Computers & Technology
Computer Tutor: Tips & Tricks

• Tech Bytes:  Microsoft's Flight Simulator, Can It Really Teach You to Fly?

• Computer Tutor:  Communicable Diseases, An Anti-Virus Primer {reprise}

• Links to Computers & Tech On-Line:  Anti-Virus Help {continued}

.

Communicable Diseases, An Anti-Virus Primer
    What You Can Do to Protect Your System

When we first published some anti-virus info at the end of last summer, it was during the hey-day of two fairly pressing concerns.  One was the Code Red worm and its offspring, which had been targeting Microsoft Internet Information Services-enabled Windows 2000 computers.  The other was a virus 'hoax' going around, instructing people to delete a file from their system which was actually a legitimate Windows 98 system file.\

Since then, of course, the Nimda virus also began to wreak havoc with people's PC's.  And now there are rumors running rampant about immanent hack attacks as part of the campaign of terrorism.  Whether that turns out to be true or not, one thing is sure:

You really don't want your system to get infected !

So, for those of you who may not have caught it first time around, or did, but ignored the advice anyway, we decided to do a reprise of our Anti-Virus Primer.

There are three major players in the world of anti-virus protection -- McAfee, Norton, and InnoculateIT from Computer Associates.  {For more info on anti-virus protection and these 'Big Three', see this month's Links to Computer & Tech On-Line.}  All three have long and solid track records and extensive on-line info available.

A Primer on Computer Viruses
If one were to get detailed enough here, the types of viruses encountered in the computer world could give the files at the Centers for Disease Control some competition.  But let's try to keep things fairly simple:  Most viruses can be classified generically as either Memory, Boot Sector, File, or Macro Viruses  ...  depending upon the method they use to 'infect' your system.  Of course, as we mentioned at the outset, there is another type of 'virus' that isn't a virus at all, but a Hoax, which can still end up with results every bit as destructive as a 'real' virus.

Essentially, a virus is a bit of code that's intended to alter your computer system in any of thousands of ways.  The basic questions about a virus are relatively few

• Does my system contain a virus?

• What type of virus is it? OR How does it propagate or trigger?

• What sort of damage can the virus do?

• Will my anti-virus program recognize it?

Does Your System Have a Virus?
Whether your system contains a virus is usually most easily answered by making sure you have some sort of anti-virus program running.  Basically, you purchase anti-virus protection on a subscription basis.  Two of the Big Three mentioned charge around $50 for the program, with one year of free virus info up-dates.  The third -- InncoulateIT -- was, until this month, free for individual and home users.  But Computer Associates, while continuing to provide support for InnoculateIT users, has now moved over to a subscription plan as well.

Without an anti-virus program, you may have a virus infection -- in fact, an infection that has been active for quite some time -- and not even know it.  But don't think that just because there are no immediately apparent effects, all is well.  When it comes to computer viruses, it rarely is.

What Type of Virus Is It?
The answer to the question of virus type is usually the same as asking how the code is transmitted to your system or, put another way, how the virus propagates.  Floppy disk boot sector viruses, for example, usually propagate by placing an infected floppy in your disk drive.  If you inadvertently leave the disk in your A: drive, then -- since most PCs are set to look to the A: drive first for a bootable disk -- when you re-boot your PC, the virus will infect your system. 

File-borne viruses, on the other hand, are propagated by any infected file which -- when open, run or executed -- begins its work.  Macro viruses, which may be considered a type of file virus, usually depend on a program that handles macros {a set of instructions usually useful for performing a sequence of tasks automatically} as part of its normal operation.  Many macro viruses, therefore, targeted Microsoft programs like Word, Excel, etc., which, until more recently, activated macros automatically.  But since the advent of such viruses, Microsoft programs now usually prompt to ask if you want to enable the macros for a specific file.

Virus hoaxes work in what some consider a more insidious way -- they get you to damage your own system.  Most virus hoaxes take the form of e-mail virus alerts or warnings that then direct you to follow a set of instructions which, if not followed, will have dire consequences.  The SULFNBK Hoax is one example.  Fortunately, even if you followed the instructions for this one, the harm is relatively minimal, and recovery, relatively simple.  The file in question is responsible for long file names in Windows 98 and Me {which, since we run Windows 2000,} explains why we didn't find it on our system}.  And only if you needed to restore them for some reason would the program be called upon. 

But such low-grade damage is hardly the rule, even for hoaxes.  And to make matters a little more complicated, even though the e-mail message carried the hoax, it is still possible that another real virus could have used your SULFNBK.EXE -- which, in many ways, provides  the perfect size and function --  as a vehicle for a very real infection.

What Sort of Damage Can the Virus Do?
The extent of damage from a virus can be anything from a relatively mild annoyance to a total system crash.  Understanding the nature and extent of the damage means understanding how a virus comes into being, and that many viruses have several objectives. 

Unlike viruses in the natural world, computer viruses are intentionally created by people.  Rather than random selection and infection, these programmers know how computer systems work -- usually at levels that are invisible to most users -- and use that knowledge to write code for a sequence of events.

The first order of business, of course, is infection.  Once a system is infected, some virus program are satisfied to let you know that your system has been infected and leave it at that.  Unfortunately, such virus programs these days are the exception rather than the rule.  Most virus programs instead seek not only to infect your system, but as many others as it can.  In this scenario, the virus will have a means for propagating itself from your system to others, usually friends, family, colleagues, and co-workers.  In order to accomplish this, the virus programmer will often deliberately keep any ill effects from showing up on your system until it has had time to propagate.

