What is a Computer Virus?( See below
for safely testing your anti-virus software right now.)
Here is my "simple" explanation:
a computer virus is executable code.
And just like programs, it must be executed before
it can do anything. It's called a virus because it is similar to the
biological variety in a number of ways:
Its primary purpose is to replicate itself.
In the past, this was almost always accomplished using one of two methods:
1) By copying itself into the master boot record (MBR) area
of a floppy disk whenever data/program files are saved on it; from
which it can infect other computers, or
2) By attaching a copy of itself to as many program
files as it possibly can on your computer's hard drive (primarily .EXE
or .COM files). This method assumes that you will make copies of these
programs and give them to others in order to propagate the virus.
Although either of these two methods could still be used, more recent
world-wide infections have been spread:
3) By viruses that use the executable code within existing programs
such as word processors or spreadsheet calculators to run attached
macro commands from within files that most people considered safe at
one time. The first "Macro viruses" got their name from the
commands used by Microsoft® WORD™ and travel only as a
VB script within .DOC (document) or MS-Excel™ files which people send
to others via floppy disks or as email attachments. Computer users should
now realize that any program which runs or opens any other file in
which lethal commands could be stored, will always be susceptible to this
kind of attack.
(NOTE: There are now so many different types of files now that can contain
script-like code which will run programs on your computer that it seems
almost easier to create a list of file-types that are NOT possibly
dangerous when opened as email attachments. Files which are set to open
only in Windows™ Notepad, for example, can not cause your computer
to DO anything. Why? Becuase that program was made to simply show you the
contents of the file you open with it. You would never use Notepad or any
other TEXT editor to make changes to a binary file, BUT you can still use
it to view whatever text characters are contained within a binary file.)
You should NEVER open an email attachment blindly, especially if you didn't
specifically request that the file be sent to you!
I often SAVE and then
EXAMINE the contents of email attachments (sometimes using a Hex Editor); I
was even able to identify a recent virus from a relative by just looking at
it with Notepad -- use the 'WordWrap' function when doing so; but, remember
to NOT save any changes when it asks if you want to, or you'll corrupt any
binary files you open this way!
If I were the head of a Dept. that had any kind
of connection to the Internet, I wouldn't even bother making a list: I'd
restrict ALL email with attachments until they could be dealt with by a
trained individual; many employees just don't know enough about how file
extensions are used. For example, if they have a computer at home with a
Windows™ 95/98 OS on it, they might not even know what a file
extension is! You can blame Microsoft® for deciding to hide
file extensions by default!
4) By viruses that hook into email programs and send themselves to
all the people you send email to, or even everyone in your address book!
This type virus/worm spreads pandemically by infecting any of those
people's computers when they execute the code attached to the email
message, gaining whole new lists of potential victims and spreading at an
alarming rate. This is the type of virus/worm/trojan that has been most
effect in recent months, infecting many corporations and even governmental
As in living beings, computer viruses may do little or no harm to
their host (your computer might only be a "carrier"), become
downright nasty at times (like the common cold), or deadly
(such as the 1918 influenza which killed over 20 million
I'm not sure if there are any viruses that can actually lie dormant within
a human body and never become active, but a computer virus
certainly can. An executable file with an attached virus may sit
around on a hard drive without ever causing any problems or even a single
replication as long as you never execute the code. And if
you make a copy of the program to be used on someone else's computer, you
would then be considered a "carrier." (Note: Most Internet
servers are potential "carriers" because an infected
program made available for download is often impossible to run under that
computer's operating system: A UNIX server, for example, usually couldn't
run MS-Windows code.) Unlike the mechanisms required to produce cancer cells
though, all it takes is the thought 'I wonder what that one does?' and a
click or a few key presses later your computer could be infected if not
spreading a virus over the Net.
Most likely you'll encounter a virus that was designed to run (and replicate
itself) very often. In the past, this could only be accomplished by causing
the virus to infect your computer's boot-up code, specifically the MBR. But
now there are all sorts of ways virus (and trojan) writers can use to get
their code to run every time you power-up your computer!
The best you can hope for if you execute ANY virus is that it will simply
take up extra space on your drive as it continues to infect new files and
floppy disks. A virus like this may survive for years by never blatantly
calling attention to its existence!
If the virus was written to only replicate itself, or to display
some simple message on a particular date, then it might not damage
any of your data. Some of the "stealth boot viruses" from the past
tended to act this way. That's why they're more widespread (on older systems
anyway) than the more deadly viruses. But any virus, could always be waiting
to explode like a bomb when a particular trigger date or event occurs!
Stealth Boot viruses (those that infect MBRs) were encountered almost
as often as the common cold at one time. They normally infect another
computer like this:
- Files are copied from an infected computer onto a floppy disk.
- The files themselves have no problem, but the original boot record of
the floppy disk is replaced by the virus.
- Someone eventually forgets to take the infected floppy disk out of
another computer's disk drive ( or the floppy was purposely created
as a system boot floppy in the first place!)
