| Chapter 4. Viruses | ||
|---|---|---|
|
 |
|
| Chapter 4. Viruses | ||
|---|---|---|
|
|
|
|
Abstract
Know what a virus is and what the effects of a virus might be.
A computer virus is a program that is deliberately created to cause annoyance or alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread.
Although viruses are not yet a serious problem for Linux based computers, this could change at any time. Everyday more and more viruses are created. Even though you may be using Linux, it is important to be well aware of the dangers and take the necessary precautions.
A Trojan (or Trojan horse) is a virus that hides itself inside another legitimate program. When the program is used, the virus is released and can begin its work of replication and annoyance or damage.
A Worm is a program that replicates itself over and over in the computer's memory until the computer can barely function. One of the signs of invasion by a worm is the slowness of computers.
A time bomb is a virus which lies dormant until a certain date or time or for a period of time. At this date or time, the virus suddenly becomes active and carries out whatever task it is programmed to do. This can include the deletion of everything on the hard drive.
A logic bomb is similar to a time bomb, except that instead of becoming active at a certain time, it becomes active when a particular activity happens. For example, instead of formatting a diskette, the virus causes the hard drive to be formatted.
Macro-viruses make use of a special customisation feature in applications called macros. Macros allow you to create mini-programs to carry out certain tasks in your applications.
Viruses are spread in a number of ways:
Downloads from the Internet.
Pirated software.
Exchange of diskettes.
In attachments to emails and in emails themselves.
In documents. Macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations.
Anti-virus software scans files for pieces of code, called signatures, which it recognises as part of a virus. A signature is a distinctive series of commands which are only found in the virus concerned. Scanning therefore involves analysing programming code in search of signatures embedded in legitimate programs.
Updating anti-virus software mostly involves updating the signatures file. This should be done on as frequent as basis as possible. This is even more the case when you receive files regularly from outside sources. The actual anti-virus program itself will be updated from time to time. These updates will include additional features and improved methods of scanning.
It is important to keep in mind that no anti-virus software is perfect. It is only as good as the techniques it uses for detecting viruses and the currency of the signature file. There is always the chance that a virus will go undetected. However, a good anti-virus system installed on your system is essential and will usually detect most viruses.
Updating the anti-viruses software and scanning the contents of a computer on a regular basis will provide you with a good measure of protection should your computer become infected. Good anti-virus software can also block viruses from entering the system.
There are a number of measures you can take to protect yourself from viruses:
Install good anti-virus software and update it on a regular basis, for example at least once a month but preferably once a week. But always remember, anti-virus software is not perfect. It cannot be the only measure you take.
Scan all diskettes before reading them.
Enable the auto-protection feature on the anti-virus software to scan emails.
Be wary of emails from unknown sources, particularly if they contain attachments. Some very careful users delete emails they are unsure of without opening them.
Use an Internet Service Provider that scans emails before delivery.
Do not download software from unknown Internet sites.
Be careful of using diskettes from unknown sources.
Do not install pirated software.
When a virus is detected, the software will attempt to remove the virus. This is called cleaning or disinfecting.
Disinfecting involves removing the code of the virus from the file it is attached to.
It sometimes happens that the system can detect the virus but not get rid of it. In this case, you will usually be given the option of deleting or quarantining the infected file. When a file is quarantined, it is made unusable and so unable to spread the virus. A future update of the software may be able to remove the virus. If it can the quarantine is removed.
|
|
 |
|
| Compressing Files |  |
Handling Viruses |