- Email: [email protected]
Computer viruses
ORTHO BYTES The use of computers, computer programs, and other computerized equipment to assist in the orthodontic practice will be reported tazder this section of the AIvIERICANJOURNAL OF ORTHODONTICS AND DENTOFACIAL ORTHOPEDICS.
Manuscripts, readers' comments, and reprint requests may be submitted to Dr. Martin N. Abelson, 155 Polly Park Rd., Rye, NY 10580.
Computer viruses M u c h has been reported in the media about the effects of computer viruses in industry and in the academic world. As computerized dental systems gain increasing acceptance, concern regarding possible contarnination of these systems is increasing. This article discusses the nature, prevention, recognition and treatment for computer viruses. Computer viruses became so named because of their unusual similarity to medical viruses. They are invisible, minute, and infectious. They replicate themselves within a host. Cohen describes a computer virus as " . . . a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows. ''~ Computer viruses have also been known to mutate from harmless pranks to creating serious destruction of files. The potential effect of such an infection of computer files could be disastrous. Imagine the aggravation and anxiety caused by the loss of your records. Corruption of the integrity of data files could cause the loss of extensive numbers of man hours required to duplicate data entries. Corruption of program files can produce erroneous patient records, correspondence, and accounting information. Research data that took years to accumulate and enter into the computer can become rendered useless. An orthodontic office that uses only commercially supplied software is not likely to encounter a virus attack. Vendors of commercial software depend on their reputation for integrity of software and therefore are scrupulously careful about checking for viruses at various stages of production. If you do not borrow or swap files with other people, you should not have to be concerned about the potential of viral infections. Computer viruses are usually created by computer hackers, often just tbr amusement. The viruses are most frequently disseminated by incorporating them in freeware and shareware. Some viruses are disseminated by g6
Bulletin Board Services (BBS) when information is downloaded over telephone lines. I have been informed that most of the people who run BBSs are responsible people who exercise great care to be certain of the integrity of the data they transmit. The problem is that there is no regulation of these services, and one must be very careful about who is supplying downloaded data. Caveat number o n e - - m a k e sure you know the level of sophistication and integrity of the source of any material you load into your computer system. If you purchase a modem from a mainline source and that modem comes with communications software in the form of freeware or shareware, the chances are that you can use that software without worring about catching a virus. On the other hand, copying programs from other computer users could be dangerous. You have to know where the material came from, and by what route, before you can feel safe. Adopt the attitude that it is better to be safe than sorry. What is most worrisome is that computer authorities feel that viruses are a significant and also widespread problem throughout the world. 2 Of even greater concern is the probability that computer viruses are likely to become a chronic problem in our electronic future2 Since no computer or computer system is totally immune to infection from computer viruses, it behooves us to be aware of their basic nature, signs, symptoms, and current methods of prevention and treatment, Designers of computer viruses are frequently diabolically clever persons. Some viruses do not let you know your files have become contaminated until it is too late. Others, like the famed "DaVinci virus," announce their presence and issue warnings before being activated. Some viruses are date activated, others may be cyclical in nature. Computer viruses are similar to their biologic counterparts in that some are relatively harmless, whereas others can be virulent and very destructive. They, too, must have a host or vehicle in which they can travel to eventually infect a system. The most common hosts are files or an inaccessible area of a floppy diskette or hard drive. Once activated, the virus gains control of the central processing unit of the com-
American Joun~al of Orthodontics and Dentofaclal Orthopedics Volume 104, No. 1
puter system and begins attacking files that are being processed. Although it is not necessary to understand precisely how a virus works to avoid infecting your files or to treat one, some insight as to how they do their damage is interesting. Some viruses directly infect files causing them to be overwritten or by preventing modification of existing files. Other types of viruses affect the boot sector, which is the portion of the hard drive that houses the program that oversees the way your computer starts up (usually corn.* files) and configures itself. Some viruses are designed to infect program files, (commonly *.exe files). If a virus hides in memory or in disk clusters it marks as "defective," it is dubbed a "stealth virus." Not surprisingly, many computer viruses evidence combinations of these characteristics. If your system were to become infected and the virus did not announce its presence, the question arises as to how you would know that your system has a viral infection. Here are some of the symptoms that might be encountered. One of the most obvious symptoms of viral infection is to discover a large inexplicable increase in the size of one or more files. Programs may become noticeably slower and thus take much longer to run routines if *.exe files become contaminated. A previously bootable diskette might become unbootable. You may note that the time and date stamps of stored files have suddenly become obviously erroneous. A chkdsk (check disk) command results in a report of three contiguous bad blocks on a disk. Programs may suddenly produce odd errors or outlandish reports. The CMOS display on boot up shows incorrect information. Perhaps a memory map read out indicates a noticeable decrease in available memory size for no obvious reason. Unfortunately, a casual computer user is unlikely to spot any or all of the aforementioned symptoms. The best treatment for computer viruses is therefore prevention. STEPS FOR VIRUS PREVENTION
1. Document the setup values of your system before anything happens! Record and SAVE the CMOS values indicated on your setup screen in the form of hard copy. If problems occur (viral or otherwise) and these values become inadvertently changed, it will only require seconds to restore these vital settings. Make hard copies of your autoexec.bat and config.sys files for future reference. Make sure you record the parameters of all device drivers or partition tables. 2. Know the source of any files or programs you download into your system. Sealed packages can
Ortho bytes 97
3. 4. 5. 6. 7. 8.
