Antivirus software is your system's first line of defense against malicious code
- By J.B. Miles
- Jun 04, 2003
Agency managers aren't alone in worrying about malicious code: Concern about computer viruses ranks near the top of what people fear the most in these anxiety-ridden times.
A recent survey conducted by Opinion Research Corp., a market research company in Princeton, N.J., ranked computer viruses as the fourth most feared threat of our time, right behind terrorist attacks, identity theft and war.
Despite these concerns, 40 percent of those surveyed acknowledged they had taken no steps toward improving their personal security within the past six months. Of those who did take action, 39 percent reported installing antivirus software, 21 percent moved their personal data to more secure locations, and 19 percent reviewed their online service provider's security policies.
The ORC survey suggests that while people do feel anxiety about the threats of terrorism and war, they perceive that these threats are mostly beyond their control. But they believe they can build protection against online threats such as computer viruses and hackers.
Meanwhile, the costs of downtime, lost or infected data and data recovery add up to billions of dollars annually in the United States. Virus attacks have increased dramatically since 2001.
Most experts say e-mail attachments are the main cause of viruses, followed by Internet downloads and Web browsing. They advise using desktop antivirus sofware and commonsense precautions when browsing or downloading e-mail or information from Web sites.
Because viruses are deliberately written to invade and damage a PC, they are the most difficult threat to guard against, according to Wolfgang Stiller, antivirus expert and developer of Integrity Master, an antivirus and data integrity program for PCs that run Microsoft Windows. Various threats are often lumped together under the heading of 'viruses,' but they have distinctions, he said.Bombs aren't viruses
For example, a logic bomb, just like a real bomb, will lie dormant until triggered by some event.
The trigger can be a specific date or the number of times the host program has been executed. When the logic bomb is triggered it will do something nasty to your computer's innards, but it's not a virus per se.
Trojan viruses are named for the Trojan horse that invisibly delivered enemy soldiers inside the gates of the walled city of Troy.
To a computer, a Trojan is a delivery vehicle that injects destructive code, such as a bomb or virus. At first, it may appear as a useful program, but eventually it will attack your PC, Stiller said.
A worm is a self-reproducing program that doesn't affect other programs as viruses do but instead creates copies of itself. The copies create other copies, and so the worm replicates itself ad infinitum, clogging computers and especially networks.
So, finally, we come to the definition of a virus according to Stiller: 'A virus is a program which reproduces its own code by attaching itself to other programs in such a way that the virus code is executed when the infected program is executed.'
It goes without saying that the virus must do this without the permission or knowledge of the user.VirusList.com
, a valuable source of virus information, lists three main virus forms: macro viruses, file infectors and boot-sector infectors. The following definitions are paraphrased from the site's encyclopedia.
Macro viruses most often infect Microsoft Office documents and are especially fond of Word, Excel and Outlook. They typically employ Visual Basic scripts and are distributed by e-mail. VirusList.com ranks macro virus payloads, which are set in motion when an infected application is run, as not extremely vicious, but certainly annoying and unwelcome to victims.
File infectors attach themselves to executable code in files with extensions such as .exe. If they get into operating system execution files with extensions including .sys, .prg and .dll among others, the results can be dire for users.
When an infected program or OS is run, the virus code of the file infector enters the host system along with the legitimate code it has attached itself to.
Boot-sector infectors contaminate system code such as the boot sector of floppy disks or the Master Boot Record on hard drives. Once the hard or floppy drive is booted, these viruses load themselves into the system memory of host PCs to do their dirty work.Use all features
There is much more to viruses and the nasty things they can do to your computer, but you get the idea.
The antivirus programs in this guide are all designed for home or small office users. In many cases, they are part of a fleet of products designed for network or gateway protection, or those designed around enterprise requirements.
All the programs listed can protect against all three virus types, but it is important to use all their features to do the job.
Virtually all of them include a virus scanner and some type of function for disinfecting contaminated files or programs.
There are limitations to this process. By itself, the scanner residing in your antivirus program can't detect a new virus. When a new virus is detected, programmers at the software developer's site analyze and extract its signature string.
This string must be tested, incorporated into the next release of the software and distributed to the customer. The best programs automatically send online messages announcing new updates. My own antivirus program, Network Associates Technology Inc.'s McAfee VirusScan Professional, announces updates regularly. It also comes with Personal Firewall, Anti-Spam and Identity Theft protection and other features not included in lesser packages.
As you might expect, a disinfection feature, such as McAfee VirusScan's QuickClean, works to clean up infected files or programs by restoring them to their original condition.
Here's a list of measures that will help you take full advantage of the antivirus software you choose:
J.B. Miles of Pahoa, Hawaii, writes about communications and computers. E-mail him at firstname.lastname@example.org.
- Enable the continuous operation checkbox of your software. It will actively protect your PC continuously every time it is turned on.
- Set your program to scan all files, including compressed files.
- Pay attention to the automatic update feature of your software if it includes one. The best programs automatically update themselves and inform you of the latest virus threats to your computer.
- Make sure your program's heuristic scanning feature, if it has one, is on and available. This feature has different names depending on the manufacturer. McAfee VirusScan calls it H.A.W.K., Norton AntiVirus calls it Bloodhound.
- Make sure your program informs you when a disinfected file or program can't be repaired so you can recall it from storage or a shrink-wrapped disk.
- Set your program to regularly scan your entire system.
- Make backup disks, make backup disks, make backup disks, make backup disks.