General Practice, Solo & Small Firm Division

Technology & Practice Guide

Flu Shot for Computer Viruses

BY PATRICIA A. YEVICS

Although your system is more in danger from a crash of your hard drive or an accidental erasure than from a computer virus, you need to take precautions to prevent a virus from infecting your system.

A computer virus can be described as a computer program that infects other programs by replicating itself. The job of a virus is to live on your system for a time before delivering its payload. For something to be considered a virus it has to do some damage, either inadvertently or deliberately, to other programs. There is much debate about what is and what is not a virus. There are anywhere from 500 to 6,000 known viruses.

A computer virus "falls into the realm of malicious programming techniques know as Trojan Horses. All viruses are Trojan Horses, but relatively few Trojan horses can be called a virus." (Computer Virus Myths, at http://www.kumite.com/ myths/home.htm). A Trojan horse is a program that does something that the programmer intended. They tell programs to do things you do not expect or want them to do.

A bug, on the other hand, is an accidental flaw in the program. Anyone who has ever used the first version of a program knows about bugs. Bugs make programs do things the programmers did not intend to have happen. Programmers work very hard to fix the bugs. According to Computer Virus Myths, "inadvertent bugs have caused more data loss than all viruses combined."

Three Kinds of Viruses

According to the information from Datafellows Information Center, written by Ross Greenberg, there are two classes of viruses: file infectors and system or boot-record infectors.

File infectors attach themselves to ordinary program files and usually infect .com and/or .exe programs; that is, they infect executable files. These file infectors can be either direct action or resident. A direct action virus selects one or more programs to infect each time the program it contains is executed. A resident virus hides itself somewhere in the memory the first time an infected program is executed, and then infects other programs when they are executed. Most file infector viruses are resident.

System or boot-record infectors attack the boot block on a floppy or hard disk. These infect executable code found in certain system areas on a disk that are not ordinary files. One example is the Michelangelo virus.

A third class of virus is able to infect both boot blocks and executable files. These viruses are called multiparite viruses.

Virus Protection

The best way to deal with viruses is to take steps to prevent them from "attacking" your system. Although it is generally agreed that there is no way to 100 percent protect your system from viruses, policies and procedures can be implemented that will lower your chances of being infected. Most experts agree that using an anti-virus software program will not completely protect you.

What are some of the ways that you can pick up virus?

• Pirated software.

• Sharing disks.

• Downloading files from the internet such as freeware or shareware.

• Booting up from an infected floppy disk.

To minimize your virus risk:

1. Implement a policy to regularly backup your files and follow it religiously (see "Preventing Data Disasters with a Good Backup Plan").

2. Rotate between at least two sets of backups for even better security.

3. Download files only from reputable Bulletin Board Systems (BBSs). Most computer viruses do not travel in software downloaded from BBSs or from shareware. According to Janet Endrijonus in the book RX PC: The Anti-Virus Handbook, "approximately 70% of all viruses are boot sector viruses." However, it is still important to take precautions.

4. Definitely consider using a commercial anti-viral software package. There are different types of anti-virus software but for most small firms the best to consider are the scanners. These programs search (scan) for known viruses. These programs are designed to check out memory and files and look for virus signatures. If the program finds a match, it will attempt to clean out the virus. Some of the software use heuristic techniques to recognize a viral code. Some examples of this type of software are FRISK’s F-Prot, Norton Anti-Virus by Symantec, McAfee’s VIRUSCAN, FindViru in Dr. Soloman’s Anti-Virus Toolkit (PC), and Disinfectant (Mac).

As with backups, you must develop procedures for using anti-virus software. The best but most time-consuming method is to perform a scan each time you boot up. It takes longer to boot up, but you don’t need to remember to run the anti-virus software. You can also run the program manually, but you must remember to do so regularly. You should also scan any files that you download before using them on your system.

For detailed reviews of many of the these and other packages, you can turn to the Internet as a resource. Using one of the search engines, type in "anti-virus software." You will be taken to a list of reviews. The resource I used, Computer Virus Security (http://www. einet.net/galaxy/Engineering-and-Technology/Computer-Technology), also has a list of software products. n

Patricia A. Yevics is Law Office Management Administrator for the Maryland State Bar Association. She assists solo and small firm practitioners in all areas of law practice management, including technology, personnel, marketing, financial, and office management.

Back to Top

< /