home *** CD-ROM | disk | FTP | other *** search
- Path: senator-bedfellow.mit.edu!faqserv
- From: tanstaafl@pobox.com (Nick)
- Newsgroups: news.newusers.questions,alt.newbie,alt.newbies,alt.answers,news.answers
- Subject: Computer Virus FAQ for New Users
- Supersedes: <computer-virus/new-users_931692761@rtfm.mit.edu>
- Followup-To: news.newusers.questions,alt.newbie,alt.newbies
- Date: 18 Jul 1999 12:02:46 GMT
- Organization: none
- Lines: 296
- Approved: news-answers-request@MIT.EDU
- Expires: 8 Aug 1999 11:59:14 GMT
- Message-ID: <computer-virus/new-users_932299154@rtfm.mit.edu>
- NNTP-Posting-Host: penguin-lust.mit.edu
- Summary: A non-technical introduction to computer viruses and Trojan horse programs.
- X-Last-Updated: 1999/06/13
- Originator: faqserv@penguin-lust.MIT.EDU
- Xref: senator-bedfellow.mit.edu news.newusers.questions:700426 alt.newbie:22069 alt.newbies:9984 alt.answers:43216 news.answers:162594
-
- Archive-name: computer-virus/new-users
- Posting-Frequency: weekly
-
- Computer Virus FAQ for New Users
- --------------------------------
-
- This FAQ answers some of the questions that new users ask about computer
- viruses and Trojan horse programs. It also tries to clear up some common
- misconceptions about viruses and E-mail.
-
- If you need help with a virus infection or want more advanced information
- about viruses, please see 'Dealing with virus infections:' and 'Sources of
- additional information: near the end of this FAQ.
-
- And if you don't read anything else, at least read the very first topic:
- "Why should I care...".
-
- --------------------------------------------------------------------------
-
- Why should I care about computer viruses? Isn't all this just a bunch of
- hype drummed up by marketing departments for anti-virus software companies?
-
- I'm writing this in early May 1999. For the past week, the
- alt.comp.virus newsgroup has been flooded with pleas for help
- from people whose computers were clobbered by the CIH virus, which
- activated on April 26. Many of those people wound up having to put in
- large amounts of time and effort to get their computers operational;
- some people have had to buy replacement chips or pay for a repair shop
- to get their systems back in operation. And some of those people have
- lost data they will never be able to replace.
-
- Yet the CIH virus was well-known almost a year before it activated, and
- virtually every single current anti-virus program could handle it. But
- a lot of people didn't have a-v software, and many of those who did have
- it didn't use it regularly or keep it updated.
-
- So a lot of people lost time, money, and irreplaceable data when the CIH
- virus activated simply because they didn't take basic precautions to
- protect themselves.
-
- The virus threat is not going away: from reading the alt.comp.virus
- newsgroup, it's obvious that there are lots of people who would just
- love to create the same kind of havoc with their own virus creations.
-
- --------------------------------------------------------------------------
-
- 1. What is a computer virus?
-
- A computer virus is a program designed to spread itself by first infecting
- executable files or the system areas of hard and floppy disks and then
- making copies of itself. Viruses usually operate without the knowledge or
- desire of the computer user.
-
- 2. What kind of files can spread viruses?
-
- Viruses have the potential to infect any type of executable code, not just
- the files that are commonly called 'program files'. For example, some
- viruses infect executable code in the boot sector of floppy disks or in
- system areas of hard drives. Another type of virus, known as a 'macro'
- virus, can infect word processing and spreadsheet documents that use
- macros. And it's possible for HTML documents containing JavaScript or other
- types of executable code to spread viruses or other malicious code.
-
- Since virus code must be executed to have any effect, files that the
- computer treats as pure data are safe. This includes graphics and sound
- files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt
- files. For example, just viewing picture files won't infect your computer
- with a virus. The virus code has to be in a form, such as an .exe program
- file or a Word .doc file, that the computer will actually try to execute.
-
- 3. How do viruses spread?
-
- When you execute program code that's infected by a virus, the virus code
- will also run and try to infect other programs, either on the same computer
- or on other computers connected to it over a network . And the newly
- infected programs will try to infect yet more programs.
-
- When you share a copy of an infected file with other computer users,
- running the file may also infect their computers; and files from those
- computers may spread the infection to yet more computers.
-
- If your computer is infected with a boot sector virus, the virus tries to
- write copies of itself to the system areas of floppy disks and hard disks.
