[ The PC Guide | System Care Guide | Data Loss and Virus Prevention | Virus Detection and Protection | Virus Infection Mechanisms and Prevention ]

Infection by Floppy Disk (or Other Removable Media)

Floppy disks, despite the fact that they are now quite obsolete technology, are still probably the number one way that viruses are spread (although I think the Internet and networking in general are overtaking them quickly). Floppies are a major source of virus infection for two main reasons: first, because they are used to carry files from PC to PC, and second, because they are the only way that boot sector infector viruses can be transmitted.

When looking at file infector viruses, floppies can transmit these to other PCs when you copy an infected program from the floppy to the hard disk of the destination PC. When the copy is executed, the virus will be loaded into memory and then will be able to infect the hard disk and other programs on it. In this way, however, floppies are no different than many other transmission methods for regular files, such as networks, the Internet, or new software installations. Other removable media such as Zip disks can also unwittingly be used to convey infected files from one machine to another.

The more important way that floppies are responsible for virus transmission is that they are the primary vehicle for boot sector infector viruses. The reason is simple: most of these viruses are designed to infect boot sectors, and they use the boot process to get themselves into memory. Floppies are the ideal vehicle for transmitting these viruses because each one has a boot sector, and most systems try to boot them. When you download a new program from the Internet, you may run it and infect the system with a file infector virus, but you don't download boot sectors! However, each time you put a floppy disk in your PC, you have the potential to introduce any boot sector viruses on it to your hard disk's boot sector(s).

A common misconception is that only bootable floppy disks--that is, ones that contain operating system files as opposed to ones that say "Non-system disk or disk error - Replace and press any key when ready" when you try to boot them--can carry boot sector viruses. This is not true, and is probably responsible to some degree for the spread of boot sector viruses.Every formatted floppy disk has boot sector code in it, and that code is run whenever you attempt to boot from the disk, whether the system is actually able to boot from it or not.

In fact, the very message "Non-system disk or disk error..." is printed on the screen by the "dummy" boot sector code in a non-bootable disk. If that code is infected with a virus, the virus will likely be in memory as soon as you see that message. A common way that boot viruses spread is to infect a non-bootable disk. Someone takes it to a PC and puts it in the drive for whatever reason. They turn the PC off. Later, they turn it on, forgetting to eject the floppy. The system attempts to boot the floppy. It fails, but the virus is loaded into memory, and infects the hard disk's boot sector. At this point the damage is done, even if the floppy is later removed.

Taking steps to avoid infection by floppy disks is absolutely critical for anyone who is serious about preventing virus problems. Some combination of the following techniques is generally recommended. Note that most of these protect the hard disk from infestation by an infected floppy disk, while only some protect the floppy disks from infestation when used in a system that already has a virus on its hard disk:

• Scanning: Scanning floppies when you first put them into the PC is a good way of protecting yourself from the spread of viruses from other systems. This does take a fair bit of discipline, so it's often not enough of a measure if taken solely by itself. Virus scanning is discussed here. I consider scanning floppies to be a preventive measure (as opposed to just detection) because it can prevent the infestation of the user's hard disk, which is key.
• Remove Disks from the Floppy Drive Before Rebooting: This is a good protective measure against viruses being transmitted to your PC. Unfortunately, it is very hard to remember to do: I forget to do this at least once a month (I scan for viruses after this happens, just in case.) Some antivirus scanning programs, such as later versions of the Norton Antivirus, include protection programs that will scan the boot sector of any disk in the floppy drive when you shut down Windows 95, for example. This of course is absolutely no help in the event of a power failure (spontaneous reboot) or a hardware reset.
• Disabling Floppy Booting: Probably the best, simplest protection against infection by floppy disk is to use the BIOS settings in your PC to disable booting from the floppy disk drive. Virtually all newer PCs now have the ability to specify that the hard disk be examined first for a boot drive, before the floppy. Doing this virtually eliminates the chances of a floppy-based boot sector virus getting into your machine by accident. It does have some disadvantages however, relating to convenience. Some operating systems install by booting from a floppy disk. Also, doing a full virus scan and removal usually requires booting from a known clean floppy, which would mean having to reboot, going into BIOS setup, and changing the boot sequence to look at the floppy disk first once more.
• BIOS Virus Protection: Many BIOSes include an option that is usually called "virus protection". While BIOSes don't know anything about viruses, what this option does, when enabled, is to catch and report disk writes to the system's boot sector area. If a virus tries to write to this area, it will be caught by the BIOS and then the user will be asked if they want to allow the write to proceed. This can protect against boot sector viruses; be aware, however, that there are many legitimate utility programs that work with the boot sector, and they will trigger this message as well. It can get annoying after a while if you use disk utilities a great deal.
• Use a Boot Password: If you have difficulty remembering to remove floppy disks before rebooting, and you don't want to disable booting first from the floppy disk, consider setting up a boot password if your system supports it (most do). This will cause the system to wait for a password to be entered before it will boot, which, aside from its security benefits, will act as a reminder to you to remove the disk from your floppy drive before booting.
• Write-Protect Tabs: Floppy disks can be write-protected, by covering the notch on a 5.25" disk, or using the plastic slider on a 3.5" disk. This is the only effective way of preventing the spread of viruses to a floppy disk. The write-protection is a hardware signal sent by the drive, and cannot be ignored or overridden by a virus (compare to the "read only" file attribute, which is a bit in a directory that can just be ignored by a virus that wants to ignore it). It is strongly recommended that all emergency boot disks be write-protected.
• "Abstinence": While an extreme position, and one that is not very common, a valid defense against floppy disk virus infestation is not to use floppy disks at all. This is usually overkill, but I have heard of floppies being removed entirely from systems (both for virus protection and security reasons). I don't recommend this, as one of the immediate disadvantages is that you lose the ability to boot with a clean boot disk to aid in virus detection and removal if your hard disk ever becomes infected. A more moderate version of abstinence is to use your own floppy, but just abstain from sharing floppies with floppy drives in other systems. This is a more reasonable idea, although it too requires some discipline.

Next: Infection Over PC Networks

Home  -  Search  -  Topics  -  Up