A computer virus is a program that is able to copy itself when it is run. Very often, computer viruses are run as a part of other programs. Biological viruses also work that way, as they copy themselves as part of other organisms. This is how the computer virus got its name.
Very often, the term is also used for other kinds of malware, such as trojan horses and worms. Even though this is wrong, it may be difficult to tell the difference between different kinds of malware; they often occur together, and only an expert may be able to tell them apart. Such programs also fit more than one category.
Computer viruses are created for a cause, sometimes they are created to spread political messages and they are also created to hack some system files.
Computer viruses are spread through many ways. Some of the types of spreading are: email, removable hardware, downloading and so on.
Kinds of computer viruses
There are different kinds of computer viruses:
- Probably the most common form is the Macro-virus or script virus. Such viruses are programmed with the script function which is present in many text processing systems and spreadsheets; or with general "script" functionality of a program
- Boot sector viruses infect the boot sector of floppy disks, hard drives and other media.
- Executable files and scripts of the operating system; including those that are run automatically when a medium is inserted into a drive
- Cross-site scripting: Scripts in web pages that replicate to other webpages.
- Any computer file; generally buffer overflows, format strings, and race conditions are exploitable.
Operations and functions
A viable computer virus must contain a search routine, which locates new files or new disks which are worthwhile targets for infection. Secondly, every computer virus must contain a routine to copy itself into the program which the search routine locates. The three main virus parts are:
Infection mechanism (also called 'infection vector'), is how the virus spreads or propagates. A virus typically has a search routine, which locates new files or new disks for infection.
The trigger, which is also known as logic bomb, is the compiled version that could be activated any time an executable file with the virus is run that determines the event or condition for the malicious "payload" to be activated or delivered such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit, or a double-click that opens a particular file.
The "payload" is the actual body or data that perform the actual malicious purpose of the virus. Payload activity might be noticeable (e.g., because it causes the system to slow down or "freeze"), as most of the time the "payload" itself is the harmful activity, or some times non-destructive but distributive, which is called Virus hoax.
Virus phases is the life cycle of the computer virus, described by using an analogy to biology. This life cycle can be divided into four phases:
The virus program is idle during this stage. The virus program has managed to access the target user's computer or software, but during this stage, the virus does not take any action. The virus will eventually be activated by the "trigger" which states which event will execute the virus, such as a date, the presence of another program or file, the capacity of the disk exceeding some limit or the user taking a certain action (e.g., double-clicking on a certain icon, opening an e-mail, etc.). Not all viruses have this stage.
The virus starts propagating, that is multiplying and replicating itself. The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often "morph" or change to evade detection by IT professionals and anti-virus software. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
A dormant virus moves into this phase when it is activated, and will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.
This is the actual work of the virus, where the "payload" will be released. It can be destructive such as deleting files on disk, crashing the system, or corrupting files or relatively harmless such as popping up humorous or political messages on screen.
Limited user rights can limit the spread of a virus
In the beginning, the operating systems used on Personal Computers did not have the concept of access control. There were no "users", everyone could do everything. More modern operating systems have the concept of access control. There can be more than one user, and there are "privileges". Certain users are only able to read certain files, and they may have no access to certain files. Other users are able to modify or delete certain files. These privileges can be specified for each file.
The damage a virus can cause is influenced by the rights it has; if the user has no rights to write to certain places in the system, the virus will not be able to spread.
Another problem is that sometimes the system for rights management may be available, but that it is not used by default. This is the case with systems such as Windows NT or Windows XP, where by default all users have all rights.
Antivirus software can protect against known viruses. Some antivirus software scan files and compare a hash code for each file with its database of hash codes. If the code matches, it has likely found a virus. This way of doing things has some problems. It will only protect against viruses whose hash code (or "signature") is known. The companies who wrote the antivirus need to keep the virus signatures up to date and need to give this information to the PC that is to be protected.
There are two possible modes of scanning: Either the file is scanned "on demand" (or "manually"), or it is scanned when the system registers an access to the file (commonly called "on access")
Antivirus software cannot offer full protection, even in the case the virus is known. Some viruses use something called polymorphic code to change their signature every time they move. No matter how many signatures the company has, they will not be able to stop these types of viruses.
Another way that antivirus software can protect against viruses is to use heuristics. Instead of knowing each virus by its signature, heuristic antivirus software looks at the behavior of software. If the software does something that seems bad, the antivirus software stops it. Since every step needs to be watched, this is a very slow way to do things.
The best protection against viruses can be obtained by using a system that boots off a read-only medium, such as a CD, or DVD, and that does not allow write access to hard disk drives (or other removable media).
Images for kids
Computer virus Facts for Kids. Kiddle Encyclopedia.