With Internet access being easily available on and off-campus, faculty, staff, and students have come to rely on the Internet for teaching, learning, research, and administrative use. Data and information is commonly sent over the Internet in the form of text, video, audio, or graphics. Loss of this data (e.g., a book report, grant proposal, budget information, course materials, etc.) can have dire consequences. As a result, good security habits are essential to maintain data integrity and protect against data loss. One of vexing problems that has been a perpetual thorn in the side of Information Technology professionals and users of personal computers has been Computer Viruses. Viruses have the potential to cause massive damage to data in a heartbeat. Losses in the millions of dollars have been reported when a new virus is discovered that wreaks havoc on email, data files, and applications, and bogs down servers to make them inaccessible to users. This article will explore issues related to computer viruses by introducing readers to information about viruses, the damage they can cause, sources of infection, and how anti-virus programs can be effective provided they are properly selected and implemented. Features of such programs that can be effective weapons against detecting and eliminating viruses will also be explored. In an effort to provide a safe computing environment to faculty, staff, and students at University of Maryland, the Office of Information Technology has been proactive in combating threats from computer viruses. It is important to remember though, no matter how sophisticated the technology, user behavior plays an important part in maintaining secure online behavior when it comes to dealing with computer viruses.

Computer Viruses

Computer viruses are programs or instructions that are written to intentionally cause damage when executed. Basically, all software is made up of lines of code, which are instructions that tell the program what to do when the software is run. For example, the Windows operating system has millions of lines of code to handle user interface, interaction with system components, and support for user application programs such as Word and Excel. Now imagine if someone tampers with this code and makes the program do something that it wasn’t written to do… such as deleting files from the hard disk without informing the user, altering data in a file, sending nasty email messages to every person in the user’s address book, etc. As you can imagine, this type of behavior can cause severe problems for users. Years ago, viruses usually started out as pranks by programmers who were learning a programming language or just wanted to have some "fun." Unfortunately, programmers realized the power of writing such viruses to promote one’s cause or to intentionally cause malicious damage to systems, or in some cases their virus experiments simply got out of hand and caused more severe damage than what was intended. In any case, many virus writers have been prosecuted because of the damage they have caused to computer systems and networks.

There are different types of computer viruses. You may come across terms such as program viruses, boot sector viruses, stealth viruses, logic bombs, Trojan horse programs, polymorphic viruses, multipartite viruses, macro viruses, etc. In general, all these viruses have a purpose – some may appear to be harmless since they just display humorous messages or perform other innocuous behavior; other viruses may leave data intact but send email without the user knowing about it; or the more dangerous ones may corrupt data and system files thus crashing the users’ computer and propagating similar damage to other connected computers on the network. Since providing details of all of the types of viruses would be beyond the scope of this article, only the main types of viruses will be mentioned. Boot sector viruses cause damage to the startup sequence in a computer; Application Software viruses modify program files to change the behavior of an application such as a word processing program; Stealth viruses change their identification pattern to avoid detection by anti-virus programs; and the most prevalent of all recently has been the Macro virus which carries out program commands within applications such as Word, Excel, and Outlook, and in addition modifies the startup file of these applications so the macro is always run to cause further damage to new files. The other type of virus that has been in the news is the email virus (e.g., ‘I Love You,’ ‘Melissa,’ and ‘Anna Kournikova’ viruses). This type of virus arrives in email attachments and multiplies by sending messages to all entries in the users’ address book. The ease with which viruses can be written is mind-boggling. No longer does one need to have programming knowledge to write a virus. There are actually virus construction kits freely available for download on the Internet that will provide anyone "cookbook" instructions to use existing viruses or develop an entire new strain of viruses. A scary thought in today’s connected world that relies so much on the need to exchange data and information globally!

Viruses can spread from the Internet (such as when downloading email messages with attachments), from removable media (such as floppy and zip drives), or there have even been cases when shrink-wrapped programs have been infected at the software manufacturers facility and shipped to users who purchased the software! For these reasons, users should always remain vigilant. Although virus threats are serious, there have been many virus hoaxes. In case of virus hoaxes, the viruses don’t really exist but stories of potential damage that these mysterious viruses can do may be as damaging as the virus itself since it causes panic and lost productivity. For users, it becomes very difficult to determine when to believe that a virus may cause real damage or when is it just a hoax. Good security practice would be to regularly check major anti-virus program vendor web sites and monitor news bulletins (that a user can subscribe to) for getting up-to-the-minute news if any major viruses are discovered.

