With the plethora of viruses, bugs, worms and threats invading the desktop these days, antivirus products have become a critical tool for any PC user.Regardless of whether you are trying to save your system from recent worm variants like Zafi, Netsky, Mydoom and Klez or traditional virus threats such as the many Word macro viruses in circulation you are certain to need some sort of virus protection. The question on everyone's lips however, is what type of antivirus protection to invest in.
PC World has developed this guide to give you a rundown on how antivirus programs work, what sorts of viruses they cover and the information you need in order to select the best antivirus protection for your desktop system.
What is a virus?
Before we jump into what antivirus programs do, it's important to first identify what a computer virus is. Like its biological equivalent, a computer virus is a program that spreads unwanted and unexpected actions through the insides of your PC. Not all viruses are malicious, but many are written to damage particular types of files, applications or operating systems.
There are three main types of viruses in circulation: boot sector viruses; macro viruses, and file infecting viruses.
The boot sector is the very first sector on a floppy or hard disk. It contains executable code which helps to operate the PC. Because the PC's hard disk boot sector is referred to every time the PC powers or "boots" up, and is rewritten whenever you configure or format the set-up of the system, it is a vulnerable place for viruses to attack.
Boot sector viruses are usually spread through the boot sector of floppy disks left in disk drives when systems are rebooted. From there, they infect the boot sector of hard disks, loading themselves into memory each time the system is booted and waiting for an opportunity to write themselves to more floppy disks to spread. This kind of virus can prevent you from being able to boot your hard disk.
Macro viruses are by far the most common viruses in circulation, accounting for around 75 per cent of viruses found "in the wild". These can be obtained through disks, a network, the Internet, or an e-mail attachment.
Macro viruses do not directly infect programs, but instead, infiltrate the files from applications that use internal macro programming languages, such as Microsoft Excel or Word documents. They are then able to execute commands when the infected file is open, which spreads the virus to other vulnerable documents. In turn, users who share files can also spread the virus to other systems.
File infecting viruses infect executable files, such as EXE and COM files, loading into memory when executed and spreading their payload.
The results of virus infections vary according to the maliciousness of the author. Many viruses are designed only to spread from file to file and therefore from computer to computer without any serious damage. The only real effect to an end user is loss of credibility when an email to a customer or a friend is rejected by their antivirus program. But there are many viruses with sinister payloads - some actively destroy files, some overwrite the boot sectors on disks to render computers unbootable and an increasing number install backdoor programs that allow virus writers to take control of computers remotely. Computers with backdoor software installed are called "zombies" and are often used for computer crime such as distributed denial of service (DDoS) attacks.
For an illustration of how viruses work, click here.
Other security breaching programs (malware)
Strictly speaking, Trojans, worms, adware, dialers, spyware, backdoors, keyloggers and logic bombs are not by definition, viruses. Along with viruses as a group they are referred to as malware. Trojans for example, are programs that purport to do a certain function but in reality do another, like pretending to be a game but really harvesting all your email addresses and sending them to spammers.
Likewise, worms are self-replicating programs that spread like viruses, but the distinction is that viruses infect other files, whereas worms create complete copies of themselves and spread without a carrier executable. Worms most commonly use vulnerabilities in e-mail programs to distribute themselves widely and quickly. Logic bombs are programs written to do something unexpected - such as deleting all your files - at a triggered event such as a date.
Dialers are software components usually downloaded from websites without the user's knowledge. They use local modems to dial out to costly phone services in order to accrue charges on a user's account.
Not all adware programs are malicious. Adware refers to programs whose development is funded by the advertising revenues generated through ads shown while using the program. The Opera web browser is a good example of legitimate adware. However, some adware programs trick the user into agreeing to the installation of other programs, many of which are spyware.
Spyware programs are designed to capture information from the infected computer and return it to their controller. Much spyware is designed to record browsing patterns for marketing analysis, but some less benign spyware applications harvest credit card numbers, passwords and personal information.
Backdoors are programs designed to provide an attacker with remote control of a computer. They are often found within Trojans and their installation is often also a goal of worm writers.
Virus hoaxes also deserve a mention here. Although virus hoaxes do not use any actual computer code, they are still able to spread confusion and overload mail servers by using language to exploit the good nature of people who pass them on to their friends and colleagues without verifying their content first.
With the exception of hoaxes, all good antivirus programs will detect trojans, backdoors, worms and logic bombs. For the purposes of simplicity, they will be grouped together and referred to as viruses in this guide. However, an increasing number of vendors now either extend their malware capabilities to include adware, spyware and dialers or are bundling third-party products for the purpose. These applications are discussed in the Spyware Buying Guide (see link>.