Technology - Virus Information | Print |

What is a Virus?

Computer viruses are parasitic programs which are designed to alter the way your computer operates without your permission. They incorporate themselves within, or "infect," program files that run on your computer.

Since it is possible to put strings of program commands, called "macros", in certain kinds of data files, like Microsoft Word document (.doc) files, these files can also be infected with viruses. So far, viruses have been found in Microsoft Word (.doc) and Microsoft Excel (.xls) files. Other types of viruses attach themselves to boot records, which contain information your computer needs to start.

Viruses can infect other files and pass to other computers without being seen. This happens until a point when the program decides to release the damaging part, called the payload, a destructive sequence activated on a certain trigger. The trigger may be the arrival of a particular date or an action by the user.

The effect of this payload can be anything as benign as a harmless message appearing on screen to as frightening as the destruction of the disk drive’s boot record making it completely unusable and in most cases completely irreparable.

Computer viruses are appearing at an alarming rate. It is estimated that there are currently more then 81,000 in existence. There is now at least one virus that is set to trigger on every day of the year. Most of these however are comparatively harmless and may be present for years with no noticeable effect. Some viruses, however, may cause random damage to data files or attempt to destroy files and disks.

The How Stuff Works has a great primer on computer viruses. The web page describes four distinct types of malicious software code that are commonly bundled together under the term virus.

Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.

E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.

Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

In general, viruses can cause damage to the data on the infected computer’s hard dive or they can choke network systems with unauthorized traffic. Most of the recent virus activity that has been reported in the news is related to e-mail borne mass-mailing viruses that choke e-mail servers worldwide.

Macintosh computers are relatively immune to viruses and worms. Because most virus writers want the “biggest bang for their buck”, and Windows-based PCs have a significantly larger market share, the virus writers target this sector of the computing world with malicious code that will only run on a Windows-based PC. Even if a DUSD Macintosh user is sent a virus infected attachment spread by e-mail, the computer does not understand how to execute the code necessary to cause infection. In nine years, there has never been any virus infection on any DUSD owned Macintosh.

Tips for Avoiding Viruses

With the above information in mind, the following tips are offered to assist DUSD users with avoiding and preventing the spread of viruses, both internally on the DUSD network, as well as with other users worldwide. Most of the following information also applies to home users.

Install anti-virus software and keep the virus definitions up to date. Anti-virus software scans files for unusual changes in file size, programs that match the software's database of known viruses, suspicious e-mail attachments, and other warning signs. It's the most important step you can take towards keeping your computer clean of viruses. All DUSD windows-based PCs run the Enterprise version of Norton Antivirus. Each Windows-based computer checks in with the antivirus server once a day to check and see that its virus definitions are up to date to cover the computer for the latest virus threats. Each PC in the district is configured to run a virus scan on the entire hard drive on a daily schedule. This happens in the background and is transparent to the user. No user intervention is necessary or allowed. Additionally, the DUSD Technology Department will occasionally force a “virus sweep” when a particularly dangerous virus threat is making the rounds.

No "walk-on" Windows-based PCs will be allowed to connect to the DUSD network until the computer has been certified as using current antivirus software, with up to date virus definitions, by the DUSD Technology Department. District employees should not encourage or allow non-DUSD Windows-based PCs to connect to our network with our first checking with the DUSD Technology Department. There will be no exceptions to this policy as a single infected walk-on computer could bring the DUSD network to its knees.

Home users must install and regularly update virus definitions to remain safe from infection, particularly now that many home users have broadband Internet connections like DSL or cable Internet access. Antivirus software is all but worthless if the virus definitions are not updated regularly (at least two or three times a week). The most common reason that home users become infected is that they let virus definition subscriptions lapse. Virus definition subscription fees are the best $10-$20 home Windows-based computer users will spend in any given year to keep their PCs up and running. Additionally, it is simply irresponsible in this modern day networked world for Windows users to run their PCs without updated antivirus software. They can unknowingly infect hundreds or even thousands of other PC users by using computers that are not protected by antivirus software.

Before opening e-mail attachments always make sure you know the sender, ensure that they actually and knowingly sent you the message. Don't assume that the attachment is safe just because you know the sender; current viruses and worms will send messages from a user's system using addresses in their address book and their sent message folder. This happens without the user's knowledge.

Back up your important data files. A current back up of your most important data files is the best insurance policy against data loss caused by viruses. Without a current back up, there is no way to recover from a catastrophic virus infection. Your important data files should be backed up at least once a week to your space on the staff back up server.

If an e-mail attachment has more than one extension (for example .doc.pif, .doc.lnk, etc.), you can be almost certain that it contains a virus. Do NOT click on the attachment! Delete the message immediately.

Outlook and Outlook Express users are the most targeted. Do NOT use either of these two e-mail programs on district-owned computers. DUSD Windows-based network users are set up with Eudora as their primary e-mail client software package. Eudora doesn’t not have the programming “hooks” necessary to facilitate many of the most recent mass e-mailing viruses.

