Computer Virus

A lesson on what is a Computer Virus and what it does to your Computer

What is a computer virus?

A computer virus is a program which replicates itself into another program when activated.
What does that mean exactly?
A computer virus never happens all by itself. It is a program, written by a programmer somewhere, for unknown reasons. Consider it the graffiti of the computer world.
Here's how an errant programmer creates an epidemic: It starts with a small program, the virus, which lies dormant until you activate it by running the program your usual way. The virus, now alive and well, seeks out a healthy program to infect. It modifies the victim so that it contains a copy of the virus. The newly infected program then waits for the next unsuspecting user to repeat the cycle.

A virus contains the following parts:

A) Replication engine: some portion of the virus will seek out uninfected programs when this portion of the virus is invoked. It might look for the next program you're executing, or maybe all the programs in your Windows binary directory, or maybe only programs in your games directory.
B) Pre-trigger: the virus might only replicate on alternate Wednesdays or some other scheme known only to the virus author. Full moon in Sri Lanka, perhaps?
C) Trigger: when the payload of the virus will go off. For example, it could be time based (your machine has been left on through the night), date based (happy April Fool's Day!), disk free-capacity based (less than a megabyte free).
D) The payload: the virus might gobble maliciously your hard disk's contents or merely scramble your hard disk and hold it ransom until you type the magic word, or it might fancifully demand world peace each time it goes off -- it is often an extension of the virus author's skewed view of the world.
Looks like I don't want to catch a virus. How can I prevent that?
You never stick a piece of candy off the street into your mouth, right? So why do so many people find a program, stick it in their machine, and run it without examining it first for the symptoms of a virus? Or, why do people assume that the person from whom they get their new program, who got it from an acquaintance, who got it from a non-maintained BBS or from a non-secure shrink-wrapped package, did the checking they haven't done?
It seems people spend hours restoring programs from backups, if possible, rather than simply using any one of a host of good and inexpensive antivirus scanners. More viruses have been spread by shrink-wrapped software and CD-ROMs than by shareware programs. Heck, if people knew that a whole bunch of viruses have been spread by newly purchased pre-formatted disks, they'd be truly shocked. Or they'd make sure they were fully backed up. So far you've described a program virus. Are there any other types of viruses?
Yup. There are boot sector viruses, macro viruses, and more.
When you first turn on your computer, a small loader program runs first, called the boot program. Boot programs are stored on the hard disk and make a nice target for the virus author. Known as boot sector viruses, these viruses infect floppy disks (now USB Flash drives) that you stick in your drives and pass on to friends and co-workers. They are run each time the computer is turned on; if the recipient of that disk is foolish enough to leave it in the disk drive when the computer is turned off, it infects the hard disk too. Dropper programs are virus programs which will drop an infection into the boot sector.
Macro viruses are the new kid on the viral block. More sophisticated application programs, such as Microsoft's Word and Excel packages, include the ability to do pretty amazing things. They have their own programming languages, which are typically known as Macro Languages. Some virus authors have taken this ability and corrupted it. So, an infected document or spreadsheet can infect the master macro templates on your system when opened, which will then infect each subsequent document or spreadsheet. Ho hum, actually, except for the vector of transmission. People send Word documents or Excel spreadsheets in email all the time, carrying the infection farther. Very bad, indeed.

Assuming that my system gets infected, what can I do?

There is never a need to reformat your hard disk to get rid of a virus. If a computer consultant tells you to do that, walk away with your hand firmly on your wallet. And, aren't you glad you made backups before you got infected? Generally speaking, the programs on your disk are infected, rather than the data they contain. So, you could delete the infected programs, restore them from your backup and keep on computing. Many antivirus programs can remove these viruses too. A combination of antivirus programs and backups should make an infection only an inconvenience. Make backups! Scan! Stay away from pirated software (known to harbor a lot of viruses), and make backups, in case I haven't mentioned it yet. And visit the Safe Computing Forum often for updates on viruses and antivirus techniques.
What is encryption and do I need it?
Encryption can be broadly defined as disguising a document or data from common view. Only the intended recipient of the information—which may well be the author for later retrivieval—will be able to view it in clear text.
You need encryption only if you have items for which you want to limit access to specific recipients.
What about authentication? Is it related to encryption?
Authentication means proving beyond a shadow of a doubt that you are who you say you are. Imagine someone vying for the same promotion you're after, sending the boss a nasty note and signing your name to it. How can you prove it wasn't you? Only your authentication proves it was you—if you use it regularly, then its lack would certainly stand out, right? Better encryption methods allow for good authentication methods.

What is a "public key"?

In the good old days, the same key was used for encryption as decryption. So, then, the problem was how did you get the secret key to the intended recipient safely and securely? That, essentially, could not be done. With public keys, though, the key is in two parts. One is made public, and one is kept secret. Encrypting with either key requires the other in order to decrypt the data. So, you can publish the public key and then only you can decrypt it with your private key. Likewise, you can encrypt with your secret key and then by using your public key, others can decrypt, thereby giving authentication that is was really you.
How can I communicate with a single user on the network?
The government of the United States does not want us keeping secrets from it. From each other, sure. From it? No. It's busily trying to make sure that you don't have access to sophisticated code that would allow you to keep secrets from It. The government claims that only terrorists, kiddie pornographers, drug dealers, and spys (both foreign and domestic) need sophisticated encryption technology. By government logic, using sophisticated encruption technology means you must be a crook. Oh, by the way, the government cannot break PGP.

My Favorite Virus Program is Norton . The company works only on virus detection day by day. Go there