Beware: viruses lurking

There are vandals out there in the Internet jungle directing diseases at your computer - but not all of them are fatal. Peter Batt offers some guidance

It's exciting, perhaps, and useful, well doubtless. But being a loosely regulated, anarchic cyber-jungle, the Internet can easily be exploited by those of a mischievous bent to spread their handiwork. And that's exactly what they do.

Computer viruses have been around for many years and have, at times, generated much hype and hysteria. This, in turn, has spurred on the "evil hacker" to create hoax viruses as well as the real thing. For your average punter - and that includes a lot of teachers - assessing the real risk can be a difficult process.

Those who keep their Mac or PC in splendid isolation - neither inserting floppy disks, exchanging files with others or downloading material from the Internet - are unlikely to discover the delights of the computer virus. Acorn computers are virtually problem-free. But for networks, or systems not shielded from the world, it is a matter of time before one strikes.

For schools and colleges, whose networks may be used by hundreds of people in a single day and have to withstand the attentions of information and communications technology incompetents, as well as the downright malicious, getting the right protection is an important consideration. So, with finger firmly placed on the reality check button, let's start somewhere near the beginning.

A computer virus is a program written to replicate itself on any computer disk it can access. Some viruses do nothing other than replicate themselves and occupy disk space. Others have specific instructions to corrupt or delete files and directories, or set about re-initialising the hard disk or start-up disk, ie wiping it clean. Some will play music or display a message, congratulating poor users on their choice of destruction.

Stiller Research, an American organisation that monitors computer viruses world-wide, estimates that there are over 20,000 in existence. Many are no longer dangerous but, of the remainder, a select few cause up to 98 per cent of all reported infections. They come in a variety of main forms, though hackers are more than willing to create their own strains (see panel far right).

Some viruses infect the low-level execution files on a PC, such as the DOS Boot Sector, or a Partition Sector. So-called resident viruses attach themselves to an application - be it the operating system or another program - and replicate when that application is launched. They can change the program code during use, and damage filing and saving processes.

"Stealth" viruses attempt to hide their presence by infecting very slowly so as not to raise suspicions until a horrendous number of files have been corrupted. "Polymorphic" viruses create different symptoms in each infection, so there is no apparent pattern. Both are notoriously difficult to detect.

Until recently, virtually all viruses were specific to a particular platform - mainly PCs. However, the arrival of the so-called macro virus has changed all that. These are software-specific - in particular, Word-specific - and can be transferred from Mac to PC and back.

"Worms" differ from the majority of viruses in that they are not dependent on an application to replicate. In other words, the effects will be felt virtually as soon as they have arrived, whether applications have been opened or not. Mac users, for the first time, face one of the most dangerous viruses around - the AutoStart Worm, or AutoStart 9805 .

You should also be aware that you could get more than you bargained for when installing new software: there may be Trojans hidden within, viruses mistakenly included by a supplier or software creator in a CD or installation disk. Be wary of CDs on the covers of magazines.

So, how can a busy computer network, such as that in a school, be defended against this vast array of enemies? Well, prevention is widely seen as better than cure. Many schools disable floppy disk drives and restrict the ability of pupils and teachers to transfer files to and from their network.

David Amstead, deputy head of information technology at Duston Upper School in Northamptonshire, puts his system's clean bill of health down exactly to this kind of measure. "Viruses have not been a problem here," he says. "We've not had any infections. All our floppy disk drives have been disabled in software (the disk drive switched off), and nothing can be brought in from outside sources. We don't let the students bring in work, or teachers for that matter, unless there is an exceptional reason to do so."

Duston has a network of 120 machines, and makes extensive use of the Internet but, again, downloading files is restricted to a small number of teachers.

Duston does not use anti-virus software. David Amstead believes that an over-zealous approach to security can be counter-productive - after all, viruses cannot be gained simply by viewing Web pages. "There are limits to what we can do and, anyway, the more security you employ, the more difficulties you are building in for your users. It's a case of assessing the risks and getting the right balance."

When a problem does occur, there are a number of software programs to choose from. Virus protection software programs routinely scan the hard disk and other drives, and can be configured to scan any CD-Rom or floppy disk before it is mounted on to a system.

Although programs such as Virex or Norton AntiVirus can operate automatically in the background, there is no guarantee that they will pick up all threats to your system. Most scanning programs rely on a "virus definitions file" to locate and identify suspect software. These should be updated regularly as more than 100 new viruses can be identified each month. Many suppliers issue updates monthly that can be downloaded from their websites for free.

Paul Varey, at Deanery School in Lancashire, installed Dr Solomon's virus protection software on the school's server and workstations when the school set up an Internet connection. "This has been set up as a precautionary measure. But we haven't had a problem here - we've only once had a virus on the network, and that was about two years ago." Like Duston, all floppy drives have been disabled except for teachers' machines.

Links to virus protection sites and information about hoax virus warnings at:

Log in or register for FREE to continue reading.

It only takes a moment and you'll get access to more news, plus courses, jobs and teaching resources tailored to you