Welcome to Luca!globe
 The CPA Journal Online Current Issue!    Navigation Tips!
Main Menu
CPA Journal
FAE
Professional Libary
Professional Forums
Member Services
Marketplace
Committees
Chapters
     Search
     Software
     Personal
     Help
Jan 1992

Microcomputer transmitted disease. (computer viruses) (The Practitioner & the Computer)

by Bryan, E. Lewis

    Abstract- Computer viruses are unauthorized code pieces that can damage data and cause system downtime. Often, they are target-specific, infectious, and can remain dormant. Viruses may be classified into three: bootstraps, joiners, and program attachments. They spread in various ways, such as when a data file is transferred from one PC to another, when a file is copied from an electronic bulletin, or when a data file is downloaded form a mainframe. The best way to protect microcomputers from these viruses is prevention. A number of anti-virus software packages are available in the market.

A computer virus is spread from one computer to another by electronic means or by floppy disks. Using the above example, a file is created on an infected microcomputer and the file is saved on a floppy disk. The disk is then taken to an uninfected microcomputer. The uninfected microcomputer retrieves the data file and by so doing is itself infected with the virus.

Viruses can destroy data and cause system downtime; however, they are often pranks rather than planned destruction. These pranks can cause annoyance and loss of efficiency. A typical virus is the "bouncing ball" virus which merely puts a moving spot on the screen which bounces off each edge of the screen. This virus does no particular harm; however, it can be distracting to the operator after several minutes. Harmful and destructive viruses are rarer but have received more attention in the press. Viruses can be acts of sabotage or simple vandalism. Most viruses encountered in microcomputers are acts of vandalism. Usually, a virus begins as a practical joke or an experiment.

How Does a Virus Work?

Computer viruses usually fall into one of three categories: 1) bootstraps; 2) joiners; and 3) program attachments.

Bootstrap virus codes replace the bootstrap code in memory. For example, the virus acts by altering the COMMAND. COM file in DOS-based computers.

Joiner viruses act by joining with the system files necessary for the operation of the computer. Typically, this category of virus joins the CONFIG.SYS file in DOS-based computers.

Attachments are viruses that attach themselves to a utility or an application program. For example, an attachment virus could attach itself to the CHKDSK utility or to Lotus 1-2-3 and the virus would become active whenever the utility is used.

Another way to consider viruses is how they affect the system. There are five methods of attack.

Bombs. This type is often called a time bomb or logic bomb. Bombs are programs that remain dormant until activated by a date, time, use, function, or the number of times a particular function is performed. When this event occurs, the program is activated.

Worms. This type is designed to worm its way into any computer it contacts, duplicate itself, and implant itself in other computers. Worms can be programmed to perform any number of functions on each host computer it attacks. The primary action that a worm takes is to duplicate itself so many times that memory of the microcomputer can no longer function.

Trojan Horse. This type inserts a program that appears to be performing one set of functions while it is actually doing something else. While a familiar program is being displayed, fraud or sabotage may actually be taking place without the user's knowledge. It usually does not duplicate itself.

Backdoors or Trap Doors. These are placed in authorized programs to allow the programmer easy access to the program. They are usually entry points with little or no security procedures. These backdoors or trap doors should be removed before a program is placed into operation to prevent unauthorized users access to the program.

Pests. This type inserts a program that does not destroy or harm files, but rather, adds a whimsical or trite display to the monitor screen or to the printer.

What to Look For

Some of the characteristics of a microcomputer virus include:

1. It is target specific. A virus is developed using specific knowledge of the target.

2. It can destroy information and programs or consume valuable resources. It may be only a distraction to the operator.

3. It is infectious, spreading by duplication. It can use other means such as mainframe computers and local area networks (LANs) to spread itself. However, it may not infect these systems unless they are specific targets.

4. It can remain dormant within the carrier until it connects with a system that can be infected. A virus might remain dormant for months before it is activated by the computer's internal clock or calendar.

How Do Viruses Spread?

Viruses can spread in several ways. They may be spread by multiple users on one microcomputer or by copying a file from an electronic bulletin board or downloading a file from a mainframe. They may be spread by simply moving a data file from one microcomputer to another microcomputer.

