Here is my "simple" explanation:
a computer virus is executable code.
And just like programs, it must be executed before
it can do anything. It's called a virus because it is similar to the
biological variety in a number of ways:
Its primary purpose is to replicate itself. In the past, this was almost always accomplished using one of two methods:
1) By copying itself into the master boot record (MBR) area of a floppy disk whenever data/program files are saved on it; from which it can infect other computers, or
2) By attaching a copy of itself to as many program files as it possibly can on your computer's hard drive (primarily .EXE or .COM files). This method assumes that you will make copies of these programs and give them to others in order to propagate the virus.
Although either of these two methods could still be used, more recent world-wide infections have been spread:
3) By viruses that use the executable code within existing programs such as word processors or spreadsheet calculators to run attached macro commands from within files that most people considered safe at one time. The first "Macro viruses" got their name from the commands used by Microsoft® WORD™ and travel only as a VB script within .DOC (document) or MS-Excel™ files which people send to others via floppy disks or as email attachments. Computer users should now realize that any program which runs or opens any other file in which lethal commands could be stored, will always be susceptible to this kind of attack. (NOTE: There are now so many different types of files now that can contain script-like code which will run programs on your computer that it seems almost easier to create a list of file-types that are NOT possibly dangerous when opened as email attachments. Files which are set to open only in Windows™ Notepad, for example, can not cause your computer to DO anything. Why? Because that program was made to simply show you the contents of the file you open with it. You would never use Notepad or any other TEXT editor to make changes to a binary file, BUT you can still use it to view whatever text characters are contained within a binary file.) You should NEVER open an email attachment blindly, especially if you didn't specifically request that the file be sent to you!
I often SAVE and then EXAMINE the contents of email attachments (sometimes using a Hex Editor); I was even able to identify a recent virus from a relative by just looking at it with Notepad -- use the 'WordWrap' function when doing so; but, remember to NOT save any changes when it asks if you want to, or you'll corrupt any binary files you open this way!
If I were the head of a Dept. that had any kind of connection to the Internet, I wouldn't even bother making a list: I'd restrict ALL email with attachments until they could be dealt with by a trained individual; many employees just don't know enough about how file extensions are used. For example, if they have a computer at home with a Windows™ 95/98 OS on it, they might not even know what a file extension is! You can blame Microsoft® for deciding to hide file extensions by default!
4) By viruses that hook into email programs and send themselves to all the people you send email to, or even everyone in your address book! This type virus/worm spreads pandemically by infecting any of those people's computers when they execute the code attached to the email message, gaining whole new lists of potential victims and spreading at an alarming rate. This is the type of virus/worm/trojan that has been most effect in recent months, infecting many corporations and even governmental institutions.
As in living beings, computer viruses may do little or no harm to their host (your computer might only be a "carrier"), become downright nasty at times (like the common cold), or deadly (such as the 1918 influenza which killed over 20 million people).
I'm not sure if there are any viruses that can actually lie dormant within a human body and never become active, but a computer virus certainly can. An executable file with an attached virus may sit around on a hard drive without ever causing any problems or even a single replication as long as you never execute the code. And if you make a copy of the program to be used on someone else's computer, you would then be considered a "carrier." (Note: Most Internet servers are potential "carriers" because an infected program made available for download is often impossible to run under that computer's operating system: A UNIX server, for example, usually couldn't run MS-Windows code.) Unlike the mechanisms required to produce cancer cells though, all it takes is the thought 'I wonder what that one does?' and a click or a few key presses later your computer could be infected if not spreading a virus over the Net.
Most likely you'll encounter a virus that was designed to run (and replicate itself) very often. In the past, this could only be accomplished by causing the virus to infect your computer's boot-up code, specifically the MBR. But now there are all sorts of ways virus (and trojan) writers can use to get their code to run every time you power-up your computer!
The best you can hope for if you execute ANY virus is that it will simply take up extra space on your drive as it continues to infect new files and floppy disks. A virus like this may survive for years by never blatantly calling attention to its existence!
If the virus was written to only replicate itself, or to display some simple message on a particular date, then it might not damage any of your data. Some of the "stealth boot viruses" from the past tended to act this way. That's why they're more widespread (on older systems anyway) than the more deadly viruses. But any virus, could always be waiting to explode like a bomb when a particular trigger date or event occurs!
Stealth Boot viruses (those that infect MBRs) were encountered almost as often as the common cold at one time. They normally infect another computer like this:
Note that many of the recent viruses are actually combinations of executable code, script-like files and even the old DOS Batch files. As I've said elsewhere, you need to begin with common sense and knowledge to protect yourself againt viruses; an Anti-Virus program is just a tool, one which is often expected to do far more than it ever could. Imagine some poor soul who doesn't know a single DOS command, executing a .BAT (DOS batch file; if he can even see the file extension!) which erases most of his hard drive, and then complains afterwards, 'But my Anti-Virus program never alerted me!' The point: Even if you faithfully download the most recent info files from your AV-'doctors' (think of flu vaccinations), a time will come when your AV program doesn't have the correct info to combat a particular strain of virus! Keeping your computer healthy also involves doing whatever you can to recognize the types of files and conditions that could be potentially harmful to the data on your computer.
Viruses which are deadly the ones that erase most of your files or just the critical parts of your hard drive were less prevalent in the past, but always a possibility. Today there's a greater chance of being infected by a potential killer.
And this is where the analogy to a biological virus breaks down, because your computer can not be physically damaged by them. Viruses do not cause the death of your machine: If a key file on its hard drive is erased, your computer simply has "no idea what to do next." Or, to put it differently: Although it may have completely lost its "mind" for the moment, it NEVER loses its ability to be restored to a fully functioning computer again!
If your DATA really is very important to you, then you'll make reliable backup copies regularly. Your original install disks or CDs are an automatic backup of your programs, but any data files which you generate, like artwork creations, or rare but trustworthy programs which cannot be replaced should be backed up as soon as possible. Remember: At any moment, your hard drive might fail due to a mechanical problem, and without ever having come across a single virus you could lose ALL of your files!
|A Special "Lab Session" Insert|
Did your program ALERT you to the presence of the EICAR Test virus?
You can write to me using this: online reply form. (It opens in a new window.)
Back to The Starman's Realm Index Page.
Online since July 26, 1998.