Some Common PC-DOS Viruses and What They Mean To You1.1 IntroductionFor the researcher, computer viruses can be an interesting field of study, presenting challenges in protection, detection, removal, and theory. For the computer owner and user, though, computer viruses are simply a nuisance, to be avoided or removed with as little effort as is absolutely necessary, so that real work can go on. One good general definition of a computer virus is given in [Cohen, 1987]: a computer virus is "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself". In PC-DOS, the "programs" that may become infected by one of the common viruses include normal executable files (EXE and COM files, and code overlays), and various kinds of boot sectors (a boot sector is a small piece of code on a diskette or hard disk that tells the computer what to do when it is first brought up, before DOS has been loaded). Even today, infection by a computer virus is a relatively rare event. The majority of computer virus infections that occur in the user community are caused by one of just a few widely-spread viruses. This paper will attempt to aid the computer owner, user, or security manager in assessing the risks from viruses in general, and in particular in understanding just what the most common viruses in the PC-DOS world today actually do, from the viewpoint of the user, rather than the virus guru. Computer viruses can be written for essentially any general-purpose computer operating system, and viruses exist for every common microcomputer. This paper covers only PC-DOS viruses, because that is where the author's expertise lies. For each of a number of currently-common computer viruses (in roughly descending order of frequency), this paper describes the basic action of the virus, the ways it spreads from machine to machine, the symptoms that it can cause, the damage (if any) it does, and how it can be protected against. While in theory viruses are difficult to detect reliably, in practice protecting against all the currently-common viruses is relatively simple. Some characteristics shared by all the common viruses make them simple to detect through any of various methods, and commercially-available anti-virus programs exist today that will protect against all of the viruses discussed here. The difficult part is not in finding a way to protect a single machine against viruses, but in effectively implementing the available protections throughout an organization.[ Top of Page | Previous Page | Next Page | Table of Contents ] |