Viruses and Virus Checkers

COMP1260 > Application Software

Introduction The term “virus” is known to anyone who uses a computer. Most of the time we hear about viruses when the media warns us about the latest versions, or when a product advertises which ones it protects from. Some of you may not know what a virus is. It is important to know exactly what can be classified as a computer virus. It is also important to know how an anti-virus can be able to help in the discovery, identification and removal of viruses. (CHAD'S COMMENT: I'd suggest disguising viruses from other forms of malware. People often mistake adware, spyware, etc. as a virus.)   Contents 1 Introduction 2 ...by students 3 The Virus 3.1 What is a Virus? 3.2 How Are Viruses Transferred? 3.3 Types of Viruses 4 Virus Checkers 4.1 Finding a Virus 4.2 Removing a Virus 4.3 Virus Protection 5 Further Reading 6 References 7 External Links & Sources

...by students A Viral Encounter... An individual, John, was asked by his sister to check out her friend's computer. The issue was that it ran exceedingly slow and random pop-ups were appearing when the computer was running. John agreed to look at the computer. What he discovered was that a multitude of viruses had infected the computer and were causing all the problems. What was strange about this story was that there were several anti-virus programs installed on the computer. After a quick glance, he had discovered that none of these programs had up-to-date virus definitions, so they were not able to identify certain infected files. John uninstalled all of the anti-virus programs and installed a single program to deal with the matter (an anti-virus with free updates). The problem was soon taken care of and the computer wasn't bogged down anymore.

The Virus

What is a Virus?

A virus is defined as a program that has the ability to make copies of itself onto a system without the knowledge or permission of a user. When it gets onto a system, it can cause all sorts of problems such as deleting important files or making the entire system run at a much slower speed. The reason these programs are called "viruses” is simply because they share some traits with their biological counterparts. One of these traits is the virus' ability to transfer from host to host, or in the case of computer viruses, from system to system.

How Are Viruses Transferred?

The transfer of a virus is normally done without the user's knowledge. The transfer process is exactly the same way that viruses are spread in real life. For example, the common cold virus can be transferred through sharing drinking glasses, sneezing on others, shaking unwashed hands, etc. The person getting infected doesn’t know that they have the virus until it starts making itself apparent (they start showing cold symptoms). A computer virus is spread the exact same way. Instead of a physical means of spreading, it is transferred digitally using computer files.

Virus files are often disguised as everyday files that the user would not immediately recognize as a virus. One of the most common ways of that viruses are passed is through e-mails. Virus files are commonly sent as attachments on e-mail messages^[1], simply waiting for a unsuspecting user to open them. Some other common transfer methods are image files, movie files, system files, and anything that doesn’t immediately draw attention from the user.

Types of Viruses

Just like how viruses are spread in different ways, the way that they can infect a system also varies. Some common types of viruses are:

• File Virus: Infects a particular application's files (eg. MS Word and it's associated file)
• Macro Virus: Written using a Microsoft scripting language and infect documents and spreadsheets.
• Boot Sector Virus: Infects the boot sector section of a hard drive.
• Polymorphic Virus: Changes it's code every time it is passed on to a new system thus making it difficult for virus scanners to locate.
• Multipartie Virus: Infects multiple targets. A combination of a File Virus and a Boot sector virus.

Virus Checkers

There are are dozens of different anti-virus (Virus Checker) programs that are available. (CHAD'S COMMENT: What are some examples? Are free ones as good as paid ones?) The ultimate goal of these programs can be simplified into three main tasks:

• Discovery and identification of any apparent viruses
• Safe and total removal of any infected files
• Provide real-time protection to prevent future viral infection

Finding a Virus

At best, 99 percent of all viruses can be identified on a system^[2]. In order for the checker to find a virus, firstly it must have an up-to-date database of all known viruses. This database is what is known as a virus definition database. It needs to be in the database in order to exactly identify a file as viral in nature. There are different ways that the checker will look for viruses:

• Search through all of a computer's files to determine if any of them are classified as a virus. It goes through each one and does a series of comparisons. Each file on a computer is made up of computer code. The checker reads the code of each file and then checks to see if any of it matches viral code that is referenced in the virus definition database.
• Observe any behavior that looks suspicious. Many viruses do things that is common among other viruses. What the checker can do is check to see if there are any programs that are acting strangely. Viral behavior includes writing to the system registry, overwriting other program files, etc. From here, it then alerts the user that something strange is going on and they can decide on what the best course of action would be.
• Run an emulation test and observe its behavior. The checker can pretend to run the file and see if it proceeds to act like a virus. There is no harm being done to the system since the whole file is not being executed, only a small portion of it is.

Removing a Virus

After the file(s) have been identified as viral in nature, the removal process can now begin. This process is sometimes as simple deleting the infected files from the hard drive.

Virus Protection

Most anti-virus software provides real-time protection from any new viruses that are trying to gain access to the system. Referred to as heuristics, the software is constantly checking the system for anything that may look like a virus. It checks any currently running processes for suspicious behavior and also any new files that are created on the system. Many anti-virus programs also provide the ability to pre-scan any e-mail messages received.

Further Reading

Virus Hoaxes & Realities: http://www.snopes.com/computer/virus/virus.asp
Choosing the Right Anti-virus: http://antivirus.about.com/cs/softwarereviews/a/av2003pix_2.htm

References

1. ↑ http://pcworld.about.com/news/Oct132000id31002.htm
2. ↑ http://www.virus.gr/portal/en/content/2008-06%2C-1-21-june

External Links & Sources

How Stuff Works: Viruses
Wikipedia Entry: Computer Virus

Previous Page: Software at the U of M

Next Page: Installing and Uninstalling