Understanding the weak points of viruses

If you've watched enough thrillers and murder mysteries on TV, you would know that to catch a serial killer, you need to identify his modus operandi and mental process. Once that is done, you have a better chance of predicting where and who will be the next target.
Written by ZDNet Staff, Contributor
If you've watched enough thrillers and murder mysteries on TV, you would know that to catch a serial killer, you need to identify his modus operandi and mental process. Once that is done, you have a better chance of predicting where and who will be the next target.

Similarly, viruses -- the serial killers of the digital domain -- all kinds share certain key characteristics. Understanding these traits will help users to not only protect themselves from known strains, but also take appropriate steps to stop unknown viruses in their tracks.

Let's take a look at virus characteristics:

All viruses can enter a computer system.
But as long as you don't give them a chance to operate, you're safe. That is analogous to humans being exposed to millions of bacteria and even virii every day, but don't fall ill because the body doesn't give them a chance to operate inside the body.

Lesson to be learnt: Be careful what kind of files you take from people and websites. Scan each one before letting it reside anywhere in your computer's hard disk or storage media. Even if a virus does sneak it, that doesn't mean your system is infected. But the sooner you detect its presence, the quicker you can get rid of it before it somehow gets activated.

Virus code must be executed for infection to occur
Once an virus enters a system, the only remaining condition for it to come to life is that the user must somehow let the computer execute the deadly virus code. This can be done only if the virus hides itself in a program (masquerading as a game, a self-running presentation, a simple quiz...) or part of any non-executable document file containing system-level instructions which the program used to open it can execute -- e.g. macros in document files which Microsoft Word can execute, Javascript or Java code which browsers can activate...

Lesson to be learnt: Having an infected Word file in your system does not necessarily mean your system has been infected. But the moment you open the file in Word, and the macro is allowed to be executed, then you're fair game. Hence, set Word to disable macro execution, or at least limit macro functionality in the Options settings. Do the same for any other software that can execute scripts or macro instructions within normally harmless documents. In Web browsers, set security levels to the highest. Do not *EVER* execute any programs attached to e-mails or file archives like ZIP files if you can help it. If you have to execute them, at least scan them for viruses with the latest virus scanner first.

Viruses attack only certain files
Just as biological viruses thrive on the host body's bloodstream, computer viruses thrive on their breeding ground -- the computer's hard disk's boot sector, low-level partition information, operating system files, document files; and memory.

Lesson to be learnt: Even if you have cleared every virus code in your computer's hard disk, you must make sure no virus lives on in your RAM! This can only be possible if you shut down your system completely (not just reboot!) and boot off a clean hard disk or diskette or CD-ROM! Having an ever-vigilant virus scanner in the background can help, but we *cannot always assume* that your virus scanner is up-to-date, or that the virus in your RAM is not some new genre that cloaks itself so well that no current scanner can detect it in memory!

Viruses can be fooled!
Viruses are smart enough to detect which cells they've already infected, so as not to waste time and energy working on unnecessary activity and risking detection. Humans have thus managed to tame some viral diseases by a method called innoculation, in which they inject some harmless fragments of a virus into a body to alert the immune system to build up a defence strategy for the virus in advance.

This method is also used by antivirus software -- it actually "infects" your system's files or likely virus target points, with fragments of harmless virus code. Lesson to be learnt: Viruses can be fooled into complacency, but only if you install a good antivirus package and keep it up-to-date by downloading and installing new virus signatures.

Viruses live to replicate into *new hosts*. This is perhaps the key trait of viruses that drives them to proliferate. It's not enough for a virus to just inhabit one host and kill it. They must be mechanisms for it to survive after the host had died. They thus have protective mechanisms to withstand certain environmental conditions while being transmitted to another host through the air, water or other fluids.

Similarly, while a virus is bad if it destroys one computer user's files, it is not living up to its full potential unless it finds a way to infect other computer users. Lesson to be learnt: Better one dead computer than 100,000! As a responsible computer user, you should take steps to prevent any viruses on your system from spreading to others! Be meticulous when sharing files and emails with others. Scan everything first. Upon detecting a virus in your system, immediately alert all people in contact with your computer, and give them the proper details of the virus.

Parting note: Now that you understand the modus operandi of viruses, be proactive and spread the tips around. You won't be sorry!

Editorial standards