Virus

A virus is a piece of programming code usually disguised as something else that causes someunexpected and usually undesirable event. A virus is often designed so that it is automatically spread toother computer users. Viruses can be transmitted as attachments to an e-mail note, as downloads, or bepresent on a diskette or CD. The source of the e-mail note, downloaded file, or diskette you've receivedis often unaware of the virus. Some viruses wreak their effect as soon as their code is executed; otherviruses lie dormant until circumstances cause their code to be executed by the computer. Some virusesare playful in intent and effect and some can be quite harmful, erasing data or causing your hard disk torequire reformatting.Generally, there are three main classes of viruses:

File infectors

. Some file infector viruses attach themselves to programfiles, usually selected .COM or .EXE files. Some caninfect any program for which execution is requested,including .SYS, .OVL, .PRG, and .MNU files. When theprogram is loaded, the virus is loaded as well. Other fileinfector viruses arrive as wholly-contained programs orscripts sent as an attachment to an e-mail note.

System or boot-record infectors

. These viruses infect executable code found in certainsystem areas on a disk. They attach to the DOS bootsector (see notes) on diskettes or the Master Boot Record

on hard disks. A typical scenario (familiar to the author)is to receive a diskette from an innocent source thatcontains a boot disk virus. When your operating system isrunning, files on the diskette can be read withouttriggering the boot disk virus. However, if you leave thediskette in the drive, and then turn the computer off orreload the operating system, the computer will look first inyour A drive, find the diskette with its boot disk virus,load it, and make it temporarily impossible to use yourhard disk. (Allow several days for recovery.) This is whyyou should make sure you have a bootable

floppy

Macro viruses

. These are among the most common viruses, and they tendto do the least damage. Macro viruses infect yourMicrosoft Word application and typically insert unwantedwords or phrases.The best protection against a virus is to know the origin of each program or file you load into yourcomputer or open from your e-mail program. Since this is difficult, you can buy anti-virus software

that can screen e-mail attachments and also check all of

your files periodically and remove any

viruses

The Master Boot Record (MBR) is the information in the first sector of any hard disk or diskette that identifieshow and where an operating system is located so that it can be booted (loaded) into the computer's main storage orrandom access memory. The Master Boot Record is also sometimes called the "partition sector" or the "masterpartition table" because it includes a table that locates each partition that the hard disk has been formatted into. Inaddition to this table, the MBR also includes a program that reads the boot sector record of the partition containingthe operating system to be booted into RAM. In turn, that record contains a program that loads the rest of theoperating system into RAM

A bootable floppy is a diskette containing a back-up copy of your hard disk master boot record (MBR). In theevent that the master boot record becomes "infected" by a boot virus, having a bootable

floppy will allow you to

load it back onto your hard disk. (Otherwise, you may have to reformat your hard disk which first eraseseverything on the disk including files you may not have a backup copy of. Even if you do, reformatting your harddisk will mean you have to reinstall everything you've backed up, a time-consuming procedure at the very least.)

Antivirus software is a class of program that searches your hard drive and floppy disks for any knownor potential viruses.

that are found. From time to time, you may get an e-mail message warning of a new virus. Unless thewarning is from a source you recognize, chances are good that the warning is a virus hoax.

Virus detection

Virus detection usually occurs when you have been infected by a virus, your computer will display theresults of running it (it will act strange and not carry out the tasks you want). To find out what thevirus is run a virus detection and cleanup program

. As long as the programs virus signatures

are up todate, the program will detect and remove the virus. If it is not possible to remove the virus the programwill quarantine

the infected file, (if the file quarantined is an .exe or .com file it can cause the programassociated with it not to run).

Virus updates

There are unscrupulous people out there who will continue to update a virus after an antidote has beenfound and generally distributed, in this case the virus is said to be mutating. Because of this the antivirus software manufactures are continually updating their anti dote signatures.

