Viruses & Other "Infections"
A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.
Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.
From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be inserted onto someone's computer by burying it in a game program or other executable script sent by e-mail. Fortunately, known versions of the program will be caught by a good virus checker.
The virus threat is increasing for several reasons:
You can catch a virus by launching an infected application or starting up your computer from a disk that has infected system files. Once a virus is in memory, it usually infects any application you run, including network applications (if you have write access to network folders or disks). A properly configured network is less susceptible to viruses than a stand-alone computer.
Not all viruses, worms, logic bombs, and Trojan Horses are transmitted through infected software brought in from outside the organization. Some of the most damaging are implanted by disaffected insiders. For example:
Malware, Adware, and Spyware
What do all of these “ware” terms mean? Malware is a generic term to cover adware, spyware, and any other program that has any malicious function. A common definition for “adware” is software that allows an external company to “track” your on-line behavior and to present advertisements (often in the form of pop-up windows) that might interest you. For example, you might see pop-up ads about great deals on new cars if the program “sees” you visiting automotive web sites.
Adware is sometimes included with a software package and is installed without the individual being fully aware of the installation. The person “agreed” to the installation of the adware software when they selected the “I accept these conditions” when installing the software. Most users will not read the “fine print” when given the option to approve the installation of the software. Other times the user might be asked separately to approve the installation of the adware.
Spyware is commonly viewed as software that takes tracking what you are doing to the next level. Where adware might watch what web sites you are viewing, a more invasive type of spyware could include a “keystroke grabber.” With a keystroke grabber the spyware could record your user ID and password when you go on-line to check your bank balance. Even if your bank has a secure website with 128 bit key encryption, this won't protect against spyware that runs on your own PC. It’s as if the hacker is standing right over your shoulder as you type in the information. A number of companies produce anti-spyware and anti-adware products.
Your organization has policies and tools for countering the threat of viruses. In order to avoid security or system maintenance problems, many organizations require that all software be installed by a system administrator. Some organizations require that any removable storage media you bring into the building be tested for viruses before being used. Others do not. Consult your system administrator to learn the correct procedures in your organization.
Be sure you know how your virus detection software works. If it indicates your system has a virus problem, report it immediately to your system administrator and then to the person you believe may have passed the virus to you. It is important to remain calm. There are many virus hoaxes as well as real viruses, and a virus scare can cause as much delay and confusion as an actual virus outbreak. Before announcing the virus widely, make sure you verify its presence using a virus detection tool, if possible, with the assistance of technically competent personnel.
If you have a stand-alone computer or your organization has few controls on installing new programs or bringing in diskettes, the following procedures will help lower the risk of infection or amount of damage if the worst does happen.