What follows is a list, more like a frequently asked questions (FAQ) about computer viruses and other malicious software. The difference being that instead of questions and answers, it will be a question and sometimes a statement, followed by whether it's true or false and a simple explanation why. As with many things in life there is an occasional exception to the rule and many of these will be mentioned to keep things clear. With a little luck, this will dispell a lot of the rumors and myths out there that cause you to needlessly lose data. (Last Updated 10-Jan-99

Enter your e-mail address to receive e-mail whenever this page is updated!

Q1. If I use a diskette that contains no programs on it or it isn't bootable, then I can't catch a virus?!

True/False = FALSE!

A. There are viruses called Boot Sector Infecting (BSI/BSR) viruses that use a portion of diskette where data is not stored and doesn't appear in any directory listing. As is the problem for many Windows users, the machine sometimes locks up. You reboot but forgot a diskette was in the A drive. Or maybe you just turn on the machine forgetting a disk was in the A drive. Well, as soon as you reboot the machine and the disk is read and you get the non-system disk message, you just infected your hard drive if the diskette had been infected. Some common local BSR viruses include Monkey, Stoned and Michaelangelo.(index)

Q2. If I have a virus, do I have to replace the hard disk?

True/False = FALSE!

A. There are no viruses that can physically damage your hard disk requiring a new one! (See Exception*) Viruses are software and as such can not throw your hardware up against the wall to damage it. They can erase data from the disk but not physically harm it whereas you need a new one contrary to what many people say. Beware of any computer professional who tells you otherwise. They just want to fatten their wallet at your expense.

*Exception: There are two items here. First, on some older IDE hard drives, if you format them without using the manufacturers software, you end up with a drive of only half the capacity as beforehand. Any reputable consultant knows this. Also, Over 10 years ago, there was a very specific disk and controller board combination that if the controller was given the wrong instructions damage could result. To date, no virus in the wild has ever targetted this combination. e.g. bottom line was manufacturer flaw and not a virus.(index)

Q3. Can I catch a virus by simply downloading a file from the Internet or BBS?

True/False = FALSE!

A. No you can not! Unfortunately this is a popular myth created by scaremongers. While it is possible to download an infected file, the process of downloading will not infect you. However, if you fail to check the file prior to using/executing it, you could then infect your system. This is what Safe Hex is all about. Check ALL files, no matter the source, prior to using them. As long as you do, you will probably never be infected or lose any data as the result of an infection. (index)

Q4. What is Safe Hex?

A. Safe Hex is simply the process of checking all files foriegn to your system using virus checking software, no matter what the source! This includes checking those files from commercial software you buy, trusted friends, and even those that you consider safe sources! The reason for this is because of the amount of misinformation out there and most people do not practice Safe Hex 100% of the time. All it takes is one time not checking to allow a virus in. From there, it's a domino effect. When you do check disks and files, use 2 different current checkers when you do for the best security.(index)

Q5. If I have a virus on my system, I'll loose all my data!?

True/False = FALSE!

A. Nothing can be further from the truth! If a virus is properly removed, you will lose no data (See Exception*). This myth has been created by those who believe the only way to remove a virus is formatting the hard disk. Except for the exception listed below, ALL computer viruses can be removed while still maintaining all your data.

*Exception: Many viruses carry a payload that will do something damaging such as overwriting or formatting your disk. Michaelangelo is a well known virus in this regards. IF the payload has activated, no your data can not be recovered. However, as long as a virus containing a payload has not activated the payload, your data is safe. This is why it is imperative that once a virus is found, it is removed as soon as possible. (index)

Q6. If I buy and use only commercial software, I'll never catch a virus!?

True/False = FALSE!

A. Unfortunately, it is this myth that causes a lot of infections. There are two reasons for this. The first reason for this is many software stores reshrinkwrap software returns without checking them for viruses first. If the disks were on an infected system, they are now infected. This is why you need to check ALL incoming disks no matter what the source. The second reason is occasionally an infected master has been used. Even the big boys like TI and Novell have shipped infected products in the past. Fortunately, QC by the big boys is better these days. (index)

Q7. I can't catch a virus from a CD-ROM!?

