August 2003 Bulletin

Viruses and worms

Avoid becoming a victim, get protection

By Ian J. Alexander, MD, FRCS(C)

Computer viruses and worms are more than just a nuisance. They reap destruction on the economy. With mode of spread and variable virulence paralleling that of viral diseases, a computer "virus" is an apt term. As with most communicable diseases, taking preventive measures is the best way to avoid becoming a victim.

A virus is a computer program designed to self-replicate–usually without the knowledge of the computer user or operator. It generally contains a code that performs some type of destructive activity in the host computer and includes the capacity to be transmitted to other computers via hard media such as a floppy disc or CD or as an e-mail attachment or a file downloaded from the Internet.

An infected computer is one that harbors an active copy of the virus, although the damaging actions of the virus are in some cases delayed until a specific action is taken or when a certain event occurs. The action can be as simple as opening or closing a document.

The most common types of viruses are macro, boot, parasitic and worms.

Macro viruses

Macro viruses are the most common variety. They are contained in document files and are most communicable because document files are more commonly transmitted or shared than executable or application programs and more readily sent by e-mail or obtained via Internet download.

Boot sector viruses

Boot sector viruses infect the critical boot sector program that is responsible for loading the operating system into memory when a computer is booted. Viruses that replace components of the boot sector program can cause the infected computer to freeze during the booting up process.

Parasitic viruses

Parasitic viruses are attached to executable files. These viruses are among the most lethal to your computer because they can gain full control of your system. Most e-mail programs automatically block the opening of executables received as an attachment due to potential risk. If the user runs an executable with a virus, it installs itself into memory where it can have potentially devastating effects.

Worms

The latest and most dangerous viruses are referred to as worms. What is so dangerous about worms–like the infamous Slammer–is that they quickly infiltrate any Internet- connected system with inadequate protection without any operator action required. Once inside a system, the worm attacks the host application–which in the case of the Slammer was Microsoft SQL, a widely used database. In Slammer, the worm propagated worldwide from database to database within minutes, leaving little time for defensive measures.

Preventing viral infection

Effective prevention of viral attacks requires both active and passive protection. Active protection is operator-dependent. It consists of the user being very prudent in opening document files and running executables. Although infected files may be received from individuals you know, it is imperative that files and links to executables from parties that you do not know be unopened. Another important step in active protection is backing up files. If your computer becomes infected, it is very helpful to have uninfected backup files available to restore your system.

Passive protection

Passive protection consists of the installation of antivirus software on your computer. This software is inexpensive relative to its value. It screens documents and files for viruses as they are opened. It also has the capacity to screen all files on the computer for trouble areas.

These systems generally quarantine infected files and allow the user to attempt to repair or delete those involved. Since new viruses are constantly being released, it is important that your antivirus software be frequently updated. This update process is generally automated on any computer with an Internet connection by the antivirus software vendor. Leaders in the antivirus software field include Symantec and Network Associates whose products are Norton and McAfee.

Hoaxes

Finally, you might be the recipient of a hoax e-mail that states you've been sent the e-mail (via the address book of a sender) that contains a virus and instructs you to delete files from your computer. Be wary. The files you are instructed to delete might not be infected. Instead, they could be critical to the normal operation of your system. If you suspect a virus hoax, you can check it out at Network Associate's Web site.

Ian J. Alexander, MD, FRCS(C) is an orthopaedic surgeon and president of Aristar Inc., an Ohio software company that develops handheld computer applications for orthopaedic surgeons. He can be reached at (330) 668-2267 or via e-mail.


Home Previous Page