Published Works

Montclair State University - Department of Legal Studies

Computer Viruses

by: Jack Baldwin-LeClair

Bulletin Boards are less safe than most university sites as a rule but many system operators take their jobs very seriously and run "clean" boards. The problem generally with bulletin boards is that they are completely unregulated. Almost anything can be lurking in a bulletin board ready to attack your machine. The best course is to know your bulletin board before downloading anything from it. Most bulletin boards have notices or readme files listing their precautions. Do yourself a favor and read bulletin board notices carefully and inquire about a bulletin board's security measures before you begin downloading and running programs. Private services such as WESTLAW and LEXIS are not virus threats. Not only are whole files not downloaded in executable form by users, but these professional services police themselves with a vigilance bordering on the fanatic. How Do We Protect Ourselves? The key to protecting your computers from viruses is insulation, redundancy, and immunization/cure. Insulation refers to the process of knowing where your computer has been and is going electronically. Redundancy is the daily, weekly, and monthly backup routine which creates tape or laser disk backups of all data files. Immunization/cure refers to the use of anti-viral programs to protect data from infection and to cure data if infected.

Protection from viruses may seem as easy as insulating computers or networks from any disks, remote services, and on-line downloading. Unfortunately, insulation is easier said than done since absolute control of a computer system is as difficult as unproductive. Viruses enter through many avenues. Unwary employees may bring in their prize programs from home for a little after-hours recreation. Adventurous staff may login to a remote FTP site to download the latest shareware games. Disgruntled employees may deliberately upload viruses to fulfill their desire for revenge. Almost any scenario is possible. Yet, security can be achieved with some forethought.

First, get a good anti-virus program. I recommend a program called F-PROT Professional. The program originated in Iceland and is available as shareware to private users from a number of FTP sites. Commercial users should buy a license to use one of the professional package variations issued by a variety of companies in the U.S. and abroad. The version I use in my lab is issued by COMMAND Software Systems. They are located at 1061 Indiantown Road, Suite 500, Jupiter, Florida 33477. Their phone number is 407-575-3200. They can be reached on the Internet at "75300,3645@compuserve.com" or on MCI Mail at COMMAND. For the more adventurous computer savvy readers, F-PROT is available in its non-professional version on the Internet from the following FTP sites: 128.214.6.100 ; 141.210.10.117 ; 192.48.96.9 ; 128.252.135.4.

F-PROT Professional is an excellent program because it is easy to use, versatile, and powerful. It not only eradicates viruses, it traps them, scans network drives, reports both known viruses and suspicious code, scans for stealth viruses and provides excellent help in destroying them and can monitor a Novell or Banyon network for viral infection.

The F-PROT Windows version is loaded in my lab and is configured to freeze any computer if a virus is suspected or is found in either memory or on a disk. A freeze may be temporarily inconvenient, but it is infinitely better than losing all our data. F-PROT has saved our files a number of times and is well worth the $100 dollar registration fee. Of course, the larger the network, the greater the cost of a site license. F-PROT is simple to install and easy to use especially in its standard configuration. The program is very sophisticated. It uses both a signature scanning method which searches for known viruses using a database. The more effective alternative is a heuristic scan which uses a set of rules to identify the type of programming code that viruses use to proliferate. A heuristic scan will identify even suspicious code that is not an actual virus. Once a virus has been identified, F-PROT will usually be able to eradicate it. There are exceptions of course. Stealth viruses can be impossible to eradicate without destroying crucial information such as file allocation tables or master boot record information. Unlike other less effective programs, F-PROT provides instructions which will aid in the recovery of data when a stealth virus has made simple eradication impossible.

Perhaps the most effective use of F-PROT is the installation of one of its components called Virstop. This program loads from the autoexec.bat file and lurks in memory waiting for suspicious disk or memory activity. When activated the program locks the computer and displays the message "This computer is infected with a virus". Booting from a write protected DOS disk which contains F-PROT and initiating the disinfect procedure will usually obliterate the virus.

