What is a Computer Virus?

A virus is just a computer program - it contains instructions that tell your computer what to do. However, a virus usually tells your computer to do something you don't want it to do, and it can usually spread itself to other files on your computer - and to other people's computers.

There are different types of virus, some of which can spread swiftly across open networks such as the Internet, causing billions of dollars worth of damage in a short amount of time. Today there is about a 1 in 10 chance that your computer system will get a virus in any 12-month period.

You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening the infected document. You may get a virus as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most common way.

Once you open an infected file or application, the malicious code copies itself into a file on your system, where it waits to deliver its payload - whatever the programmer designed it to do to your system. Simply deleting the e-mail after you open the attachment won't get rid of the virus, since it has already entered the machine.

If you're lucky, a virus will be fairly harmless, perhaps causing your computer to make seemingly random beeps, but it can be very destructive. It could format your hard drive, overwrite your hard drive boot sector, or delete files and render your machine inoperable.

The best way to protect yourself from viruses is to avoid opening unexpected e-mail attachments and downloads from unreliable sources. Resist the urge to double-click everything in your mailbox. If you get a file attachment and you aren't expecting one, e-mail the person who sent it to you before you open the attachment. Ask them if they meant to send you the file, what it is, and what it should do.

For added safety, you need to install reliable antivirus scanning software and download updates regularly. Major antivirus software vendors, including Symantec, Network Associates, Computer Associates, and Trend Micro, provide regular updates. (Computer Associates' InoculateIT is also free.) Some of the vendors also offer a service that will automatically retrieve updates for you from the company's Web site. Regular updates are essential. See How Anti-Virus Software Works

Viruses enter your system via e-mail, downloads, infected floppy disks, or (occasionally) hacking. By definition, a virus must be able to make copies of itself to spread.
Virus behavior can range from annoying to destructive, but even relatively benign viruses tend to be destructive due to bugs introduced by sloppy programming.
Antivirus software can detect nearly all types of known viruses, but it must be updated regularly to maintain effectiveness.

General virus types

Boot Sector Virus:

replaces or implants itself in the boot sector - an area of the hard drive (or any other disk) accessed when you first turn on your computer. This kind of virus can prevent you from being able to boot your hard disk.

File Virus:

infects applications. These executables then spread the virus by infecting associated documents and other applications whenever they're opened or run.

Macro Virus:

Written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and account for about 75 percent of viruses found in the public domain. A document infected with a macro virus generally modifies a pre-existing, commonly used command (such as Save) to trigger its payload upon execution of that command.

Multipartite Virus:

infects both files and the boot sector--a double whammy that can reinfect your system dozens of times before it's caught.

Polymorphic Virus:

changes code whenever it passes to another machine; in theory these viruses should be more difficult for antivirus scanners to detect, but in practice they're usually not that well written.

Stealth Virus:

hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software.

Worm:

a virus that enters a computer system through security loopholes.

Trojan horse:

a malicious program disguised as something benign such as a screen saver. When loaded onto your machine, a Trojan horse can capture information from your system -- such as user names and passwords--or could allow a malicious hacker to remotely control your computer.

How antivirus software works

Scanning software looks for a virus in one of two ways. If it's a known virus (one that has already been detected in the wild and has an antidote written for it) the software will look for the virus's "signature" (a unique string of bytes that identifies the virus like a fingerprint) and will zap it from your system. Most scanning software will catch not only an initial virus but many of its variants as well, since the signature code usually remains intact.

In the case of new viruses for which no antidote has been created, scanning software employs heuristics that look for unusual virus-like activity on your system. If the program sees any funny business, it quarantines the questionable program and broadcasts a warning to you about what the program may be trying to do (such as modify your Windows Registry).

If you and the software think the program may be a virus, you can send the quarantined file to the antivirus vendor, where researchers examine it, determine its signature, name and catalog it, and release its antidote. It's now a known virus.

If the virus never appears again - which often happens when the virus is too poorly written to spread - then vendors categorize the virus as dormant.