Lab

Antivirus Software

How many times have you received an e-mail with a tantalising subject line such as "You've just won a fantastic prize!!!!! Click here to claim it"? Did you open it? We hope not, because if you did, you may have an unleashed on your machine the scourge of PC users everywhere: a computer virus.

Avoiding infection from this sort of unsolicited message is largely a matter of common sense. But what if the virus writers are more subtle - or, worse still, the infected file comes to you from a trusted source such as a friend or family member? The solution is to get yourself an antivirus program. These sophisticated software tools act like digital watchdogs, standing guard over your system and sniffing out potentially harmful code as soon as it's downloaded. If you have a decent antivirus program, virus attacks should be a thing of the past.

What are viruses?

Viruses don't rely on any special Harry Potter magic to wreak havoc. They're fairly standard computer programs - but whereas most computer software is designed for a useful purpose, the intent behind viruses is at best mischievous - and at worst, downright malevolent. The purpose of software such as your Internet browser program, for example, is to help you perform a task - in this case, surfing the Internet. The purpose behind a virus is to deliver a so-called 'payload'. This can range from displaying an annoying message on screen to destroying information on your hard disk. In some cases, viruses can enable their creator to take control of your computer remotely.

Computer viruses are designed to infect as many computers as they can. Once a virus has infected a victim's computer, it will try to spread itself to other computers in order to infect them, often by mailing itself to contacts from the victim's e-mail address list.

We humans are curious creatures, and virus writers use clever tactics to make us open e-mail attachments that contain viruses. Often, they will trick the reader into double-clicking them by pretending they're useful or interesting. Messages may be headed "here are the files you requested" or something similar. Other viruses spread by exploiting security loopholes in software such as your Web browser or e-mail program.

Viruses can be divided into a number of different categories, depending on the effect they have, and the way they operate. You'll find a full run-down of the different types in the table on the opposite page.

One of the oldest types of virus is the 'boot sector' virus. Once thought to be the biggest threat of all, they're now quite rare. They can infect a PC if it is started up with an infected disk inserted in its floppy drive. Now that floppies are all but defunct, virus writers have moved over to using the Internet as a means of propagating their viruses.

The most common threat is posed by e-mail viruses. Examples such as Melissa, Loveletter and Bugbear exploit the popularity of e-mail to spread viruses around the Internet. They arrive as innocent-looking e-mail attachments, often with a message inviting the reader to open the file. Some e-mail viruses can even run without the user explicitly opening the file. These exploit security loopholes in older versions of e-mail programs, such as Microsoft Outlook, to run a script when the user opens an HTML-enabled e-mail, or previews the contents of a message using Outlook's 'Auto preview' function.

As more and more people use Microsoft Office programs such as Word and Excel, macro viruses are also becoming more widespread. A macro is a sort of mini-program that allows Word or Excel users to perform a sequence of tasks automatically. This makes them really handy for carrying out long, repetitive tasks with just a single keyboard shortcut or mouse-click.

The downside is that virus writers can create their own macros and use them to carry out operations on a victim's PC without the user's knowledge. Macro viruses can be embedded in harmless-looking Word or Excel documents, and infect the victim's computer when the document is opened. Famous examples include W97M/Lewinsky, which attempts to disable the PC's antivirus software to avoid detection.

The last category of infectious programs, Trojans, are not viruses in the truest sense. Short for 'Trojan horse', a Trojan is a program that appears to have a harmless - sometimes even useful - function, while secretly carrying out a more malicious objective behind the scenes. Some Trojans, such as the famous BackOrifice and the newer Netbus, are so-called 'backdoors', enabling hackers to take control of your computer remotely. In this way, malicious hackers can steal sensitive information, such as your banking or credit card details. This type of infection is a very serious threat.

What makes a good antivirus program?

To provide your PC with the best protection, you should have a good antivirus program running in the background at all times - whether or not the PC is connected to the Internet. This type of antivirus scanner is known as a 'resident' scanner. You can normally identify when a program of this type is running, as you'll see its icon in the System Tray at the bottom right-hand corner of the desktop.

Antivirus software should be able to scan files on demand, too. This is useful for when you receive an e-mail attachment and want to check it for viruses before running it. Here, the option to right-click the file and choose 'Scan for viruses' from the menu comes in very handy.

It's a good idea to scan your entire system every so often, checking every file on your computer for signs of viral infection. Because most PCs have an enormous number of files on them, this type of scan can take more than a few minutes, and places a strain on the resources of your computer. Good antivirus software should include some means of scheduling scans so that they can be carried out at a time when the PC is not in use - at night, for instance.

With new viruses and fresh variants of old viruses being created all the time, it's important that antivirus software is updated regularly with a new set of virus descriptions. This is vital if your scanner is to recognise the signature of a specific virus hidden in code. To do this, the makers of antivirus software publish regular updates to their software, as well as specific downloads to combat new viruses as they are discovered. A virus scanning program is only as good as its last update - so the regularity with which these updates are published, and the speed at which the company provides protection against new threats, is paramount. All the scanning packages in our test offer both manual and automatic update options.

Many virus programs scan your system for signs of abnormal, virus-like activity. Examples include the editing of system files such as the Windows Registry - where Windows keeps all information concerning system components and setup - the changing of file names and extensions, and attempts to carry out major tasks such as disk formatting.

For the highest level of security, though, a program should offer some form of 'heuristic' scanning function. This allows the software to look for suspicious signs in a program's code in an effort to spot as-yet-unidentified viruses.

Even with all these layers of detection, however, your PC might still become infected by a virus that isn't yet widely known. In this case, it won't be in your virus description files. If the scanner can't detect the virus using its heuristic scanning function, the virus will probably succeed in infecting your machine. If this happens, the first thing to do is inform the technical support staff of the company that makes your virus scanner. If they've seen the virus before, they'll probably be in the process of updating the virus definition files, and will be able to tell you when they're likely to have a fix. If the virus is new to them, they'll ask you to send it to them using a dedicated e-mail address, so that they can get to work on updating the software to fix the problem. Once you've done your bit, you'll have to wait for the manufacturer of your virus scanner to add the virus to its virus description updates. When this has been done, your scanner should be able to tackle the virus.

When your virus scanner has successfully identified suspicious code, it must be able to clean the virus from the file - or, if it can't strip out the viral code, it should be able to quarantine the infected file in a secure portion of the computer's hard disk to ensure that no further files can be infected.