- When turned on again, the computer is booted from the infected floppy,
activating the virus, which then installs a copy of itself into that
computer's MBR area ready to infect more floppies.
Note that many of the recent viruses are actually combinations of
executable code, script-like files and even the old DOS Batch files. As I've
said elsewhere, you need to begin with common sense and knowledge to protect
yourself againt viruses; an Anti-Virus program is just a tool, one which is
often expected to do far more than it ever could. Imagine some poor soul who
doesn't know a single DOS command, executing a .BAT (DOS batch file; if he
can even see the file extension!) which erases most of his hard drive, and
then complains afterwards, 'But my Anti-Virus program never alerted me!'
The point: Even if you faithfully download the most recent info files
from your AV-'doctors' (think of flu vaccinations), a time will come when
your AV program doesn't have the correct info to combat a particular
strain of virus! Keeping your computer healthy also involves doing
whatever you can to recognize the types of files and conditions that could
be potentially harmful to the data on your computer.
Viruses which are deadly the ones that erase most of your
files or just the critical parts of your hard drive were less
prevalent in the past, but always a possibility. Today there's a greater
chance of being infected by a potential killer.
And this is where the analogy to a biological virus breaks down, because
your computer can not be physically damaged by them. Viruses
do not cause the death of your machine: If a key file
on its hard drive is erased, your computer simply has "no idea what
to do next." Or, to put it differently: Although it may have
completely lost its "mind" for the moment, it NEVER loses its
ability to be restored to a fully functioning computer again!
If your DATA really is very important to you, then you'll make
reliable backup copies regularly. Your original install disks or CDs
are an automatic backup of your programs, but any data files which
you generate, like artwork creations, or rare but trustworthy
programs which cannot be replaced should be backed up as soon as possible.
Remember: At any moment, your hard drive might fail due to a mechanical
problem, and without ever having come across a single virus you could lose
ALL of your files!
Here's an example of a virus
(technically called a "worm") that was found in many people's
email messages in 1999: The Happy99
Virus. (Opens in a new window.) But it's still making the
rounds from one unsuspecting person to every one else in their email
Of course, the only way that a virus can
get into your computer is if someone actually places it there. In
order to keep viruses out of your computer, yet run new applications, you
need to continually be asking yourself, "How Sure am I that this
program doesn't contain a virus?" Here are
some thoughts to help you decide.
A Special "Lab Session" Insert
Is Your Anti-Virus Program Functioning
A Safe and
Officially Approved Way to Test It:
Give it a check-up right now by using the EICAR (European
Institute for Computer Anti-Virus Research) Standard Anti-Virus Test File
[ ¹ ]. This
non-virus .COM file is completely safe
since it was designed by EICAR to simply test that an anti-virus program
is working; most of the recent anti-virus software packages recognize it.
If yours does not, it simply prints out its name.
When you either:
Try to extract
eicar.com from a .ZIP file, or
download or create the .COM file yourself, then
your anti-virus software should ALERT you that it has found a virus!
You may first wish to create the file yourself, by
( Note: You may need to run your anti-virus program and
tell it to scan the file! More recent programs, however,
are usually set to run in the background; ready to alert you of
any virus activity!)
- Copying the string of 68 characters found below
these 3 steps (beginning with " X5O " which is a capital "O";
not a zero, and ending with " +H* ") into a text editor,
- Saving it as, EICAR.TXT, and then
- Changing (re-naming) the file's extension to make the
( In some cases, your anti-virus
software will do nothing until you actually try to
execute the newly created .COM program or
scan your hard drive again. In other cases, it may
alert as soon as you try changing the extension name from .TXT to
.COM; which means that your anti-virus software must be "running in
the background" constantly protecting you against the files it was
programmed to identify.)
Did your program ALERT you to the presence of the EICAR Test virus?
If not, you would see a window similar to this on your
Now try downloading the test file within a ZIP compressed archive:
Download Eicar.zip now.
Does your software ALERT you when it is downloading?
Or, did you need to try extracting (un-zipping)
the file first?
¹ Here are all the details of EICAR's
Standard Anti-Virus Test File.
To go back to the "Lab Session" above,
SARC's "Virus Expert Training Program"
I used to have links here to four programmed instruction modules with
questions and answers from Symantec that taught such things as:
What is a Computer Virus, and Related Terms; The Infection Process; and
how to handle and Remove viruses... Alas, it's very difficult these days
to find any information that a greedy co. figures they can get paid for
providing instead. These files were just INTRODUCTORY material (not the
full course), but even they are no longer available from Symantec!
Links to other Virus Information Sites:
J and A Computer Virus Information Page - This has almost all the
references you would ever need for learning about viruses, and some
you shouldn't visit! May be overwhelming in places for novices.
(Caution: One section, which is labeled, contains links to sites which
may contain live viruses!)
The Starman's Virus Warnings and Hoaxes Page.
You can write to me using this:
online reply form.
(It opens in a new window.)
Back to The Starman's Realm Index Page.
Serving visitors to this page since July 26, 1998.