What Is a Virus?
What is a computer virus? A trojan? A worm?
A computer virus is a program that is written to infect someone’s computer and cause damage. Sometimes the damage is slight — perhaps the icons on your desktop “run away” when you try to click on them. Sometimes it is more severe, and you lose all of your data.
— a trojan —
A trojan is a program that looks like something useful, or perhaps a joke, but is really meant to get a virus into your computer system. They can then run on your computer, leaving a “backdoor” open for the person who originally sent the trojan around. Once they can get in, they have control over your system to do things such as see what is on your screen, transfer your documents to them, launch a “Distributed Denial of Service” (DDoS) attack on someone, etc. Imagine hundreds of thousands of compromised computers all trying to hit a single website at the same time — it would be the equivalent of thousands of people all trying to get through the same drive-through all at once. Everyone would be slowing everyone else down, cars would be jammed in the parking lot, overflowing into the street, etc. This is what happened to eBay, amazon.com, and yahoo. (CNN news story)
— a worm —
The sole purpose of a worm is to try to infect as many computer systems as possible. They tend to do little or no damage, but they do wreak havoc by wasting space and bandwidth. An important thing to realize is that true worms don’t need to spread via e-mail — the MS SQL Slammer worm and more recently, the MS Blaster worm can infect your computer just by being on the internet. No e-mail, no web browser open, just by dialing up or being connected to cable or DSL.
— damaging code —
A virus can do damage ranging from wasting your time to irretrievably erasing everything on your hard drive. Some viruses are nothing more than an e-mail hoax. These are the e-mails that are forwarded to you by a friend titled something like “Fwd: VIRUS WARNING — Microsoft and IBM have issued a warning that the SmellyFeet virus can make your feet smell! Forward this on to everyone you know!” These e-mails don’t do any real damage, they just waste your time and bandwidth. Viruses that do real damage might erase files, change system settings, infect other computers on the network — even send out e-mail in your name to your friends and associates — with your personal documents attached.
— getting safe —
How do you keep yourself safer than most? Use an updated antivirus program like Norton Antivirus, McAfee VirusScan, or the like (see the end of this article for recommendations and links). The important thing to remember, however, is not just that you use an antivirus program, but that you keep it updated! Think of an antivirus program like you might think of a Gillette razor — the handle (the antivirus program) is only as useful as the new blades you have to use (the virus definitions). New viruses are written every day, and it is important that you keep updating your virus definitions to catch the new viruses. Most good antivirus programs will do this automatically without you knowing. Most also cost money to keep up a subscription each year. It is well worth it. A typical visit from us to clear up a virus is two hours at the going rate. A years’ subscription for Norton Antivirus is currently $19.99. Well worth it, in our opinion.
In addition to current virus protection, your system should have the latest fixes for your operating system, often called a “patch”. These patches close holes or security risks that your computer may expose. For Windows, the best way to do this is to visit windowsupdate.microsoft.com and apply their recommended patches. For Unix and linux users, consult your operating system vendor.
— hoaxes —
In addition to real damaging code, sometimes the true virus is coercing you into sending off an e-mail to your entire address book for no particular reason. Examples of this are the jdbgmgr.exe virus hoax (Snopes Urban Legend article), numerous “sick children” e-mails (Snopes article), and “something for nothing” e-mails like Bill Gates sending you money for forwarding an e-mail (Snopes article). Check out the Snopes site, the McAfee Antivirus Virus Information Library site, or the Symantec Security Response site to verify these types of e-mail before sending them out.
Popular antivirus programs:
- Norton Antivirus: http://symantec.com
- McAfee VirusScan: http://mcafee.com
- Trend PC-Cillin: http://antivirus.com
- F-risk Fprot: http://f-prot.com
- Alwil Avast4: http://alwil.com — an excellent antivirus package free for home users
9/10/2003 — NOTES ON DCOM VULNERABILITIES, W32.BLASTER and other variants:
Microsoft has announced yet another vulnerability in the Windows operating systems. You can expect more to come, but you can read about this particular one at http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp . The same general information about Blaster (see 8/13/2003 below) applies to this latest exploit. Computer Experts Group, Ltd. has mirrored the files (without permission from Microsoft) here. Please download and run the patch at your earliest convenience.
8/13/2003: The Windows Update site was the target of the Blaster worm. The worm infiltrates your system through a DCOM RPC exploit, tries to infect other computers it finds, and on 8/16/2003 will launch a DDoS (distributed denial of service) attack on windowsupdate.microsoft.com, thus preventing users from obtaining the fix. Microsoft currently has a patch available for Windows 2000, Windows XP, Windows 2003 Server and Windows NT (no other Microsoft operating system is affected by this). It can be found at http://www.microsoft.com/technet/security/bulletin/MS03-026.asp .
Since the Windows Update site will probably be unavailable when the DDoS attack starts, Computer Experts Group, Ltd. has mirrored the files (without permission from Microsoft) here. In addition, if your system is infected (notably by shutting down randomly every few minutes), we have also made Symantec Antivirus’s FixBlast.exe utility available here (without permission from Symantec).