What is a virus?

(Adapted from the alt.comp.virus FAQ, maintained by David Harley at
http://www.bocklabs.wisc.edu/~janda/acv_faq.html )

A computer virus is a program which attaches itself to, overwrites or otherwise replaces another program in order to reproduce itself without the knowledge of the PC user.

Most viruses are comparatively harmless, and may be present for years with no noticeable effect: some, however, may cause random damage to data files (sometimes insidiously, over a long period) or attempt to destroy files and disks. Others cause unintended damage. Even benign viruses (apparently non-destructive viruses) cause significant damage by occupying disk space and/or main memory, by using up CPU processing time, and by the time and expense wasted in detecting and removing them.

A Trojan horse is a program intended to perform some covert and usually malicious act which the victim did not expect or want.  For most intents and purposes, it is similar to a virus, although Trojan horses are generally not self-propagating, like viruses or worms.

A worm is a program which spreads (usually) over network connections. Unlike a virus, it does not attach itself to a host program, but exists as independent entity.  Recent worms such as Melissa and ILOVEYOU spread by sending themselves via email to the victim's entire address book.  Worms can spread very quickly  and can cripple mail servers across the globe in less than 24 hours.

Viruses, Trojan horses, and worms are all often lumped together as "viruses" and antivirus software typically offers protection against all three.

In addition, spyware are stealthy programs that display obnoxious advertising messages and can sometimes be malicious or harmful. These programs are most often bundled with free downloads such as peer-to-peer music sharing software. Spyware is a newly emerging security threat.

Where can I get more information about a specific virus or spyware program?

There is a great deal of very detailed information about viruses available online.  The most user friendly information on virus comes from two of the major anti-virus software manufacturers, Symantec and McAfee.  CERT is another good source for more in-depth information.

SpywareGuide.com has a great deal of information about spyware.

Five tips for preventing virus and spyware infection

New list:

1. Use antivirus software, and keep it updated. Every computer in your organization should have up-to-date antivirus software. At ONE/Northwest we use the free, open-source product ClamWin, which does the job with a minimum of fuss. Norton Antivirus is probably the most popular commerical program, and is available at reasonable prices through TechSoup's nonprofit software sales program. Whichever program you use, you should be updating its virus definitions at least once per month.
   
2. Use anti-spyware software, and keep it updated. We recommend that you use the free version of Lavasoft Ad-Aware, Spybot Search & Destroy and /or Microsoft AntiSpyware to find, remove and prevent stealthy ad-ware and spyware programs from hijacking your web browser, inserting ads, and/or leaking information about your web surfing habits to unscrupulous advertising firms. Each of these programs tends to pick up different pests, so using more than one is advisable. Again, making sure they are configured to automatically download updates or manually downloading updates once a month is a good habit.
   
3. Make sure your email provider is filtering viruses on the server. Virtually all quality email hosting providers now run very tight antivirus screens on their mail servers, which should be extremely effective at preveting email-borne viruses from reaching your desktop. If you're not sure whether your mail provider does, take a minute and ask them. If they don't, you should consider switching mail hosting providers.
   
4. Run Windows Update or Apple Software Update regularly. Windows Update (and Apple's "Software Update" tool) provide you with easy downloads of all the latest security fixes.  Windows Update is in your start menu, and online at http://windowsupdate.microsoft.com.  Apple's Software Update is under Apple Menu in OS X.
   
5. Check all incoming floppy disks and removable drives.  Make sure that either your antivirus and spyware software is configured to automatically scan floppies or other removable drives or that you manually do it before viewing their contents.

Recommendations for larger networks

While offering highly specific recommendations for protecting large networks is beyond the scope of this article, here are a few thoughts that may be helpful if you're dealing with a network with more than a dozen or so machines. 

• If you have an Windows Server, you can get server-based antivirus programs that can protect your server, and manage the distribution of virus updates to all of your client machines.  Symantec AntiVirus Corporate Edition is one such product, and there are others from antivirus/security vendors such as McAfee, F-Secure, Trend Micro..
  
• If you run an email server, we strongly recommend installing antivirus software that is specifically designed to scan email on the server.  This can be extremely effective at preventing the infection and spread of email-borne viruses. There are both open-source and commercial packages available.
  
• If you have lots of volunteers coming in working with floppy disks or removable drives, restrict use of outside floppies to one machine with very tight virus scanning software that scans all removable media.