What is a computer virus?
'Virus' is the term most often used to describe computer malware. Malware is a combination of the words 'malicious' and 'software' and is a piece of software (computer program) written by someone with mischievous or, more usually, malicious and/or criminal intent. The term malware includes, amongst other things, worms, trojan horses and spyware, as well as viruses.
Malware usually has two functions: to spread itself by some means, and to do some sort of damage or theft. This may vary from the trivial (e.g. displaying a silly message on startup) to causing serious damage to your files and your computer or logging the usernames and passwords you use for other sites such as online banking. With the increase of fast networks, and in particular home broadband, much malware is now designed to take control of your computer so that it can be used for nefarious purposes, e.g. hosting illegal data, sending spam email or being used to attack others, possibly for extortion purposes (you are likely to hear the phrases 'zombie' or 'bot' used to describe these "taken over" computers). The damage may not happen as soon as you acquire the malware; some malware is written to be activated remotely when needed, or to be activated on particular dates or after a particular length of time, often so that it has time to spread before being noticed.
Malware spreads in many different ways. These include: email, where it can be sent as an attachment, usually with an innocent-seeming name; being embedded in web pages; scanning the network for computers with an exploitable vulnerability (often one that is not up-to-date with patches); on file-sharing/peer-to-peer networks; through messages to instant message clients; using an infected CD.
New malware, and variants of existing malware, continue to circulate and to present a real danger to individuals' computer systems, files and information. It is vital that every user take steps to protect themselves and their systems; if you fail to do this you are risking not only your own computer and work but that of your colleagues.
It is also worth noting that more data loss is caused by human error and computer breakdown than by malware. Regular backups help to protect against these hazards as well as helping with recovery from a malware infection.
How do I protect my system?
- Ensure that you have up-to-date protection software (free to members of the University) on your system - see FAQ: How can I obtain anti-virus software. Do not, however, try to run more than one anti-virus program simultaneously, as you are likely to experience problems.
- Keep your system updated with patches; see IS 28: Security implications of attaching a computer to a College or Departmental network. Patching both the operating system and the applications you run is extremely important, as much malware is designed to exploit vulnerabilities in unpatched programs.
- Don't open any email attachment you are not expecting to receive, even if it appears to come from a friend (in general you cannot acquire malware just by reading the main text of a mail message, unless your patching is very out of date). Note that attachments purporting to be security updates from Microsoft or other vendors are hoaxes and should never be opened.
- Don't just go to a link included in an email. In particular, for anything where money is involved, e.g. your bank, eBay, PayPal, use a bookmark you have previously saved.
- Don't just follow a link in an unexpected message in an instant messaging client, even if it appears to come from someone on your friends list; malware is designed to exploit trust.
- Don't accept and use unsolicited media, e.g. DVDs, CDs (even disks on magazine covers have been known to contain malware) or USB memory sticks (and particularly not if you just happen to find one lying around somewhere)
- If you are doubtful about a disk, file or attachment, but think it may contain something you want, you can check it using your anti-virus software - this is not foolproof however, since the malware writers do their best to keep one jump ahead of the anti-virus/malware developers.
- Don't run programs or open documents (e.g. Word/Excel) whose origin you don't know.
- Some protection against macro viruses is offered by turning off macro execution in Word or Excel (keep the SHIFT key down when opening a document).
- If in doubt about any of the above, consult your local IT Support.
- Maintain regular backups of all the important material on your computer, in case you ever need to recover from a major malware infection or any other disaster.
Virus/malware protection software (McAfee VirusScan, Virex etc.)
The Computing Service provides anti-virus software free to University members. Note that just installing the software is not enough, you need to keep it regularly updated (setting it to check once a day is recommended). It is worth checking with your local IT Support whether your College or Department runs a scheme for automatic updating of your anti-virus software.
You should consider getting and using one of the anti-spyware utilities. The Computing Service produces an anti-virus and security DVD which, amongst other items, has an installer for SpyBot S/D and links to other programs. Your local IT support staff may have an up-to-date copy; an up-to-date image can also be downloaded to write to a DVD.
Hoax email messages about viruses are extremely common. Messages which suggest that just reading an email message (rather than opening an attachment) can trash your hard disk, your BIOS and your life are hoaxes, as are messages which say "Please send this email to as many people as possible". No genuine anti-virus information will make this suggestion. More information can be found at FAQ: How do I know a virus warning is a hoax?.
You may receive bounced mail messages suggesting that you have sent a virus-bearing message to somebody else. These are usually spurious; when viruses and other malware propagate by email they will usually do so with faked 'From' addresses, which may have been taken from another user's addressbook or from Web pages.
The Computing Service runs a central mail scanner which, among other things, detects various known mail-distributed malware. You may receive a message which has had an attachment removed or disinfected on its way to you, because the scanner has identified it as probable malware. If this happens you will be sent an explanation of what has happened, and of what to do if the message was a genuine one.
What should I do if I think I have a virus or other malware?
There are thousands of pieces of malware, each with its own mode of attack. Many infections result only in inconvenience and loss of time; an infection does not necessarily mean you are going to lose important files or damage your computer.
If your computer begins to behave strangely, e.g. run very slowly, bleep without reason, lock up or crash, display bizarre messages, or your documents become corrupt or contain text you didn't type, these effects may be symptoms of your having acquired a piece of malware, although they can also arise for a host of other reasons. On the other hand, some malware just spreads through your system with no outward sign. The only way to discover whether you have a virus or other malware is to scan your system with up-to-date anti-virus software. This may be able to remove the virus/malware as well as detecting it. If not, then you need to consult your local IT Support or the Computing Service Help Desk.
If you think that you may have infected other computers with malware, possibly by sending mail or handing over disks or files, you should give details to the people responsible for those computers. If possible you should also try to work out where the malware might have come from and warn the person responsible for that system.