Computer Virus FAQ for New Users

This FAQ answers some of the questions about computer viruses and Trojan horse programs that new users often ask, and tries to clear up some common misconceptions about viruses and E-mail. If you need help with a virus infection or want more advanced information about viruses, please see 'Dealing with Virus Infections' and 'Sources of Additional Information' near the end of this FAQ.

1. What is a computer virus?

A computer virus is a program designed to spread by infecting executable files, or the system areas of hard and floppy disks, and then copying itself. Viruses usually operate without the knowledge or desire of the computer user.

2. What kind of files can spread viruses?
   
   Viruses have the potential to infect any type of executable code, not just the files that are commonly called 'program files'. For example, some viruses infect executable code in the boot sector of floppy disks or in system areas of hard drives. Another type of virus, known as a 'macro' virus, can infect word processing and spreadsheet documents that use macros. And it's possible for HTML documents containing JavaScript or other types of executable code to spread viruses or other malicious code.

Since virus code must be executed to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as text documents in .txt files. So just viewing picture files, for example, won't infect your computer with a virus. The virus code has to be in a form, such as an .exe
program file or a Word .doc file, that the computer will actually try to execute.

3. How do viruses spread?
   
   When you execute program code that's infected by a virus, the virus code will also run, and it will try to infect other programs, either on the same computer or on other computers connected to it over a network; and the newly infected programs will try to infect yet more programs.
   
   When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers.
   
   If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies.
   
   One type of virus, known as a 'multipartite' virus, can act as both a file infector and as a boot sector virus. It can spread both by infecting files and by infecting the boot areas of floppy disks.
   
   
4. What do viruses do to computers?
   
   Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation. Others don't do anything but try to spread themselves around. But even the ones that just spread themselves can be harmful, since they often damage files or cause other problems in the process of spreading.
   
   
5. What is a Trojan horse program?
   
   A type of program that is often confused with viruses is a "Trojan horse" program. This is not a virus, but simply a program (often harmful) that pretends to be something else.
   
   For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program might E-mail your saved passwords to another person.
   
   Note: Simply downloading a file to your computer won't activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a document in a program (such as Word or Excel) that could execute any macros it contains.
   
   
6. What's the story on viruses and E-mail?
   
   You can't get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded messages containing embedded executable code (i.e., JavaScript in an HTML message) or messages
   that include an executable file attachment (i.e., an encoded program file or Word document containing macros).
   
   In order to activate a virus or Trojan horse program, your computer has to execute some type of code. This could be a program file attached to the E-mail, or a Word or Excel document containing macros. And it could be a
   file you downloaded from the Internet, or received on a floppy disk. There's no special hazard in files attached to Usenet posts or E-mail messages; they're no more (and no less!) dangerous than any other file.
   
   Also, bugs have been discovered in some E-mail programs that could (in theory) be exploited to infect your computer with a virus or to activate a Trojan horse program. Potential security holes have been reported in Eudora Pro, Microsoft Outlook, and the E-mail component of
   Netscape Communicator. Check the manufacturers' web sites for patches and workarounds. Generally, it's a good idea to keep all your software updated to the most recent version in
   order to avoid known security flaws.
   
   I'm not aware of any reports of anyone actually exploiting these bugs.
   
   
7. What can I do to reduce the chance of getting viruses from E-mail?
   
   Treat file attachments that might contain executable code as carefully as you would any other new files; check them with an up-to-date virus scanner before opening them.
   
   If you're using E-mail or News Reader software that has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature.
   
   My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you.
   

   ---

1. Install anti-virus software from a well-known, reputable company,
   UPDATE it regularly,... and USE it regularly.
   
   
2. In addition to scanning for viruses on a regular basis, install an 'on access' scanner (included in most good a-v software packages) and configure it to start everytime you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file.
   
   
3. Virus scan any new programs or other files that may contain executable code (BEFORE you run or open them), no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.
   
   
4. Anti-virus programs aren't very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or 'dubious' sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren't well-known (or don't have a good reputation), and executable files unexpectedly received as attachments to E-mail or during an on-line chat session.
   
   
5. If your E-mail or News Reader software has the ability to automatically open attachments or execute code included in messages or articles, I strongly recommend that you keep this feature disabled.
   
   
6. Be _extremely_ careful about accepting programs or other files during on-line chat sessions. This seems to be one of the more common means by which people wind up with virus or Trojan horse problems. If any other family members (especially younger ones) use the computer, make sure they know not to accept any files while using chat.
   
   

First, keep in mind "Nick's First Law of Computer Virus Complaints":

"Just because your computer is acting strangely or one of your programs doesn't work right, this does NOT mean that your computer has a virus."

1. If you haven't used a good, up-to-date anti-virus program on your computer, do that first. Many symptoms blamed on viruses are actually caused by software configuration errors or other problems that have nothing to do with a virus.
   
   
2. If you do get infected by a virus, follow the directions in your anti-virus program for cleaning it.
   
   
3. For assistance, check the web site and help services for your anti-virus software.
   
   
4. The "[alt.comp.virus] FAQ Part 1/4" (see below) includes an excellent section on initial steps for dealing with a suspected virus infection.
   
   
5. For discussions about viruses, and suggestions for dealing with them, post in <news:alt.comp.virus>. Check the FAQs (see below) before posting. Keep in mind that the posters in a.c.v, like the posters in any newsgroup, have a wide range of technical expertise and motivations.
   
   Note: In general, drastic measures such as formatting your hard drive or using FDISK should be avoided. These measures are frequently useless at cleaning a virus infection, and may do more harm than good unless you're very knowledgeable about the effects of the particular virus you're dealing with.
   

The alt.comp.virus newsgroup regulars have been arguing about that for years, and still haven't reached a consensus.

AVP, F-Prot, and Dr. Solomon's all seem to have a lot of fans, but you'll probably be OK with anything from one of the major a-v software companies.

The following web sites have sections with reviews of various a-v programs:

<http://www.zdnet.com/pcmag/features/utilities98/antivirus/index.html>
<http://www.uta.fi/laitokset/virus/>
<http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm>
<http://www.drsolomon.com/products/avtk/reviews/index.cfm> (reviews are
probably favorable to Dr. Solomon's since it's their web site) :-)

For more information, and advice on avoiding and dealing with virus infections, see the FAQs for <news:comp.virus> and <news:alt.comp.virus>:

"VIRUS-L/comp.virus Frequently Asked Questions (FAQ)"
"[alt.comp.virus] FAQ" (currently parts 1 to 4)
"ALT.COMP.VIRUS MINI-FAQ - READ BEFORE POSTING"
"Viruses and the Mac FAQ"

You can find the FAQs in the above newsgroups, in <news:news.answers>, or in the Usenet FAQ archive at <http://www.faqs.org/faqs/computer-virus>.

Another source of information is the data on the web sites of the various anti-virus software companies. You can find many anti-virus software companies listed in the Virus Protection section of the Yahoo directory, at
<http://www.yahoo.com/Business_and_Economy/Companies/Computers/Software/System_Utilities/Utilities/Virus_Protection/>.

Links to a variety of pages with virus-related information can be found in the Virus section of Yahoo, at
<http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/Viruses/>.

A helpful site for Macintosh virus information is
<http://www.macvirus.com/>.

The newsgroup <news:alt.comp.virus> is available for information, assistance, and discussions of all aspects of computer viruses. Please check the FAQs before posting. (The <news:comp.virus> newsgroup currently appears to be inactive.)