Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Computer Virus FAQ for New Users


[ Usenet FAQs | Web FAQs | Documents | RFC Index | Houses ]
Archive-name: computer-virus/new-users
Posting-Frequency: weekly

See reader questions & answers on this topic! - Help others by sharing your knowledge
                  Computer Virus FAQ for New Users
                  --------------------------------

This FAQ answers some of the questions that new users ask about computer
viruses and Trojan horse programs.  It also tries to clear up some common
misconceptions about viruses and E-mail.

If you need help with a virus infection or want more advanced information
about viruses, please see 'Dealing with virus infections:' and 'Sources of
additional information: near the end of this FAQ.

And if you don't read anything else, at least read the very first topic:
"Why should I care...".

--------------------------------------------------------------------------

Why should I care about computer viruses?  Isn't all this just a bunch of
hype drummed up by marketing departments for anti-virus software companies?

    I'm writing this in early May 1999.  For the past week, the
    alt.comp.virus newsgroup has been flooded with pleas for help
    from people whose computers were clobbered by the CIH virus, which
    activated on April 26.  Many of those people wound up having to put in
    large amounts of time and effort to get their computers operational;
    some people have had to buy replacement chips or pay for a repair shop
    to get their systems back in operation.  And some of those people have
    lost data they will never be able to replace.
    
    Yet the CIH virus was well-known almost a year before it activated, and
    virtually every single current anti-virus program could handle it.  But
    a lot of people didn't have a-v software, and many of those who did have
    it didn't use it regularly or keep it updated.
    
    So a lot of people lost time, money, and irreplaceable data when the CIH
    virus activated simply because they didn't take basic precautions to
    protect themselves.
    
    The virus threat is not going away: from reading the alt.comp.virus
    newsgroup, it's obvious that there are lots of people who would just
    love to create the same kind of havoc with their own virus creations.

--------------------------------------------------------------------------

1.  What is a computer virus?

A computer virus is a program designed to spread itself by first infecting
executable files or the system areas of hard and floppy disks and then
making copies of itself.  Viruses usually operate without the knowledge or
desire of the computer user.

2.  What kind of files can spread viruses?

Viruses have the potential to infect any type of executable code, not just
the files that are commonly called 'program files'.  For example, some
viruses infect executable code in the boot sector of floppy disks or in
system areas of hard drives.  Another type of virus, known as a 'macro'
virus, can infect word processing and spreadsheet documents that use
macros.  And it's possible for HTML documents containing JavaScript or other
types of executable code to spread viruses or other malicious code.

Since virus code must be executed to have any effect, files that the
computer treats as pure data are safe.  This includes graphics and sound
files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt
files.  For example, just viewing picture files won't infect your computer
with a virus. The virus code has to be in a form, such as an .exe program
file or a Word .doc file, that the computer will actually try to execute.

3.  How do viruses spread?

When you execute program code that's infected by a virus, the virus code
will also run and try to infect other programs, either on the same computer
or on other computers connected to it over a network .  And the newly
infected programs will try to infect yet more programs.

When you share a copy of an infected file with other computer users,
running the file may also infect their computers; and files from those
computers may spread the infection to yet more computers.

If your computer is infected with a boot sector virus, the virus tries to
write copies of itself to the system areas of floppy disks and hard disks.
Then the infected floppy disks may infect other computers that boot from
them, and the virus copy on the hard disk will try to infect still more
floppies.

Some viruses, known as 'multipartite' viruses, can spread both by infecting
files and by infecting the boot areas of floppy disks.

4.  What do viruses do to computers?

Viruses are software programs, and they can do the same things as any other
programs running on a computer.  The actual effect of any particular virus
depends on how it was programmed by the person who wrote the virus.

Some viruses are deliberately designed to damage files or otherwise
interfere with your computer's operation, while others don't do anything but
try to spread themselves around.  But even the ones that just spread
themselves are harmful, since they damage files and may cause other problems
in the process of spreading.

