What are viruses, worms and trojans and importance of using up to date/current virus scanning software.

[ For quick definitions of the following:]
What does Virus Scanning Software do?
Why Scan for Viruses?
ActiveX controls and Java classes
Boot sector virus
File-infecting virus
Macro virus
Worms
Multi-partite virus
Script virus
Trojan horse program

Encrypted code signatures
Mutating code signatures
Polymorphic code signatures
Stealth techniques

The term "computer virus" identifies a broad range of software that really has only one feature in common: it "reproduces" itself automatically by attaching to host software or disk sectors on your computer, usually without your knowledge. Viruses range widely in their effects, but most viruses cause relatively trivial problems, from the merely annoying to the downright insignificant. Often, the primary consequence of a virus infection is the cost you incur in time and effort to track down the source of the infection and eradicate all of its traces.
Also, viruses are sneaky. Accidentally leaving a floppy disk in your drive as you start your computer could load a virus into memory before the VShield scanner, particularly if you do not have the scanner configured to scan floppy disks. Once in memory, a virus can infect nearly any program, including the VShield scanner.

Broadly speaking, viruses fall into two general categories: "boot sector" and "file-infecting" viruses. Boot viruses dwell in the boot sector of the hard or floppy disk that carries them. These execute as your computer starts or whenever your computer reads information from an infected floppy disk. Once they copy themselves into your computer’s memory, they can then spread to other disks or other computers on a network, each time leaving copies of themselves that can repeat the cycle.

File-infecting viruses become active only when you execute the program that carries them or, in the case of macro and script viruses, when a program opens a data file that carries them. Typically, such viruses infect files with extensions such as .EXE, .COM, or .DLL, and non-executable files such as Microsoft Word .DOC files or Excel .XLS data and template files. A huge increase in the variety and scope of new viruses over the last few years, however, has expanded this list to cover nearly any type of file—even some plain text files in certain circumstances. Once it executes, the file virus also loads itself into your computer’s memory, replicates, then attaches itself to other executable programs. Top

In recent years, the line between these two divisions has blurred considerably. Many viruses combine both file-infecting and boot sector-infecting features. These often use a variety of tricks and techniques to conceal themselves from anti-virus software. Newer virus types rely partly on unorthodox methods, including user psychology, to help them spread quickly and widely, while some have elements that classify them not as viruses, but under a more general heading of "malicious software" or "hostile code."

Examples of the latter include software that anti-virus researchers classify as "worms" or Trojan horse programs. These agents, because they do not technically reproduce, are not viruses. But they can often have equally harmful effects and spread just as fast, if not faster, than "ordinary" computer viruses. Other agents have worm-like or Trojan-like characteristics, but come in the form of Java applets or ActiveX controls.
Anti-virus software detects these and other forms of malicious software, all at the same time, to provide you with complete protection against harmful software agents.

What does virus scanning software do?

With the growing number of viruses, Trojans and other hazards that can easily infect your computer, protecting your PC has never been more important than now. VirusScanning software acts as a tireless online sentry, guarding your system against attacks from viruses and preventing harm from other malicious software. It combines an advanced background scanner with components that enable you to configure, schedule, run, and manage your own scan operations with precision control.

This control extends to the response options the program gives you when it finds a virus. You can have VirusScan software ask you what it should do with infected files it finds, or you can have it take a range of actions automatically, with no intervention necessary. Still, if you want to monitor what it does, the software provides you with an extensive set of log files, and can alert you in an instant when it finds a virus via any or all of nearly a dozen different methods.

It can also intercept malicious software as it arrives in your e-mail and keep your web browser away from Internet sites that harbor harmful Java and ActiveX objects. Furthermore, since the kind of vigilance that VirusScan software gives you requires constant updating to meet innovative new virus threats, you can have it download and install new virus definitions and even a new scanning engine automatically.
This comprehensive protection comes in a collection of modules and components—some of which you can install separately—that work together on each desktop system you want to protect.
Top

Why scan for viruses?

Not so long ago, individual computer users could avoid virus infections without much thought or planning, simply because they rarely contacted likely virus sources. Today, however, most computer users send messages to each other, share data and transfer files constantly—whether through a modem, via diskettes, or over networks and the Internet. In this same span of time, viruses have come to number in the thousands and now spread more quickly and easily than ever.

