Virus
A virus is a piece of programming code usually disguised as something else that causes some
unexpected and usually undesirable event. A virus is often designed so that it is automatically spread to
other computer users. Viruses can be transmitted as attachments to an e-mail note, as downloads, or be
present on a diskette or CD. The source of the e-mail note, downloaded file, or diskette you've received
is often unaware of the virus. Some viruses wreak their effect as soon as their code is executed; other
viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses
are playful in intent and effect and some can be quite harmful, erasing data or causing your hard disk to
require reformatting.
Generally, there are three main classes of viruses:
File infectors. Some file infector viruses attach themselves to program
files, usually selected .COM or .EXE files. Some can
infect any program for which execution is requested,
including .SYS, .OVL, .PRG, and .MNU files. When the
program is loaded, the virus is loaded as well. Other file
infector viruses arrive as wholly-contained programs or
scripts sent as an attachment to an e-mail note.
System or boot-record infectors. These viruses infect executable code found in certain
system areas on a disk. They attach to the DOS boot
sector (see notes) on diskettes or the Master Boot Record
1
on hard disks. A typical scenario (familiar to the author)
is to receive a diskette from an innocent source that
contains a boot disk virus. When your operating system is
running, files on the diskette can be read without
triggering the boot disk virus. However, if you leave the
diskette in the drive, and then turn the computer off or
reload the operating system, the computer will look first in
your A drive, find the diskette with its boot disk virus,
load it, and make it temporarily impossible to use your
hard disk. (Allow several days for recovery.) This is why
you should make sure you have a bootable floppy2.
Macro viruses. These are among the most common viruses, and they tend
to do the least damage. Macro viruses infect your
Microsoft Word application and typically insert unwanted
words or phrases.
The best protection against a virus is to know the origin of each program or file you load into your
computer or open from your e-mail program. Since this is difficult, you can buy anti-virus software
3
that can screen e-mail attachments and also check all of your files periodically and remove any viruses
1
The Master Boot Record (MBR) is the information in the first sector of any hard disk or diskette that identifies
how and where an operating system is located so that it can be booted (loaded) into the computer's main storage or
random access memory. The Master Boot Record is also sometimes called the "partition sector" or the "master
partition table" because it includes a table that locates each partition that the hard disk has been formatted into. In
addition to this table, the MBR also includes a program that reads the boot sector record of the partition containing
the operating system to be booted into RAM. In turn, that record contains a program that loads the rest of the
operating system into RAM.
2
A bootable floppy is a diskette containing a back-up copy of your hard disk master boot record (MBR). In the
event that the master boot record becomes "infected" by a boot virus, having a bootable floppy will allow you to
load it back onto your hard disk. (Otherwise, you may have to reformat your hard disk which first erases
everything on the disk including files you may not have a backup copy of. Even if you do, reformatting your hard
disk will mean you have to reinstall everything you've backed up, a time-consuming procedure at the very least.)
3
Antivirus software is a class of program that searches your hard drive and floppy disks for any known
or potential viruses.
that are found. From time to time, you may get an e-mail message warning of a new virus. Unless the
warning is from a source you recognize, chances are good that the warning is a virus hoax.
Virus detection
Virus detection usually occurs when you have been infected by a virus, your computer will display the
results of running it (it will act strange and not carry out the tasks you want). To find out what the
virus is run a virus detection and cleanup program4. As long as the programs virus signatures 5are up to
date, the program will detect and remove the virus. If it is not possible to remove the virus the program
will quarantine6 the infected file, (if the file quarantined is an .exe or .com file it can cause the program
associated with it not to run).
Virus updates
There are unscrupulous people out there who will continue to update a virus after an antidote has been
found and generally distributed, in this case the virus is said to be mutating. Because of this the anti
virus software manufactures are continually updating their anti dote signatures.
Worms
There is a special type of virus called a worm. When infected by this type of virus it will live in the
hard disk infecting more and more files. The effects of this type of virus are not felt until an event
occurs that triggers the virus into action, this could be a special date or accessing a particular file on
your computer.
Protection
The best method of protection against virus infection is to
• Never accept a file to be loaded onto your hard drive that you are not sure off
• Do not accept emails from sources you are not sure off
• Make regular anti virus checks of your system using a recognised anti virus program
• Keep your virus signatures up to date
• Hide behind a firewall
4
Macafee and Norton are two of the most popular anti virus software around.
5
A virus signature is a virus clean up program that has been developed usually by the companies that
sell anti virus software.
6
A file is quarantined when a virus signature program cannot remove the virus. Quarantine means the
file is moved to a protected part of the hard drive and is not accessible by the computer program.
Notes
Boot
To boot a computer is to load an operating system into the computer's main memory or random access
memory (RAM). Once the operating system is loaded it's ready for users to run applications.
Sometimes you'll see an instruction to "reboot" the operating system. This simply means to reload the
operating system (the most familiar way to do this on PCs is pressing the Ctrl, Alt, and Delete keys at
the same time).
