• PC World
• » Security

Antivirus Software Answers the Siren Call

Virus experts have recorded more than 40,000 viruses and their variant strains over the years, though only about 200 of those viruses are actively spreading in the wild. While most viruses are just annoying time-wasters, the ones that do deliver a destructive payload are a real threat.

Viruses have been around since the early 1960s, almost since the earliest computers existed, though until the 1980s they were largely laboratory specimens, created by researchers and released in a controlled environment to examine their effect.

When viruses first appeared in the wild in the 1980s, they spread slowly and passed via the "sneaker net": floppy disks traded by people and shared between computers. But widely available Internet and e-mail access hastened their spread.

Two years ago, the advent of viruses that spread via e-mail (Melissa LoveLetter, for example) significantly increased the odds that the average computer user would confront a virus because they spread so rapidly. E-mail viruses today account for about 81 percent of virus infections and can infect thousands of machines in a matter of minutes.

Practice Safe Computing

The best way to protect yourself from viruses is to avoid opening unexpected e-mail attachments and downloads from unreliable sources. Resist the urge to double-click everything in your mailbox. If you get a file attachment and you aren't expecting one, e-mail the person who sent it to you before you open the attachment. Ask them if they meant to send you the file, what it is, and what it should do.

For added safety, you need to install reliable antivirus scanning software and download updates regularly. Major antivirus software vendors, including Symantec, Network Associates, Computer Associates, and Trend Micro, provide regular updates. (Computer Associates' InoculateIT is also free.) Some of the vendors also offer a service that will automatically retrieve updates for you from the company's Web site.

Regular updates are essential. Researchers at Computer Economics estimate that 30 percent of small businesses are vulnerable to viruses either because they don't keep their virus-scanning software updated or because they don't install it correctly.

How Antivirus Software Works

Scanning software looks for a virus in one of two ways. If it's a known virus (one that has already been detected in the wild and has an antidote written for it) the software will look for the virus's signature--a unique string of bytes that identifies the virus like a fingerprint--and will zap it from your system. Most scanning software will catch not only an initial virus but many of its variants as well, since the signature code usually remains intact.

In the case of new viruses for which no antidote has been created, scanning software employs heuristics that look for unusual viruslike activity on your system. If the program sees any funny business, it quarantines the questionable program and broadcasts a warning to you about what the program may be trying to do (such as modify your Windows Registry). If you and the software think the program may be a virus, you can send the quarantined file to the antivirus vendor, where researchers examine it, determine its signature, name and catalog it, and release its antidote. It's now a known virus.

If the virus never appears again--which often happens when the virus is too poorly written to spread--then vendors categorize the virus as dormant. But viruses are like earthquakes: The initial outbreak is usually followed by aftershocks. Variants (copycat viruses that emerge in droves after the initial outbreak) make up the bulk of known viruses.

Within a few hours of when the LoveLetter virus first appeared in the United States, a variant--VeryFunnyJoke--had already appeared, followed by more than 30 others during the next two months. And not all variants stem from mysterious writers. More than a few companies have been infected by variants created by a curious employee who fiddled with a virus he or she received, created a new strain of it, and unleashed it onto the company's system--sometimes accidentally, sometimes not.

Additional Resources

• The WildList Organization
  
  
• Virus Bulletin
  
  
• PC World Antivirus Downloads
  
  

• See more like this:
• virus,
• worm,
• trojan,
• r33t