Nearly every computer user is susceptible to the 1 st type of computer security risk- a computer virus, worm and / or Trojan horse. A computer virus is potential damaging computer program that infects a computer and negatively affects the way that the computer works and without the users knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the system software. A worm copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network. A Trojan horse (named after the Greek myth) hides within or looks like a legitimate program. A certain condition or action usually triggers the Trojan horse.
Unlike a virus or worm, a Trojan horse does not replicate itself to other computers. Computer viruses, worms, and Trojans horses are classified as malicious-logic programs, which are programs that act without a user, s knowledge and deliberately alter the computer, s operations. Although these programs often are one of the three type (virus, worm, Trojan horse), some have characteristics of two or all three types. Melissa, for example is a virus, worm, and Trojan horse. Unscrupulous programmers write malicious-logic programs and then test the programs to ensure they can deliver their payload. The payload is the destructive event or prank the program is intended to deliver.
A computer infected by a virus, worm, or Trojan horse payload often has one or more of the following symptoms: Screen displays unusual message or image; Music or unusual sound plays randomly; Available memory is less then expected; Existing programs and files disappear; Files become corrupted; Programs or files do not work properly; Unknown programs or files mysteriously appear; System properties change; Computer viruses, worms, and Trojan horses deliver their payload on a computer in three basic ways: When a user (1) opens an infected file, (2) runs an infected program, or (3) boots the computer with an infected disk in a disk drive. Today, the most common way computers become infected with viruses, worms and Trojan horses is through users opening infected e-mail attachments. Malicious-logic programs have become a serious problem in recent years. Currently, more then 62, 000 known viruses, worms, and Trojan horse programs exist with an estimated 6 new programs discovered each day. Many Web sites maintain lists to all known malicious-logic programs. Methods that guarantee a computer or network from computer viruses, worms, and Trojan horses simply do not exist.
Users can take several precautions, however, to protect their home and work computers from malicious infections. Do not start a computer with a floppy disk in Drive A- unless you are certain the disk is an unaffected boot disk. During the startup process, the computer attempts to execute the boot sector of a disk in Drive A. Even if the attempt is unsuccessful, any virus in the floppy disk, s boot sector can infect then computer, s hard disk.
Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source. A trusted source is a company or person that you believe will not send a virus infected file knowingly. If the e-mail is from an unknown source, delete the e-mail message immediately- without opening or executing any attachments. Many e-mail programs allow users to preview an e-mail message before or without opening it.
Some viruses and worms can deliver their payload when a user simply previews the message. Thus, users should turn off message preview in their e-mail programs. Some viruses are hidden in macros, which are instructions saved in application such as word processing or spread sheet program. In applications that allow users to write macros, set macro security level to medium. With a medium security level, the application software warns users that a document they are attempting to open contains a macro. From this warning, a user chooses to disable or enable a macro.
If the document is from a trusted source, the user can enable the macro. Otherwise, it should be disabled. Antivirus Programs An antivirus program scans for programs that attempt to modify the boot program, the OS (operating system), and other programs that normally read from but not modified. Many antivirus programs also automatically scan files downloaded from the Web, e-mail attachments, opened files, and all removable media inserted into the computer such as floppy disks and Zip disks. One major technique that antivirus programs use to identify a virus is to look for a virus signature. A virus signature, also called a virus definition, is a known specific pattern of virus code.
Computer users should update their antivirus program, s signature regularly. Updating signature files brings in any new virus definitions that have been added since the last update. This is extremely important activity allows the antivirus software to protect against viruses written since the program was released. Another technique that the antivirus program uses to detect viruses is to inoculate existing program files. To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file. The program then uses this information to detect if a virus tampered wit the data describing the file..