[ The PC Guide | System Care Guide | Data Loss and Virus Prevention | Virus Detection and Protection | Background on Viruses ]

Definition of Viruses and Virus-Like Programs

The exact definition of what constitutes a virus is a matter of some debate amongst the experts in the field. Mostly the arguments are over nuances of where to draw the line between "strict" viruses and similar programs that can best be called virus-like. In a practical sense, these subtle distinctions aren't really very important, because whether a particular program is a "true" virus or not and by what definition doesn't generally matter much to someone who has one infecting their disk! So, it is best just to define viruses based on the generally-accepted standards of the industry, and carry on.

Here is the definition I use: a computer virus is a program that attaches to other pieces of code, so that when the user tries to run the original they also unintentionally run the virus code as well; the virus code is designed to replicate itself and "infect" other programs, possibly in a modified form, and may also exhibit other behavior as well. So, in order to be a virus, the program must have the ability to do all of the following:

• Run without the user wanting it to and/or create effects that the programmer wants but that the user did not want or request.
• Have the ability to "infect" or modify other files or disk structures.
• Replicate itself so it can spread to other files or systems.

Note one thing that is not on this list: a virus does not necessarily have to trash your hard drive or exhibit other malicious behavior, in order to be a virus. While many viruses do damage files and disk structures, many are just nuisances or exhibit "prank" behavior such as playing music on the PC speaker or putting funny phrases on the screen when the system is booted. However, the risk of damage from viruses is substantial. Many can cause serious data loss; sometimes the virus writer doesn't even intend some of the effects that the virus has (viruses can have bugs!) Damage can also occur from program files being altered when the virus infects them--often, it is not possible to repair the damage, even when the virus is removed.

There are many different types of viruses. In addition to the classical virus, there are other virus-like programs that are similar to viruses in terms of how they work and what they do, but differ from them in one or more respect:

• Worms: A worm is a program that is self-contained and when run, has the ability to spread itself to other systems. In essence, a worm is a virus that doesn't infect other programs. Instead, it acts independently, seeking to spread to other computers connected to its current host. Since they do not infect programs or boot sectors, they are much less frequently encountered than viruses. They tend to spread over network connections. They can have other undesirable effects when run.

Note: The acronym "WORM" is also used as a short form for "write once, read many", a storage technology that is used by devices such as CD-R drives. The concepts are totally unrelated.

• Trojan Horses: A trojan horse is any program that, once run, does something that the user doesn't want or request. The program doesn't necessarily infect other files or spread to other systems. It is the generic term to refer to any software that is intentionally coded to do something other than what it is supposed to. Some people think of viruses as a special form of trojan horse: one that can infect other files (thus turning them into trojan horses) and duplicate itself. Trojan horses are sometimes just called "trojans" for short.
• Bugs: A bug is an error in a program. It is included here even though it really isn't in the same class as viruses and trojans, because it is similar to a trojan horse in that it causes behavior other than what the user wanted. The difference of course is that with a bug, the aberrant behavior is unintentional! With a trojan horse the author is doing it on purpose.
• Droppers: A dropper is a program designed to install or deliver a virus or trojan horse onto a target system. The dropper is specially designed to avoid detection by standard virus detection programs, because the virus is specially encrypted so that the dropper itself doesn't appear to the virus scanners like a regular infected program file would. In some ways, a dropper is like a "virus egg", waiting to be hatched. They are uncommon.
• Virus Impostors (Joke Programs): Some oh-so-clever programmers have devised cute programs that mimic the effects of true viruses when they are run. These are not considered viruses themselves, or even trojan horses, because here the user of the file knows that the program is going to do something strange. These are often installed by humor-impaired people on coworkers' PCs to drive them nuts. Ha ha.

Next: Major Virus Types and How They Work

Home  -  Search  -  Topics  -  Up