Manualshelf

User Guide

ManualsBrandsMcafee ManualsOtherDR SOLOMON S ANTI-VIRUS 8.5
11121314151617181920
Preface
xvi Dr SolomonsAnti-Virus
Foratime,sophisticateddescendantsofthisfirstboot-sectorvirusrepresented
themostseriousvirusthreattocomputerusers.Variantsofbootsectorviruses
also infect the Master Boot Record (MBR), which stores the partition
information your computer needs to figure out where to find each of your
hard disk partitions and the boot sector itself.
Realistically, nearly every step in the boot process, from reading the MBR to
loading the operating system, is vulnerable to virus sabotage. Some of the
most tenacious and destructive viruses still include the ability to infect your
computer’s bootsector or MBRamong their repertoireof tricks. Among other
advantages,loadingatboottimecangiveavirusachancetodoitsworkbefore
your anti-virus software has a chance to run. Many Dr Solomon’s anti-virus
products anticipate this possibility by allowing you to create an emergency
disk you can use to boot your computer and remove infections.
ButmostbootsectorandMBRviruseshadaparticularweakness:theyspread
by means of floppy disks or other removable media, riding concealed in that
first track of disk space. As fewer users exchanged floppy disks and as
software distribution came to rely on other media, such as CD-ROMs and
direct downloading from the Internet, other virus types eclipsed the boot
sector threat. But it’s far from gone—many later-generation viruses routinely
incorporate functions that infect your hard disk boot sector or MBR, even if
they use other methods as their primary means of transmission.
Thosesameviruseshavealsobenefittedfromseveralgenerationsofevolution,
andthereforeincorporatemuchmoresophisticatedinfectionandconcealment
techniques that make it far from simple to detect them, even when they hide
in relatively predictable places.
File infector viruses
At about the same time as the authors of the Brain virus found vulnerabilities
in the DOS boot sector, other virus writers found out how to use other
softwaretohelpreplicatetheircreations.Anearlyexampleofthistypeofvirus
showed up in computers at Lehigh University in Pennsylvania. The virus
infected part of the DOS command interpreter COMMAND.COM, which it
used to load itself into memory. Once there, it spread to other uninfected
COMMAND.COMfileseachtimeauserenteredanystandardDOScommand
that involved disk access. This limited its spread to floppy disks that
contained, usually, a full operating system.
Later viruses quickly overcame this limitation, sometimes with fairly clever
programming. Virus writers might, for instance, have their virus add its code
to the beginning of an executable file, so that when users start a program, the
virus code executes immediately, then transfers control back to the legitimate
software, which runs as though nothing unusual has happened. Once it
activates, thevirus “hooksor“traps” requeststhatlegitimatesoftwaremakes
to the operating system and substitutes its own responses.