Virus
By: Serafin Sanchez 2/6/08
A computer virus is a computer program that can copy itself and
infect a computer without permission or knowledge of the user. The term virus
is commonly used. A virus can only spread from one computer to another when its
host is taken to the uninfected computer, for example by a user sending it over
a network or the Internet, or by carrying it on a removable medium such as a
CD, DVD or USB drive. Another way viruses can spread to other computers is by
infecting files on a network file system or a file
system that is accessed by another computer. Viruses are sometimes confused with
computer worms and Trojan horses. A worm can spread itself to other computers
without needing to be transferred as part of a host, and a Trojan horse is a
file that appears harmless until executed.
Some viruses are programmed to
damage the computer by damaging programs, deleting files, or reformatting the
hard disk. Others are not designed to do any damage, but simply replicate
themselves and perhaps make their presence known by presenting text, video, or
audio messages.
In order to replicate itself, a
virus must be permitted to execute code and write to memory. For this reason,
many viruses attach themselves to executable files that may be part of
legitimate programs. If a user tries to start an infected program, the virus'
code may be executed first. Viruses can be divided into two types, on the basis
of their behavior when they are executed. Nonresident viruses immediately
search for other hosts that can be infected, transferring control to the
application program they infected. Resident viruses do not search for hosts
when they are started. A resident virus loads itself into memory on execution
and transfers control to the host program. The virus stays active in the
background and infects new hosts when those files are accessed by other
programs or the operating system itself.
Any operating system that allows
third-party programs to run can theoretically run viruses. Some operating
systems are less secure than others. Unix-based OS's (and NTFS-aware
applications on Windows NT based platforms) only allow their users to run
executables within their protected space in their own directories.
Many users install anti-virus
software that can detect and remove known viruses. There are two common methods
that an anti-virus software application uses to detect viruses. The first and
most common method of virus detection is using a list of virus signature definitions.
This works by examining the content of the computer's memory the RAM, and boot
sectors, the files stored on fixed or removable drives then comparing those
files against a database of known virus signatures. The disadvantage of this
detection method is that users are only protected from viruses that pre-date
their last virus definition update. The second method is to use a heuristic
algorithm to find viruses based on common behaviors. This method has the
ability to detect viruses that anti-virus security firms’ have yet to create a
signature for.