VIRUSES

What is Computer Virus?
A computer virus is a program that explicitly copies itself. This may lead to it spreading from machine to machine and is typically done without the user's knowledge or permission. Viruses, by definition, add their code to your system in such a way that when the infected part of the system executes, the virus does also.

About Viruses :
Some viruses display obvious symptoms, and some cause damage to files in a system they have infected. A non-damaging virus is still a virus, not a prank and, other things being equal, viruses without obvious symptoms are more likely to spread further and persist longer than those that rapidly draw attention to themselves.

There are no 'good' viruses, simply because a virus is code that was not intentionally installed by the user. Users must be able to control their computers, and that requires that they have the power to install and remove software; that no software is installed, modified, or removed without their knowledge and permission. A virus is surreptitiously self-installed. It may modify other software in the system without user awareness, and removal can be difficult and costly.

Many viruses cause intentional damage. But many more cause damage that may not have been intended by the virus writer. For instance, when a virus finds itself in a very different environment than that for which it was written, what was intended to be a non-destructive virus can prove very destructive. A good case in point is the boot virus. Few, if any, boot viruses contain code to damage computers running Windows NT however, with many boot viruses, when they infect an NT machine system recovery can be quite tricky.

Even if a virus causes no direct damage to your computer, your inexperience with viruses can mean that damage occurs during the removal process. Many organizations have shredded floppies, deleted files, and done low-level formats of hard disks in their efforts to remove viruses. Even when removal is done perfectly, with no damage to the infected system or files, it is not normally done when the machine is first infected, and the virus in that machine has had a few weeks to spread. The social costs of infection include a loss of reputation and good will. This last point is increasingly significant recently with the rapid increase in network-aware and data stealing viruses.

There are various types of viruses :
Boot viruses place (some of) their code in the disk sector whose code the machine will automatically execute when booting. Thus, when an infected machine boots, the virus loads and runs. After boot viruses are finished loading, they usually load the original boot code, which they have previously moved to another location, or take other measures to ensure the machine appears to boot normally.
File viruses attach to 'program files' (files containing executable or interpretable code) in such a way that when you run the infected program, the virus code executes. Usually the virus code is added in such a way that it executes first, although this is not strictly necessary. After the virus code has finished loading and executing, it will normally load and execute the original program it has infected, or call the function it intercepted, so as to not arouse the user's suspicion.
Macro viruses are really just a type of file virus, but a particularly 'successful' type. They copy their macros to templates and/or other application document files. Although 'auto macros' were almost exclusively used by early macro viruses (often to ensure the virus' code is the first to execute when infected templates or documents were opened), several other mechanisms are also available - in fact, some of these, such as taking over standard internal functions of the host application (say the 'File Save' command) and installing default event handlers are probably more commonly used these days.
Script viruses also became quite successful around the beginning of this century. This was mainly due to the increase in machines running Windows Scripting Host, which was first installed by default in Windows 98 and 2000 and with Internet Explorer 5.0 and later versions. Representing new types of 'program file', but with icons more like that of 'safe' text files, standalone Visual Basic Script (VBS) and JavaScript (JS) programs became a popular target of the writers of mass mailing viruses.
Companion viruses take advantage of features of the operating system to be executed, rather than directly infecting programs or boot sectors. Under DOS and Windows, when you execute the command 'ABC', the rule is that ABC.COM executes before ABC.EXE (in the rare cases where both files exist). Thus, a companion virus could place its code in a COM file with its first name matching that of an existing EXE file. When the user next executed the 'ABC' command, the virus' ABC.COM program would be run (usually the virus would launch ABC.EXE once its code was finished so as not to arouse suspicion). This is known as the 'execution preference companion' method, but several other forms of companion infection are also possible.

How do viruses spread?
When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network . And the newly infected programs will try to infect yet more programs.

When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers.

If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks.Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies.

Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks.

Some general tips on avoiding virus infections
There are a number of simple precautions you can take to keep your digital personal information secure:
Without harping on the subject - keep your antivirus up to date and protect yourself from trojans!
If you must store personal information on your machine, encrypt it.
Use strong passwords, that is:
        do not use passwords that are based on words you can find in the dictionary
        do not use consecutive numbers or letters
        do use both upper and lowercase letters
        do use a combination of both letters and numbers
        do try to ensure that your passwords are a minimum of 6-8 characters long
        do not write your passwords down if you can help it, but if you must, do not leave them on or near the computer                (and certainly not under the keyboard!)
Keep your operating system and applications up to date and patched against the latest discovered vulnerabilities.
Do not run files that are sent to you, unless you are completely sure of their integrity.
Do not click on hyperlinks from people you don't know.
Install a firewall application, particularly if your Internet connection is always on (such as with DSL).
Ensure that the browser you use supports security and is capable of encrypting information that you may send.
If you are getting rid of an old machine, ensure that you have wiped the hard disk (using a wiping utility) - deleting the files is not precaution enough.
Read website security and privacy policies.

Virus Threats :

What is a Worm?
Worms are described by some antivirus researchers as similar to viruses in that they make copies of themselves, but different in that they need not attach to particular files or sectors at all. Once such a worm is executed, it seeks other systems - rather than parts of systems - to infect, then copies its code to them in such a way as to have the code execute directly from memory. This form of 'classic worm' is still very rare, with the 'Morris worm' (or 'The Internet worm') of November 1988 the best known of a small number of examples. More recently the term 'worm' has been taken to mean 'a virus that replicates across a network link', with the most common usage applied to viruses that send many copies of themselves out attached to the infected user's e-mail.

What is a Trojan horse program?
A type of program that is often confused with viruses is a 'Trojan horse' program. This is not a virus, but simply a program (often harmful) that pretends to be something else.

For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program E-mails your saved passwords to another person.

Note: Simply downloading a file to your computer won't activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document.

Anti-Virus Programs
Viruses are computer programs written to reproduce themselves. This means they tend to spread from one computer to another. They are commonly perceived (and often designed) to cause damage by deleting data and performing malicious acts (while many would argue that the impact supposedly benign viruses have on computer performance could also be considered as destructive). However, this is not necessary for a program to be considered a virus.

Viruses are detected by antivirus software in two ways; a full scan of your hard drive, or in real-time as each file is accessed. It is critical that antivirus software provide both these features, especially real-time protection. Full and real-time scans detect known viruses using scan strings (like virus fingerprints) that identify a program as (containing) a known virus. Some antivirus software also uses advanced techniques to identify potential viruses and will check memory and system files as well.

For further information about anti virus programs, please visit the following sites:
http://www.symantec.com/avcenter/
http://www.virus.com
http://www.securityfocus.com/
http://www.microsoft.com/technet/security/virus.asp

If you want to install an anti virus program to your computer, you can download it from Bogazici University's "license" server.

Bogazici University Computer Center - 34342 Bebek, Istanbul
(0212) 3594700-3596445