|
|
A computer virus is a program with a destructive function. The damage lies particularly in the loss or corruption of data or other programs, which can have significant consequences. Such program functions can be triggered intentionally as well as accidentally.
The definition of a computer virus does not directly refer to a possibly implemented destructive function:
A computer virus is a non-independent, self-reproducing routine which thereby manipulates system sectors, programs and their environments in a manner which cannot be controlled by the user. (In addition to this, the virus might also include destructive functions.)
Similar to its biological equivalent, the property of reproduction leads to the designation "virus". There are numerous possibilities of manipulation. Particularly frequent is the overwriting or attachment of the virus code to other programs or to sectors of the operating system.
In principle, computer viruses can occur on all operating systems. However, the largest threat is posed in the area of IBM-compatible personal computers (PCs). Presently, roughly 20,000 viruses (including their variants) are known to exist worldwide on the most commonly used operating systems in this area (MS-DOS, PC-DOS, DR DOS, NOVELL DOS etc.).
Special computer viruses for the Windows 3.x, Windows NT, Windows 95, OS/2 and Unix operating systems are of little significance in practice. In the case of hardware typical for PCs, however, the hard disks of these computers could be infected by DOS boot viruses if the boot sequence begins with the floppy disk drives.
Roughly 100 special computer viruses are known to exist for Apple computers, for which corresponding virus scanning programs are also available.
Types of computer virus
There are three basic types of computer virus:
Hybrids and special forms of these three types are also known to exist. Additional distinguishing features are the stealth mechanisms, with which viruses are often equipped in order to avoid detection by users and scanning programs
Boot viruses
"Booting" is the loading of the operating system. This procedure also involves the execution of certain program routines which are independent, but which are located in inaccessible sectors which are not visible in the directories on the hard disks or floppy disks. Boot viruses overwrite these sectors with their own program code. The original contents are moved to a different location of the data media, and executed after the execution of the virus code during the start-up of the computer. As a result, the computer apparently starts in the usual manner, but the boot virus is loaded into the computer's main memory even before the operating system is loaded, and stays there during the whole power-on time of the computer. Consequently, the virus is able to infect the boot sector of every write-enabled floppy disk used during the computer's power-on time. Boot viruses can only infect other computers during booting, or through attempts at booting with infected floppy disks.
File viruses
Most file viruses attach themselves to program files. However, this happens in such a way that when the file is opened, the virus code is activated first, followed by the original program. The program then appears to run as usual and the virus is not immediately detected. Nevertheless, primitive, overwriting viruses are also known to exist, which attach themselves to the beginning of the host program in such a way that the program no longer runs correctly. File viruses are spread by the execution of infected programs.
In the case of hybrid boot and file viruses, so called multi-partite viruses have become important. These viruses can spread through the starting of an infected program as well as during booting (or attempted booting) from an infected floppy disk.
Macro viruses
Macro viruses are also placed within files, although they do not infect the applications, but the files generated by these applications. All kinds of application programs can be effected including those in which generated files not only single control characters, but also programs and other objects, can be embedded. Particularly Microsoft Word and Excel files are affected by such viruses. These applications offer a powerful macro programming language, which can easily be abused for the implementation of viruses, also by users who are not very skilled with these programs.
Macros are programs with whose help the application program can be expanded with additional functions which have been cut to fit the application (e.g. production of a fair copy from the draft of a text). These macros can only be executed with the relevant application program (Winword, Excel etc.) when the document is processed, either due to activation by the user or if the macro starts automatically. If, for example, a Word file is received by a WWW browser which automatically opens the document with Microsoft Word, a macro can be activated. As data files are often distributed as conventional program files via data media and networked IT systems, the threat posed by macro viruses is now larger than that posed by boot and file viruses.
Examples of destructive functions of computer viruses
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |