154
Networking: A Beginner's Guide
Viruses and Other Malicious Software
Unfortunately, an increasing array of malicious software is circulating around the world.
Many different types of this software exist, including the following:
Viruses
A computer virus is a program that spreads by infecting other files
with a copy of itself. Files that can be infected by viruses include program files
(COM, EXE, and DLL) and document files for applications that support macro
languages sophisticated enough to allow virus behavior. (Microsoft Word and
Excel are common targets of macro-based viruses.) Sometimes even data files
like JPEG image files can be infected by sophisticated viruses.
Worms
A worm is a program that propagates by sending copies of itself to
other computers, which run the worm and then send copies to other computers.
Recently, worms have spread through e-mail systems like wildfire. One way
they spread is by attaching to e-mail along with a message that entices the
recipients to open the attachment. The attachment contains the worm, which
then sends out copies of itself to other people defined in the user's e-mail
address book, without the user knowing that this is happening. Those recipients
then have the same thing happen to them. A worm like this can spread rapidly
through the Internet in a matter of hours.
Trojan horses
A Trojan horse is a program that purports to do something
interesting or useful and then performs malicious actions in the background
while the user is interacting with the main program.
Logic bombs
Logic bombs are malicious pieces of programming code inserted
into an otherwise normal program. They are often included by the program's
original author or by someone else who participated in developing the source
code. Logic bombs can be timed to execute at a certain time, erasing key files or
performing other actions.
There are an enormous number of known viruses, with more being written and
discovered daily. These viruses are a major threat to any network, and an important
aspect of your network administration is protecting against them.
To protect a network from virus attacks, you need to implement some sort of
antivirus software. Antivirus software runs on computers on the network and
"watches" for known viruses or virus-like activity. The antivirus software then either
removes the virus, leaving the original file intact, quarantines the file so it can be
checked by an administrator, or locks access to the file in some other fashion.
Antivirus software can be run on most network computers, such as file servers,
print servers, e-mail servers, desktop computers, and even computerized firewalls.
Antivirus software is available from a number of different vendors, with three of the
most notable being Symantec (Norton AntiVirus), Trend Micro (PC-cillin), and Network
Associates (McAfee VirusScan).
Your best bet is to make sure you run antivirus software on all your servers and set
up the software so that it is frequently updated (every few days, or better yet, daily).