"The sky is falling! The sky is falling!
Chicken Little

Now that we know that the sky isn't falling, God isn't dead, and the world (as we know it) isn't coming to an end anytime soon, what catastrophes are left for a world-class prophet of doom to raise hue and cry about?

I know: "Your Email's carrying a computer virus!"

Not to laugh. With the number of hoax viruses increasing almost as fast as computer use itself, it's a sure bet that everyone reading this has received at least one warning of impending doom. Most are variants of the "Good Times" scare, a hoax started in 1994 by an America Online user who warned that everything on your hard drive would be deleted if you were to read the words "Good Times" in a message. More recently the same type of hoax was perpetrated about Email containing the words "Penpal Greetings."¹

In fact, it is impossible to catch a virus by simply reading Email. Although programs containing viruses can be sent as Email attachments, text messages themselves are literally virus-proof.²

What puts the fright into this latest incarnation of Chicken Little is that most users simply don't know much about computer viruses. In truth, panic about them causes more damage than do the viruses themselves.

Our purpose in this month's PC Tips -- besides spreading a little virus humor -- is to bring you up to speed on computer viruses, what they are, how to protect against them, and how to get rid of them.

What is a computer virus?

A computer virus is a program that replicates or copies itself. There are three types of viruses:

• Boot sector viruses are the most common, accounting for 80-90% of all infections. They reside in the boot sector of floppy (or removable) disks and transfer themselves to the boot sector of your hard drive when you load the floppy disk (perhaps containing the game or screen saver you borrowed from your neighbor). Boot sector viruses generally do very little permanent damage but may reduce the speed of your system or prevent other programs from working. (We found one recently which rendered the CD-ROM drive inoperative by preventing its driver from loading.)
• File viruses ride piggyback on other programs' executable files (the files with .exe, .com, .dll suffixes, for example) and so can often be detected by the simple means of monitoring the sizes of executable files. These are the "traditional" viruses and can be transmitted in any way that a program can be moved from one computer to another -- by disk, by tape, by LAN, by modem, etc. The file viruses play pranks, blanking your screen, generating strange noises, or swallowing all the vowels in a document, but also can be among the most virulent, literally erasing file after file from your hard drive.
• Macro viruses, the newest type, infect Microsoft Word and Excel data files that contain macro information. Although these are the only viruses, so far, that can be transmitted across different operating systems, i.e., from a Mac system to your Windows system, they affect only Word or Excel data files containing macros. Macro viruses to this point have been relatively benign. The Microsoft Word macro virus called Concept, for example, causes Word to save documents as templates instead of as regular documents.

How to protect against viruses.

The virus analogy -- which compares computer viruses to human viruses -- is unfortunate in that it suggests that every computer, like every human, will become infected by viruses over and over again. In fact, a very small number of computers -- estimated at fewer than one percent -- will ever "contract" a virus, even once. However, when it comes to prevention, the human medical analogy is right on. Here, as in life, an ounce of prevention is worth a pound of cure.

Backup. The simplest, smartest, and most effective thing you can do to protect yourself against the effects of computer viruses is to create backups of the material you have created and stored on your hard drive. Nothing exotic: just good computing practice. Assuming that you have the disks or CD-ROMs from which you originally installed the programs on your hard drive, you have only to backup the documents -- letters, databases, graphics, faxes, etc. -- which you created using the programs.

For a multi-station, networked business system, this means backing up the server to tape or secondary disk several times a week. If you're not doing this now, please call us immediately for help! For a small business, home office or personal system this means using the perfectly adequate software that came with DOS or Windows to backup your organizer, address book, client database, contact software, correspondence, book-keeping, etc. to floppy disks. Again, please call us if you need help configuring the backup software.

If you have the distribution software to re-install your applications, and you've backed up the documents you created, there's very little permanent damage a virus can do. However, if re-creating your hard drive from installation media and backups is not your idea of "very little damage", then you need to do more than protect against the effects of a virus -- you need to actively prevent viral infection.

Prevention. To prevent infection, you'll need a good software package, one that the manufacturer is willing to update on a regular basis as new viruses surface and new methodologies become available. The necessity for updating suggests buying from a manufacturer who is willing to commit substantial resources to fighting viruses and one who has some likelihood of being around to help usher in the millennium. We know of three excellent sources: Symantec who makes the Norton Anti-Virus, IBM who makes SecureWay, and McAfee Associates who make the VirusScan and WebScan packages. Our recommendation is McAfee, who "invented" the anti-viral business and have never lost their position of leadership. We have a permanent link to McAfee on our Downloads page.

