Computer Virus- Facts & Fantasies



Once again we can thank the media for doing their twofold job-
spreading facts about something, as well as perpetrating hype
and allowing fantasy to creep in with the facts.  The current
hot topic- computer viruses.  I will now take a few moments to
explain how computer viruses "get around" and what they can do,
and what you can do to protect your computer against viruses.  I
will also explain how "infected" machines can be recovered.



First of all, despite the word "virus", computer viruses are not
like viruses which infect living beings...computer viruses
cannot float through the air, and any computer claiming to have
picked something up off of a toilet seat is LYING.  The general
idea behind a computer virus is that it is a computer program
that can "replicate" itself- that is, get itself copied into or
onto other software.  Many computer viruses (usually the
earliest ones from years back) did only that- they replicated
themselves...not doing any harm to any of the computers they
were on.  But then some bored losers got into the act...you know
the type- probably some promising individuals who have great
computer ability, but little or no social abilities, and
therefore will either spend life locked away in front of a
computer screen, or will shuffle from fast food joint to fast
food joint trying to make a living to support their computer
bills.  Anyways, somewhere someone created a computer program
which would copy itself onto disks that were inserted into the
computer that the virus was first on.  From then on, the virus
would copy itself between whatever disk it was on, to whatever
disk became available.  Unfortunately, these viruses would do
more than just spread themselves around...they would spread
corruption, mayhem, misery, ruin, or some fools idea of a joke,
damaging other data already on the disk the virus spread to.



Viruses suddenly seem to have become a fad (no thanks to the
media hype).  Viruses have popped up that do much more than just
corrupt data or erase disks.  They put messages on the screen,
play tunes, scramble screens, or just lie around waiting for
some event to trigger them in the future.  You may wonder- how
do viruses work "by themselves"...doesn't someone have to run
the program to get it to do something?  Ah hah...here's the main
trick behind most viruses.  You most likely know that when you
first turn on your computer, you have to wait a bit before you
get a prompt (i.e.: C:\> ) or a menu.  When you turn on (or
boot) the computer, a bit of software gets run automatically by
the system.  It is at this point that viruses can attach
themselves, so the virus starts running automatically when you
turn on your machine.



There are basically two types of viruses- "stand-alone" viruses
that infect sections of your disks (including sections of the
hard disks), and "Trojan" viruses, which hide within other
software.  A form of Trojan known as a "bomb" is a program that
seems innocent, but is actually hiding a damaging virus or
damaging program code.  Many Trojans appear to be working
software, and some actually do work as normal programs, only
causing mayhem after a certain trigger, like a date or
combination of key strokes.



Hopefully now you have an idea of what computer viruses are all
about.  You should realize that viruses are "transmitted" via
infected disks, and infected software (or "Trojans"). 
Therefore, you should realize that your computer has a chance of
getting infected ONLY if you use an infected disk on the
machine, or you run an infected program on the machine.  The
most misunderstood aspect of virus transmission is infected
programs, which are often gotten via phone modem.  You MUST
understand that a modem is a device which must be installed or
attached to your computer, and then a human operator must use
some modem software to get programs over the phone lines with
the modem.  If you don't have a modem, you cannot get viruses
over the phone lines!  If you do have a modem, you still cannot
get infected software through the phone lines unless YOU or some
other HUMAN sitting at YOUR machine USES the modem AND modem
software to receive (or "download") software into that computer.
 IT IS IMPOSSIBLE FOR YOUR COMPUTER TO RECEIVE VIRUSES THROUGH A
MODEM ATTACHED TO YOUR COMPUTER UNLESS A HUMAN PHYSICALLY
OPERATES THE MODEM!!!   A HUMAN WOULD HAVE TO CALL ANOTHER
COMPUTER FROM YOUR COMPUTER AND THEN SELECT TO RECEIVE FILES
WHICH ARE INFECTED IN ORDER FOR A VIRUS TO BE RECEIVED ON YOUR
MACHINE VIA THE PHONE LINES.



