Protecting Your Computers from Viruses
This document has two major sections: 1) What is a virus? 2) Where
can I get more information about viruses? This document is not
intended to provide comprehensive information about viruses, but
instead to point you in the direction of the many excellent virus
resources available on the Internet. A third major section, "What
is a Word macro virus?" addresses in more depth a family of viruses
that can infect Microsoft Word files.
What is a virus?
(Credit to the alt.comp.virus FAQ, maintained by David Harley at
http://www.bocklabs.wisc.edu/~janda/acv_faq.html)
A (computer) virus is a program (a block of executable code) which
attaches itself to, overwrites or otherwise replaces another program
in order to reproduce itself without the knowledge of the PC user.
Most viruses are comparatively harmless, and may be present for years
with no noticeable effect: some, however, may cause random damage to
data files (sometimes insidiously, over a long period) or attempt to
destroy files and disks. Others cause unintended damage. Even benign
viruses (apparently non-destructive viruses) cause significant damage
by occupying disk space and/or main memory, by using up CPU processing
time, and by the time and expense wasted in detecting and removing
them.
A Trojan Horse is a program intended to perform some covert and
usually malicious act which the victim did not expect or want. It
differs from a destructive virus in that it doesn't reproduce, (though
this distinction is by no means universally accepted).
A dropper is a program which installs a virus or Trojan, often
covertly.
A worm is a program which spreads (usually) over network connections.
Unlike a virus, it does not attach itself to a host program. In
practice, worms are not normally associated with personal computer
systems. There is an excellent and considerably longer definition in
the Mk. 2 version of the Virus-L FAQ.
Where can I get more information about viruses?
There is tons of very detailed information about viruses available
online. The best two sources of concise detailed information about
viruses are the FAQs from the USENET newsgroups virus-l/comp.virus and
alt.comp.virus.
There are many more sources of virus information on the Web. The
Computer Virus Myth Page exists solely to debunk the massive amount of
misinformation about viruses that infects the Internet.
For more links to sources virus information, try the Yahoo directory.
What is a Word macro virus?
The Word macro family of viruses use the WordBasic macro language to
infect and replicate in and among MS Word documents and templates.
Most notably, this new family of viruses is platform independent -
they will infect documents and templates on DOS, Macintosh, Windows
3.x, Windows 95 and Windows NT operating systems.
These viruses use several of the features of the MS Word "environment"
to auto-execute viral macro code. Once an infected document is opened
and the virus launched, generally, the virus will infect the user's
NORMAL.DOT template. This template is the basis for the majority of
other documents and templates and is globally available to all other
MS Word templates on the system. Once entrenched in the NORMAL.DOT
file, the virus will spread to all other documents and templates as
they are opened. Note that, by default, the NORMAL.DOT template is the
first document opened when you launch MS Word without specifying a
different document on the command line. This will immediately put the
virus in control every time you launch MS Word.
Word Macro viruses force documents to be saved as MS Word templates,
despite what the name or extension of the document file might be
recorded as. Forcing documents to be saved as templates is used as a
means of propagation as macros are not saved in standard .DOC files.
Only templates can contain any actual macro code and therefore be used
as a carrier.
The most reliable way to prevent infection is to check all incoming
Word documents (especially e-mail attachments) for the presence of the
virus. Most commercial anti-virus products will detect and repair Word
macro viruses; we recommend Norton Anti-Virus from Symantec
(http://www.symanetc.com/). However, you must be sure to regularly
update your virus definition file: Symantec releases a new update
every month on its Web site.
In the case of e-mail attachments, save them to your hard drive, and
then check them before opening/launching. Please note users that have
MIME-compliant e-mailers (e.g., Eudora) and web browsers (e.g.,
Netscape and Internet Explorer) configured to recognize Word documents
and automatically start Word may allow this virus to be introduced
into their systems via e-mail or a World Wide Web page. It is
recommended users use this "auto-launch" capability with extreme
caution, if at all.
There are steps you can take to minimize damage if you accidentally
open an infected file. First, you can turn off the auto-execute macros
in Word that are used to spread this and similar viruses by holding
down the "Shift" key while opening a document or template. Please note
this does not work in all cases.
Another preventative step is to activate the "Prompt to Save
NORMAL.DOT" option, accessible from the menu bar via
Tools->Options...->Save. If this option is on, any changes to the
contents of the global macro pool will generate a prompt before
changes are written to disk.
Should I Use Virus Protection Software?
Yes! Every computer in your organization should have up-to-date virus
protection software that is regularly updated with new virus
definitions. At ONE/Northwest we use Norton AntiVirus, one of the
market-leading antivirus products. One of the best features of Norton
AntiVirus is the fact that it can automatically update itself over the
Web, with little need for regular huan intervention. And Symantec,
the makers of Norton AntiVirus, have an excellent product donation
program.
For more information
Symantec Product Donation Information
http://www.onenw.org/toolkit/donation.html
The Virus Myths Home Page
http://www.kumite.com/myths/
Yahoo's Listing of Virus Resources
http://www.yahoo.com/Computers_and_Internet/
Security_and_Encryption/Viruses/
Symantec Anti-Virus Research Center
http://www.symantec.com/avcenter/
03/09/99
ONE/Northwest: Online Networking for the Environment
1601 2nd Avenue Suite 605
Seattle, WA 98101
206.448.1008 fax 206.448.7222
[log in to unmask] http://www.onenw.org/
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|