ICDL Using a Computer Chapter 4. Viruses
From MEPIS Documentation Wiki
Attribution-ShareAlike 2.5 You are free: To copy, distribute, display, and perform the work, To make derivative works, To make commercial use of the work Under the following conditions: by Attribution. You must attribute the work in the manner specified by the author or licensor who is; David Varley ICDL Foundation Copyright © 2004 ICDL Foundation. http://www.openicdl.org.za/
Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder.
Chapter 4. Viruses
Know what a virus is and what the effects of a virus might be.
A computer virus is a program that is deliberately created to cause annoyance or alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread.
Although viruses are not yet a serious problem for Linux-based computers, this could change at any time. Everyday more and more viruses are created. Even though you may be using Linux, it is important to be well aware of the dangers and take the necessary precautions.
- A Trojan (or Trojan horse) is a virus that hides itself inside another legitimate program. When the program is used, the virus is released and can begin its work of replication and annoyance or damage.
- A Worm is a program that replicates itself over and over in the computer's memory until the computer can barely function. One of the signs of invasion by a worm is the slowness of computers.
- A time bomb is a virus which lies dormant until a certain date or time or for a period of time. At this date or time, the virus suddenly becomes active and carries out whatever task it is programmed to do. This can include the deletion of everything on the hard drive.
- A logic bomb is similar to a time bomb, except that instead of becoming active at a certain time, it becomes active when a particular activity happens. For example, instead of formatting a diskette, the virus causes the hard drive to be formatted.
- Macro-viruses make use of a special customisation feature in applications called macros. Macros allow you to create mini-programs to carry out certain tasks in your applications.
The ways a virus can be transmitted onto a computer
Viruses are spread in a number of ways:
- Downloads from the Internet.
- Pirated software.
- Exchange of diskettes.
- In attachments to emails and in emails themselves.
- In documents. Macro-viruses, described above, can be hidden in ordinary documents, spreadsheets and presentations.
The advantages of a virus-scanning application
Anti-virus software scans files for pieces of code, called signatures, which it recognises as part of a virus. A signature is a distinctive series of commands which are only found in the virus concerned. Scanning therefore involves analysing programming code in search of signatures embedded in legitimate programs.
Updating anti-virus software mostly involves updating the signatures file. This should be done on as frequent as basis as possible. This is even more the case when you receive files regularly from outside sources. The actual anti-virus program itself will be updated from time to time. These updates will include additional features and improved methods of scanning.
It is important to keep in mind that no anti-virus software is perfect. It is only as good as the techniques it uses for detecting viruses and the currency of the signature file. There is always the chance that a virus will go undetected. However, a good anti-virus system installed on your system is essential and will usually detect most viruses.
Updating the anti-viruses software and scanning the contents of a computer on a regular basis will provide you with a good measure of protection should your computer become infected. Good anti-virus software can also block viruses from entering the system.
There are a number of measures you can take to protect yourself from viruses:
- Install good anti-virus software and update it on a regular basis, for example at least once a month but preferably once a week. But always remember, anti-virus software is not perfect. It cannot be the only measure you take.
- Scan all diskettes before reading them.
- Enable the auto-protection feature on the anti-virus software to scan emails.
- Be wary of emails from unknown sources, particularly if they contain attachments. Some very careful users delete emails they are unsure of without opening them.
- Use an Internet Service Provider that scans emails before delivery.
- Do not download software from unknown internet sites.
- Be careful of using diskettes from unknown sources.
- Do not install pirated software.
When a virus is detected, the software will attempt to remove the virus. This is called cleaning, healing or disinfecting.
Disinfecting involves removing the code of the virus from the file it is attached to.
It sometimes happens that the system can detect the virus but not get rid of it. In this case, you will usually be given the option of deleting or quarantining the infected file. When a file is quarantined, it is made unusable and so unable to spread the virus. A future update of the software may be able to remove the virus. If it can the quarantine is removed.
Using virus scanning applications
Because viruses are still uncommon on Linux systems, there has not been a great deal of development of anti-virus software. There are some projects to develop Open Source anti-virus software, but they are still in the early stages.
The following example illustrates how to use a text based system to disinfect or delete infected files on your system. This system uses F-Prot for Linux which is currently available free to home users. To use F-Prot you will need to open a terminal window and manually type in commands. When you have typed a command, press the Enter key to carry it out.
- Start Applications->System->Konsole.
- Type the command: f-prot -disinf followed by the file or directory you wish to disinfect and press Enter.
- Examples are:
- /f-prot -disinf /home/david which will scan all files in the directory /home/david if david is a directory. If it is a file it will only scan that file.
- /f-prot – disinf /mnt/floppy scans the diskette in the diskette drive.
- The screen below illustrates an example of the printout from such a scan.
f-prot -delete /home/david scans the directory and deletes infected files. You will be prompted to confirm the deletion. f-prot /home/david scans the directory and reports back.
- Click the Exit icon in the top right hand corner of the screen when done.
The importance of updating virus-scanning software regularly
As viruses are created on an ongoing basis, these need to be analysed continuously by the developers of anti-virus software. Not only do the developers need to be able to extract the signature of the virus, but they also need to analyse how the virus acts and how it can be removed from the program. These changes then need to be incorporated into the anti-virus software.
Users in turn need to download these changes and update their software. The longer the period between updates, the more vulnerable computer systems are to the action of new viruses. Updates are often made available on a daily basis by developers.