In college microcomputer labs, viruses are spread by the use of the computer by several users during a day. As a prank, a person may introduce a virus to a DOS disk that is used on several microcomputers during the day.

Viruses can come as an unexpected addition to files that are downloaded from other computers via "hard wire" or modem.

Electronic bulletin boards make vigorous efforts to prevent viruses passing from their files; however, it is possible to get a virus when copying files from any other computer via modem.

Another way a virus can spread is by employees taking floppy disks home and working on them on their home computers.

Microcomputers are especially vulnerable. The widely established standards of microcomputer software make viruses easier to distribute. The introduction of a virus into a single microcomputer in a network can result in the infection of the entire system.

The Best Protection is

Prevention

There is microcomputer virus screening software on the market that promises to protect computer systems against infection. Class I anti- virus software is designed to protect against the initial attack and prevent the duplication process. This software impairs any writing to a protected file. Any preventive software can only protect against known viruses. New viruses will be developed that will go around (or through) the anti-virus software.

Thirteen Security Tips

There are several security steps that a firm can take to ensure that neither firm nor client microcomputers are infected with viruses, including:

1. Alarm systems. A prohibition of non-firm personnel using the firm's computer resources monitored by means of an alarm system acknowledging unauthorized usage.

2. Restricted usage. A prohibition against using bootleg software--do not allow external software or data files to be used on any internal computer after hours. Unauthorized copies of software can cause legal problems as well.

3. Software selection. Copying files or programs should be prohibited. All software brought in to the firm to be used on stand alone or network computers should be fully tested on its own before use.

4. Locks. Computers should be locked when not in use. This practice also helps maintain the confidentiality of firm and client data.

5. Non-work related software. Loading computer game programs onto the firm's computers should be prohibited.

6. Home use of floppy disks. Firm personnel taking floppy disks to home computers should be required to observe all of the firm's preventive practices on their home computers.

7. Testing. All new software should be tested on stand alone microcomputer before introduction to a network.

8. Bulletin board warnings. Regular checking of popular bulletin boards for warnings regarding software that may have been downloaded in violation of the company's rules.

9. Write protection. Write protect all boot disks and program disks (and any disk that is read only) to prevent the creation of viruses.

10. Anti-virus software. Use virus prevention software.

11. Passwords. Use passwords and codes to authorize access to the system; changing passwords often to enhance security.

12. User logs. Have users keep a log of their hardware and software usage.

13. Back-up files. Make sure that all computer users timely back up the data files they are working on.

If the firm has a local area network (LAN), the following additional actions should be considered.

1. Use diskless workstations on the LAN. This makes it difficult to introduce a viruses; however, it may an inconvenience to those who need a download data to a floppy disk.

2. Prohibit employees from storing executable programs on the LAN.

3. Keep programs in a read only form to prevent alterations.

Cures Once You Detect a Virus

Once a virus has entered a system, the only reasonable cure is anti- virus software. Alternatively, the hard disk and all suspected floppy disks can be re-formatted. This alternative can often be a very drastic solution. For re-formatting to work, the disks must have been backed-up at some time prior to the entry of the virus (Note: the back-ups may also contain the virus). In some cases, low level re-formatting is required.

The National Computer Security Association provides information and alerts on new viruses. Most electronic bulletin boards are anxious that users not pick up viruses when they copy files. The bulletin boards issue alerts when they discover viruses in bulletin board material. They will often offer free cures for a virus.

The firm should have the following policies in order to facilitate cures:

1. A policy to back-up data and programs on a regular basis and store these back-ups in a central location; and

2. A policy to copy all new software and store the original in a central location--the original should only be used to make copies from.

When purchasing protection products, firms should consider the effectiveness of the virus removal, the range of viruses that the software will remove, the speed of operation, how often the software is updated, and the amount of RAM required if the software is memory- resident. Effective software will completely remove a known virus. Since anti-virus software should be purchased before the virus is detected, purchasers should look for software that detects and removes a wide range of viruses. Updating the software is very important since, undoubtedly, new viruses and new versions of old viruses will emerge.



The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices

Visit the new cpajournal.com.