How to Protect Against Computer Viruses
By Shawn Connally and Bruce Stewart
April 27, 1999 4:00 PM PT

Some are as benign as the common cold, and others can be as deadly to your hard drive as something from the movie Outbreak. We're talking computer viruses, and with more than 17,000 known strains, the chances that your computer will contract one at some point are pretty good.

Take into account that only about 40 percent of PC owners use antivirus software, and that viruses can spread to your system easily from the Internet, bulletin boards, or e-mail attachments, and we're talking epidemic. Luckily, though, there are some powerful preventative measures and some equally effective antidotes once you've contracted a bug. A computer virus is a piece of software that has been written to surreptitiously enter your computer system and "infect" your files. Some viruses are benign and won't harm your system, while others are destructive and can damage or destroy your data.

Typically a computer virus will replicate itself and try to infect as many files and systems as possible. If your system is infected, when you save a file to a disk you will probably infect the disk, and in turn whoever uses that disk will infect their system. As you can see, it's a vicious cycle, not unlike the viruses that plague us humans.

New computer viruses are being written all the time, and it's important to understand how your system can be exposed to them, and what you can do to protect your computer. Computer viruses are categorized into four main types: boot sector, file or program, macro, and multipartite viruses.

Boot sector viruses are usually transmitted when an infected floppy disk is left in the drive and the system is rebooted. The virus is read from the infected boot sector of the floppy disk and written to the master boot record of the system's hard drive. The master boot sector is the first place your system reads from when booting up from the hard drive. Then, whenever the computer is booted up, the virus will be loaded into the system's memory.

Program or file viruses are pieces of viral code that attach themselves to executable programs. Once the infected program is run, the virus is transferred to your system's memory and may replicate itself further.

Macro viruses are currently the most commonly found viruses. They infect files run by applications that use macro languages, like Microsoft Word or Excel. The virus looks like a macro in the file, and when the file is opened, the virus can execute commands understood by the application's macro language.

Multipartite viruses have characteristics of both boot sector viruses and file viruses. They may start out in the boot sector and spread to applications, or vice versa. Viruses can be written into almost any type of file, so it's important to be aware of this when you add software to your system. There are known instances of viruses being accidentally included in licensed, shrink-wrapped software, but generally you are safe when installing legally purchased software that you've obtained through normal channels.

The two main ways viruses enter your system are through files added to your system from floppy disks (or other removable media like Zip disks) and from downloading from the Internet or private bulletin boards. You can also get a virus through an e-mail attachment, but not from a plain text email message alone.

A common myth regarding viruses is that they can only be passed into your system through executable program files, or files that are actually programs, not just data. You'd also think, then, that infection couldn't take place unless the program holding the virus is launched. With the advent of "macro" viruses, though, this distinction is getting blurred. Macro viruses can exist inside any document whose application uses a macro language, such as the "Concept" virus passed in Microsoft Word documents. In this case, a user can have a clean version of Microsoft Word and simply open an infected Word document, which will then infect the application. Some common symptoms that could indicate your system's been infected are:

There are several programs (called virus protection software, anti-virus software, or virus checks) that will check your system for known viruses, scan incoming files, and warn you before any infected files are let in. An important fact about these programs is that they are only as good as their database of known viruses. Since new and different viruses are being introduced all the time, anti-virus databases need to be updated often.

ICSA certifies virus protection software and maintains a list of approved software.This is a good site to check regularly, as the organization monitors the progress of computer viruses and offers a wealth of virus information.

If you have a system that is not currently running virus protection software, the first thing you should do is install one of these programs and have it scan your hard drive. It will identify any files that have been infected by any virus it recognizes and offer you the option to repair the file if it can. In some cases infected files can be "cleaned" by your virus protection software; in others, the files will have to be discarded.

Once you have determined that all the files in your system are virus-free, this would be a good time to do a complete backup of your system. If you get infected in the future, you will really appreciate having clean copies of your files.

Another method you can use to detect viruses is to monitor the byte size of the programs installed on your hard drive, particularly .exe and .com files. If you notice any unexplained change in file sizes, this is a good indication that your system has become infected. This can be a difficult and tedious method of checking your system, however, and installing antivirus software is a better alternative. Once you've scanned your system for viruses and determined it to be clean, it's a good idea to put in place procedures to protect your system. The number one thing to do -- be careful whenever you're installing software or downloading files.

Most anti-virus software can be set to scan all floppy disks inserted in your system and to scan files that are downloaded to your system, including email attachments. We highly recommended that you set up your software to do this. This is the most important thing you can do to protect your system. It's also extremely important to keep your antivirus software current, and you should check regularly with your chosen vendor for updates to their product. This can often be done at the vendor's Web site. If you have installed virus protection software and it has detected a virus in your system, first try to get the software to "clean" or "disinfect" the files. If this doesn't work, you'll most likely have to delete these files from your system.

In extreme cases, it may be necessary to reformat your hard drive, destroying all of the data on it. Then you'll have to reinstall your software and data, assuming you have the original software disks and clean backups of your files. In this case, it's a good idea to install your virus protection software first on the empty hard drive, so that the integrity of your backup files and original software can be verified.

You might also want to contact all the people that you've recently (or at any time) exchanged information with -- via floppy disks, e-mail attachments, Zip disks -- and let them know your system's been infected and theirs may be infected as well. You'd want to advise them to check their system for the appropriate virus or symptoms.

Funny how these computer viruses mimic human life, huh? Be safe.