Discount corner computer desk

THE TOPIC OF COMPUTER viruses received a lot of extra publicity last October, when rumors of a "Columbus Day Virus" became widespread and coincided with long-standing stories about a "Friday the 13th" virus. Computer users were left with a double threat to their valuable data and programs. Needless to say, the October scare was more hype than reality, as there was nothing more than isolated reports of problems. This column will attempt to explain at least some of the truth about computer viruses, discount some of the hype, and talk about ways either to protect yourself or recover from attacks. I will focus only on the MS-DOS environment, and leave the Unix and mainframe worlds for someone else.

VIRUSES: WHAT ARE THEY?

Quite a few types of programs actually go under the generic heading of "virus." In addition to viruses, these would include worms, Trojan Horses, and logic bombs. Although there are technical differences between them, they are all some sort of malicious computer program that will at the very least interrupt the use of your computer, and at the worst attempt to destroy your hard drive electronically. The classic scenario is a program written by a socially maladjusted computer hacker, who disguises his virus to look like some sort of useful DOS utility and posts it on an electronic bulletin board. When others download the program and run it, the virus is set loose on the computer world. An alternative way of spreading the damage would be to take an already well-known computer program and hide the malicious code inside, which would be triggered when the program is run.

Some viruses are triggered immediately, and others are designed to lie dormant for some time. What makes these latter types especially dangerous is their capacity to replicate themselves on other computers that run the infected software, often by attaching themselves to .COM or .EXE programs, which can further spread the virus. Because COMMAND.COM is one program sure to be on every system and constantly in use, it is often a target for the virus. Once triggered, the program may only do something as innocuous as displaying a peace sign on your monitor, or try something as vicious as erasing all the files on your hard drive.

Other possible ways of transmitting a virus may be even more troublesome to think about. The threat of a disgruntled programmer in a major software company implanting a virus in commercial software that will arrive on your desk is one possibility. Another is an unscrupulous company intentionally putting in code that will seek out and destroy or damage their competitor's programs, or a virus that will be triggered if the program is illegally copied. (I'm not making this up; these possibilities have been discussed in some of the leading PC magazines).

That's the bad news. The good news is that you yourself probably will never see a virus. In fact, you are far, far more likely to damage your data by jarring your CPU, doing DEL *.* when you shouldn't have, formatting C: when you meant A:, or overwriting a file without changing the name. In fact, in over four years of heavy BBS use, only twice have I talked to someone who personally claimed to have been hit by a virus (and who wasn't trying to sell me antiviral software). In both instances, further investigation showed that it was a user mistake rather than a virus that did the damage. Luckily, the techniques used to recover from a virus also can be used in recovering from these self-inflicted disasters.

WHAT TO DO?

There are two issues to discuss here: How to keep a virus from attacking you, and what to do if one strikes (or you suffer a self-inflicted catastrophe). Along the way I will mention some software products that will perform the various strategies, although this list is ever-changing; the war against viruses is somewhat like a conventional arms race. When one side develops an effective countermeasure, it is often a spur for the other side to develop a more effective offensive weapon. Therefore, this is not intended to be a comprehensive list of products.

One method of protection is never to use a BBS. But since I help run the NABE BBS and want to encourage more people to use it, I don't like that solution. The NABE BBS contains only files that have been carefully checked for viruses, and any files you download from there should not cause problems. Many other BBS systems and the large commercial time-sharing services such as Compuserve also check out files before posting. Anyway, even if you don't download anything, there is still a chance of a strange program getting in anyway, if you ever use a floppy that once was in another computer. (To borrow a phrase from the battle against AIDS, "If your computer ever interfaces with another computer, you not only interface with that computer, but with all the other computers that ever interfaced with it.") Ways to prevent damage include the following:

1. Keep an eye on your COMMAND.COM file. It is

one of the most frequent targets of a virus. Find

the original system disk that came with your version

of DOS, write protect it, and then look at the size

and date of COMMAND.COM. Write this down,

and compare it to the size and date of the

COMMAND.COM on your hard drive. If it ever

changes. something is wrong.

2. Examine any programs that are of uncertain origin.

Use a file editor to look at the code. Most .COM

and .EXE programs will look like gibberish, but

the mentality of a hacker is much like a graffiti artist;

they want their name up their somewhere. So

viruses will typically have a screen that says, "Ha,

Ha, the Phantom has Struck!" These phrases will

stick out in the middle of the source code. To check

carefully, run it on a stand-alone PC without a hard

drive, and advance the system clock to days like

April 1st, any Friday the 13th, or Halloween. These

are favorite days for creating mayhem.

3. Use a virus scanning program, such as VIRUS

SCAN.(1) It will look for any known, unactivated

viruses. Companies that make these scanning

programs often have programs to help remove viruses

that actually turn up.

4. Use a program that will prevent unauthorized

rewrites of .EXE or .COM files. The shareware

program FLUSHOOT(2) does this. Other programs or

DOS utility packages such as PC-TOOLS DELUXE(3)

will let you make these files read-only.

5. A number of large, comprehensive protection

packages are on the market that not only guard against

virus attacks but can be used to control

unauthorized computer usage (to keep your secretary from

playing Flight Simulator during lunch). These

programs are geared more towards network

administrators or Corporate MIS departments. Examples

of these would be VACCINE CORPORATE or

VACCINE 3.0.(4) Paul Mace Software has a program

called MACE VACCINE(5) that will do much the

same thing.

You have followed these precautions. Then one day you turn on your computer, try to execute one of your programs, and get the message "File not found." You do a directory command, and nothing is there. Either a virus has struck, or you yourself did something very bad, and it appears that your hard drive is empty. What do you do now? It all depends on what precautions you have taken ahead of time. You could:

6. Reach for your backup disks, reinstall your files,

and get back to work. Everybody should make

frequent backups to their hard drives. In fact, the

previous sentence should be the headline of this

column! If you backup regularly, preferably on a

father/grandfather/great-grandfather basis, you are

covered against anything, including physical

damage to your drive. To determine the interval

between backups, decide the length of time that is

too long to go back and do all your computer work

again -- if you can't afford to repeat a day's work,

then you must backup daily. A good strategy, if you

are a high volume computer user, is to do a full

backup weekly, and archival backups daily. There

are a variety of fast backup programs out there.

such as Fastback Plus or PC Tools' Backup program.

If you have a lot of valuable data, and churn it out

in great quantity, consider a tape backup system,

which now have street prices of much less than

$1000.

7. If it appears that just a few files have disappeared,

it may be possible to undelete them. As you may

be aware, when a file is deleted, the only thing

that is erased is the file's name on the disk's File

Allocation Table (actually, only the first letter of the

name is erased) which tells the computer where

the file is stored. Your data are still there, unless

or until you save another file, which may overwrite

the space. Any good utility package, such as

PCTools, the Norton Utilities, or Mace Utilities,(6)