In this environment, taking steps to protect yourself from a computer virus infection is no longer a luxury but a necessity. Consider the value of the data on your computer. It would probably require a significant investment of time and money to replace if it became corrupted or unusable because of a viral infection—it may even be irreplaceable. But whether your own data is important to you or not, neglecting to guard against viruses may mean that your computer could play unwitting host to a virus that can spread and attack the data on computers your co-workers and colleagues use.

Scheduling periodic virus scans with VirusScan anti-virus software and other virus-scanning solutions significantly reduces your vulnerability to infection and prevents unnecessary loss of time, money and data.
Top

Worms:
A worm is a malicious software agent that spreads by indirect means, instead of reproducing itself. Some worms hijack e-mail systems and send copies of themselves out to the world, others appear on high-traffic sites for downloading, and still others use both these and other techniques to spread.
Worms can be just as destructive and spread just as, if not more, rapidly than viruses. Worm writers often play on user psychology to entice people to download and run them.
W97M/MELISSA, the notorious "Melissa" virus, is a worm that used an e-mail system to spread at a spectacularly rapid rate. Its unprecedented pace brought many mail servers down with hundreds of infections and caused a massive cleanup effort.

Top

Trojan horse program:
Trojan horse programs generally are harmful or destructive programs that wear the superficial "clothing" of legitimate software. Because they don’t include native replication routines, they are not viruses.
Trojan horse programs rely, more than most types of malicious software, on user psychology—their writers spend almost as much time on crafting the right strategy to get you to run their software as they do on the software itself. These strategies can range from the extremely simple—giving a file a plausible name and planting it in the right context can often be enough—to the very elaborate. Some Trojan horse programs can mimic the environment in which they run in order to deploy their payload or gather needed information.
A number of Trojan horse programs try to steal subscriber and account information from such widely used services as America Online or Compuserve. These programs masquerade under such names as BUDDYLIST.EXE or WINSAVER.EXE. Others collect lists of Internet sites you’ve visited and transmit them, or perform other unwelcome functions.
Top

Macro virus
Macro viruses arose shortly after some software vendors began incorporating macro languages in their products and allowing those products to produce "data" files that carried macro commands. The Microsoft Office product suite, for example, includes a variation of the Microsoft Visual Basic programming language that gives Microsoft Word and Microsoft Excel the ability to automate template and document creation. Concept, the first macro virus, appeared almost as soon as the Microsoft Word version that introduced macro capability.

Macro capabilities have since appeared in a number of software packages and have attracted legions of virus writers. Macro and script viruses now account for the overwhelming majority of circulating viruses and have only recently begun to give ground to late-generation worms, which spread via e-mail and Internet connections.
Script viruses differ from macro viruses mainly in that script viruses can often run in multiple product environments. A common language like VBScript can run routines in web servers and browsers, in Microsoft Outlook e-mail clients, and in other products that can interpret it. Scripting languages also tend to be more open-ended than macro languages, which can offer virus writers significant control over infected computers.
Top

Script virus

Script viruses rely on a particular scripting language to function, and require host software or an environment that can correctly interpret the commands embedded in the scripting language. The actual infecting agent can consist of a plain text file, as it does with an mIRC script virus, provided that the host environment understands the language and can execute its instructions.
Script viruses differ from macro viruses mainly in that script viruses can often run in multiple product environments. A common language like VBScript can run routines in web servers and browsers, in Microsoft Outlook e-mail clients, and in other products that can interpret it. Scripting languages also tend to be more open-ended than macro languages, which can offer virus writers significant control over infected computers.

VBS/Bubbleboy, an experimental, proof-of-concept virus, can run directly from an e-mail message. It relies on the Outlook client's ability to interpret VBScript directly.
Top

ActiveX controls and Java classes:
As the popularity of the Internet has grown, website design has become much more sophisticated. Many sites now include interactive elements such as scripts, forms, search engines, animations, and a host of other multimedia features that make web browsing more useful and more exciting. Much of the technology that makes these features possible comes from small, easily downloaded programs that interact with your browser software to exchange information, to display multimedia files, to formulate database queries, and to perform other tasks. Website designers and programmers use Java and ActiveX, among other tools to write these types of programs.