Good anti-viral packages act in three ways: virus removal (we'll take that up in a few paragraphs), and virus detection and prevention. Installed according to the manufacturer's recommendation, detection/prevention software scans the hard drive at least once each day, and scans each program you load and each one you run. The software alerts you when a program tries to modify your hard drive's boot sector (remember boot sector viruses are the most common), warns you when unexpected changes are detected in the size or configuration of a program, and, of course, brings everything to a screeching halt when it finds a program whose byte pattern or signature matches that of a known virus.

What's left for you to do? Really very little. For the maximum level of comfort and protection, we suggest you get in the habit of scanning (using the anti-viral software to detect viruses in) any programs you plan to load on your hard drive. Scan the floppy you got from your friend and the one you brought home from the office -- before loading or running or copying it. Scan the disks and CD-ROMs containing new software before installing it. (Yup, we've found viruses on them too!) Scan everything you download from the LAN or the Internet -- before you run it. (We recommend setting up a separate, "quarantined" directory on your hard drive for stuff you've downloaded but haven't yet scanned.) In short, scan every program you introduce to your computer's hard drive before you load or run it.

Viruses are not self-generative, they're transmitted. No virus ever got on a hard drive by itself. And, excepting the rare, sophisticated, fully-automated systems, no system ever got infected by a virus without help from a person. If you scan every program before loading or running it, you won't need to read the next section on removing viruses. If you wait for your software to find an already active virus -- one that may have already done some damage -- read on.

How to remove a virus.

If and when your software detects a virus, you'll need to get involved to remove it. There are five steps required.

1. Don't panic! There's nothing it can do to hurt you.
2. Turn off your computer and re-start it from a clean, write-protected boot disk.³ Shutting down the computer erases the volatile active memory (RAM), including any virus working in it. Re-starting from a boot disk prevents a virus resident on the hard drive from becoming active again.
3. Run your anti-virus software from a floppy disk to find and repair the infected files. (Usually you can do this from the distribution media.⁴) If the damage is too great for the software to fix, you can replace the files later with clean copies from your routine backup -- you know, the one we encouraged you to make earlier in this column.
4. Run your anti-virus software once more to check that everything's OK. Most of the time the virus is gone and you can get back to work, replacing any files from backup as needed.
5. However, if your anti-virus software is still generating nasty-grams, STOP! You need expert help. Turn the computer off, and leave it off. Call us or another consultant experienced in virus removal. Anything else you do on your own will make the problem worse. Honest.

We'd like to leave you with the feeling that now you know all about computer viruses and how to do deal with them. We can't, of course, because the folks who write viruses are like graffiti artists. It's not hard to know how to clean up after them, it's not too hard to adopt strategies to thwart their efforts, but it's real hard to know how and where they're going to strike next. The best that can be said of them is that virus writers like graffiti artists are mostly just looking for attention and for the most part don't do any real harm to their "victims".

So remember. It's a jungle out there. Back it up, keep it clean, and with a little luck you won't be a victim.

Format A: /s

AT&T VIRUS

Every three minutes it tells you what great service you are getting.

MCI VIRUS

Every three minutes it reminds you that you're paying too much for the AT&T virus.

PAUL REVERE VIRUS

This revolutionary virus does not horse around. It warns you of impending hard disk attack---once if by LAN, twice if by C:>.

MARIO CUOMO VIRUS

It would be a great virus, but it refuses to run.

GOVERNMENT ECONOMIST VIRUS

Nothing works, but all your diagnostic software says everything is fine.

ADAM AND EVE VIRUS

Takes a couple of bytes out of your Apple.

PBS VIRUS

Your programs stop every few minutes to ask for money.

HEALTH CARE VIRUS

Tests your system for a day, finds nothing wrong, and sends you a bill for $4,500.

Back to column

• The November, 1996 PC Tips on Laser Printers
• The December, 1996 PC Tips on Buying a Personal Computer
• "Does Not Compute," Michael Maren's New York Magazine article on selecting a PC repair shop, which appeared in the December, 1996 issue