9.
provide a great sense of security. Do not accept packages from a dealer that have already been opened. Many dealers will not allow software to be returned even if the package appears to be sealed. This might seem strange and upsetting, but there have been reports of software having been opened and then resealed. Be very cautious about freeware, disk swapping, and shareware programs. Know who sponsors a BBS you are about to use. Do not copy software. Write protect all original disks. For ultra safety, make a backup set of every set of original disks and then write protect them. Install a virus search and protection program that is activated each time your machine is booted up. Educate all personnel who access your office computer in virus prevention techniques.
TREATMENT OF KNOWN OR SUSPECTED VIRUS INFECTIONS
Regardless of the type of virus, perform the following steps when a virus is detected or highly probable. 1. Turn off the computer. 2. Reboot the computer with a system diskette that contains the appropriate device drivers and that is write protected and clean to avoid possible contamination. 3. Scan your disk for viruses with an appropriate virus scanning program. 4. Eliminate all infected files with a virus cleaning program or delete the infected files. 5. Backup all remaining data. If the virus is a boot sector virus, then determine which files are involved and replace the boot sector, partition boot sector, and partition table. If the virus has infected your programs themselves, erase all infected files and replace all *.corn and *.exe files from your write protected original diskettes. CONCLUSIONS
The chances of encountering a viral infection in a carefully controlled professional environment is minimal. The larger the system and the greater number of operators involved, the greater chance of an incidence of viral infection. The best protection against viral attack is prevention. REFERENCES
1. Cohen F. Computerviruses theory and experiments. Computers & Security 1987;6:22-35. 2. HerschbergIS, Paans R. Friday the 13th facts and fancies. Computers & Security 1990;t25-30. 3. Highland HJ. Random bits and bytes. Computers & Security 199t;10(1):4-15.
Manuscripts, readers' comments, and reprint requests may be submitted to Dr. Martin N. Abelson, 155 Polly Park Rd., Rye, NY 10580.
Computer viruses M u c h has been reported in the media about the effects of computer viruses in industry and in the academic world. As computerized dental systems gain increasing acceptance, concern regarding possible contarnination of these systems is increasing. This article discusses the nature, prevention, recognition and treatment for computer viruses. Computer viruses became so named because of their unusual similarity to medical viruses. They are invisible, minute, and infectious. They replicate themselves within a host. Cohen describes a computer virus as " . . . a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows. ''~ Computer viruses have also been known to mutate from harmless pranks to creating serious destruction of files. The potential effect of such an infection of computer files could be disastrous. Imagine the aggravation and anxiety caused by the loss of your records. Corruption of the integrity of data files could cause the loss of extensive numbers of man hours required to duplicate data entries. Corruption of program files can produce erroneous patient records, correspondence, and accounting information. Research data that took years to accumulate and enter into the computer can become rendered useless. An orthodontic office that uses only commercially supplied software is not likely to encounter a virus attack. Vendors of commercial software depend on their reputation for integrity of software and therefore are scrupulously careful about checking for viruses at various stages of production. If you do not borrow or swap files with other people, you should not have to be concerned about the potential of viral infections. Computer viruses are usually created by computer hackers, often just tbr amusement. The viruses are most frequently disseminated by incorporating them in freeware and shareware. Some viruses are disseminated by g6
Bulletin Board Services (BBS) when information is downloaded over telephone lines. I have been informed that most of the people who run BBSs are responsible people who exercise great care to be certain of the integrity of the data they transmit. The problem is that there is no regulation of these services, and one must be very careful about who is supplying downloaded data. Caveat number o n e - - m a k e sure you know the level of sophistication and integrity of the source of any material you load into your computer system. If you purchase a modem from a mainline source and that modem comes with communications software in the form of freeware or shareware, the chances are that you can use that software without worring about catching a virus. On the other hand, copying programs from other computer users could be dangerous. You have to know where the material came from, and by what route, before you can feel safe. Adopt the attitude that it is better to be safe than sorry. What is most worrisome is that computer authorities feel that viruses are a significant and also widespread problem throughout the world. 2 Of even greater concern is the probability that computer viruses are likely to become a chronic problem in our electronic future2 Since no computer or computer system is totally immune to infection from computer viruses, it behooves us to be aware of their basic nature, signs, symptoms, and current methods of prevention and treatment, Designers of computer viruses are frequently diabolically clever persons. Some viruses do not let you know your files have become contaminated until it is too late. Others, like the famed "DaVinci virus," announce their presence and issue warnings before being activated. Some viruses are date activated, others may be cyclical in nature. Computer viruses are similar to their biologic counterparts in that some are relatively harmless, whereas others can be virulent and very destructive. They, too, must have a host or vehicle in which they can travel to eventually infect a system. The most common hosts are files or an inaccessible area of a floppy diskette or hard drive. Once activated, the virus gains control of the central processing unit of the com-
