First published: 01st May 1995
By Allan G. Dyer M.Sc.(tech) B.Sc. AIDPM MIAP MHKCS, Head of F-PROT Technical Support, Yui Kee Co. Ltd.
In the nine months since the first of these articles, the total number of known viruses has risen by about 1600. This is an average of 5.9 a day (reasonably close to the figure of 7 a day I gave in the first article). Viruses are not becoming less of a problem. This is supported by the increase in the number of virus reports and requests for technical help I receive daily.
The Myth of Michelangelo
Around March 6, various articles appeared in both the general and computing press about Michelangelo Day. This annual attempt by some journalists to publicise the dangers of viruses is a farce. It is true that the Michelangelo virus is a boot sector virus that activates on March 6, formatting vital areas of the hard disk. Michelangelo Day was first declared in 1992, when it was a relatively new virus and people using old versions of anti-virus scanners were at risk. I have had no confirmed reports of a Michelangelo activation in Hong Kong on the last two March 6's. In contrast, AntiCMOS, BuptBoot, B1 and Sampo are four boot sector viruses that are spreading in the Territory now.
In fact, anyone using a scanner that is 3 years old is adequately protected against Michelangelo - they are at risk from the 5000+ viruses that have been discovered since then. The reports concentrate on the risk of another outbreak of Michelangelo, and how to protect yourself against it (I have seen two articles this year that recommend changing the date in your computer, try avoiding the activation conditions for 6000+ viruses like that!). A far more useful approach is to look at the virus problem in general and advise people on how to protect themselves against all viruses.
Figure 1: How to use your computer safely.
- Never boot your computer from an unknown diskette.
If you forget a diskette in a drive and start the computer, remove the diskette, turn off the computer using the power switch and restart. If you have the slightest reason to suspect that there is a virus on the diskette, boot your computer from a clean system diskette and check your computer with reliable anti-virus software. A boot sector virus can infect your hard disk immediately if you boot from an infected diskette.
Most PCs now allow the boot sequence to be set so this sort of accident can be avoided entirely. This is done in the Setup options, and is called something like:
Initial System Load: Fixed/Diskette
or
System Boot Up Sequence C:, A:
When set correctly, the system will always try booting from the hard disk first, ignoring any floppy in drive A.
- If your anti-virus software has the option, set it to check floppy disks whenever they are accessed and on warm boots.
- Create a plan for making backups and stick to the plan. Keep several generations of backups. Keep both full backups and backups of just your data files.
- Create an emergency boot disk containing, along with the operating system, essential tools for disk repair, unformatting, undeletion, virus searching and disinfecting. These will be useful tools in any emergency.
- Do not use illegally copied programs or programs of uncertain origin. If you don not know the origin of a diskette, do not try running the program on it before checking the diskette for viruses.
- Also check the purity of original diskettes. They may be infected too.
- Do not copy programs from one computer to another. Always install programs from original distribution diskettes or write-protected backup copies.
- Install reliable anti-virus software, and use it according to the instructions.
- Do not underestimate the virus threat. Viruses are a major hazard.
Fortunately, most virus attacks are simple to prevent (see fig. 1).
The Many Types of Virus
Potentially, a virus can be created to infect any software that can be modified. On a DOS machine, this includes the DOS boot sector, the Master Boot Record, and .COM, .EXE, .OVL (and other overlay files), .SYS and even .BAT files. Most DOS viruses infect .COM or .EXE files (though boot sector viruses cause more infections). Viruses are broadly categorised into file viruses and boot sector viruses. Narrower classification is based on other characteristics, such as stealth, polymorphism, and infection strategies. A successful virus balances it's rate of spread against the chance of detection.
Small but significant numbers of viruses exist for non-DOS machines. These are unlikely to cause a major outbreak, given the overwhelming numbers of DOS computers.