True/False = FALSE!

A.One of the more notable cases here was by the people who shipped the Night Owl 10 CD. There were two different virus infected files on the CD. The plus side to the whole affair is that they acted sensibly. First they didn't deny or coverup the incident which most companies do. Next, they replaced for free anyone wanting a new CD. (index)

Q8. If I use the Attrib command and make my .Exe's and .Com's Read Only I can't be infected!?

True/False = FALSE!

A. How this myth started, I'm not sure. There's some really old viruses that this may have worked with but not for a long time. It's standard operating procedure by most viruses to bypass the read only attribute or any other for that part. Yet, for some reason, it seems people keep passing out this information as gospel. The bottom line is that any protection created by software can be bypassed by software such as a virus. (index)

Q9. If I run Windows95 I can't catch or spead a virus!?

True/False = FALSE!

A. Actually, this is somewhat conditional. Unless you run a 100% pure Win95 system the statement is true (See Exception*). As long as you continue to run Any Dos or Windows 3.x applications you can catch and spread viruses. This is because Win95 switches between protected and real mode when running Dos and Windows 3.x applications. Whenever in real mode, your system is wide open to attack.

*Exception: ALL PC operating systems (OS) can have their boot sector infected if booting from an infected diskette. Depending upon the OS and other factors, it may or may not spread. Additionally, BSI viruses may make the system unbootable in some cases. (index)

Q10. If I run OS/2 I can't catch or spread a virus!?

True/False = TRUE!

A. Like above, this is somewhat conditional with an exception or two. Unlike Win95, OS/2 always operates in protected mode and if the system should become infected it has a good habit of killing the process stopping the spread before it can spread. All true 32bit operating systems (OS's) run in protected mode and the kernel won't allow unauthorized access. Like Win95 it is also prone to possible BSI infections but won't spread them. There has been only a handful of viruses that can survive under OS/2. Fortunately, they are not in the wild and virtually impossible to spread.

*Exception 1: Since OS/2 2.0 there has been virtually no need to create a VDM (OS/2 users know what I'm talking about). A virus will thrive in a VDM but no other environment. This is because when using a VDM, this is the only time OS/2 will ever switch out of protected mode.

*Exception/Note 2: If you install OS/2 and have dual boot installed, e.g. the option to boot either OS/2 or Dos, if you boot Dos, that's what you have and viruses can and will spread. However, when you reboot OS/2 and attempt to run infected files, the process will be killed by OS/2!!! (index)

Q11. If I run Unix/Linux I can't catch or spread a virus!?

True/False = TRUE!

A. Like OS/2, Unix based PC systems will not spread viruses. They too always operate in protected mode. Like OS/2, there have been a few viruses that can survive under the enviroment but you will never encounter them unless someone is specifically trying to target your system. The same exceptions for Win95 and OS/2 apply regarding boot sector infecting files. With few exceptions though, Unix based systems normally won't boot just like OS/2 systems after a BSI infection. (index)

Q12. What is a Virus?

A. The average (read successful) computer virus is simply a small computer program/piece of software written in such a way that it replicates/duplicates/attaches itself to files or other system resources in such a manner that it can continue to spread. However, there are a few points to remember no matter how benign the virus. Every virus consumes system resources you didn't authorize it to use. For TSR viruses, this includes memory not to mention the addtional hard disk space consumed by each infected file. I've seen infections so bad that after disinfecting the system, several magabytes of hard disk space was recovered. Many are overtly destructive by trashing your system while some seem benign by many so called experts opinions. Either which way, they control your systems in ways you didn't want. With almost no exceptions, viruses have bugs that damage system files in one way or another in the long run and in many cases without possibility of recovery. Besides, once you get the virus off the system, it WILL always operate faster! (index)

Q13. What is a Trojan?

