IT on IT

What do Trojan Horse, Stealth, Cavity, Tunneling, Dropper, and Worm have in common? They are all terms associated with viruses, computer viruses, that is. The term, Worm, came into common usage in 1988 when Robert Morris, a computer science graduate student at Cornell, injected a self-replicating, self-propagating program into the Internet. Computers at universities, military sites, and medical research facilities crashed when Morris’s virus infected them. The courts convicted Morris of violating the Computer Fraud and Abuse Act and imposed a three-year sentence (probation), 400 hours of community service, and a $10,500 fine. Most of us, fortunately, deal with more mundane virus attacks. Those of you who run up-to-date virus scanners routinely on your personal computers have a lot more protection than those who do not, but that does not mean you’re immune to viruses.

At Williams, we have a three-tiered philosophy for dealing with viruses, and we have implemented two of the tiers. First, we provide the means to identify viruses on individual personal computers; I’ll provide the specifics on these at the end of this column; second, we have an aggressive program for virus scanning on our file servers. The third tier involves intercepting viruses as they arrive from the Internet; many viruses are passed along in email attachments or with programs that are downloaded. We are still in the planning stages for implementing virus scanning for inbound Internet files.

Before telling you what you need to do to protect your computer, I will provide a short description of viruses. For those interested in pursuing more on viruses, a very rich and complex area, I suggest you start by exploring the following Internet site:

Antivirus technology has developed into a major business in recent years. Widespread use of the Internet has aided the diffusion of malicious computer programs, and businesses have responded with a variety of services. Virus scanners are programs that scan for “virus signatures.” These programs identify a virus by matching its “signature” or uniqueness with a virus definition file. Whenever a new virus is discovered, the virus definition database is updated.

A virus is program code that breaches security, damages data, or displays unwanted messages and self-propagates. A classic example of a malicious program that is not a virus is one that prompts an unsuspecting user for a login that appears to be the real login for a system. The program instead uses the login ruse to capture a person’s password, because the unsuspecting person believes that he or she is actually logging onto a system legitimately. This login example is called a trojan horse and is technically not a virus, because it cannot propagate itself.

Examples of classic viruses include file infector and boot sector viruses.

File infector viruses attach themselves to an ordinary program that one uses all the time like a word processor. Once attached, the virus executes first when a user attempts to use the genuine program. At execution, the virus attaches itself to other programs as a way of replicating itself. The virus can then destroy files at some triggering moment. Another technique for virus propagation is for the virus program to be stored in random access memory (RAM) at execution. The virus can then do its damage to any number of files later.

When computers start up, or boot, they execute code in the boot sector. A boot sector virus stores itself in the boot sector of a disk and moves the original code to another location. When an infected computer boots using the virus code, the virus spawns itself to other devices with boot sectors, and so it goes on and on. Floppy disks provide a perfect medium for moving this virus from computer to computer. When someone with an infected diskette slips it into a computer in Jesup, it infects that computer, which in turn infects the next person’s diskette.

There are thousands of documented viruses, and I hope that I have provided just enough information about a couple to catch your attention if you are not routinely scanning for and removing viruses from your personal computer.

What should you do to minimize your risks? First, make sure that you are running the latest versions of a desktop virus scanner. Second, make sure you have an uninfected backup of your files. Williams College has site licenses for Command Software’s F-PROT for Windows95 and WindowsNT and Network Associates (until recently McAfee Software) VirusScan for Macintosh. We update these virus software programs quarterly. We update virus definition files when we get them—hourly, daily, weekly. F-PROT is available to Windows users on the application launcher. VirusScan is available on Helen’s Macintosh Applications volume. If you do not have the appropriate version of a virus scanner running on your personal computer, get it now!

Need help? Students, call x3088. Faculty/Staff, call x4090. First, however, check out the following URL for details about F-PROT and VirusScan at Williams College: