At the end of 1995, Christopher Pile who operated
under the pseudonym of the Black Baron, was jailed for eighteen months. His crime: writing
SMEG, a polymorph virus. Dr Alan Solomon, who at that time, ran S&S International, a
leading antivirus software manufacturer, said "Pile got nothing out of the viruses he
wrote except eighteen months in prison. The verdict is clear. There is no benefit and much
risk to playing with fire. I hope this deters others." Nice idea, but experience
suggests that there will always be someone who thinks that they will get away with it and
the risk is worth taking.
So, where does this leave the computer user? Christopher Pile may be incarcerated, but his viruses are busy replicating all over the place. Or so some would have us believe. The problem with viruses is that they pose a real threat, yet if we take that threat so seriously that we introduce draconian measures to prevent their spread, we will get nothing done. Virus: 1.Users: 0
Put simply, a virus is a computer program. A simple program. Like its micro-organism namesakes, it is essentially small. Consisting of mostly only a few lines of code, it attaches itself to other files and hides. Until recently, viruses mostly attached themselves to executable files. This was until some bright spark realised that WORD macros are written using a version of VISUAL BASIC, a computer programming language. This means that they are mini executable files. Therefore any WORD file is now able to transmit macro viruses.
If you look in File Manager at the files on your system, any file with the extension DOC, EXE, BAT, SYS or COM is able to carry viruses. Depressed? You ought to be because there are dozens of these files littered all over your system. To make matters worse, viruses can hide in memory and in the boot sector of a disk - in other words, they don't necessarily need a file at all.
What a virus does is copy itself into a program by cloning. Then it multiplies, seeking out new host files. Some viruses do no more than that, increasing the file size and wasting disk space. Some are much worse. They can cause damage to data - possibly self-destructing once the damage is done. Frequently though, it is the FAT that they damage rather than the data itself.
FAT: An acronym for File Allocation Table. Look on the FAT as an electronic road-map. Your computer litters files all over the disk, wherever it happens to be convenient. Sometimes it leaves only part of the file - the rest is in some other convenient slot on the disk. This is fine, the FAT tells the machine where to find it. Until, that is, some sodding virus trashes the FAT and the machine promptly contracts the electronic version of dyslexia.
The other problem with viruses is that they are relatively simple to write. Which is odd, because virus writers think they are dead clever. Anyone who owns a computer can write a virus and transmit it through floppy disks, the internet, local networks, wide area networks - depressed yet?
Once it infects a system, a virus can reproduce in microseconds causing damage in systems all over the world - which can make tracing the writers extremely difficult. Poor old Chris Pile was unlucky.
Many viruses cause little damage, producing silly messages or taking up disk space - Stoned, for example, displays a message saying "Your computer is stoned." Very funny, I'm sure. Others are more malignant, spreading through a network trashing data or altering it as they go.
Viruses may attach themselves to other programs and hide - sometimes embarrassingly in the shrink-wrapped products of the software giants. This is a problem because all computer systems consist of executable files and are therefore vulnerable. One of the favourite places to contract viruses is through games; particularly those downloaded from internet bulletin boards. Occasionally they attach themselves to electronic mail messages as an executable.
There is another problem. They don't always activate immediately. Some remain dormant until a particular date when they trigger. Michelangelo activates on the 6 of March (Michelangelo's birthday). Casino is another. It waits until January 15, April 15 or August 15. Then it presents you with a fruit machine display inviting you to gamble with your precious data. Don't bother, it's already a lost cause.
There are several virus types that can
infect computers. These are:
Boot Sector
Viruses.
The boot sector of a disk is that area where code is written to enable the computer to understand what's on it. Boot sector viruses overwrite this code and confuse the computer. They then move the original code to another sector on the disk and mark it as a bad sector so the computer will be unable to use it. The problem here, is that the boot sector is the first thing the computer reads when it boots up or reads a new disk. So what happens is that the virus is now in control of your machine - and you thought you were. This virus is carried by infected floppy disks. The counter measure here is to have all disks virus checked before using them.
Polymorphs.These little beggars change their form every time they infect a machine. They are extremely good at hiding from antivirus software by encrypting themselves. They use different encryption every time they infect a new machine. SMEG, named after the Red Dwarf TV series, is an example of this virus. It is important that antivirus software is regularly updated to keep pace with the constantly changing virus codes.
Stealth viruses.These viruses attempt to hide from both the antivirus software and the operating system they are infecting. They do this by hiding in the memory. Once there, they can intercept all memory accesses and disguise the damage they're doing.
File infecting viruses.These infect files wouldn't you know. Sometimes they are memory resident like the stealth viruses but usually they infect executable files. They are usually detected because they increase the file's size. Sometimes they create another file and rename all the files with a COM extension with EXE. The new COM file will be read by MS DOS first because DOS reads COMs before EXEs - that's the way it works. This is good for the virus because it can get in there first and trash the joint before some spoilsport detects it.
MultiPartite.These are viruses that infect boot sectors and the executable files. In fact they are probably the nastiest virus you can encounter because they combine all or some of the above species. Just when things were looking bad, the multipartite comes along and makes things worse.
What Can We Do?Well, the bad news is bad, but not disastrous. Most companies that use computer systems rely heavily on the data they contain but fail to use efficient security systems. It is true that floppy disks are an infection threat. That your network is currently virus free suggests either problem is not as bad as the pessimists among us would argue, or that the security system is working efficiently - possibly both.
Norton Antivirus will run in the background on the network - as do other offerings from the Antivirus brigade. These constantly scan for virus activity and will soon let you know if a disk is infected. However, despite system securities like this, the constant exchange of data leaves us potentially wide open should an infection occur.
If you contract a virus the important thing to remember is don't panic. If your machine is a stand-alone, close everything down and seek help from technical support. If the machine is connected to a network, close everything down and tell the custodian of the network, so they can seek help. Although, probably, they will know pretty quickly anyway.
Prevention is always better than cure. The first rule of computing is to backup your data. The second is to backup your backups. This may seem paranoid, but the day you catch a cold you'll be glad you did - or raving because you didn't.
Probably the best method for dealing with viruses is the sheep-dip. This
is a stand-alone machine loaded to the gills with antivirus software. The system works
like this: All disks are scanned using the sheep-dip before they are allowed in any
machine connected to the network. This machine is kept and monitored by the network
custodian. I would suggest that disks intended for the system are dipped and stamped by
the custodian. If a disk is not stamped, then it is illegal and cannot be used on the
system. For such a measure to work efficiently, all users must be educated in using the
sheep-dip and if necessary, failure to use it should be a disciplinary issue. If this
seems harsh, ask yourself how much value you place on the data stored on the network. 
Once people get used to it, this system works well. British Telecom have used it successfully for several years. On the occasions it has fallen down, it is because people failed to dip their disks. The upshot is that we can get back to working at home and bringing our data in and storing it without compromising the network.
Norton do a free virus scanner for download at:The Symantec Website
İMark Ellott. March 1996