How it propagates depends, again, on the type of virus.  One virus, for example, propagates to others by searching your Outlook or Windows Address Book and sending e-mails to the users it finds there.  Only after it has had time to do that -- usually after one month and a mailing to at least 100 others -- will it next run a routine that brings up a pop-up message with a bit of profanity.  After your system has been infected for two months, it next makes your desktop icons move every time you try to place your mouse pointer over them.  After three months, the infected file deletes itself.

Those effects, however, as irritating and destructive or productivity as they may be, are relatively benign compared with some viruses, which will do nothing less than wipe out your entire hard drive and/or system.

Will Your Anti-Virus Program Recognize It?
Whether or not your anti-virus program will recognize the virus depends on several things:

• what settings you have used to configure or install the anti-virus program,

• whether or not you have the latest virus definition files installed, and

• whether the type and nature of the virus is something that your virus program will recognize.

The question of settings or configuration usually comes down to a couple of things:  First, if your program has both boot sector and 'real time' file checking options available, your safest bet is to have them turned on.  As far as the virus definition up-dates, most programs provide monthly downloads of new virus definition files ... which will give you some idea of how may new viruses are being written.  Make a habit of downloading and installing the latest definition file each month.

This last issue -- the type and nature of the virus -- is a little trickier.  Actually, it's a whole lot trickier.  ...

Part of the allure for many virus programmers is similar to the allure for many hackers or counterfeiters.  The basic idea is to outsmart the professionals.  Virus programs are constantly being written -- with the latest info about operating systems, security, and the routines that anti-virus programs use -- to find new ways of gaining entry and doing their damage.  In this light, there is really no way for any anti-virus program to catch and stop all viruses all the time.

Does this mean there's no point in installing anti-virus software on your system?

Not at all.  ...  Most reputable anti-virus companies are damned good at staying on top of things.  And that's all most people really need.   But what it does mean is that, in addition to making use of a good anti-virus program, you should also check your program's web site for late-breaking news.

Not Always a Virus
Of course, not all glitches in your system or problems with your programs are virus-related.  It is just as likely that the problem may stem from some faulty hardware or settings, memory modules that are misbehaving, or even -- most likely of all -- because many software programs ship with known bugs in them ... sometimes numbering in the hundreds or more.

There's no time here to go into all the possible scenarios and all the possible testing procedures or verifications.  Suffice it to say:  If you think you may have a virus, or an e-mail or file attachment that you think may contain one, treat it as such.  Run your anti-virus software on it, and do the homework on-line to see if it's something new your virus definition file may not be aware of yet.  If you've done that, then you may want to research known bugs for software, or, for other problems, possible causes in your system or hardware at any reputable on-line site.

Some Basic Precautions Then ...
So, if we've managed to make you sufficiently concerned about the potential danger which viruses pose, what should you do?

• Get and install a decent anti-virus program ... now.

• Use a program that offers fairly frequent virus definition up-dates, preferably no less than once a month.

• Run a complete system scan.  After that, you can use the program's 'progressive' scan feature to scan a specified number of files each time you boot up.

• For maximum protection, be sure both boot sector and 'real time' file checking features are turned on.

• If you receive an e-mail with an attachment from an unknown source, think twice about opening and running the attachment, even if it's a Word or Excel file.

•  If you receive a virus warning via e-mail or any other means -- even if you know the source well -- check your anti-virus program's web site to be sure it isn't a hoax.

• If you download software -- whether trial versions of popular stuff or shareware -- only download from reputable sources. 

• If you're on a network -- and if you're reading this, you probably are, on the network known as the internet -- then you have to ask yourself either how much time and money you want to spend on a firewall setup, or, an easier route, how often you run a backup.

• Speaking of backups, since, as we said, no anti-virus program is 100% foolproof, you should always...  And finally,

• If you're one of those folks who's out there writing these virus programs, please stop.  Most of us have enough troubles packed into an ordinary day and don't really need our systems going bezerk.  {Thanks.}

Remember, then:  VIRUS PROTECTION.  Don't boot up without it!

lmc

...

*******       *******

    If you would like to submit a feature for our Computers & Tech section, don't hesitate to let us know.  Simply e-mail us at comptech@downstreetmagazine.com.  The e-mail should contain your name, address, and a phone number where we can reach you.  You may also send a copy of your proposed article.  The text can either be included in the body of the e-mail, or you can send it as an attachment in just about any word processing format.  If your piece is accepted, we will pay a small honorarium for your interest & your time.  [See Freelancers Wanted for more details.]

*******       *******

If you would like to advertise in this section, or throughout the magazine, please visit our Advertising Info Pages ... or call, write, or e-mail ads@downstreetmagazine.com.

*******       *******.

   Phone                                (802) 453-5124
    Fax                                    (978) 428-6335
   ... or e-mail
   Advertising:                              ads@downstreetmagazine.com
   Articles & submissions:        submissions@downstreetmagazine.com
   Subscriptions:                          subscribe@downstreetmagazine.com
   ...    

All material copyrighted © 2000-2001.  All rights reserved.
Citations should follow standard conventions.
Please contact us for reprint permissions.
DownStreet Magazine is a registered trademark of Fern Hill Services.
Lou Colasanti, Editor & Laura Wisniewski, Associate Editor
.                                                                                                 .