A. A Trojan is called such relating to the Trojan horse of Troy in Greek mytholgy. It seemed like a nice thing on the outside but inside was a big surprise! Trojans unlike viruses do NOT spread by infecting other files. If you are the victim of a trojan, in most cases you were targetted by somebody and you didn't practice Safe Hex. (index)

Q14. The Best way to get rid of a virus is to format the infected disk(s)?!

True/False = FALSE!

A. This again is a popular myth created by those who really don't know what they are talking about! While formatting will remove most viruses it is not the preferred method and is the very last thing you should do. All you will usually accomplish is losing data you may or may not have a backup copy of. Ironically, personal experience has shown that those systems that were reformatted experience the quickest reinfections. This is because since this is a last resort method, those reformatting their systems tend to use infected diskettes to format and restore their system thereby immediately or almost immediately reinfecting their systems. It's this flaw where the shyster consultant says 'you need a new hard disk'! (index)

Q15. What is the best way to remove a virus???

A. The method depends upon the type of virus you are infected with. First boot the machine with a known clean write protected disk OR your efforts will be useless! If the boot sector is infected, most AV software can clean it up for you. Providing the partition table hasn't been moved and encrypted like the Monkey virus does, you can do it from Dos using FDISK /MBR (*See Exception). If the virus infects files and doesn't simply overwrite them, try AV software first to clean it up. Alternatively, restore the infected files from a backup or the original disks. If the virus overwrites files, this is the only way you can clean up the system.

*Exception: If you run a strictly OS/2, Win95, or Unix, etc. box, this method will not always work. Seek help from someone unless you know what you are doing or you may find the machine unbootable! (index)

Q16. I only use disks from friends and sources I know and trust so I can't catch a virus?!

True/False = FALSE!

A. It's exactly this thinking that causes so many virus infections and what most virus writers take advantage of and why the majority of virus infection are by boot sector infecting (BSI) viruses! Since you assume that the disk is clean (failure to practice Safe Hex) you end up infected. Ironically, these BSI viruses can only be passed on by physically passing disks around (*See Exception). This is sometimes referred to as The Sneaker Net. Just remember to check all disks you receive no matter what the source to include me.

*Exception: While rare, there are programs called Droppers that are used to initially infect/write to the boot sector. If you end up with a Dropper on your system, reconsider who your friends and enemies are! Almost 100% of the time when a person ends up with a dropper they were deliberately targetted. (index)

Q17. Just who and why do people write and spread computer viruses and trojans?

A. Ironically, there is no stereotypical profile of a virus writer. They can be a preteen or an adult of almost 60 and anywhere in between. It could be a poor or rich person, well educated with a Phd or a dropout or still in school. There is no gender gap to speak of. The why's are just as varied. Some people are angry and want to make a statement. Other's aren't angry but simply want to see if they can do it. Other's want to get even with someone, and among many teen's, it's sometimes even considered a right of passage among their peers. There is really only one common denominater amongst virus writers. It's the simple fact that they all tend to be of above average intelligence. (index)

Q18.What are these 'Macro' Viruses I've heard so much about?

A. These are not true viruses per se since they do not operate on their own. What is happening is that with several Windows Word Processors, you are allowed to embed in your document(s) Macros for use by the document. This is a convenient feature since you can transport the document to another location and still keep all your macros that you created. The downside is this feature. There is usually one reserved macro that's automatically executed upon loading the document if present in the document. Since many word processors allow you to do virtually anything with a macro, some idiots have written macros that basically do this. When loading a document, in the background the macro loads other documents, inserts the macro into the document and resaves it. A nasty trick to say the least.
This is why you need to practice Safe Hex and check all files before using them! Most good anti-virus programs now also check files for these macros. The better ones will also remove the macro from the document so you can now safely use it. (index)

Q19.What's the deal I keep hearing about Internet Viruses and Hoaxes?

