Computer Viruses and Anti-virus Software By Mia L. Guidry Table Of Contents Intro II Computer Virus Componentsa. Worms. Trojan horses. Logic bombs Types of Virusesa.

Boot sector virus. File virus c. Macro virus d. Multipartite virus e. Polymorphic virus.

Stealth virus IV How Viruses Work. Virus introduced to system. Trojan activated c. Logic bomb activated d.

Destructive part of virus activated Most Common Virusesa. Jerusalem virus. Cascade virus c. Brain virus d. Italian virus e. New Zealand virus VI Macro Virus.

What are they? b. How do they work VII How to Avoid Virusesa. Removing floppies from drive. Don't use pirated software c.

Backup data. Run virus check program periodically V Anti-virus Software. Why would you use? b. Virus Scanner c. Types of Anti-virus software In this growing technological world, there is a dependency on computer systems. With the wide spread use of computer systems comes the threat of short programs that damage the system and other programs on that system.

These short programs are called computer viruses. There are many computer viruses out there to infect unsuspecting system and programs. Along with these threats of infection comes the opportunity to eradicate these viruses before they infect systems. There are programs called anti-virus protection to help find and fix problems before they damage computer systems (Encyclopedia. com). Computer Virus and ComponentsA computer virus can be defined as a rogue computer program, usually short in nature, designed to spread copies of itself to other computers and disrupt the computers' normal operation. These viruses usually attach or insert themselves in or to a program or boot sector of a disk.

It is spread through floppy disk, network, or routine on-line services. There are some viruses that are harmless, but others can destroy or corrupt data and cause an operating system or application program to malfunction. The three most common types of destructive computer programs are the Trojan horse, logic bombs, and the worm. "A virus is considered to be a worm with a logic bomb or Trojan horse component" (PC Upgrade). Worms are programs that copy themselves. They create images of themselves in a file or a certain part of a disk.

The main reason for including a worm component in a virus is to spread the virus via floppy dick. Now every time you format a disk or copy a disc, the worm now infects you floppy disk. The Trojan horse is a program hidden inside another useful looking program. When the useful program is running the Trojan horse is doing something like erasing your Fat and directory. The last of this triangle is the bomb. The bomb is a piece of code embedded in a program or the operating system that waits for a particular event to occur.

When the event occurs the bomb goes off doing some kind of damage. These bombs show up as the most destructive part of the virus. For example, "If its Friday the 13th, erase the disk" (PC Upgrade). Types of Viruses Viruses can also be classified by their preferred habitat.

There are viruses that attach themselves to other programs and they are called parasitic viruses. Some prefer lodging in the boot sector of your floppy or hard disk. These are called boot sector viruses. A boot sector virus affects the section of a floppy or hard disk that contains operating systems and file information. Meanwhile each time the personal computer is started it infects the floppy in the drove and spreads the virus. Next is the file virus, which infects programs with.

EXE and. COM files. When the infected program has run, the virus copies itself. Multipartite virus uses a combination of techniques to spread itself every time it spreads. Since the polymorphic viruses's signature changes randomly the common signature scanning methods often fail to find them.

A macro virus is the most common type that currently accounts for about 80 percent of computer infection. For example, Microsoft word and Excel macros execute a series of instructions automatically each time you open a document. If and automatic macro has been infected by a virus, it can damage any word or excel document that is opened (PC World). Some viruses are said to be "stealth". This virus attempts to hide itself by keeping a copy of the parts of the dick that has been affected before it was affected. In other words, the virus uses tricks to conceal itself from anti-virus software.

The stealth virus affects DOS for the most part. How Do Viruses Work Viruses will be introduced to your system either with an infected. Com or. eye file or the boot from the floppy with an infected boot record. The Trojan horse is either hidden in an application program or injected into a program file or the boot record by the worm portion. When the program with the Trojan horse is activated the virus is revived and it places itself into the operating system. Then the logic bomb activates the worm portion whenever an acceptable hosts presents itself.

