Home Viruses and Worms

Viruses and Worms

What a virus is

A virus is a self-replicating program that spreads by inserting copies of itself into programs or documents that already exist on a computer. The name comes from an analogy with biological viruses. These cannot reproduce by themselves but make use of the functions of infected cells to spread. Similarly, a computer virus makes use of the executable code in legitimate programs to carry out its purposes. A virus may be designed to be destructive to a system or to be a prank. In either case, the virus will rapidly reproduce itself until the system may be overwhelmed. Viruses spread to other systems when infected programs are copied to another machine. Documents with executable code like Word macros can also be vectors of infection. A very common method of spreading viruses is by attachments to email . Today a variant of a virus known as a worm is more often used.

What a worm is

Viruses and worms are often lumped together in the single category of virus but there is technical distinction. A worm differs from a virus in that it contains all the code it needs to carry out its purposes and does not depend on using other programs. Most recent instances of malware have been worms, spread primarily by email. Worms are designed to replicate rapidly and to use the Internet or other networks to spread with great facility. They may contain code to damage or erase files or may carry other malicious payloads. On a number of occasions, large numbers of computer systems have been brought down by worms. In addition to the damage from whatever payload they carry, the sheer number of worm copies can bring systems to a halt.

A very common method of spreading is by use of any email addresses on an infected computer. The worm searches address books, temporary Internet caches and other possible sources of email addresses. The worm then mails out random infected fake messages. It may use the addresses it finds not only as recipients but also may spoof mail to show them as senders. It may also combine random pieces of addresses into new fake addresses. All the messages will contain an attachment that is infected. None of this activity may be known by the owner of the infected machine and may go on for weeks or months. A single infected machine can send out thousands of worm-carrying messages.

Anti-virus programs

Most people know that anti-virus software is a necessity and most computers come with some form of anti-virus program already installed. (Note that anti-virus is a catchall term that refers to a variety of malware.) All the major programs check email as well as scanning your system. However, new viruses appear every day and anti-virus programs are only as good as their database or definitions of viruses. A program can’t recognize a new virus unless it has been kept up to date. Anti-virus programs contain update features and these are automatic in the newer major programs. However, the big vendors like Symantec and McAfee no longer give unlimited free updates but start to charge after some initial period ranging from 3 months to 1 year. Very often people do not subscribe to the new updates and let their protection lapse. This leaves the computer open to any new virus that comes along. Actually, it may be better to periodically buy a whole new version of whatever anti-virus program you use. I have often found rebate offers that make the new program cheaper than the update subscription.

Personally, I find both the Norton and McAfee programs to be very heavy users of system resources. An alternative is one of the free programs likeĀ Grisoft AVG. In the past, Symantec’s Norton has always seemed to get much better reviews for efficacy against infection than the freebies but a recent review by the magazine PC World indicates that there are several free programs that now provide acceptable levels of protection. Tech Support Alert gives a critique of the various free programs and describes an effective computer defense that uses free programs.

Firewalls

Worms have also been spread by intruders planting them directly on unprotected computers connected to the Internet. A firewall is essential to guard against such occurrences and is discussed in more detail on the next page.

Trojan horses

Another form of malware is the “Trojan horse” and we consider that on the next page.