++Virus Guardian++

Friday, April 21, 2006

Virus Definition

A virus is a type of program that can replicate itself by making (possibly modified) copies of itself. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of 'hosts'. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms.

Viruses can infect different types of hosts. The most common targets are executable files that contain application software or parts of the operating system. Viruses have also infected the executable boot sectors of floppy disks, script files of application programs, and documents that can contain macro scripts. Additionally, viruses can infect files in other ways than simply inserting a copy of their code into the code of the host program. For example, a virus can overwrite its host with the virus code, or it can use a trick to ensure that the virus program is executed when the user wants to execute the (unmodified) host program. Viruses have existed for many different operating systems, including MS-DOS, AmigaOS, Linux and even Mac OS; however, the vast majority of viruses affect Microsoft Windows.

A legitimate application program that can copy itself as a side effect of its normal function (e.g. backup software) is not considered a virus. Some programs that were apparently intended as viruses cannot self-replicate, because the infection routine contains bugs. For example, a buggy virus can insert copies of itself into host programs, but these copies never get executed and are thus unable to spread the virus. As long as at least some of the copies are able to make copies of themselves, they are still considered viruses, otherwise they are referred to as intended viruses.

Some people incorrectly argue that malware is only classified as a virus if it both meets the above definition and can infect a computer without user activation. By this definition, malware that requires user activation to run would be classified as a trojan or a worm. But, before computers were networked together, the only way a virus would activate(excluding boot sector viruses) was by user activation, so this never was part of the definition of a virus.