Lately, many DUSD users, including Macintosh users, have reported that they have received e-mail messages stating that they have sent a virus to a user on another system. Unfortunately, 90% of these messages are false – the culprit is actually a “zombied” machine somewhere on the Internet that has their address in their computer’s address book. The mass e-mail virus then “spoofs” their address as the return address, making it appear that they sent out the virus. It is unfortunate that many e-mail systems use this notification method as it simply creates more unnecessary e-mail traffic reporting false information. The DUSD e-mail server does not take part in this misguided practice.

You may want to consider using a different e-mail program on your PC at home, as well. If you have any DUSD users in your address book at home and you are using either Outlook or Outlook Express, you are potentially targeting DUSD users as recipients of viruses sent from your home computer. This has already occurred several times in the last six months.

Never open e-mail attachments with the file extensions VBS, SHS, SCR, EXE, LNK, COM or PIF. These extensions are almost never used in normal attachments but they are frequently used by viruses and worms.

Unless you are expecting an e-greeting or e-card, do not open these e-mails. Do all DUSD network users a favor and just say, “No!” to e-mail greeting cards. Giving out someone else’s e-mail address to a web site is irresponsible and doing so potentially opens up that user to unsolicited e-mail. Never, ever, under any circumstances should you submit any of our server-side e-mail group addresses to a web site. No matter how well intentioned you may be, this is one of the worst things you could do. Imagine the ramifications of having one of our group addresses sold to multiple e-mail lists. This could absolutely choke our e-mail system. Please don't encourage or facilitate this practice.

If you feel the need to send a DUSD user a “happy gram” please send them a simple text-based e-mail message. It is much more personal and will convey your sincerity better than an e-card.

When possible, avoid e-mail attachments both when sending and receiving e-mail. If there is no reason for the recipient to receive a formatted document, send the text of the document in the body of an e-mail message. It is silly to force other users to open an additional program, which they may not have installed on their computer, just to view the information in a formatted document. This is a common problem in DUSD. Additionally, by sending your message or information in the body text of an e-mail message, there is no way an attachment can infect other DUSD users.

Avoid downloading files you can't be sure are safe. This includes freeware, screensavers, games, and any other executable program - any files with an ".exe" or ".com" extension such as "coolgame.exe." Unreliable sources such as Internet newsgroups or Web sites that you haven't heard of may be willing providers of viruses for your computer. Please do NOT allow students to download and install software from the Internet onto DUSD computers. This can cause trojan horses to be installed onto the computer. There is a history of this problem at the high school on both lab and classroom computers and it continues today. Supervision is the key to solving this problem

Do not trust the icons of attachment file. Worms often send executable files which have an icon resembling icons of picture, text or archive files to fool the user.

Don't share floppy disks. Even a well-meaning friend may unknowingly pass along a virus, trojan horse, or worm. Label your floppies clearly so you know they're yours and don't loan them out. If a friend passes you a floppy, suggest an alternative method of file sharing.

Use common sense. It's always better to err on the side of safety. If you're unsure about an attachment, delete it, especially if it's from a source you don't recognize. If there are tempting animations on a website that look highly unprofessional, don't download them. Also beware of strange links or unexpected attachments that come through instant messaging programs. They could hide malicious code.

Don't send out computer virus warnings to other DUSD account holders. This is the equivalent to shouting "Fire!" in a crowded theater. Please run any of these kinds of concerns past the District Technology Coordinator and if it is a legitimate issue, it will be forwarded it out to the rest of the staff. Most virus warning e-mail messages are actually hoaxes that tend to be recirculated, sometimes with minor variations, on a regular basis. A dead give-away that a virus warning is a hoax is when the message tells you to send a copy of the warning to everyone you know. Additionally, several "pass it on to everyone you know" advocacy e-mail messages concerning everything from Disney to e-mailing dying children to Microsoft to Internet usage and more, are being recirculated on a regular basis, too. Don't fall victim to these silly scams. Often they appeal to the heart, but that's just another ploy used to make them seem real. There are several excellent web sites to check the validity of virus warnings and other hoaxes:

Hoax Busters - http://HoaxBusters.ciac.org
Virus Myths - http://www.vmyths.com
Symantec's Virus Hoax Page - http://www.symantec.com/avcenter/hoax.html

Additional web resources for virus information can be found at the following links:

How Computer Viruses Work - http://computer.howstuffworks.com/virus.htm
Viewz's Top 10 Antivirus Tips - http://www.viewz.com/features/virustips.shtml
Trend Micro's Virus Primer - http://www.trendmicro.com/en/security/general/virus/overview.htm
F-Secure Virus Information and Tips - http://www.f-secure.com/virus-info/tips.shtml
Network Associates Virus Information Library - http://vil.nai.com/vil/default.asp
Symantec's Antivirus Center - http://www.symantec.com/avcenter/