VIRUSES
What is virus?
A virus is a piece of
programming code usually disguised as something else that causes some unexpected
and, for the victim, usually undesirable event and which is often designed so
that it is automatically spread to other computer users. Viruses can be
transmitted by sending them as attachments to an e-mail note, by downloading
infected programming from other sites, or be present on a diskette or CD. The
source of the e-mail note, downloaded file, or diskette you've received is often
unaware of the virus.
Firewalls
can't protect very well against things like viruses. . In general, a firewall
cannot protect against a data-driven attack--attacks in which something is
mailed or copied to an internal host where it is then executed.
Organizations that are deeply
concerned about viruses should implement organization-wide virus control
measures. Rather than trying to screen viruses out at the firewall, make sure
that every vulnerable desktop has virus scanning software that is run when the
machine is rebooted. Blanketing your network with virus scanning software will
protect against viruses that come in via floppy disks, modems, and Internet.
Trying to block viruses at the firewall will only protect against viruses from
the Internet--and the vast majority of viruses are caught via floppy disks.
There
are three main classes of viruses:
File
infectors:
Some file infector viruses attach themselves to program files, usually
selected .COM or .EXE files. Some can infect any program for which execution is
requested, including .SYS, .OVL, .PRG, and .MNU files. When the program is
loaded, the virus is loaded as well. Other file infector viruses arrive as
wholly-contained programs or scripts sent as an attachment to an e-mail note.
System
or boot-record infectors:
These
viruses infect executable code found in certain system areas on a disk. They
attach to the DOS boot
sector
on diskettes or the Master
Boot Record on hard disks. A typical scenario (familiar to the author) is to
receive a diskette from an innocent source that contains a boot disk virus. When
your operating system is running, files on the diskette can be read without
triggering the boot disk virus. However, if you leave the diskette in the drive,
and then turn the computer off or reload the operating system, the computer will
look first in your A drive, find the diskette with its boot disk virus, load it,
and make it temporarily impossible to use your hard disk. (Allow several days
for recovery.) This is why you should make sure you have a bootable
floppy.
Macro
viruses:
These are among the most common viruses, and they
tend to do the least damage. Macro viruses infect your Microsoft Word
application and typically insert unwanted words or phrases.
The best protection against a
virus is to know the origin of each program or file you load into your computer
or open from your e-mail program. Since this is difficult, you can buy anti-virus
software that can screen e-mail attachments and also check all of your files
periodically and remove any viruses that are found.
Nevertheless, an increasing
number of firewall vendors are offering ``virus detecting'' firewalls. They're
probably only useful for naive users exchanging Windows-on-Intel executable
programs and malicious-macro-capable application documents. There are many
firewall-based approaches for dealing with problems like the ``ILOVEYOU'' worm
and related attacks, but these are really oversimplified approaches that try to
limit the damage of something that is so stupid it never should have occurred in
the first place. Do not count on any protection from attackers with this
feature.
Definition | Importance | Types | Firewall Utility |Viruses | Limitation