Computer virus definition
A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.
Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn’t itself a standalone program. It’s a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous.
Virus vs. malware vs. trojan vs. worm
Before we continue a brief note on terminology. Malware is a general term for malicious computer code. A virus, as noted, is specifically a kind of malware that infects other applications and can only run when they run. A worm is a malware program that can run, reproduce, and spread on its own, and a Trojan is malware that tricks people into launching it by disguising itself as a useful program or document. You’ll sometimes see virus used indiscriminately to refer to all types of malware, but we’ll be using the more restricted sense in this article.
What do computer viruses do?
Imagine an application on your computer has been infected by a virus. (We’ll discuss the various ways that might happen in a moment, but for now, let’s just take infection as a given.) How does the virus do its dirty work? Bleeping Computer provides a good high-level overview of how the process works. The general course goes something like this: the infected application executes (usually at the request of the user), and the virus code is loaded into the CPU memory before any of the legitimate code executes.
At this point, the virus propagates itself by infecting other applications on the host computer, inserting its malicious code wherever it can. (A resident virus does this to programs as they open, whereas a non-resident virus can infect executable files even if they aren’t running.) Boot sector viruses use a particularly pernicious technique at this stage: they place their code in the boot sector of the computer’s system disk, ensuring that it will be executed even before the operating system fully loads, making it impossible to run the computer in a “clean” way. (We’ll get into more detail on the different types of computer virus a bit later on.)
Once the virus has its hooks into your computer, it can start executing its payload, which is the term for the part of the virus code that does the dirty work its creators built it for. These can include all sorts of nasty things: Viruses can scan your computer hard drive for banking credentials, log your keystrokes to steal passwords, turn your computer into a zombie that launches a DDoS attack against the hacker’s enemies, or even encrypt your data and demand a bitcoin ransom to restore access. (Other types of malware can have similar payloads.)
How do computer viruses spread?
In the early, pre-internet days, viruses often spread from computer to computer via infected floppy disks. The SCA virus, for instance, spread amongst Amiga users on disks with pirated software. It was mostly harmless, but at one point as many as 40% of Amiga users were infected.
Today, viruses spread via the internet. In most cases, applications that have been infected by virus code are transferred from computer to computer just like any other application. Because many viruses include a logic bomb—code that ensures that the virus’s payload only executes at a specific time or under certain conditions—users or admins may be unaware that their applications are infected and will transfer or install them with impunity. Infected applications might be emailed (inadvertently or deliberately—some viruses actually hijack a computer’s mail software to email out copies of themselves); they could also be downloaded from an infected code repository or compromised app store.
One thing you’ll notice all of these infection vectors have in common is that they require the victim to execute the infected application or code. Remember, a virus can only execute and reproduce if its host application is running! Still, with email such a common malware dispersal method, a question that causes many people anxiety is: Can I get a virus from opening an email? The answer is that you almost certainly can’t simply by opening a message; you have to download and execute an attachment that’s been infected with virus code. That’s why most security pros are so insistent that you be very careful about opening email attachments, and why most email clients and webmail services include virus scanning features by default.
Can all devices get viruses?
Virus creators focus their attention on Windows machines because they have a large attack surface and wide installed base. But that doesn’t mean other users should let their guard down. Viruses can afflict Macs, iOS and Android devices, Linux machines, and even IoT gadgets. If it can run code, that code can be infected with a virus.
Types of computer virus
Symantec has a good breakdown on the various types of viruses you might encounter, categorized in different ways. The most important types to know about are:
- Resident viruses infect programs that are currently executing.
- Non-resident viruses, by contrast, can infect any executable code, even if it isn’t currently running
- Boot sector viruses infect the sector of a computer’s startup disk that is read first, so it executes before anything else and is hard to get rid of
- A macro virus infects macro applications embedded in Microsoft Office or PDF files. Many people who are careful about never opening strange applications forget that these sorts of documents can themselves contain executable code. Don’t let your guard down!
- A polymorphic virus slightly changes its own source code each time it copies itself to avoid detection from antivirus software.
Keep in mind that these category schemes are based on different aspects of a virus’s behavior, and so a virus can fall into more than one category. A resident virus could also be polymorphic, for instance.
How to prevent and protect against computer viruses
Antivirus software is the most widely known product in the category of malware protection products. CSO has compiled a list of the top antivirus software for Windows, Android, Linux and macOS, though keep in mind that antivirus isn’t a be-all end-all solution. When it comes to more advanced corporate networks, endpoint security offerings provide defense in depth against malware. They provide not only the signature-based malware detection that you expect from antivirus, but antispyware, personal firewall, application control and other styles of host intrusion prevention. Gartner offers a list of its top picks in this space, which include products from Cylance, CrowdStrike, and Carbon Black.
One thing to keep in mind about viruses is that they generally exploit vulnerabilities in your operating system or application code in order to infect your systems and operate freely; if there are no holes to exploit, you can avoid infection even if you execute virus code. To that end, you’ll want to keep all your systems patched and updated, keeping an inventory of hardware so you know what you need to protect, and performing continuous vulnerability assessments on your infrastructure.
Computer virus symptoms
How can you tell if a virus has slipped past your defenses? With some exceptions, like ransomware, viruses are not keen to alert you that they’ve compromised your computer. Just as a biological virus wants to keep its host alive so it can continue to use it as a vehicle to reproduce and spread, so too does a computer virus attempt to do its damage in the background while your computer still limps along. But there are ways to tell that you’ve been infected. Norton has a good list; symptoms include:
- Unusually slow performance
- Frequent crashes
- Unknown or unfamiliar programs that start up when you turn on your computer
- Mass emails being sent from your email account
- Changes to your homepage or passwords
If you suspect your computer has been infected, a computer virus scan is in order. There are plenty of free services to start you on your exploration: The Safety Detective has a rundown of the best.
Remove computer virus
Once a virus is installed on your computer, the process of removing it is similar to that of removing any other kind of malware—but that isn’t easy. CSO has information on how to remove or otherwise recover from rootkits, ransomware, and cryptojacking. We also have a guide to auditing your Windows registry to figure out how to move forward.
If you’re looking for tools for cleansing your system, Tech Radar has a good roundup of free offerings, which contains some familiar names from the antivirus world along with newcomers like Malwarebytes. And it’s a smart move to always make backups of your files, so that if need be you can recover from a known safe state rather than attempting to extricate virus code from your boot record or pay a ransom to cybercriminals.
Computer virus history
The first true computer virus was Elk Cloner, developed in 1982 by fifteen-year-old Richard Skrenta as a prank. Elk Cloner was an Apple II boot sector virus that could jump from floppy to floppy on computers that had two floppy drives (as many did). Every 50th time an infected game was started, it would display a poem announcing the infection.
Other major viruses in history include:
- Jerusalem: A DOS virus that lurked on computers, launched on any Friday the 13th, and deleted applications.
- Melissa: A mass-mailing macro virus that brought the underground virus scene to the mainstream in 1999. It earned its creator 20 months in prison.
But most of the big-name malware you’ve heard of in the 21st century has, strictly speaking, been worms or Trojans, not viruses. That doesn’t mean viruses aren’t out there, however—so be careful what code you execute.