TechTalk: Q&A (05-18-95)

UpDate - Vol. 14, No. 32, Page 10
May 18, 1995
TechTalk
Q&A

Q. What is a virus?

A. In computing, a virus is a program that tries to make copies of
itself. Once a virus is active, it can cause damage to your files,
either intentionally or unintentionally.


Q. How does a virus spread?

A. The two main virus types, boot sector viruses and program viruses,
replicate differently.
     Boot sector viruses load into memory and copy themselves to the
computer's hard disk when they become active. On a DOS/Windows
computer, a boot sector virus becomes active if you boot or try to
boot the computer from an infected diskette. On a Macintosh, a boot
sector virus can become active when you insert an infected disk in the
drive. In both cases, an active boot sector virus will infect other
diskettes as you use them.
     Program viruses load into a computer's memory when you run an
infected program. They can then infect other programs when you run
them, or can arbitrarily infect some or all programs on the computer's
hard disk.
     Lately, boot sector viruses have been more prevalent.


Q. Can any file or disk become infected?

A. Any disk can be infected. But if you take proper precautions, you
can prevent most virus attacks and easily disinfect any disks that
become infected. Note, however, that viruses are not spread by data
files, memos, reports or other "regular" files. They spread from a
disk's boot sector or from running an infected program.


Q. What would lead me to believe my system is infected?

A. Common symptoms include a sudden drop in speed or performance,
files disappearing or hard drives sometimes not being usable.
     The way you should learn about a virus infection would be from
properly installed virus protection software. You need that software
to protect your information from virus attacks and to inform you if
your system is infected.


Q. What damage can a virus do?

A. Usually, viruses damage files on an infected disk. For example, the
Michaelangelo virus was set to erase files on Michaelangelo's
birthday. Some viruses make random changes to files, in essence
causing damage that is not discovered for months. Some "accidentally"
erase files as they make copies of themselves. One early Macintosh
virus flashed a message about world peace on people's computer
screens.
     It's highly unlikely that a virus can damage the computer itself.
It's your information that's at risk.


Q. I recently heard about a virus spreading through e-mail.

A. No, that was the "Good Times" hoax. Viruses cannot be spread by e-
mail. However, the Good Times hoax in some ways acted like a message
virus-as people panicked and spread the hoax, people's inboxes became
clogged with the warnings and the reassurances. The hoax message was
being replicated not by a program, but by people spreading it via e-
mail, often to everyone they corresponded with.
     There was a file that spread over BITNET several years ago that
was more similar to a virus. A small program took advantage of how
some IBM mainframe computers transfer data files to send itself to
everyone whose e-mail address appeared in a user's electronic
addressbook. The loophole that program exploited has since been
closed.


Q. If I can't get a virus in my e-mail, does downloading shareware put
my computer at a greater risk of catching a virus?

A. Downloading shareware is different than receiving e-mail. If you
take proper precautions, your computer will be safe.


Q. What are the proper precautions?

A. First, acquire virus protection for your computer. The Help Desk
supports Disinfectant for Macintosh systems and F-Prot for DOS and
Windows systems. Both software packages are available at no cost to
University users. (See accompanying box about Tip Sheets for more
information.)
     Second, scan all diskettes you use. Disinfectant and F-Prot's
Virstop program can both be set to do that automatically. You can find
nearly all program viruses that way-particularly if you also scan all
new programs you get, whether commercially packaged or downloaded from
some other computer.
     Third, just as you should establish a regular back-up procedure,
you should establish a regular schedule for scanning your system's
hard drive. Macintosh Disinfectant users should probably scan their
systems once or twice a year. DOS users should probably check every 2-
4 weeks.
     And finally, since new computer viruses are being released all
the time, get the latest version of the anti-virus software every 2-3
months.


Q. This sounds like a lot of work. Is it really necessary?

A. Yes. The price of a clean computer is eternal vigilance. In our
networked environment, and with the amount of collaboration that
happens on a University campus, it is unrealistic to think you can
keep your computer virus-free by isolating it from other computers.


Q. What should I do if Disinfectant or  F-Prot tell me I have infected
my system's hard drive?

A. Do not panic and reformat the drive. Try using F-Prot or
Disinfectant to get rid of the virus and repair any infected programs.
If an individual program remains infected or appears to be corrupted
by the virus, then reload that one program from the original
diskettes.
     If it appears that you have damaged any of your files, try
running a program such as Norton Utilities to see if you can
reconstruct the files. If that fails, you will have to rely on back-up
copies of your files. And you must notify people with whom you have
shared diskettes or programs.


Q. Are viruses a big threat to the University?

A. Computer viruses strike systems at the University quite regularly.
Every few weeks, the Help Desk hears of another incident somewhere on
campus.
     However, if you exercise proper preventative measures, scanning
for viruses and backing up your files regularly, you can be reasonably
sure that your information is safe.
                                                       -Richard Gordon