What is a Computer Virus?
A computer virus is a program that can do a great deal of harm to a computer and its files. Each has
a particular size and an identifying bit pattern. Antivirus software compares these characteristics of known
viruses against each of the files (programs and data) on your computer. Once discovered, the infected file
may be disinfected or deleted.
It important to understand that a virus must execute on your computer before it can do any damage. Either
you or one of your application programs must be tricked into executing it. The simple type of virus comes
attached to an innocuous looking email. You may get an email from someone you met last year at a computer
graphics convention, for example, with a subject line that says "My latest animation." You seem to remember
meeting this person, so you willingly double-click on the attachment. Once it runs on your computer it can
do anything you can do, like delete all your files, corrupting all your directory entries, or even sending
an email to everyone in your address book with a copy of itself attached!
some virus programs come disguised as macros in word processing or spreadsheet documents, which are given
control when the document is opened. More sophisticated virus programs exist that take advantage of a "bug"
in one of your otherwise trustworthy application programs. A programmer notices that an application that
many people have on their home computers reads data into a buffer, and that this application doesn't bother
to check the size of the data it is reading in. The programmer sends you a data file that exceeds the size
of that buffer, overriding some internal function in that application. When the application wants to execute
that function, the programmer's code is executed instead, giving it an opportunity to do damage.
Some computer virus programs are harmless, interrupting whatever you were doing to draw some silly image on
your screen, for example. But it is best to employ good antivirus protection software, and always keep it and
it's virus definitions up to date.
There are other virus-like programs. One type lulls you into believing that you are getting a free program.
You think this is some cool plotting program, for example, when it's really a program that lets the programmer
take control of your computer through an Internet connection, captures your keystrokes to a file that gets sent
to a remote location over the Internet, or just does a lot of damage, like a virus. Such a program is called a
Trojan Horse, an allusion to how the Greeks captured Helen of Troy. Some propagate themselves by sending many
copies of themselves over a network. These are called worms. But all of these names are just a semantic
distinction: these programs are designed to do harm, even if it's only a minor interruption of your work, and
the only up side seems to be an inflation of their designer's ego.
How can you Recover Data Files?
First, let's talk about what a data (or program) file really is.
Your computer understands only binary code: a string of ones and zeros. Early computers grouped these patterns
into 3-bit octal digits, making them easier to read and write. More modern computers group them into 4-bit
groups of hex
codes, and speak generally
about 8-bit groups, called bytes. Memory, data files and messages
are described as being kilobytes (kB), megabytes (MB), or sometimes even gigabytes (GB) in size. But it's all just
strings on ones and zeros to your computer.
A program or data file is a specific grouping of bytes, with a particular length, or size. When you save a file
to your hard drive, the operating system (OS) finds an available group of sectors and writes the file as a
set of 256-, 512-, or 1024-byte chunks, depending on the drive's sector size. The OS then writes the address of
the sector where the file begins, its name, length, date, etc., into the drive's directory. When you open
that file, the OS reads the directory, matches the file name, and gets each block of data from the beginning.
When you delete a file, the directory entry is removed and the sectors that it occupied are marked free,
but the data remains written on the disk. If you create a new file, however, there is a possibility that it will
occupy some or all of those sectors, overwriting their contents. In that case, the file's data is lost forever.
If you stop what you are doing, as Digit's father did in the story, there is a possibility that the data may be
recovered, but it must be done by a highly skilled person using very sophisticated software. They find what seems
to be a complete data file in a stream of free sectors. A new file directory entry can be constructed that maps
that stream of sectors, and the file is recovered. Always remember that the odds of recovery can be slim,
and that taking precautions against a virus is by far the easiest pathway.
Corrupted files and directory entries can be easier to recover, as much of their content may still be in tack.
Each application (word processor, spreadsheet, etc.) may have its own recovery software included, so you should
consider this approach first.
Return to Digit's Home Page.
|