Amer Neely
Web Mechanic

NOTE: This article first appeared in 'Content London', which is no longer published.

January / February 1998 Vol. 2 #3

If you are going to be downloading software from the Internet (or anywhere else) you must accept the possibility that you stand a chance of getting a computer virus. What's a computer virus you ask?

A virus is a program which attaches itself to other programs and/or disks, and makes copies of itself whenever it can. It is vandalism by computer. Most viruses cause damage, either by design or accident; others merely become a nuisance by putting messages on your screen. The important thing to remember is that someone wrote the program on purpose. Viruses do not appear out of thin air or by accident. In all cases, you will have to scan your hard disk and *all* your floppy disks and remove (if possible) the culprit.

Viruses attach themselves to other files that are "exectuable". This means any file that can be loaded into your computer's memory and "run". Files ending in .exe; .com; .sys; .dll; .ovr are some common PC extensions for executable files. Image files (.jpg; .gif) are not good hosts for a virus, since they are not executable. Audio files and video files are other "safe" types. A compressed file (see my last article for more info) such as .zip, by itself is not dangerous, but it may contain an executable file which carries a virus. If this file is extracted and run, the virus will infect your system.

You cannot get a computer virus merely by downloading a file. It must be "run" somehow on your computer in order for it become active.

Recently, there have been a number of "macro viruses", which attach themselves to Microsoft Word and Excel documents. They are macros, which can cause a lot of problems if you happen to get one. These macros work by loading and running automatically when you load a document into the word processor or spreadsheet. The Microsft macro language is very powerful, allowing access to a lot of system-level commands and functions. Almost *every* keystroke you make can be trapped and altered to do something else.

What can you do?

Proactive

Depending on your particular computing habits, you should get yourself a couple of virus scanners and run them on your system every so often. How often depends on how much downloading you are doing, and where you are getting your files from. The reason I suggest not just one scanner is that some viruses may be missed by one, but not likely by the other. Sometimes you will get "false negatives" (a scanner says a file is OK, when it is not) and "false positives" (the scanner says there is a virus, when there isn't). Running two scanners will give you more information to work with.

The best defense against viruses is knowing how they work, and practicing "safe computing". Like safe sex, it is a matter of common sense - being promiscuous without precautions will lead to problems in both cases.

If you are the only person using your computer, your task is a lot easier. If you have children or others who also use the computer, then they will have to either be educated in the wiley ways of viruses, or you will have to "quarantine" any new software until it has been checked out.

Here are some guidelines:

• Get the latest release of at least one virus scanner and install it so it runs in the background all the time. A virus scanner that is three months old is out of date. If possible, also put a copy of the scanner on a clean floppy disk, then write-protect the disk.

• Know where your software is coming from. This applies not just to downloading stuff from the Internet, but to disks that someone brings over. Disks that are shared with other computers (say at school) are one of the best ways to get a computer virus. Is that other computer free of viruses? Are you positive? Where *else* has that disk been?

• Become familiar with your computer and how it generally operates. I don't mean you have to take a computer course, but just pay attention to how it starts up. Notice any error messages? When you are using your various applications, do they seem to be getting slower, or operating drunkenly? Are some filenames being changed, or are the sizes or date and time stamps of "static" files changing? If any of these things are happening, it's time to find out why. One particular virus attacked spreadsheet files. Everything looked fine when viewed on the monitor, but if the file was printed, the virus changed a few values at random, before it got to the printer.

• Make yourself a clean boot disk. You should already have one (what! you don't?!), but it is even more important if you think you have a virus. Making one once you are infected is too late - the horses have bolted and the barn is on fire. Once you have a clean boot disk, make sure it is write-protected. On 3 1/2" floppies, turn the disk over and in the bottom right-hand corner you will see a small square hole with a platic tab that slides back and forth. When the hole is open, the disk is "write-protected".

  On 5 1/4" floppies, there is a little notch cut out of one side. When that notch is covered, usually by those little pieces of black or silver adhesive stuff that come with the disks, (ah, that's what those are!) the disk is write-protected.

  The 3 1/2" floppies don't use an adhesive tab. Instead they have a platic tab that you slide to either open a small square hole, or close it. It's a little confusing at first: you would think that if the hole is closed, the disk is write-protected. But in fact it's just the opposite. Closing the hole opens the disk to writing (unprotected). Sliding the tab to open the hole protects the disk from writing. It's the opposite of the 5 1/4" disks.

• Which brings up a good point - write-protect any of your disks that you will be taking from your "clean" computer and using at work or school. This will prevent any viruses on that computer from copying themselves to your disk. No virus yet has beaten a write-protect tab. Of course, if you have to make a change to a file on the disk, or want to copy a new file onto it, you will have to remove the write-protect, which opens the disk to possible infection.

I hope you don't ever have to do any of this, but if you suspect you have a virus, or your scanner says you do - DON'T PANIC (yet). If your scanner is making noises like you have a virus, see if it can get rid of it. Use another scanner to double-check your system. If you have to, re-boot your system from your clean boot disk. Then run your virus scanner again, from a floppy if you can.

One thing to stress about re-booting your system. You should power the system right down, and leave it off for about 20-30 seconds. Don't just do a "soft" boot. The reason for this is that some viruses actually mimic the process of soft-booting your computer, while all the time they are still active in RAM. Shutting the system off for about half a minute guarantees that nothing is left in RAM - it takes that long for the electric charge to dissipate.

Hopefully you can rid your hard disk of the virus just with the steps above. The next step is to check *every one* of your floppy disks. A virus is usually active for some time before you become aware of it. I once got hit by a virus and had to check all my floppies - over 200 of them. Most of them had also been infected.

If you want to learn more about computer viruses, there are a number of resources. The best is likely in the Usenet groups. Try any of these:

• alt.comp.virus
• alt.comp.virus.source.code
• comp.virus
• mail.virus-l
• news.answers
• symantec.support.win3x.nortonantivirus.general
• symantec.support.win95.nortonantivirus.definitionupdates
• symantec.support.win95.nortonantivirus.general
• symantec.support.win95.nortonantivirus.install
• symantec.support.win95.nortonantivirus.specificvirus
• symantec.support.winnt.nortonantivirus.general

The computer virus FAQ can be found in news.answers and comp.virus. You can also do a search on the web in any of the search engines.

Having said all that, I must qualify it by saying that any well- known FTP site is probably the safest place to get shareware or freeware programs. And besides the anonymous ftp sites, there are dozens of World Wide Web sites that you can browse in your search for new shareware or freeware. These are also very safe places to look for software. Some well-known ones are TUCOWS, SimTel, freewarenow, Stroud's. These places check uploads for viruses - they can't afford to have a bad reputation.

This doesn't mean that you will never get a virus, but in all the years I've been getting software from FTP sites, I've never once gotten a virus from one. But you should have an UP-TO-DATE virus program installed on your system, and make sure it scans any new software you put on your hard drive. Any scanner more than 3 or 4 months old is out-of-date. A good one is F-PROT, available free.

Warez

Avoid at all costs anything referred to as "warez". Some people feel that it is OK to upload commercial software to a web site for others to download for free. This is not only illegal, but makes buying commercial software expensive, because the software publishers have to raise their prices to cover the lost income due to pirating. And you also never know what ELSE is part of the package.