The Anti-Virus Book -- PREFACE

Preface

For any computer user, viruses pose a big problem to the computing process. From novices to trained system administrators, none can afford to ignore the virus menace, one has to face them some day. And when that day comes, being unprepared is the worst thing that can happen to you. This book will help you in combatting the virus menace and in the process, arm you with a lot of utilities and strategies to adopt for the purpose.

I have tried to make this book as a sort of a one-place-stop for most virus related problems. This book is aimed at average computer users to skilled programmers. This book does not contain information on how to create viruses, rather it focuses on how to create programs to eradicate viruses. Systems administrators would find this book a handy reference containing many guidelines on how to deploy anti-virus strategies for a variety of installations. Programmers can try their hands at writing anti-virus programs themselves. This book also attempts to bring out some unconventional, yet innovative techniques which can be used to create anti-virus software.

The whole focus of this book is to arm the reader with sufficient tools and guidelines for him to craft out his own strategies for virus protection using the cheapest means possible, like public domain anti-virus software. It also tries to dispel the myth that public domain anti-virus software is not as effective as commercial anti-virus software.

For programmers, the minimum prerequisites to follow the programming examples given in this book are a good working knowledge of C programming and basic concepts about system internals. Knowledge of Assembly Language would also be a good asset in understanding some of the intricate coding. Some tutorials or refreshers are included at the end of the book in the appendices, to help you get started or brush up some concepts.

This book is not intended to serve as a virus-directory, where viruses and their symptoms are listed. A few virus descriptions are given at the end, though, but these are of those few viruses which are responsible for most virus attacks. Neither does this book attempt to evaluate or review all existing anti-virus software and give a comparision. Rather, this book is meanto to serve as an "All-Purpose Virus Survival Guide" when it comes to waging the war with the real thing.

The contents of this book are grouped into six chapters, each addressing different aspects or issues regarding viruses and anti-virus software. A brief synopsis of each chapter is given below:

The first chapter discusses what computer viruses are, at a conceptual level, what they can do, what they can't do, myths surrounding viruses, how they propagate, classification of viruses and why are they a hazard to the computing community in general. The later portion compares computer viruses to their biological counterparts. This discussion forms the basis for an emerging study in the field of computer viruses, called Computer Virus Epidemiology, which draws upon the analogies of medical diseases and epidemics, and attempts to control the spread of computer viruses using techniques similar to those used for bringing epidemics under control. The first chapter ends with "Frequently Asked Questions" about viruses which contain answers to the most frequently asked questions on viruses. These questions are asked by users all over the world on the Usenet newsgroups on the Internet, and are answered by anti-virus researchers.

The second chapter of the book focuses on the internal details of the PC and DOS, the viewpoint being which are the key areas of the PC vulnerable to virus attacks. Topics such as how disks are organized, how executable files are structures, what is the booting up procedure, etc. are covered in this chapter. These discussions are supplemented with a number of programs to help the user to probe into these inner workings of the PC and thus get a clear understanding of what exactly are the areas which are prone to virus attacks and what are the probable strategies which need to be developed in order to protect against virus attack.

Chapter three of this book is a step-by-step tutorial on writing anti-virus programs and vaccines. This chapter focusses on how to write programs to recover from various kinds of virus infections, like boot sector viruses, file viruses, etc. This chapter also covers some complex issues like how to write vaccine programs for self-encrypting viruses and viruses which use unusual infection techniques. It also features discussions on how to go about "dissecting" unknown viruses and building vaccines for them. This chapter is rich in programming and contains several useful programs that can be put to use directly by the end user.

The fourth chapter contains a review of some popular public domain anti-virus software being used all over the world these days, and at the end, a comparision of the software reviewed. It also discusses the strengths and weaknesses of each package and the best ways to exploit their features.

Chapter five deals with protection plans and strategies against viruses. It contains discussions related to the pragmatic issues of managing security and implementing virus protection for various computing set-ups. Various strategies for guarding against viruses as well as recovering from various types of virus attacks are discussed here. The discussion is based upon practical aspects and experience rather than a theoretical approach. A lot of do's and don'ts are covered in this chapter. Issues such as how to take backups, how to implement virus scanning strategies for a sungle system as well as large set-ups involving networks, how to guard against unknown viruses, how to construct an anti-virus toolkit, etc.

The last chapter contains descriptions of some of the popular viruses which are responsible for most virus infecitons these days. Apart from DOS viruses, descriptions of some viruses for Macintosh and Windows 95 are also given.

The sequence of the various articles in this book is designed keeping in mind programmers who wish to create anti-virus programs and implement virus protection measures in different environments. However, if you are an average end user or a system administrator who wants to deploy virus protection measures and develop virus prevention strategies without getting into programming, you may foloow Chapters 1, 4 and 5. Later, if you wish to get familiar with the inner workings of PCs and viruses, and feel confident about trying out some innovative ideas yourself, you may go through Chapters 2 and 3.

Some portions of this book are compiled from information taken from various sources, like the newsgroups on the Internet, the Live Wire BBS, magazines, etc. The sources from where such material is taken is duly acknowledged at their instances in the book.

A word of caution, though. Dealing with viruses is a tricky situation. You have to be alert when analyzing viruses; one mistake and you may end up with a messed-up system. Also, some ofthe programs featured in the book contain low-level operations of certain sensitive areas. Errors in keying in program, or misconceptions of the techniques used may sometimes prove to be disastrous. I have identified potential pitfalls in situations like this, but to err is human. Be prepared with backups when trying out something risky. I have tested these programs on a variety of platforms to the best of my ability but nothing in this world is fool-proof. Make sure that you don't end up losing what you set out to protect in the first place.

My greatest source of inspiration in crystallizing my work into this book has been my father, guru, mentor and primary driving force, Mr. Udayan C. Shah, who inspired me to put my ideas and work on paper. This book also would not have been possible without the great support and impetus from my family. I would like to thank my mother, Mrs. Janaki Shah, for putting up with all my irregularities throughout the making of this book. I would also like to express my deepest gratitude towards Mr. Urvish Kantharia, Mr. P. K. Madhavan, Mr. Sanjay Singh and the entire staff at Tata McGraw-Hill for their excellent cooperation and support during the development of the book. I am indebted to Professor B. H. Jajoo of the Indian Institute of Management, Ahmedabad for his excellent guidance, feedback and support in my research work for this book. I am deeply honored by having a foreword written by him for this book. I do not have enough words to thank him for giving me a vast amount of knowledge, skills, opportunities, guidance and experience, thus making me stand where I am today. A special note of thanks goes to Mr. V. Srinidhi, my friend and colleague, who introduced me to viruses and the enchanting world of computer hacking. A special thank you to Mr. Ravi Acharya, of IIM, for guiding me through the scary world of desktop publishing and sharing his excellent sense of design with me. I am also grateful to Ms. Pallavi Garg, of Wipro Infotech, and for providing me valuable information about viruses on the Macintosh. At the end, I would like to thank my first mentor and guru, Mrs. Varsha Das, for laying down he foundatoins for my career, and last but not the least, all my friends, for being there and encouraging me in my work.

Saumil U. Shah