Note that viruses can't do any damage to hardware: they won't melt down your
CPU, burn out your hard drive, cause your monitor to explode, etc.  Warnings
about viruses that will physically destroy your computer are usually hoaxes,
not legitimate virus warnings.

5.  What is a Trojan horse program?

A type of program that is often confused with viruses is a 'Trojan horse'
program.  This is not a virus, but simply a program (often harmful) that
pretends to be something else.

For example, you might download what you think is a new game; but when  you
run it, it deletes files on your hard drive.  Or the third time you start
the game, the program E-mails your saved passwords to another person.

Note: simply downloading a file to your computer won't activate a virus or
Trojan horse; you have to execute the code in the file to trigger it.  This
could mean running a program file, or opening a Word/Excel document in a
program (such as Word or Excel) that can execute any macros in the document.

6.  What's the story on viruses and E-mail?

You can't get a virus just by reading a plain-text E-mail message or Usenet
post.  What you have to watch out for are encoded messages containing
embedded executable code (i.e., JavaScript in an HTML message) or messages
that include an executable file attachment (i.e., an encoded program file or
a Word document containing macros).

In order to activate a virus or Trojan horse program, your computer has to
execute some type of code.  This could be a program attached to an E-mail, a
Word document you downloaded from the Internet, or something received on a
floppy disk.  There's no special hazard in files attached to Usenet posts or
E-mail messages: they're no more dangerous than any other file.

7.  What can I do to reduce the chance of getting viruses from E-mail?

Treat any file attachments that might contain executable code as carefully
as you would any other new files: save the attachment to disk and then check
it with an up-to-date virus scanner before opening the file.

If your E-mail or news software has the ability to automatically execute
JavaScript, Word macros, or other executable code contained in or attached
to a message, I strongly recommend that you disable this feature.

My personal feeling is that if an executable file shows up unexpectedly
attached to an E-mail, you should delete it unless you can positively
verify what it is, who it came from, and why it was sent to you.

The recent outbreak of the Melissa virus was a vivid demonstration of the
need to be extremely careful when you receive E-mail with attached files or
documents.  Just because an E-mail appears to come from someone you trust,
this does NOT mean the file is safe or that the supposed sender had anything
to do with it.

--------------------------------------------------------------------------

Some general tips on avoiding virus infections:

1.  Install anti-virus software from a well-known, reputable company,
UPDATE it regularly, and USE it regularly.

New viruses come out every single day; an a-v program that hasn't been
updated for several months will not provide much protection against current
viruses.

2.  In addition to scanning for viruses on a regular basis, install an 'on
access' scanner (included in most good a-v software packages) and configure
it to start automatically each time you boot your system.  This will protect
your system by checking for viruses each time your computer accesses an
executable file.

3.  Virus scan any new programs or other files that may contain executable
code before you run or open them, no matter where they come from.  There
have been cases of commercially distributed floppy disks and CD-ROMs
spreading virus infections.

4.  Anti-virus programs aren't very good at detecting Trojan horse
programs, so be extremely careful about opening binary files and Word/Excel
documents from unknown or 'dubious' sources.  This includes posts in binary
newsgroups, downloads from web/ftp sites that aren't well-known or don't
have a good reputation, and executable files unexpectedly received as
attachments to E-mail or during an on-line chat session.

5.  If your E-mail or news software has the ability to automatically execute
JavaScript, Word macros, or other executable code contained in or attached
to a message, I strongly recommend that you disable this feature.

6.  Be _extremely_ careful about accepting programs or other files during
on-line chat sessions: this seems to be one of the more common means that
people wind up with virus or Trojan horse problems.  And if any other family
members (especially younger ones) use the computer, make sure they know not
to accept any files while using chat.

7.  Do regular backups. Some viruses and Trojan horse programs will erase or
corrupt files on your hard drive, and a recent backup may be the only way to
recover your data.

Ideally, you should back up your entire system on a regular basis.  If this
isn't practical, at least backup files that you can't afford to lose or that
would be difficult to replace: documents, bookmark files, address books,
important E-mail, etc.