- Then the infected floppy disks may infect other computers that boot from
- them, and the virus copy on the hard disk will try to infect still more
- floppies.
-
- Some viruses, known as 'multipartite' viruses, can spread both by infecting
- files and by infecting the boot areas of floppy disks.
-
- 4. What do viruses do to computers?
-
- Viruses are software programs, and they can do the same things as any other
- programs running on a computer. The actual effect of any particular virus
- depends on how it was programmed by the person who wrote the virus.
-
- Some viruses are deliberately designed to damage files or otherwise
- interfere with your computer's operation, while others don't do anything but
- try to spread themselves around. But even the ones that just spread
- themselves are harmful, since they damage files and may cause other problems
- in the process of spreading.
-
- Note that viruses can't do any damage to hardware: they won't melt down your
- CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings
- about viruses that will physically destroy your computer are usually hoaxes,
- not legitimate virus warnings.
-
- 5. What is a Trojan horse program?
-
- A type of program that is often confused with viruses is a 'Trojan horse'
- program. This is not a virus, but simply a program (often harmful) that
- pretends to be something else.
-
- For example, you might download what you think is a new game; but when you
- run it, it deletes files on your hard drive. Or the third time you start
- the game, the program E-mails your saved passwords to another person.
-
- Note: simply downloading a file to your computer won't activate a virus or
- Trojan horse; you have to execute the code in the file to trigger it. This
- could mean running a program file, or opening a Word/Excel document in a
- program (such as Word or Excel) that can execute any macros in the document.
-
- 6. What's the story on viruses and E-mail?
-
- You can't get a virus just by reading a plain-text E-mail message or Usenet
- post. What you have to watch out for are encoded messages containing
- embedded executable code (i.e., JavaScript in an HTML message) or messages
- that include an executable file attachment (i.e., an encoded program file or
- a Word document containing macros).
-
- In order to activate a virus or Trojan horse program, your computer has to
- execute some type of code. This could be a program attached to an E-mail, a
- Word document you downloaded from the Internet, or something received on a
- floppy disk. There's no special hazard in files attached to Usenet posts or
- E-mail messages: they're no more dangerous than any other file.
-
- 7. What can I do to reduce the chance of getting viruses from E-mail?
-
- Treat any file attachments that might contain executable code as carefully
- as you would any other new files: save the attachment to disk and then check
- it with an up-to-date virus scanner before opening the file.
-
- If your E-mail or news software has the ability to automatically execute
- JavaScript, Word macros, or other executable code contained in or attached
- to a message, I strongly recommend that you disable this feature.
-
- My personal feeling is that if an executable file shows up unexpectedly
- attached to an E-mail, you should delete it unless you can positively
- verify what it is, who it came from, and why it was sent to you.
-
- The recent outbreak of the Melissa virus was a vivid demonstration of the
- need to be extremely careful when you receive E-mail with attached files or
- documents. Just because an E-mail appears to come from someone you trust,
- this does NOT mean the file is safe or that the supposed sender had anything
- to do with it.
-
- --------------------------------------------------------------------------
-
- Some general tips on avoiding virus infections:
-
- 1. Install anti-virus software from a well-known, reputable company,
- UPDATE it regularly, and USE it regularly.
-
- New viruses come out every single day; an a-v program that hasn't been
- updated for several months will not provide much protection against current
- viruses.
-
- 2. In addition to scanning for viruses on a regular basis, install an 'on
- access' scanner (included in most good a-v software packages) and configure
- it to start automatically each time you boot your system. This will protect
- your system by checking for viruses each time your computer accesses an
- executable file.
-
- 3. Virus scan any new programs or other files that may contain executable
- code before you run or open them, no matter where they come from. There
- have been cases of commercially distributed floppy disks and CD-ROMs
- spreading virus infections.
-
- 4. Anti-virus programs aren't very good at detecting Trojan horse
- programs, so be extremely careful about opening binary files and Word/Excel
- documents from unknown or 'dubious' sources. This includes posts in binary
- newsgroups, downloads from web/ftp sites that aren't well-known or don't
- have a good reputation, and executable files unexpectedly received as
- attachments to E-mail or during an on-line chat session.
-
- 5. If your E-mail or news software has the ability to automatically execute
- JavaScript, Word macros, or other executable code contained in or attached
- to a message, I strongly recommend that you disable this feature.