The Java programming language, which originated with Sun Microsystems, allows designers to write small, special-purpose applications, or "applets," that run on a Java "virtual machine" incorporated into your browser software, either directly or as a plug-in module. A Java "class" is a prewritten software module that programmers can modify for their own use.

Programmers use Microsoft ActiveX technology for similar purposes. ActiveX differs from Java primarily in how it runs—where Java runs in a virtual machine built specifically to interpret Java applets, ActiveX serves as a sophisticated software bridge between existing programs, or between other programs and Windows itself. An ActiveX "control" is a software module that links programs and allows them to share data without either having to know anything about how the other operates. Java classes and ActiveX controls are, collectively, "objects."
Top

Multi-partite virus
A multi-partite virus acts both as a boot sector virus and as a file-infecting virus. It can travel via infected files, and can load itself into your hard disk’s or a floppy disk’s boot sector when it executes, where it can repeat the cycle. Very few modern viruses use only one of these infection methods—most use both methods, and a number of others besides.
Top

Encrypted code signatures:
Most anti-virus software relies, in part, on the presence of a code signature to find certain types of viruses. The code signature is a unique series of bytes that distinguishes virus code from other portions of a file or data. That signature could be a data pattern within the virus, an encryption or decryption routine, or another identifying characteristic. Some viruses use a distinctive signature to hang a sort of "do not disturb" sign on files they infect—if not for this signature, the virus might infect a file often enough to cause the file’s size alone to raise suspicion.

Some viruses can encrypt this signature to evade detection. Many such viruses also mutate or develop polymorphic variations for their code signatures or their encryption routines. This makes finding even the distinctive signature for the encryption routine, to say nothing of the virus itself, very difficult.
The encryption techniques they use can range from the simple to the very sophisticated. As with other concealment techniques, code signature encryption is not specific to one type of virus.
Top

Mutating code signatures:
Most anti-virus software relies, in part, on the presence of a code signature to find certain types of viruses. The code signature is a unique series of bytes that distinguishes virus code from other portions of a file or data. That signature could be a data pattern within the virus, an encryption or decryption routine, or another identifying characteristic. Some viruses use a distinctive signature to hang a sort of "do not disturb" sign on files they infect—if not for this signature, the virus might infect a file often enough to cause the file’s size alone to raise suspicion.

Some viruses can change or "mutate" this signature under certain circumstances to try to evade detection. Many such viruses also encrypt their executable code to avoid detection, which makes them very difficult to find. But they often will leave traces of the decryption routine they use to "uncloak" themselves, which makes them vulnerable to good anti-virus software.
As with stealth techniques, code signature mutation is not specific to one type of virus.
Top

Polymorphic code signatures:

Most anti-virus software relies, in part, on the presence of a code signature to find certain types of viruses. The code signature is a unique series of bytes that distinguishes virus code from other portions of a file or data. That signature could be a data pattern within the virus, an encryption or decryption routine, or another identifying characteristic. Some viruses use a distinctive signature to hang a sort of "do not disturb" sign on files they infect—if not for this signature, the virus might infect a file often enough to cause the file’s size alone to raise suspicion.

Some viruses can change or mutate this code signature repeatedly, each time they copy themselves, to avoid detection. Some viruses employ code signature encryption to appear polymorphic, since encryption will change their distinctive code signatures.
An example of an advanced virus of this type is Hare which, though now rare, could travel via a floppy disk boot sector or as part of an infected file. It loaded itself into memory when it executed, and could overwrite part of the hard disk master boot record (MBR). Hare used polymorphic techniques regularly to avoid detection.
Top

Stealth concealment techniques:
Viruses that use stealth techniques hide themselves to evade detection. These techniques can consist of simple redirection functions that display a false picture of the information you expect to see when you look at a disk sector, while the virus conceals itself in the real location you meant to examine. It can also mean a much more advanced combination of techniques that allows viruses to hide within files, in unused or unformatted space on your hard disk, or in other areas the operating system normally cannot see.
Any virus type can employ some stealth techniques, but boot sector and file-infecting viruses tend to make the most use of them.
Top