On larger computers (including mainframes), the equivalent term for "boot" is "initial program load"
(IPL) and for "reboot" is "re-IPL." Boot is also used as a noun for the act of booting, as in "a system
boot." The term apparently derives from bootstrap which is a small strap or loop at the back of a leather
boot that enables you to pull the entire boot on. There is also an expression, "pulling yourself up by
your own bootstraps," meaning to leverage yourself to success from a small beginning. The booting of
an operating system works by loading a very small program into the computer and then giving that
program control so that it in turn loads the entire operating system.
Booting or loading an operating system is different than installing it, which is generally an initial one-
time activity. When you install the operating system, you may be asked to identify certain options or
configuration choices. At the end of installation, your operating system is on your hard disk ready to be
booted (loaded) into random access memory, the computer storage that is closer to the microprocessor
and faster to work with than the hard disk. Typically, when an operating system is installed, it is set up
so that when you turn the computer on, the system is automatically booted as well. If you run out of
storage (memory) or the operating system or an application program encounters an error, you may get
an error message or your screen may "freeze" (you can't do anything). In these events, you may have to
reboot the operating system.
How Booting Works
When you turn on your computer, chances are that the operating system has been set up to boot (load
into RAM) automatically in this sequence:
1. As soon as the computer is turned on, the basic input-output system (BIOS) on your system's
read-only memory (ROM) chip is started and starts the boot sequence. BIOS is already loaded
because it's built-in to the ROM chip and, unlike random access memory (RAM), ROM
contents don't get erased when the computer is turned off.
2. BIOS first does a power-on self test (POST) to make sure all the computer's components are
operational. Then the BIOS's boot program looks for the special boot programs that will
actually load the operating system onto the hard disk.
3. First, it looks on drive A (unless you've set it up some other way or there is no diskette drive)
at a specific place where operating system boot files are located. If there is a diskette in drive
A but it's not a system disk, BIOS will send you a message that drive A doesn't contain a
system disk. If there is no diskette in drive A (which is the most common case), BIOS looks
for the system files at a specific place on your hard drive, the sequence is usually the A: drive,
the C: drive finally the CD, in most conventional systems, boot programs are located on the c:
drive..
4. Having identified the drive where boot files are located, BIOS next looks at the first sector (a
512-byte area, see sector in these notes for an explanation of what a sector is) and copies
information from it into specific locations in RAM. This information is known as the boot
record or Master Boot Record.
5. It then loads the boot record into a specific place (hexadecimal address 7C00) in RAM.
6. The boot record contains a program that BIOS now branches to, giving the boot record control
of the computer.
7. The boot record loads the initial system file (for example, for DOS systems, IO.SYS) into
RAM from the diskette or hard disk.
8. The initial file (for example, IO.SYS, which includes a program called SYSINIT) then loads
the rest of the operating system into RAM. (At this point, the boot record is no longer needed
and can be overlaid by other data.)
9. The initial file (for example, SYSINIT) loads a system file (for example, MSDOS.SYS) that
knows how to work with the BIOS.
10. One of the first operating system files that is loaded is a system configuration file (for DOS,
it's called CONFIG.SYS). Information in the configuration file tells the loading program
which specific operating system files need to be loaded (for example, specific device driver.
11. Another special file that is loaded is one that tells which specific applications or commands
the user wants to have included or performed as part of the boot process. In DOS, this file is
named AUTOEXEC.BAT. In Windows, it's called WIN.INI.
12. After all operating system files have been loaded, the operating system is given control of the
computer and performs requested initial commands and then waits for the first interactive user
input
Sector
On a computer diskette or hard disk, a sector is one of the "pie slices" the diskette or disk is divided
into. Dividing the circular medium into pie slices is a way to organize it so that data can be located by
the read/write heads of the drive. The diskette or disk is also divided into a number of concentric
circles. Data can be located by knowing the number of the sector and the concentric track that passes
through that sector. Each track is divided into a number of clusters that represent the smallest unit of
storage that is addressable (can be written to or read). Typically, a cluster is 256 or 512 bytes in length.
Sector 0 of the diskette or disk contains a special file, the file allocation table (FAT). The FAT tells
where the directory to the files on the medium is located and information about how clusters are used.
You can't look at sector 0 directly.
On hard disks, the first sector is called variously the master boot record, the partition sector, or the
partition table. This record or table tells how and whether the disk has been divided into logical
partitions (for example, you can divide your hard drive into two logical partitions or drives so that you
can load different operating systems on to the disk and switch back of forth). When your operating
system is being booted or loaded into RAM, a program in this partition sector briefly gets control,
determines how your disk is partitioned, and then reads the operating system boot sector and gives that
boot sector program control so that the rest of the operating system can be loaded into RAM. The
partition sector is the sector that can be "infected" when you leave a diskette in drive A that contains a
boot virus.
The sectors as well as the rest of the organization of the diskette or disk are set up as a result of the
process called formatting. Most diskettes you buy today are already formatted. However, if you're
using an old one, you may need to reformat it. You can do this using a common utility that comes with
your operating system