You Are At: AllSands Home > Science > How computer viruses work
Almost every computer user in the world has heard of computer viruses. Many even have had the misfortune of experiencing a virus attack at some point in their usage.

Virus attacks are becoming more prevalent than ever before. Yearly thousands of people suffer often-irrecoverable damage to their systems and data. Yet many do not even know what hit them let alone what they can do to avoid a recurrence. It’s time to fight back.

When it comes to virus attacks, ignorance is certainly not bliss. Indeed the best possible weapon against preventing a virus attack is knowledge. We need to know how virus enters into our computer system, how they infect our system and how they eventually spread and cause more damage.

Before elaborating on the modus operandi of the virus, it’s better that we learn a little bit more about it. For starters, exactly what is a virus? A computer virus is most often defined as “a malicious code of computer programming”. What this means is that a computer virus is just another software – only written with not so very noble intentions. A computer virus is designed to install, propagate and cause damage to computer files and data without the knowledge and/or express permission of the user. A computer virus can only survive, attack and propagate in computer memory. Computer memory is usually the RAM (and all different variations of it) and disk storage (hard, floppy and everything in between). Besides this you will not find computer viruses in your monitor, keyboard and certainly not in your own blood stream!

The first step in any virus attack is always the invasion. This is when the virus actually enters the computer system from an outside source. Much of the effort in preventing a virus attack lies in understanding what these virus entry points are and how best to monitor and block out any possible intrusion. All viruses enter the computer system through two main entry points: the disk drives and the network adapter cards. The disk drives may be any sort of disk drive (hard, floppy, CD, Zip, Jazz and what have you). This makes any disks or CDs that you insert into these drives a possible source of virus infection. The network adapter card is most likely your computer network and/or modem card connected to the local Intranet and/or the Internet. Virus enters through the network card most likely disguised in the form of attachments in e-mails. These attachments are often program files and office documents containing macros. Besides this, certain webpages that we visit on the Internet may also contain harmful programming codes that might transfer virus or virus-like codes into our system. To guard our systems against virus intrusion from these sources, many good anti-virus programs allows users to completely scan all files read form disk drives or downloaded from the Intranet/Internet.

How do virus infections occur? The act of infection often begins with a harmless looking action such as opening a file (like a video game or a Word document) that one often gets in e-mail attachments or while accessing any disk in a disk drive. These actions inadvertently activate the virus lurking in these files and disks. The virus then installs itself into the computer’s memory.

This is where things get nasty. After entering the computer memory, a virus often immediately sets out to multiply and spread duplicate copies of itself across the main data storage device (most often the hard disk drive). It does this by copying itself into as many files it can find on the disk drive. Later when users transfers or copies these files to their friends and colleagues, the virus gain entry into ever increasing number of systems. If the virus has found its way to this level of the user’s computer, the user runs a high risk of permanent damage to data and hardware. But such a level of infection only happens to two types of users. The first are those who do not employ any kind of anti-virus measures (or if they do, it obviously isn’t doing a good job). The second are those who do have good anti-virus programs installed and running but did not bother updating their software with the latest virus data files. As a result newer viruses can actually use the anti-virus programs to infect an even greater number of files. So we can see here that having good anti-virus software isn’t enough. One must constantly keep it updated (preferably on a monthly basis).

If a virus were to just spread itself, users might not have much to worry about. But the worst is yet to come. Many viruses contain what is called a payload. This is the destructive sequence that is activated on a certain trigger. The trigger may be the arrival of a particular date or an action done by the user. The effect of the payload can be anything as benign as some harmless message appearing on screen to as frightening as the destruction of the disk drive’s boot record – making it completely unusable and in most cases completely irreparable. Indeed it is the later that causes permanent lost of data and hardware and which is responsible for the virus’ notorious reputation. If a virus is capable of unleashing its payload on the user’s system, this indicates a serious breach of security on part of the user. It’s time for the user to learn from the experience and never let computer virus have a second chance.

What has been attempted here is to give the reader a quick run down of how a virus attacks our systems. It is not meant to be exhaustive as the subject matter is very broad. In short the best cure for a virus attack is a good prevention plan coupled with knowledge, caution and good anti-virus software!