Anti-Virus Software

July 1, 1996

COMPUTER SECURITY GUIDE

Sophisticated scanning programs inoculate computers against attack.

Computer viruses have become so rampant throughout government that many federal agencies have posted formal emergency procedures to be followed once viruses are detected. Education and prevention measures are the best weapons in the fight against viruses, which are pieces of computer code that attach themselves to programs and wreak havoc on systems. They can modify or erase files, lock up networks and even damage hard disks and modems.

Viruses can infect programs running on anything from a notebook PC to a mainframe computer. Once introduced, they can reproduce rapidly through transmission of Internet files, e-mail attachments, local-area networks and floppy disks. The National Computer Security Association estimates more than 8,000 computer viruses exist, and 200 new strains appear each month.

Some types of viruses start reproducing immediately, while others lie dormant until they are triggered by particular events such as a person's name or a date. More than half of all reported attacks are from boot-sector viruses, which infect the code used to boot up computers. Other viruses attack operating-system code or other executable files with extensions such as .com. And multi-partite infections attack both boot sectors and executable files.

Polymorphic strains contain various encryption algorithms that enable them to change their appearance with each infection. These viruses are hard to detect because they use different digital signatures with each replication. Stealth viruses also are difficult to recognize because of their ability to hide changes they make to file sizes and directories.

The most dangerous infections this year are the new macro viruses, which attach themselves directly to Microsoft Word files and can be automatically executed when documents are opened or downloaded from e-mail or the Internet. Once triggered, the viruses can cross computing platforms and attack all files residing on hard disks or shared across networks. The five known macro viruses-Colors, Concept, DMV, Hot and Nuclear- can change screen colors, wipe hard drives and delete Word documents.

To guard against macro viruses and other infections, users are advised to employ frequently updated anti-virus software to detect and remove viruses. They perform cyclical redundancy checks, which look for changes in files since their last use, and conduct searches designed to cleanse infected files.

Some anti-virus software even uses artificial intelligence to analyze the behavior of executed programs and files. Code is examined and infected portions are disabled.

Companies offering anti-virus programs include Central Point, IBM, McAfee Associates, Norman Data Defense Systems, RG Software Systems, Symantec, Thunderbyte and Touchstone. Prices range from $50 to $500 per user, depending on the type of hardware employed.

Experts recommend that computer users scan hard drives frequently-not just at the beginning of each day-and that they check floppy disks and downloaded files before using them. Each Microsoft Word file should be checked before opening. (The company's virus-protection template can be retrieved from http://www.microsoft.com.)

The average anti-virus scan takes several minutes, which can add up if every file has to be checked before it is opened. Users should examine anti-virus products carefully because some of the software can cause network crashes and system overloads. Above all, keep two sets of backup disks of all important data - especially critical utility files.


July 1, 1996

http://www.govexec.com/technology/1996/07/anti-virus-software/7564/