Prevention and Detection

Probably one of the most important software for today’s computers is the anti-virus program. There are many vendors of anti-virus software. Some of these programs are free; others are shareware, but the better ones are commercial programs that can be purchased as a single user version that runs on each desktop or laptop computer or as a network-based package that runs on a server and monitors files being transferred on the network. The Office of Information Technology has made available commercial anti-virus programs (McAfee & Virex) to faculty, staff, and students. Details on obtaining these programs on media at minimal cost are available from http://www.oit.umd.edu/slic. These programs can also be downloaded at no charge from http://www.helpdesk.umd.edu/virus/software.shtml

Another important issue to remember is that anti-virus programs should not be considered "install-and-forget" type programs. All anti-virus programs have data files that contain information on previously discovered virus patterns and signatures so they can be recognized and deleted on detection, but to detect new viruses, the anti-virus programs need to be updated regularly by refreshing data files, so they have information on catching any new viruses. OIT provides a Virus Notification Program (http://www.helpdesk.umd.edu/virus/infosites.shtml) that has information on Virus Alerts, Hoaxes, Information Resources, Encyclopedias, and Calendars, as well as an Email service that keeps users informed about new viruses.

When a user installs an anti-virus program for the first time, it offers many configuration options that must be selected carefully since the efficacy of software depends on proper implementation. Examples of some of these features are: option for starting anti-virus program on system startup, scanning different types of files according to file extensions, automatically scanning files when run or downloaded, and scanning all files each time on system startup (for users who may prefer to be extra cautious). For Internet specific protection, the program can be configured to scan all files received over the Internet, or files received from certain domains (such as all .edu addresses). Browser protection can also be enabled to scan files stored by the web browser in cache memory on disk. The type of option to select will depend on the comfort level and experience of the user in handling infected files. For novice users, selecting the default options offered by the anti-virus program during installation is the best course of action. Most anti-virus programs on installation also offer users an opportunity to create a startup disk that contains system files, which can be used to boot up a computer in case it fails to start from the hard drive. It is important that once the startup disk has been created, it be write-protected so no virus files can infect this disk. In most programs, a log of all activities performed by the anti-virus program is created, and this log should be reviewed periodically by the user to look for suspicious activities by programs or files. OIT provides detailed information on configuring and keeping the anti-virus programs updated (either manually or automatically). This information is located at http://www.helpdesk.umd.edu/virus/software.shtml

Although the behavioral aspect of dealing with viruses is important, implementing basic precautions for securing applications and operating systems is also essential. Some programs and operating systems are more vulnerable than others; therefore, proper configuration is a must. Additional information on making sure common Internet applications and your own computing behavior do not expose you to certain viruses can be found at http://www.helpdesk.umd.edu/virus/other.shtml. When the anti-virus program encounters a suspicious file, it deals with the file based on options specified during initial installation of the program. The program may ask the user what to do with the infected file; automatically deny access to the file; repair, delete, or quarantine the file; shut down the computer; or sound an alarm to alert the user. Some programs now even have smart technology built in to the program that tries to predict unknown viruses based on certain heuristics (rules of thumb based on previous pattern found in viruses). But in this cat-and-mouse game, the virus writers are aware of such technologies and are writing viruses that are compressed and/or encrypted to avoid smart technology detection.

Recovery

Picture a scenario in which it is Monday morning and you have turned ON your computer at home or at the university, and a message appears on the screen saying "MyFinalReport.XLS FILE IS INFECTED!" What should you do? (You did remember to backup your data, didn’t you?) First, don’t panic. It is important to determine the amount of damage before taking drastic actions. The best course of action is to turn the computer OFF and boot from the anti-virus startup disk mentioned above. The startup disk will run a scan on all files and prompt the user for action when infected files are found. Once the infected files are cleaned, the system can be re-started. To restore data after this process, it is important to maintain a disaster recovery plan. Regular backups should be implemented. Periodic checkup of system files using another boot disk that does a comprehensive system scan, is also highly recommended.

Good security habits

With viruses being written even as you read this article, users should remain vigilant of any new developments and monitor the OIT virus information web site and subscribe to the Virus Notification Program for updates regarding installation of anti-virus software patches and updates to virus data files. Viruses today are not only being written for desktop and laptop systems but are also targeting mobile devices such as Personal Digital Assistants (PDAs), and web-enabled cell phones. Any Internet accessible device is, therefore, vulnerable to virus infection. User education and due diligence in protecting your system remain the best way to maintain a healthy computing environment that protects against viruses. Because of the nature of viruses, no system can be considered to be 100% protected, but taking adequate precautions, such as monitoring OIT virus notification pages, implementing regular backups, maintaining good policies of updating anti-virus files, scanning all files on the system, running a anti-virus program in the background at all times the computer is ON, limiting physical access to your computer from unauthorized users, etc., will go a long way in keeping viruses from infecting your computer.

Open a New Window to Rate This Article