I have had several people call me and tell me that they own a
modem, and were afraid that they may have gotten viruses.  I
found out that one of these people still had the modem in the
CARDBOARD PACKAGING!  The only thing that can come into your
computer through the modem and phone line without human
intervention is LIGHTNING!



(Before you techno-geeks start screaming, yes, someone could
leave their computer running with a modem "host mode"
active...this would allow their computer to function like a
mini-bulletin board system, where outside users could call in
and get or leave files.  But again, someone has to PUT the
computer into host mode with the modem software...so there...)



Now you should realize that the most effective ways to prevent
viruses from getting onto your machine are to be real careful
about what disks you copy onto your machine, and what files you
get from bulletin boards.  The only way to be certain your
machine will never be infected is to not use disks, and not use
a modem.  Of course, this isn't very practical.



So how can you find out if a disk or program is infected?  If
your machine is already infected, often (as in the case of
"Trojan" and "bomb" viruses), you won't see any symptoms, as the
virus is waiting to be triggered by something (again, it can be
a date, like the famous Michaelangelo birthday, or a set of key
strokes).  In the case of viruses like Stoned, you may turn on
your computer one day and see some sort of nasty message.  Or,
your computer just won't work.  You may experience problems like
vanishing files, file errors, or problems with the floppy
drives.  To find out if you have a virus, and what type, you
need a virus scanning program.



There are lots of virus scanners on the market now, like Norton
Anti-Virus, Central Point Anti-Virus, and Flu-Shot.  But my
personal favorite is a shareware program called McAffees's Scan
and Clean (actually two seperate programs).  McAffees is
available for download from the McAffee bulletin board- you can
be certain that you are getting the latest version and that it
is virus free if you get it off their board (yes- there are some
virus infected virus scanner programs circulating now).  The
deal with the shareware is that you receive it, use it, and send
the creator (in this case McAffee Associates) a requested
registration fee (using shareware without paying for it often
constitutes copyright violation, and isn't fair either).



McAffee's Scan program can currently detect over 400 viruses-
with their variations ("strains").  For instance, there are at
least three different viruses called "Stoned". If Scan does find
a virus on your system, the McAffee Clean program can usually
remove the virus, and sometimes repair damage.  I don't know of
any virus software that can repair all the damage caused by all
viruses.  Once again a case for how important CURRENT backups of
your data are.



What do you do if you suspect a virus?  First rule- stay calm
(that can be your first rule for life- stay calm in all
situations).  Don't turn the machine off unless you suspect that
a virus is in the process of trashing your files or hard drive. 
If you can get hold of a virus scanner on a floppy disk that you
know is not infected, run the virus scanner and see what it
says.  Be aware that older (meaning in some cases only a few
months) virus scanning software can't discover all the current
viruses and strains, especially some of the so called
"self-mutating and self-encrypting engines".  If your'e virus
scanning software is over six months old, get an update.  If you
can't get a current version of virus scanning software, and
can't access McAffees BBS via modem, CALL SOMEONE!  Call your
favorite computer guru for help.  ALWAYS THINK- HOW MUCH IS MY
DATA WORTH TO ME?  Is your company invoice file worth losing? 
Should you pay someone $150 to recover it, or do you wan't to
try and be a hero and save the company $150 by attempting to
recover data using tools and software your're not familiar with
(thereby losing the company invoices worth $150,000)???



So now that you've run a virus scanner on your machine and it
has found no viruses (or cleaned off any that were there), how
do you prevent reinfection?  Review the section of this document
that talks about how viruses are spread.  As always, prevention
is the best cure.  Limit floppy disk use on your machine (don't
let everyone bring disks from anywhere), unless you mandate
scanning of all floppies before use.  You should even scan
commercial software, including disks that come with hardware
like mice and graphics boards.  If you ever buy some software
and it isn't shrink wrapped, or the disk envelope is open- SCAN
IT OR RETURN IT for a properly sealed pack.



Just like biological viruses and humans- you don't have to seal
yourself in a bubble to be safe.  Just use your head and be
aware of the true facts.  Play it safe and you shouldn't catch
anything.



Joe Newman
Computer Rescue
POB 162822
Altamonte Springs, FL 32716-2822


1/4/92