Every time the worm copies itself onto another disk or program, it activates a built-in counter that keeps track of the number of times it has been copied. Eventually the virus will be activated and may cause destruction to the hard disk or program. Some of the viruses are just pure worms and there is no danger to the systems or programs. The only thing is that it is annoying and it keeps spreading. Most Common Viruses The National Computer Security Association reports that there are viruses that account for most of the virus incidents in 1989. They are the Jerusalem virus, the Cascade virus, the Brain virus, the Italian virus, and the New Zealand virus.

There are more around, but these are the biggest. The Jerusalem virus is a wide spread virus that has lead to it having several variations. They are "Jerusalem A", "Jerusalem B" and so on. This virus was originally targeted for Israeli computing institution.

The logic bomb was set to go off on Israel's 40th birthday on May 14, 1988. Now it has been modified to activate on any Friday 13th. It has also been setup for the "Century", January 1, 2000. What these programmers did not realize was that the century starts on January 1, 2001. The Jerusalem virus infects. com and. eye programs as they are running, except for Command. com. The virus will not rum unless affected program starts.

The Cascade virus is activated randomly, and is activated seasonally only in autumn. It is encrypted using a random key. When on two different machines the same file will look different with a copy of this virus. The main sign is the falling of letters to the bottom of the screen. Then there is a strain of this virus that makes the machine reboot in the middle of an operation.

The only way of getting rid of this virus is to erase the infected. com, or. eye files and reloading from a backup disk. The Brain virus is a boot record virus that only has problem in the chaos strain. When brain infects the boot record there is a copy made of the original boot record on another part of the disk. This is used to fool virus detection programs. If unloading from an uninfected floppy, the brain virus never has a chance to install the "mirror" feature to fool the anti-virus software. This easy to fix, you just have to reboot from a floppy and rebuild the hard disk's boot record.

Next there is the Italian virus and it is another boot record infect or. If puts a bouncing symbol on the screen much like a bouncing ping pong ball. Some strains of this virus erase characters as it bounces across the screen while other restore characters. This virus does not usually do a lot of damage, it is just annoying.

Lastly, the New Zealand or Dope virus, was first noticed in New Zealand and Australia. It us a boot record virus and its main function was to flash "Legalize Marijuana" in one out of every eight boots attempted. This virus damages the master boot record on the hard disk (PC Upgrade). Macro Viruses Personal computer owners, up until recent, could relax in knowing that by scanning their hard drive and not booting from the floppy drive, they wouldn't get any viruses. Now there is the need to worry about macro viruses.

They are the most wide spread in the wild. In the wild meaning, they have escaped into circulation. Macro virus is a virus written in the macro language of an application. Word processing and spreadsheet programs permit the use of macros.

These programs not only run the risk of being in felted, but there is the potential to infect others. Macro viruses are spread through the transfer of documents. This virus is designed to infect Microsoft word and excel. Some common Macro viruses are Concept, Waz zu, N pad, Cap, and more recently the Melissa virus. These viruses run when opening an infected document. When it activates the virus will try to sent e-mail messages to three people randomly selected from the local mail alias list.

The message is empty, but links you to an attached file called DOC 1. DOC which is infected by the virus. If the recipient of the mail double clicks on the attachment, they will become infected also. They could spread it through the system now.

The virus does not destruct anything, it spreads. The infection does not happen from the e-mail, it happens when the attachment is being opened. Once Microsoft saw this happening, they created the Macro Virus Protection Tool Kit. This program alerts you when there is a macro present in your document (PC Upgrade).

Avoiding Viruses Avoiding viruses can be easy if people are more careful. Preventive medicine seems to be the best way in preserving your system and preventing it from getting a virus. First, you should remember to remove disk from the floppy drive when you are booting your system. A lot of viruses are boot sector viruses, and are picked up from floppy disk during the boot process Second, don't use software that has not been write protected. Using a disk from an unknown source can also give your computer problems. Most disk drive cannot be saved if data files are not backed up.

