Computer Viruses 计算机病毒 Introduction A computer virus is a piece of software programmed to perform one major task: to replicate. Viruses accomplish their reproductive task by preying on other computer files, requiring a host program [1] as a means of survival. Viruses gain control over their host in various ways, for example by attaching their infected code to the end of a host program and misguiding the header information at the beginning of the file so that it points toward itself rather than the legitimate program. Therefore, when an infected host program is run, the virus gets executed before the host.  The host program can be almost anything: an application, part of the operating system's, part of the system boot code, or a device driver. The virus continues to spread, moving from file to file in this infectious manner. In addition to its propagation mission, many viruses contain code whose purpose is to cause damage. In some viruses, this code is activated by a trigger mechanism. [2] A trigger condition may be linked to the number of times the host file is run, or it could be a response to a particular date, time or random number. In other cases, the damage could occur continuously or on a random basis. Of the 11,000 known viruses present today, more than 2,000 have been diagnosed as being data destructive. Types of Viruses Several types of viruses exist and are classified according to their propagation patterns. 1. Executable File Infectors These viruses spread infection by attaching to an executable file, misdirecting the header information, and executing before the host file. It is very common for these viruses to load themselves into memory once their infected host file is launched. From there, they monitor access calls, infecting programs as executed. 2. Boot Sector Infectors This type of virus overwrites the original boot sector, replacing this portion of code with itself, so it is the first to load and gain control upon system boot, even before DOS. In order for boot block viruses to replicate, it is usually necessary to boot the computer from an infected floppy disk. Upon system boot, the virus will jump from the infected floppy disk to the hard disks partition table. 3. Partition Table Infectors These viruses attack the hard disk partition table by moving it to a different sector and replacing the original partition table with its own infectious code. These viruses will then spread from the partition table to the boot sector of floppy disks as floppies are accessed. 4. Memory Resident Infectors Many viruses load themselves into memory while altering vital system services. For example, some viruses modify the operating system's Execute Program service in such a way that any executed program is immediately infected. Other viruses modify the operating system in order to camouflage their existence. These viruses are called Stealth Viruses. Why Are Viruses Written? Bulgaria is often referred to as the "Virus Factory" because the country accounts for the highest percentage of new virus creation. Several cultural factors attribute to this state. Primarily, the country offers no software copyright protection, so legitimate software programmers are not rewarded financially for their work. And there are no laws in place to prohibit the authorship of new viruses. In fact, virus source code is often posted on international bulletin boards for anyone to access. Certainly, this is not the case in the United States, so why do we maintain the second highest level of virus authorship? Today's viruses are being written to attack a specific person, company or program. There are countless stories of disgruntled employees who seek vengeance by writing viruses to attack their former employer's computer system. How Are Viruses Transmitted? Because a virus is nothing more than a piece of software, it can be acquired in the same way as legitimate programs.  Viruses have reportedly been transmitted through shrink- wrapped retail software. [3] Unsuspecting sales representatives often act as carriers by demonstrating infected programs. Newly purchased computers, which had their hard disks formatted by service technicians, have been returned with viruses. These pests travel over phone lines through programs sent by modem.  Bulletin boards do occasionally transmit viruses. The most common means of contracting a virus, however, is through the use ot floppy disks. Piracy of software, in particular, expedites viral spread, as do floppy disks traveling from one computer to another. We Are All at Risk All personal computer users are at risk for viral infection. Several events, trends and technological inroads have combined in the past few years to increase our vulnerability to infection. The proliferation of local area networks, the downloading of information from mainframes to desktop computers, our increased reliance on personal computers to store mission critical data, the arrival of electronic bulletin boards, the globalization of communications, the gained popularity of shareware, the growing use of remote communications, the increased sophistication of end users, the portability of data, the casual spread of software via piracy, and the staggering rate of new virus creation all contribute to increase our risk of virus infection. A Special Threat to Networks Viruses present a special threat to networks because of the inherent connectivity they provide and because of the potential for widespread data loss. Once a virus infects a single networked computer, the average time required for it to infect another workstation is anywhere from 10 to 20 minutes. With a propagation time of this magnitude, a virus can paralyze an entire network in several hours. Virus Infection Symptoms The most successful virus has no symptoms at all. Your computer may be infected, and you will notice no change in the normal behavior of your computer. The only way to be aware of such viruses is to use automated virus detection tools. Some less sophisticated viruses may exhibit "visible" symptoms such as: 1) Changes in program length 2) Changes in the data or time stamp 3) Longer program load times 4) Slower system operation 5) Unexplained disk activities 6) Unexplained reduction in memory or disk space 7) Bad sectors on your floppy 8) Disappearing programs 9) Unusual error messages 10) Unusual screen activity 11) Access lights turn on for non-referenced drive 12) Failed program execution It is important to remember that some viruses may not exhibit any visible symptoms at all. Don't count on your intuition as your only tool for detecting viruses. Anti-Virus Tools In dealing with today's sophisticated viruses, intuition and strict employee policies are not enough. The more carefully engineered virus programs exhibit no visible symptoms at all until it is too late. Your computer may be infected with a virus without any noticeable alteration in functionality. Therefore, relying solely on visible side effects, such as slower system operation, longer program load time or unusual screen activity as a means of early detection, may not prove as reliable as it once did. You can no longer afford to count on your intuition as your only tool for detecting viruses. While information systems managers should establish employee guidelines and policies to lessen the potential for infection, strict rules alone will not insure complete protection. What about the shrink-wrapped software program purchased by your company that was later found to be infected by a virus? Or what about the hard drive that was sent out for repair by a service technician, only to [4] have it returned with a virus? The only way to prevent viruses from mysteriously entering your company is to reinforce the security programs already in place with automated virus detection tools. Defending against Viruses Following are some tips in helping to combat the growing threat of viral infection. 1) Use an automated virus detection tool, such as Fifth Generation Systems Untouchable virus protection software. 2) Regularly perform a backup of your data with a backup program, such as Fifth Generation Systems Fastback Plus. [5] 3) Prevent unauthorized access to your computer by using a security access program, such as Fifth Generation Systems Disklock. [6] 4) Use write-protected tabs on all program disks before installing any new software. If the software does not allow this, install it first, then apply the write-protected tabs. 5) Do not install new software unless you know it has come from a reliable source. For instance, service technicians and sales representatives are common carriers of viruses. Scan all demonstration or repair software before use. 6) Scan every floppy disk before use and check all files downloaded from a bulletin board or acquired from a modem. 7) Educate employees. As the adage goes, an ounce of prevention is worth a pound of cure. 8) Do not boot from any floppy disk [7] , other than a clean, DOS based disk. 9) Avoid sharing software and machines. 10) Store executable and other vital system parameters on a bootable DOS based disk and regularly compare this information to the current state of your hard drive. Notes [1]requiring a host program：host表示“主人”、“东道主”。此处a host program可译成“主机程序”。 [2]a trigger mechanism：触发装置。 [3]shrink-wrapped retail software：用收缩塑料薄膜包装的零售软件。 [4]only to：不定式短语表示结果；翻译成“结果……”，如：He made a long speech only to show his ignorance of the subject．他讲一大，结果只暴露出他对这门学科一无所知。 [5]Fifth Generation Systems Fastback Plus：第五代生成系统快速备份。 [6]Fifth Generation Systems Disklock：第五代生成系统磁盘锁。 [7]Do not boot from any floppy disk. boot意指“引导”、“启动”。此句译为“不要直接从软盘启动计算机”。 Choose the best answer for each of the following: