|
|
|
Practicing Safe Computing
How dependable is your virus protection?
|
Business New Haven
9/11/1995
By: John Ludtke
|
I hadn't given much thought to viruses lately - not until last week. During the previous two weeks, three system administrators I work with found three viruses on network workstations. Fortunately, each had virus protection, so the viruses were found before reaching the file servers. Using anti-virus software, we cleaned the workstations of the viruses without serious data loss.
Now, we all bring disks from home. And with online cyber-jockeying bringing us more down-loadable files, our systems are exposed daily to files of unknown health. I scan for viruses before running disks, but how safe are our systems?
A computer virus operates similarly to the viruses that humans face. They are organisms, in this case man-made, that attach to files much like organic viruses attach to our cells. Once established, a virus begins replicating and prepares to damage the system's files or file structure in the manner chosen by its creator. The most benign viruses simply replicate themselves until they have filled available disk space or announce their presence with a screen message or a strange screen behavior. One causes the screen image to appear to melt down and pile at the bottom. These viruses can usually be stripped from the infected files without much damage.
More malicious viruses move from file to file, corrupting data as they replicate. The effect is much like a failing disk drive - more and more “unreadable file” and “corrupt data” messages, culminating with an unrecoverable system lock-up as the virus destroys the operating system files. Only some of these viruses can be removed without serious file damage. This is where a bootable floppy, good anti-virus software and a recent backup can save the day.
Vicious viruses go to the heart of the file system, destroying tables that define file locations, making them unrecoverable without great effort. Additionally, they may attempt to reformat the hard drive or overwrite the data with gibberish. These usually require booting from a “clean” floppy, reformatting the disk and totally restoring the operating system and data from the latest backup. Or reinstalling the operating system, all applications, and rebuilding all data - not a pleasant thought.
With some planning and effort, most viruses can be kept from affecting your system. Step 1: Use an in-memory virus protection with the most recent virus definitions. This is bundled with the anti-virus program - the installation routine will suggest allowing it to automatically load. Step 2: Regularly scan files for viruses using up-to-date virus definitions. Some software can be configured to automatically scan floppy disks. Step 3: Back up changed data daily. Unless you manipulate huge files, a weekly full backup and a daily incremental backup is easy.
In-memory virus protection is initiated during the DOS boot-up or Windows' system load. A program remains in the system's memory and monitors critical system files for attempted changes. On loading, it checks the system memory for viruses, then the disk boot sector and the operating system files. Once these are completed, it resides in the background ready to sound the alarm if a virus is suspected.
The virus scan portion of the software inoculates the system by recording the size and/or characteristics of critical files. With each subsequent scan, the characteristics of those files are compared to those previously recorded. Variations are called to the user's attention for further evaluation.
It's not enough to purchase anti-virus software and install it. As new viruses are manufactured, new definitions must be added to the software's database of known viruses. These definition updates may be ordered from the software publisher or downloaded from the Internet, a bulletin board or an online service. There are excellent anti-virus packages, but I will note only three that I am most familiar with: McAfee's ViruScan, Symantec's Norton Anti-Virus and Cheyenne's InocuLan.
Please send Win95 experiences and opinions to jludtke@ibm.net for a future article. BNH
John Ludtke is a Novell Certified NetWare Engineer and founder of Regency Network Services and AirCastle Multimedia Production. He may be reached on the Internet at jludtke@ibm.net or at 203-882-8890.
|
Go FirstGo PreviousGo
NextGo LastGo
to Index
|
|
