A. What's A Virus Or Hacker?
As almost any computer user (and anyone that watches the news) knows, there are many security challenges that face computer users at home and at work everyday. Many of the better publicized viruses like LoveLetter, CodeRed, Nimda and Badtrans have caused an estimated one trillion dollars in damage since their introduction into the wild. It is believed there are almost 200 viruses unleashed into the Internet every month, and the number is growing. One in every 370 emails is believed to be infected by a virus.
Viruses are introduced in many forms and in a variety of ways. A computer can be infected through email, downloaded files, infected webpages and the ever-popular chat programs like ICQ and AIM. Virus writers and Internet vandals never seem to run out of imaginative ways to introduce hostile code. The most common viruses seen today arrive as .VBS (Visual Basic Script) and .EXE (Executable) file attachments in email or as .EXE file extensions when downloaded directly from the web. Viruses are programs that command your computer to perform certain tasks, from self propagation to reformatting the hard drive or attacking another system. They also allow unauthorized access to your files and remote control of your computer. The type of virus that does this is known as a "trojan horse" or "remote access terminal (RAT)" and is really not a virus at all because it does not self propagate (but that's another story).
First of all, let’s answer the question “What is a virus?” For simplicity let’s keep a very broad view of the definition and explanation. A virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus is executed when the infected executable file is executed. Whether or not this is done with or without the victim[s] knowledge or intervention is not important. A basic example of an executable file is an .EXE or .COM or a file that is used by an executable file, like a .DLL (dynamic link library file). This is saying that the virus attaches itself to a host program and creates copies of it when linking itself to other programs runs the infected file. This self-propagation, when triggered by an event or a predetermined time, can have a detrimental effect on your computer. There are other malicious programs also called viruses. These are worms, Trojan horses and logic bombs.
Trojan Horses:
Otherwise known as remote access terminal (RAT) programs that allow outside control of a computer when it is online.
While many consider Trojan horses to be viruses, they are generally not self-replicating and as a result are in a slightly different class. A trojan horse allows the programmer to perform tasks on a computer that the victim is neither aware or would approve of. Trojan horses have two parts, the client and the server.
The SERVER is the part of a trojan horse that is sent to a victim’s computer, usually disguised as a useful program or attached to another program, often legitimate. Once the server is installed into the system, it allows the client to connect to it and enables the programmer to carry out certain tasks within the host system.
The CLIENT is the controller part of the program. Whatever functions a particular trojan horse has been designed to do is controlled here. This is not the part of the program that a system’s antiviral software will detect on a victim’s system, although the scanner is designed to detect the presence of a client. Some of the functions a programmer may perform on a victim’s computer are as follows: uploading and installing programs, downloading, deletion and/or modification of files, logging user keystrokes, activation of peripheral devices (web cams, printers, etc), change screen colors and resolution, control of a mouse or keyboard (this may alter keyboard commands, i.e. F1 may command reformat of the hard drive, etc), theft of passwords/Internet accounts, etc. Basically, the user of a client may gain complete control of an unsuspecting user’s computer.
Worms:
A worm is a self-reproducing program that does not infect other programs as a virus will, but instead creates copies of itself, and these create even more copies. Usually worms concentrate on networks, creating so many copies of itself within the network it overwhelms it and brings the network down. . VBS (Visual Basic Script) worms attach themselves to email messages. Upon clicking on the attachment, the system runs the script and the worm sends itself through the address book in order to infect other computers. Technically, this makes it a virus.
Macro viruses:
These may send out copies of themselves through the Internet to other computers, infecting them and spreading the infection further.
While we are aware that viruses will infect other computers, we may not know when they will activate. Many viruses will reside within a system waiting for a predetermined trigger to activate. This trigger could be anything; a date or time, an external event on your PC, executing a program a certain number of times, etc. Virus writers want their programs to spread as far as possible before anyone notices them. Viruses have unique methods of hiding in a system while awaiting activation. These are known as stealth viruses.