A.Nothing really. There's no such thing! You probably heard about IrinaandGood Times virus scares. The rumor being by simply reading a message with the above subject your hard disk would be wiped clean or similar. There's no truth to the matter. This a popular Hoax that keeps circulating. How this started is anyones guess. It could be just a play on the macro virus issue. If you did receive an internet message with the above subject, also had a file attach of a MS Word document, and decided to read it (the attachment, not the message) before checking it first (a foolish thing to do), then it is possible if the attachment contained a macro, to get an infection of sorts. But this would only be because someone forgot to practice Safe Hex. Also see my message about this in my What's Hot page. (index)

Q20. I heard the so and so virus and others can damage my hardware/system. Can they?!

True/False = FALSE!

A. This is a popular myth. Unfortunately, even with people posting rewards, no one has ever produced a virus that can physically damage a computer. They simply don't exist. They may erase data or similar, but this doesn't require a new hard drive. It's simply an inconvienience that is easily recoverable. The only physical damage that might result would be the headache you might get from having to recover from this because you forgot to practice Safe Hex

Let's put things in the proper perspective. A virus or trojan is nothing more than a piece of software. Software is something nonphysical for the most part unless you include the ROM's in your computer. For a virus to damage hardware, it would have to create a physical entity, a gremlin so to speak. It would then have to emerge, unbolt the cover to your hard drive or whatever, step in and start hitting it with a hammer. You show me a virus that can do that and I'll eat radioactive waste daily and live. The likelihood of either happening is null unless the physical laws of the universe change overnight. 8*) (index)

Q21. How can I protect myself from Macro viruses?

A. Ideally, you wouldn't be running Microsoft Windows in any form. However, that's asking for to much. Yet, if you must, you really need to do two things in the following order. First, always practice SAFE HEX. Next, in particular on your web browser and any software that functions the same, Disable the automatic load/launch and execute functions for files with the .Doc and .Xcl extensions. Namely, do not automatically view MS Word or Excel files when received. These are the main ones containing Macro virues. Also, in the .INI's, if you point to other common Microsoft products that have embedded macros, disable them also. This may seem extreme but it's better than having to restore all the files you hadn't backed up yet! (index)

Q22. Besides here, where else can I get information about viruses and what they can and can not do?

A. There are several good sources. One of the best starting points besides here would be to visit the CIAC Security Website. From here they also have links to other sites besides the info and FAQ's they provide. Also, if you are using Thunderbyte's TBAV or F-PROT as your Antivirus program, they include a ton of information to help you. (index)

Q23. How can I Identify internet e-mail messages as hoaxes?

A. This can be a little tricky but you can identify probably 98%+ of all internet e-mail hoaxes using the following guidelines.

Look carefully at the actual content of the message.

• Does it have a valid return address?
• Does it contain the adresses or links to who supposedly released it?
• Does it have the names of official sounding organizations, companies, or goverment offices indorsing the msg but no addresses to these same organizations?
• Does it sound needlessly technical or gloom and doom without containing any real substance?
• Does the message contain any solid information that you can use besides trying to scare you?

Q24.What Goverment Agency issues Official Warnings?

A. There is one and only one goverment agency that issues official warnings about computer security matters. It's a office within the Department of Energy. It's called CIAC. Their sole function is to investigate computer security and issue advisories and fixes as necessary. To check on Virus Hoaxes. To check on Chainletters. This is a site anyone interested in PC security should bookmark. (index)

Q25. What About Internet Viruses?

True/False = NA.

A.

There still aren't any internet viruses per se. However, there is a new class of viruses utilizing HTML, the web scripting language. This was inevitable. They aren't unlike the Macro Viruses that exploit other MS programs/software though they still rely on MS products to survive.

The good and the bad news. The good news is that unless you are running a specific software combination and execute previously unchecked HTML you have nothing to worry about. Remember to practice Safe Hex using current AV software and no problem.

The bad news. Win NT servers and clients are vulnerable along with anyone who has the VBScript runtime library installed and Active Server enabled. For a complete technical discription of this problem along with some HTML to determine if you are vulnerable, visit the governments only official computer security site.. (index)

• Back to Bill's (Safe Hex Central/II's Home Page

• Send a message to Bill

• Goto to Sirinet Home Page