Backing up data is a very important part in retrieving lost drives. Every computer should have anti-virus software to protect system from unwanted viruses. Anti-virus programs should be run periodically to ensure that system is virus free (PC Upgrade). Anti-virus Software Since the emergence of computer viruses, anti-virus software has become very popular in saving people from losing important information. There has to be a way to protect files and disk drives from computer viruses, the concept is anti-virus software. Anti-virus software works by looking at specific string of binary codes, these binary codes are called the virus signature.

Anti-virus software also uses heuristics, which is where the antiviral technology looks for indications of virus activity such as suspicious codes or unanticipated changes in files. These virus scanners work by scanning the signatures or hex pattern. If a pattern exists, the software sets off a virus warning. There are many types of anti-virus software out there. The features need to be examined as well as how each software does on test. Price will also factor into the picture.

(PC World Feb. 99). Here are a few anti-virus software and their advantages and disadvantages. Command Anti-virus 4.52 Pro: Low price, nearly perfect virus detection, simple interface Con: Complex update process, some difficulty with wild virus repair Mcaffe Virus Scan 4. pro: Outstanding virus detection and removal, remote-control-like interface, easy to use Con: Slowest scan time Norton Anti-virus 5.0 Pro: Excellent virus detection and removal, effective new features such as Quarantine improved interface Con: Begins to charge for virus signature updates after one year Panda Anti-virus 6.005 Platinum Pro: Clean user interface, faster than any other package, easy to update Con: Had problems detecting macro viruses, produced many false positives Sophos Anti-virus 3.13 Pro: Excellent virus detection, versatile scheduler, well designed interface Con: Expensive, complicated virus repair Trend PC-Cillin 6 Pro: Great interface, strong features, low price Con: Prerelease version had trouble repairing a particular boot virus The most popular anti-virus software is the Mcaffe and Norton. They both have excellent record when detecting and fixing viruses. They are user friendly and are reasonable in price. All of these anti-virus software have 100 percent detection of wild viruses (PC World Feb. 99)

Bibliography

1. PC Upgrade and Maintenance Guide, ninth edition 2. PC World February 1999 Wild Viruses Lassoed With Ease Antivirus Program Wild boot virus detect percent Wild file virus detect percent Wild macro virus detect percent Zoo file virus detect percent Detect / repair wild macro virus Detect / repair wild file virus Detect / repair wild boot virus Detect / repair main boot record infection False positives Scan time (minutes: seconds Command antivirus 4.521001001009998 Yes / YesYes/NoYes / No 09: 24 McAffe Virus Scan 4.010010010095100 Yes / YesYes/YesYes / Yes 027: 22 Norton Antivirus 5.010010010099100 Yes / YesYes/YesYes / No 112: 54 Panda Antivirus 5.010099. 999.980. 675.5 Yes / YesYes/YesYes / Yes 127: 42 Sophos anti-Virus 3.1310099. 999.999100 Yes / YesYes/NoYes / No 28: 30 Trend PC-Cillin 610099.999. 999100 Yes / YesYes/YesYes / Yes 213: 26 Antivirus Software Feature ComparisonProductPricePlatform Supported Scan Scheduler Automatic virus signature updates Tech Support Hours (weekday / weekend ) Toll-free Phone Support Command Antivirus 4.52$40 Win 95/98, NT, 3.1; DOS; OS/2; NetwareYesNo 24/24 Yes McAffe Virus Scan 4.0$49 Win 95/98, NT, 3.1; DOS; OS/2 YesYes 8/0 NON orton AntiVirus 5.0$40 Win 95/98 YesYes 9/0 Yes Panda Antivirus 6.005 Platinum$59 Win 95/98, NT, 3.1; DOS; OS/2 YesYes 24/24 Yes Sophos Anti-Virus 3.13$99 Win 95/98, NT, 3.1; DOS; OS/2; NetwareYesNo 24/24 Yes Trend PC-Cillin 6$40 Win 95/98 YesYes 11/0 Noa. tu dent 2 C: WINDOWSTEMPAutoRecovery save of Document 1. asd RMC Student A: Computer Viruses. doc" (R) 1/2 ":" y.