. It's also extremely important to keep your antivirus software current, and you should check regularly with your chosen vendor for updates to their product. This can usually be done at the vendor's Web site.

What To Do If You Have A Virus

If you have installed virus protection software and it has detected a virus in your system, first try to get the software to "clean" or "disinfect" the files. If this doesn't work, you'll most likely have to delete these files from your system.

If you receive an email attachment that your anti-virus software flags, delete it immediately. It is a good idea to play it safe with attachments in general and not open any that aren't from a trusted source. If you receive an email message with an attachment containing a virus you will not infect your system as long as you do not open the attachment.

In extreme cases, it may be necessary to reformat your hard drive, destroying all of the data on it. Then you'll have to reinstall your software and data, assuming you have the original software disks and clean backups of your files. In this case, it's a good idea to install your virus protection software first on the empty hard drive, so that the integrity of your backup files and original software can be verified.

You might also want to contact all the people that you've recently exchanged data with -- via floppy disks, e-mail attachments, Zip disks -- and let them know your system's been infected and theirs may be infected as well. You'd want to advise them to check their system for the appropriate virus or symptoms.

Funny how these computer viruses mimic human life, huh? Be safe.

Resources on the Web

Virus Information

Anti-Virus Software