Each of these infection situations cause the file virus to spread to files on the network file server. After a virus infiltrates the file server, other users with appropriate access can then execute infected programs on their workstations. Consequently, the virus can infect files on their local drives, or other files on the network server.

Because file and directory level protection is implemented on the file server rather than the workstation, executable file viruses cannot violate network-based file protections. Many files on the average file server are not protected in any way, however, and are perfectly valid targets for infection. In addition, administrators can inadvertently infect any and all files on the server.

Consider what would happen if the standard LOGIN.EXE program were to become infected by a memory-resident virus. After a user logs in to the network, she launches the virus and can inadvertently infect every program used on her workstation. She also can infect every program used on the file server to which she has write-access.

Note that the file server acts as carrier for executable file viruses. Virus-infected programs might reside on the network, but unless these viruses are specifically designed to integrate with the network software, they can be activated only from a client DOS machine.

In the typical installation, programs required for the network server’s operation are protected, making these files inaccessible to users. Limiting physical access to the server provides further protection. In the case of a non-DOS-based server, if the (non-DOS) executable files used to boot the file server became infected, these files could become corrupted but would not be infectious.

On Novell IntranetWare servers, as well as other file servers that initially boot from DOS, an administrator could inadvertently infect these executable files; however, unless the virus running on the server was specially written to integrate with the file server software, the virus could not infect files as they are read from or written to the server. No viruses to date have been written that propagate in this manner, although nothing prevents such a virus from being written.

File Viruses on Peer-to-Peer Networks

On the peer-to-peer network, users can read from and write to files on the local drives of each connected workstation. Therefore, each workstation effectively becomes both a client and a server for the other workstations. Moreover, peer-to-peer network security is likely to be more relaxed than it is on a professionally maintained file server. These traits make peer-to-peer networks exceptionally susceptible to file-based virus attacks.

Direct action viruses can easily spread to files on peer-to-peer connected workstations. In addition, an active memory-resident virus on one workstation can instantly infect executable files on a peer computer’s hard drive if the peer’s files are executed from the infected computer.

As of the time of this writing, no specifically peer-to-peer aware viruses have been written. However, current file viruses can still propagate with ease in the peer-to-peer network environment.

File Viruses on the Internet

File viruses can be sent over the Internet without difficulty. However, executable file viruses can’t infect files at a remote location through the Internet. The Internet, then, can act as a carrier for file viruses.

Boot Viruses

Except for multipartite viruses, boot record viruses cannot propagate over computer networks. Boot record viruses are hindered because they are designed specifically to infect only FBRs, MBRs, or PBRs using low-level, ROM-based system services. These system services are not available over networks.

Multipartite viruses infect both boot records and executable files, and even though these viruses can’t spread to other boot records through the network, they can be spread through infected files. An infected executable file can be sent through a network to another client, and executed. The virus can then infect the MBR or PBR of the client’s hard drive, or infect floppy disks as they are accessed. The virus can also infect other executable programs. (See “Network Susceptibility to File Viruses” for more information on program file viruses and networks.)

Boot Viruses on Network Servers

A network server can become infected by a boot virus if the network server computer actually is booted from an infected floppy disk. Should the network server computer become infected, the boot virus can’t infect client machines connected to the server.

If a client computer becomes infected with a boot virus, it cannot infect the network server. Although current file-server architectures do allow the client to store and retrieve files from the server, these architectures don’t allow the client to perform direct, sector-level operations on the server. These sector-level operations are required for the spread of boot record viruses.

Boot Viruses on Peer-to-Peer Networks

Current peer-to-peer network architectures don’t allow software running on one computer to perform sector-level operations on other peer computers. As a result, boot viruses cannot spread using the peer-to-peer network.

Boot Viruses on the Internet

Computers connected to the Internet are unable to perform sector-level operations on other Internet-connected computers. Consequently, boot viruses can’t spread over the Internet.

Macro Viruses

Macro viruses thrive under all three network environments. It is likely that macro viruses will become increasingly more prevalent in coming years. Not only can they spread over networks, but they infect the types of files more frequently shared by users.

Macro viruses are also platform independent, a feature that makes them a potential threat to a greater number of computer users.

Finally, it is impractical to write-protect the types of files that macro viruses infect. Unlike program files, document files are usually dynamic in nature; restrictions such as write-protection can be impractical in work environments where file sharing is a must.

Macro Viruses on Network Servers

Users often store documents on file servers so that other co-workers can read or update them. If these documents were protected with strict access restrictions, users could not update their contents. Seeing document files that have both read and write permissions enabled, therefore, is common. This makes these documents susceptible to infection.

After a document residing on the server becomes infected, other users can quickly infect their own client applications’ macro environment by accessing these files from a local copy of the host application. After the client application becomes infected, all further documents edited from within the infected host application and saved to the network also become infected.