There are other anti-virus programs which are worthy of mention. In fact, I use several programs in my mini-lab at Montclair. Double checking the existence or non-existence of viruses never hurts. For belt and suspender readers, Take a look at Central Point Anti-Virus for NetWare 2.0 $ 1199 per NetWare license; free download of updated virus signatures from BBS Central Point Software, Inc. 15220 Northwest Greenbrier Pkwy., Suite 150 Beaverton, Oregon 97006 (800) 964-6896 (503)690-8088; Dr. Solomon's Anti-Virus Toolkit for NetWare 1.03 costs $ 640 has quarterly updates for virus signatures for $ 95. Also, see Ontrack Computer Systems, Inc. 6321 Bury Dr. Eden Prairie, Minnesota 55346 (800) 752-1333 (612) 937-1107 and InocuLAN 2.5d selling for $ 495 for up to 25 user servers; $ 995 for unlimited servers (includes unlimited workstation managers); free download of updated virus signatures from BBS or CompuServe forum for one year Cheyenne Software Inc. at 3 Expressway Plaza Roslyn Heights, NY 11577 (800) 243-9462 (516) 484-5110 makes another respectable program. LANDesk Virus Protect 2.1 costs $995 for a single server, has free download of updated virus signatures, and is from BBS Intel Corp. 734 East Utah Valley Dr. American Fork, UT 84003 (800) 538-3373 (801) 763-2200. Net-PROT 1.24 is the network version of F-PROT. It costs $995 for 25 users and has free download of updated virus signatures from BBS Command Software Systems, Inc. 1061 East Indiantown Rd., Suite 500 Jupiter, FL 33477 (800) 423-9147 (407) 575-3200. NetShield 1.6, which costs $595 for the first server, boasts virus-signature upgrades free with two-year licenses and is an old favorite of mine from McAfee Associates, Inc. 2710 Walsh Ave., Suite 200 Santa Clara, CA 95051 (800) 866-6585 (408) 988-3832. A well known program and one I also have used is Norton AntiVirus for NetWare 1.0. The cost is $995 per server with free download of updated virus signatures from BBS Symantec Corp. 10201 Torre Ave. Cupertino, California 95014 (800) 441-7234 (408) 253-9600.

F-PROT checks both local and network drives in Secure, Quick Scan, or Heuristic modes. Secure scanning uses two on-file signatures, reports any strain found, and then repairs any damaged files. The program also looks for Trojan horses, which do their damage as soon as they infect the system rather than wait for a specific event to trigger them. Heuristic scan is a rule based analysis of target files which looks for certain functional patterns in code indicating the possibility of a virus.

In its other incarnation, Net-PROT, the program is a NetWare Loadable Module (NLM) that scans for viruses on your NetWare server. Functions include reading, writing, copying, and performing program-execution activities. The NLM operates in real-time mode and can be set to scan when loaded. Through a menu, you can specify an anti-viral response, set an automatic scan schedule, exclude files from scanning, and define broadcast notice types and recipients.

Data Does Not Survive By Software Alone

A variety of safeguards in the form of procedures and software can reduce the risk of virus infection to almost zero without personnel policies which belong in a fascist state rather than in a law office.Even with effective programs such as F-PROT, other safeguards are necessary. Rules should be established for all computer users limiting the use of floppy disks to those which have been provided by the firm. The floppy drives on all computers containing critical programs should be locked when not in use by authorized personnel. Inexpensive drive locking devices are available for under $15.00 from most computer supply houses. Tape backups of all crucial data should be made on a regular schedule. In case a stealth virus destroys the disk, data can be reloaded with a minimum of disruption and no damage. Backups should be located both on site and off-site. Backups of all computer applications programs should be made separately from data files. The write protect feature of floppy disks which contain applications programs should be enabled. Several boot disks containing an anti-viral program should be available in the firm.

Simple procedures can sometimes be very effective. Some organizations have old slow computers designated as anti-virus checkers in each work area. At those firms, employees must check all floppy disks which have received foreign data or which have been off the premises on the old computers which have been loaded with anti-viral programs. A clean diskette is a safe diskette.

Although viruses are here to stay, an attack can be avoided or survived. The key is protecting your computers and being armed with F-PROT or a similar anti-virus program. Computer health, just as human health, is as much a matter of prevention as of cure.