--------------------------------------------------------------------------

Dealing with virus infections:

First, keep in mind "Nick's First Law of Computer Virus Complaints":

    "Just because your computer is acting strangely or one of your programs
    doesn't work right, this does NOT mean that your computer has a virus."

1.  If you haven't used a good, up-to-date anti-virus program on your
computer, do that first.  Many problems blamed on viruses are actually
caused by software configuration errors or other problems that have nothing
to do with a virus.

2.  If you do get infected by a virus, follow the directions in your
anti-virus program for cleaning it.  If you have backup copies of the
infected files, use those to restore the files.  Check the files you restore
to make sure your backups weren't infected.

3.  For assistance, check the web site and support services for your
anti-virus software.

4.  The "[alt.comp.virus] FAQ Part 1/4" (see below) includes an excellent
section on initial steps for dealing with a suspected virus infection.

5.  For discussions about viruses and help dealing with them, visit
<news:alt.comp.virus> or <news:comp.virus>; please check the newsgroup FAQs
before posting.  Keep in mind that posters in c.v and in a.c.v, like posters
in any newsgroup, have a wide range of technical expertise and motivations.

Note: in general, drastic measures such as formatting your hard drive or
using FDISK should be avoided.  They are frequently useless at cleaning a
virus infection, and may do more harm than good unless you're very
knowledgeable about the effects of the particular virus you're dealing with.

--------------------------------------------------------------------------

What is the best anti-virus software available?

Posters in the alt.comp.virus newsgroup have been discussing that for years
and still haven't reached a consensus.  :-)

The following web sites have sections with reviews of various a-v programs:

<http://www.zdnet.com/pcmag/features/utilities98/antivirus/index.html>
<http://www.uta.fi/laitokset/virus/>
<http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm>

--------------------------------------------------------------------------

Sources of additional information:

For more information, and advice on avoiding and dealing with virus
infections, see the FAQs for <news:comp.virus> and <news:alt.comp.virus>:

    "VIRUS-L/comp.virus Frequently Asked Questions (FAQ)"
    "[alt.comp.virus] FAQ" (currently parts 1 to 4)
    "ALT.COMP.VIRUS MINI-FAQ - READ BEFORE POSTING"
    "Viruses and the Mac FAQ"

You can find the FAQs in the above newsgroups, in <news:news.answers>, or
in the Usenet FAQ archive at <http://www.faqs.org/faqs/computer-virus>.

Another source of information is the data on the web sites of anti-virus
software companies.  You can find many anti-virus software companies listed
in the Virus Protection section of the Yahoo directory, at
<http://www.yahoo.com/Business_and_Economy/Companies/Computers/Software/System_Utilities/Utilities/Virus_Protection/>.

Links to a variety of pages with virus-related information can be found in
the Virus section of Yahoo, at
<http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/Viruses/>.

A useful site for Macintosh virus information is <http://www.macvirus.com/>.

The newsgroups <news:comp.virus> and <news:alt.comp.virus> are available for
information, assistance, and discussions of all aspects of computer viruses.
Please check the FAQs before posting.

For information about some of the virus hoaxes and bogus warnings that you
may run into on-line, see my 'Scams and Hoaxes FAQ', available at
<http://www.faqs.org/faqs/net-abuse-faq/scams/> or in the newsgroup
<news:news.newusers.questions>.


Note: this FAQ is updated occasionally.  Copies posted to the new user
newsgroups should be current, but if you found this FAQ somewhere else,
please see <http://www.faqs.org/faqs/computer-virus/new-users> for the
latest version.

-- 
Nick   <mailto:tanstaafl@pobox.com>

User Contributions:

1
Elena
Thank you for this article on viruses it was very helpful!

Comment about this article, ask questions, or add new information about this topic:


[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
tanstaafl@pobox.com (Nick)





Last Update March 27 2014 @ 02:11 PM