Stealth Viruses:
A virus must modify something in a system in order to function. In order to avoid detection by antivirus programs and alert users, it will take control of a certain functions and areas in the system that would make detection easier. This may be through a file, the boot sector or a partition sector. Some viruses may encrypt information in the computer. This makes the information accessible only as long as the virus is resident A virus may or may not always save the changes it makes in the system, so careful analysis is recommended when choosing a method of deletion.
Internet vandals and intruders, otherwise known as hackers* or "scriptkiddies" (those that don't write their own hacking utilities, but use what's already available) have wreaked havoc in individual computer systems, businesses and government sites. They exploit weaknesses in operating software, hardware, programs and unprotected systems to gain entry and control of other computers. They also use illegal backdoor programs to take control of victims' systems. By using a backdoor or "trojan horse" they can upload, download, modify and delete any files in the system, including reformatting the hardrive, gathering passwords and worse. In addition, they can see anything the victim is actively doing, including reading emails and chat messages AS THEY'RE BEING WRITTEN. They can also change these messages while they're being written, so what you write may not be what the recipient reads. Every bit of information within the system is compromised.
*Note: The term "hackers" has been corrupted over time. A true hacker abides by the same obligation as a physician to "do no harm" and only seeks knowledge. They do not cause damage or vandalism. Most damage is caused by scriptkiddies and common Internet criminals.
B. Don't Panic.
There are just as many methods available to assist users in safeguarding their computers and information. There is an enormous variety of anti-virus software, vendor updates and patches, procedures and security programs that are effective in preventing infection and unauthorized intrusion. Some of these programs and procedures are simple to implement and install, while many others require the assistance of an experienced security professional. This also applies in the removal of malicious code once a computer has been infected. Improper removal procedures (including use of a virus scanner) can cause more damage that the virus itself, so if a computer becomes infected, inexperienced users should contact their provider before attempting repairs themselves.
Some Things You Can Do:
1. Anti-virus, the best defense
If your computer has an anti-virus program, make certain it is updated regularly. In fact, users should check to see if there are updates at the end of every week. This only takes a few moments and can prevent problems later on. If there is no anti-virus software installed into the system, it is imperative that one be installed. This is your main line of defense against malicious programs.
2. Close the Window and keep bugs out.
Microsoft has regular operating system updates for Windows that prevent certain viruses and other vunerabilities from being exploited on your system. The' Windows Updates' function is normally listed toward top of the list immediately after pressing the 'Start' button on the corner of the desktop screen. Follow the prompts to get to 'Product Updates' and let Microsoft design your operating system's product catalog and choose to download 'Critical Updates Package' when the catalog is shown on the screen. You can expand the list and see what updates are available by pressing the '+' sign next to 'Show Individual Updates'. Download the recommended updates and follow the prompts.
3. A Firewall shuts the door.
If you have a firewall, use it. This prevents someone from making an unwanted connection to your system. If vandals can't 'see' you then you don't exist for them to attack. If you don't think you have a firewall installed, you don't. Contact your provider for information regarding this important addition to your security.
4. Call someone that knows.
A good idea is to contact a professional to show you the basics of computer security. A specialist can show you just how simple it really is to keep your family, computer and information safe on the Internet. This may take an hour or two, but it's worth the effort and you'll have the satisfaction of knowing that you're not going to be an easy target.
5. Find out what extras are out there.
There are many other easy to use tools available to enhance your computer's security. Some of these tools are free, some have a nominal cost and some are just little tricks and tips that you can implement using existing software. All of them are good to know about.
Your computer is a part of daily life. You learn from it, shop on it, play games on it, keep in touch with friends and family with it, grow with it and run your business from it. In other words, as you add information and customize your system, a little bit of your personality goes into it. Depending on your relationship with your computer, an attack on it can be almost as traumatic as any attack in real life. Don't let someone compromise the safety of your equipment and information. Take the simple, but important steps to protect them. Remember, securing your computer is not something that you do once and walk away. Although it's not difficult to do, it has to be constantly monitored and adjusted.