Worms

There is a special type of virus called a worm. When infected by this type of virus it will live in thehard disk infecting more and more files. The effects of this type of virus are not felt until an eventoccurs that triggers the virus into action, this could be a special date or accessing a particular file onyour computer.

Protection

The best method of protection against virus infection is to

•

Never accept a file to be loaded onto your hard drive that you are not sure off

•

Do not accept emails from sources you are not sure off

•

Make regular anti virus checks of your system using a recognised anti virus program

•

Keep your virus signatures up to date

•

Hide behind a firewall

Macafee and Norton are two of the most popular anti virus software around.

A virus signature is a virus clean up program that has been developed usually by the companies thatsell anti virus software.

A file is quarantined when a virus signature program cannot remove the virus. Quarantine means thefile is moved to a protected part of the hard drive and is not accessible by the computer program.

Notes

Boot

To boot a computer is to load an operating system into the computer's main memory or random accessmemory (RAM). Once the operating system is loaded it's ready for users to run applications.Sometimes you'll see an instruction to "reboot" the operating system. This simply means to reload theoperating system (the most familiar way to do this on PCs is pressing the Ctrl, Alt, and Delete keys atthe same time).On larger computers (including mainframes), the equivalent term for "boot" is "initial program load"(IPL) and for "reboot" is "re-IPL." Boot is also used as a noun for the act of booting, as in "a systemboot." The term apparently derives from bootstrap which is a small strap or loop at the back of a leatherboot that enables you to pull the entire boot on. There is also an expression, "pulling yourself up byyour own bootstraps," meaning to leverage yourself to success from a small beginning. The booting of an operating system works by loading a very small program into the computer and then giving thatprogram control so that it in turn loads the entire operating system.Booting or loading an operating system is different than installing it, which is generally an initial one-time activity. When you install the operating system, you may be asked to identify certain options orconfiguration choices. At the end of installation, your operating system is on your hard disk ready to bebooted (loaded) into random access memory, the computer storage that is closer to the microprocessorand faster to work with than the hard disk. Typically, when an operating system is installed, it is set upso that when you turn the computer on, the system is automatically booted as well. If you run out of storage (memory) or the operating system or an application program encounters an error, you may getan error message or your screen may "freeze" (you can't do anything). In these events, you may have toreboot the operating system.

How Booting Works

When you turn on your computer, chances are that the operating system has been set up to boot (loadinto RAM) automatically in this sequence:1.

As soon as the computer is turned on, the basic input-output system (BIOS) on your system'sread-only memory (ROM) chip is started and starts the boot sequence. BIOS is already loadedbecause it's built-in to the ROM chip and, unlike random access memory (RAM), ROMcontents don't get erased when the computer is turned off.2.

BIOS first does a power-on self test (POST) to make sure all the computer's components areoperational. Then the BIOS's boot program looks for the special boot programs that willactually load the operating system onto the hard disk.3.

First, it looks on drive A (unless you've set it up some other way or there is no diskette drive)at a specific place where operating system boot files are located. If there is a diskette in driveA but it's not a system disk, BIOS will send you a message that drive A doesn't contain asystem disk. If there is no diskette in drive A (which is the most common case), BIOS looksfor the system files at a specific place on your hard drive, the sequence is usually the A: drive,the C: drive finally the CD, in most conventional systems, boot programs are located on the c:drive..4.

Having identified the drive where boot files are located, BIOS next looks at the first sector (a512-byte area, see sector in these notes for an explanation of what a sector is) and copiesinformation from it into specific locations in RAM. This information is known as the bootrecord or Master Boot Record.5.

It then loads the boot record into a specific place (hexadecimal address 7C00) in RAM.6.

The boot record contains a program that BIOS now branches to, giving the boot record controlof the computer.7.

The boot record loads the initial system file (for example, for DOS systems, IO.SYS) intoRAM from the diskette or hard disk.8.

The initial file (for example, IO.SYS, which includes a program called SYSINIT) then loadsthe rest of the operating system into RAM. (At this point, the boot record is no longer neededand can be overlaid by other data.)