Computer virus

From Simple English Wikipedia, the free encyclopedia

A computer virus is a program that is able to copy itself when it is run.[1] Often, computer viruses are run as a part of other programs. Any program that is affected by the virus is "infected". Biological viruses also work that way, as they copy themselves as part of other organisms. This is how the computer virus got its name.

In addition to copying itself, a computer virus can also execute instructions that cause harm. For this reason, computer viruses affect security. They are part of malware.

Very often, the term is also used for other kinds of malware, such as trojan horses and worms. Even though this is wrong, it may be difficult to tell the difference between different kinds of malware; they often occur together, and only an expert may be able to tell them apart. Such programs also fit more than one category.

Computer viruses are created for a cause, sometimes they are created to spread political messages and they are also created to hack some system files.

Computer viruses are spread through many ways. Some of the common ways of spreading are through downloads, email attachments, removable hardwares, and so on. Most viruses are very dangerous kind of malware.

Kinds of computer viruses[change | change source]

There are different kinds of computer viruses:

  • Probably the most common form is the macro-virus or script virus. Such viruses are programmed with the script function which is present in many text processing systems and spreadsheets; or with general "script" functionality of a program.
  • Boot sector viruses infect the boot sector of floppy disks, hard drives and other media.
  • Executable files and scripts of the operating system; including those that are run automatically when a medium is inserted into a drive.
  • Cross-site scripting; scripts in web pages that replicate to other webpages.
  • Any computer file; generally buffer overflows, format strings, and race conditions are exploitable.

Limited user rights can limit the spread of a virus[change | change source]

In the beginning, operating systems on personal computers (or PC) did not have the concept of access control. There were no "users", everyone could do everything. Modern operating systems have the concept of access control. There can be more than one user and some users may have more "privileges" than others. Certain users may only have access to certain files and are unable to access others. Other users may be able to modify or delete certain files. These privileges can be specified for each file.

The damage a virus can cause is influenced by the rights the user has; if the user has no rights to write to certain places in the system, the virus will not be able to spread to those places.

Another problem is that sometimes the system for rights management may be available, but that it is not used by default. This is the case with systems such as Windows NT or Windows XP, where by default all users have same rights.

Antivirus software[change | change source]

Antivirus software can protect computers against known viruses. Some antivirus software scan files and compare a hash code for each file with its database of hash codes (or "signature"). If the code matches, it has likely found a virus. This way of doing things has created some problems. It will only protect against viruses whose hash code is known. The companies that wrote the antivirus need to keep the virus signatures up-to-date and need to give this information to the PC to be protected.

There are two possible modes of scanning: Either the file is scanned "on demand" (or "manually"), or it is scanned when the system registers an access to the file called "on access".

Antivirus software cannot offer full protection, even in the case the virus is known. Some viruses use something called polymorphic code to change their signature every time they move. No matter how many signatures the company has, they will not be able to stop these types of viruses.

Another way that antivirus software can protect against viruses is to use heuristics. Instead of knowing each virus by its signature, heuristic antivirus software look at the behavior of other software. If a software does something that seems bad, the antivirus software steps-in to stop it. Since every step needs to be watched, this is a slow way to do things.

"Live system"[change | change source]

The best protection against viruses can be obtained by using a system that boots off a read-only medium, such as a compact disc (called CD), digital versatile disc (called DVD), or USB flash drive (called USB) that does not allow write access to hard disk (or other removable media). This limits the usability of the computer as it is not possible to save documents or install new programs. Only -R media (not -RW) should be used, and the media should be finalized to prevent creating a new session that might possibly contain a virus.

References[change | change source]

  1. Ritstein, Charles (1992). Executive Guide to Computer Viruses. National Computer Security Association. p. 1.