American Joun~al of Orthodontics and Dentofaclal Orthopedics Volume 104, No. 1
puter system and begins attacking files that are being processed. Although it is not necessary to understand precisely how a virus works to avoid infecting your files or to treat one, some insight as to how they do their damage is interesting. Some viruses directly infect files causing them to be overwritten or by preventing modification of existing files. Other types of viruses affect the boot sector, which is the portion of the hard drive that houses the program that oversees the way your computer starts up (usually corn.* files) and configures itself. Some viruses are designed to infect program files, (commonly *.exe files). If a virus hides in memory or in disk clusters it marks as "defective," it is dubbed a "stealth virus." Not surprisingly, many computer viruses evidence combinations of these characteristics. If your system were to become infected and the virus did not announce its presence, the question arises as to how you would know that your system has a viral infection. Here are some of the symptoms that might be encountered. One of the most obvious symptoms of viral infection is to discover a large inexplicable increase in the size of one or more files. Programs may become noticeably slower and thus take much longer to run routines if *.exe files become contaminated. A previously bootable diskette might become unbootable. You may note that the time and date stamps of stored files have suddenly become obviously erroneous. A chkdsk (check disk) command results in a report of three contiguous bad blocks on a disk. Programs may suddenly produce odd errors or outlandish reports. The CMOS display on boot up shows incorrect information. Perhaps a memory map read out indicates a noticeable decrease in available memory size for no obvious reason. Unfortunately, a casual computer user is unlikely to spot any or all of the aforementioned symptoms. The best treatment for computer viruses is therefore prevention. STEPS FOR VIRUS PREVENTION
1. Document the setup values of your system before anything happens! Record and SAVE the CMOS values indicated on your setup screen in the form of hard copy. If problems occur (viral or otherwise) and these values become inadvertently changed, it will only require seconds to restore these vital settings. Make hard copies of your autoexec.bat and config.sys files for future reference. Make sure you record the parameters of all device drivers or partition tables. 2. Know the source of any files or programs you download into your system. Sealed packages can
Ortho bytes 97
3. 4. 5. 6. 7. 8.
9.
provide a great sense of security. Do not accept packages from a dealer that have already been opened. Many dealers will not allow software to be returned even if the package appears to be sealed. This might seem strange and upsetting, but there have been reports of software having been opened and then resealed. Be very cautious about freeware, disk swapping, and shareware programs. Know who sponsors a BBS you are about to use. Do not copy software. Write protect all original disks. For ultra safety, make a backup set of every set of original disks and then write protect them. Install a virus search and protection program that is activated each time your machine is booted up. Educate all personnel who access your office computer in virus prevention techniques.
TREATMENT OF KNOWN OR SUSPECTED VIRUS INFECTIONS
Regardless of the type of virus, perform the following steps when a virus is detected or highly probable. 1. Turn off the computer. 2. Reboot the computer with a system diskette that contains the appropriate device drivers and that is write protected and clean to avoid possible contamination. 3. Scan your disk for viruses with an appropriate virus scanning program. 4. Eliminate all infected files with a virus cleaning program or delete the infected files. 5. Backup all remaining data. If the virus is a boot sector virus, then determine which files are involved and replace the boot sector, partition boot sector, and partition table. If the virus has infected your programs themselves, erase all infected files and replace all *.corn and *.exe files from your write protected original diskettes. CONCLUSIONS
The chances of encountering a viral infection in a carefully controlled professional environment is minimal. The larger the system and the greater number of operators involved, the greater chance of an incidence of viral infection. The best protection against viral attack is prevention. REFERENCES
1. Cohen F. Computerviruses theory and experiments. Computers & Security 1987;6:22-35. 2. HerschbergIS, Paans R. Friday the 13th facts and fancies. Computers & Security 1990;t25-30. 3. Highland HJ. Random bits and bytes. Computers & Security 199t;10(1):4-15.