-
- 6. Be _extremely_ careful about accepting programs or other files during
- on-line chat sessions: this seems to be one of the more common means that
- people wind up with virus or Trojan horse problems. And if any other family
- members (especially younger ones) use the computer, make sure they know not
- to accept any files while using chat.
-
- 7. Do regular backups. Some viruses and Trojan horse programs will erase or
- corrupt files on your hard drive, and a recent backup may be the only way to
- recover your data.
-
- Ideally, you should back up your entire system on a regular basis. If this
- isn't practical, at least backup files that you can't afford to lose or that
- would be difficult to replace: documents, bookmark files, address books,
- important E-mail, etc.
-
- --------------------------------------------------------------------------
-
- Dealing with virus infections:
-
- First, keep in mind "Nick's First Law of Computer Virus Complaints":
-
- "Just because your computer is acting strangely or one of your programs
- doesn't work right, this does NOT mean that your computer has a virus."
-
- 1. If you haven't used a good, up-to-date anti-virus program on your
- computer, do that first. Many problems blamed on viruses are actually
- caused by software configuration errors or other problems that have nothing
- to do with a virus.
-
- 2. If you do get infected by a virus, follow the directions in your
- anti-virus program for cleaning it. If you have backup copies of the
- infected files, use those to restore the files. Check the files you restore
- to make sure your backups weren't infected.
-
- 3. For assistance, check the web site and support services for your
- anti-virus software.
-
- 4. The "[alt.comp.virus] FAQ Part 1/4" (see below) includes an excellent
- section on initial steps for dealing with a suspected virus infection.
-
- 5. For discussions about viruses and help dealing with them, visit
- <news:alt.comp.virus> or <news:comp.virus>; please check the newsgroup FAQs
- before posting. Keep in mind that posters in c.v and in a.c.v, like posters
- in any newsgroup, have a wide range of technical expertise and motivations.
-
- Note: in general, drastic measures such as formatting your hard drive or
- using FDISK should be avoided. They are frequently useless at cleaning a
- virus infection, and may do more harm than good unless you're very
- knowledgeable about the effects of the particular virus you're dealing with.
-
- --------------------------------------------------------------------------
-
- What is the best anti-virus software available?
-
- Posters in the alt.comp.virus newsgroup have been discussing that for years
- and still haven't reached a consensus. :-)
-
- The following web sites have sections with reviews of various a-v programs:
-
- <http://www.zdnet.com/pcmag/features/utilities98/antivirus/index.html>
- <http://www.uta.fi/laitokset/virus/>
- <http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm>
-
- --------------------------------------------------------------------------
-
- Sources of additional information:
-
- For more information, and advice on avoiding and dealing with virus
- infections, see the FAQs for <news:comp.virus> and <news:alt.comp.virus>:
-
- "VIRUS-L/comp.virus Frequently Asked Questions (FAQ)"
- "[alt.comp.virus] FAQ" (currently parts 1 to 4)
- "ALT.COMP.VIRUS MINI-FAQ - READ BEFORE POSTING"
- "Viruses and the Mac FAQ"
-
- You can find the FAQs in the above newsgroups, in <news:news.answers>, or
- in the Usenet FAQ archive at <http://www.faqs.org/faqs/computer-virus>.
-
- Another source of information is the data on the web sites of anti-virus
- software companies. You can find many anti-virus software companies listed
- in the Virus Protection section of the Yahoo directory, at
- <http://www.yahoo.com/Business_and_Economy/Companies/Computers/Software/System_Utilities/Utilities/Virus_Protection/>.
-
- Links to a variety of pages with virus-related information can be found in
- the Virus section of Yahoo, at
- <http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/Viruses/>.
-
- A useful site for Macintosh virus information is <http://www.macvirus.com/>.
-
- The newsgroups <news:comp.virus> and <news:alt.comp.virus> are available for
- information, assistance, and discussions of all aspects of computer viruses.
- Please check the FAQs before posting.
-
- For information about some of the virus hoaxes and bogus warnings that you
- may run into on-line, see my 'Scams and Hoaxes FAQ', available at
- <http://www.faqs.org/faqs/net-abuse-faq/scams/> or in the newsgroup
- <news:news.newusers.questions>.
-
-
- Note: this FAQ is updated occasionally. Copies posted to the new user
- newsgroups should be current, but if you found this FAQ somewhere else,
- please see <http://www.faqs.org/faqs/computer-virus/new-users> for the
- latest version.
-
- --
- Nick <mailto:tanstaafl@pobox.com>
-