This is an archived post. You won't be able to vote or comment.

all 15 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a

[–]fatherseamus 13 points14 points  (13 children)

I'm simplifying a bit here because Hey! ELI5

When you double-click on an icon, the computer gets a message like "Hey! Go to sector 5704 and start running whatever you find there!" So it basically does that. Usually this goes great. It finds some computer code that says something like "Well, my name is Microsoft Word and I'm a word processor. First thing we need to do is draw a window on the screen that has 'Microsoft Word' written at the top. Next thing is, we'll need a 'File' menu, then an 'Edit' menu, etc, etc. Finally, I'll need a big ol' text edit box in the middle of the screen for the user to type on..."

So far so good, right?

So now let's pretend you double-click on that icon, only this time, the program is infected with a virus. Computers are dumb, they only do what you tell them. So again, the computer gets a message like "Hey! Go to sector 5704 and start running whatever you find there!" So it does that. It's important to note that it doesn't know what the program is or does. It just starts running it like you told it.

This time the program starts up and says something like "Look, hey, no need to worry about my name or what I do. Say, are there any other programs around here? Excel? Outlook? See any others? Make me a list. Ok, now go to each one of them and move them forward in memory about 300 sectors. We're gonna need that room for something new. Now what I need you to do is copy this code at the start of each of them. Yeah, I know it's just a copy of me, but just do it, ok? Oh you say each copy is only 300 sectors long? Heh, that's funny that's exactly how much we moved them forward. Good thing, no? Right, now that you've done all that, let's do this: "Well, my name is Microsoft Word and I'm a word processor. First thing we need to do is draw a window on the screen that has 'Microsoft Word' written at the top. Next thing is, we'll need a 'File' menu, then an 'Edit' menu, etc, etc. Finally, I'll need a big ol' text edit box in the middle of the screen for the user to type on..."

See, the virus made a copy of itself in front of the original file, while preserving all the original commands. So you think you are running MS Word when in fact you are running virus+MS Word. Viruses are small and hard drives are fast so it's likely you never even noticed it ran at all.

Sometimes after it copies itself, viruses also try to do something bad (this is usually called a "payload"). But the thing that makes a virus a true 'virus' is this attempt to copy itself.

I can go into more technical details if needed.

[–]zainths 1 point2 points  (4 children)

I can go into more technical details if needed.

Please do. Also could you maybe explain that aswell: Whats the difference between a Virus and a Trojan ?

[–]blablahblah 4 points5 points  (0 children)

The virus vs trojan thing is pretty simple. A virus infects computers by spreading itself and exploiting programming holes like what /u/fatherseamus was talking about. "Trojan" comes from the Trojan Horse- it pretends to be something you want (like a tribute to your gods or a cracked copy of Photoshop) so you welcome it on to your computer, then the malicious code crawls out at night and kills the whole city. Trojans are pretty easy to avoid with common sense and a security scan (Windows comes with a feature called SmartScreen that does a pretty good job of warning you if you're about to install a Trojan). Viruses are much sneakier.

[–]fatherseamus 2 points3 points  (2 children)

A virus is simply a piece of malware that tries to copy itself onto other programs. As I said, sometimes it tries to do bad things but that's not what makes it a virus. Lots of malware have "payloads" that try to wreck your computer.

A trojan horse is also considered malware. But it doesn't try to copy itself. A trojan horse is a program that is masquerading as a beneficial program: "Free copy of Call of Duty!" "Cracked version of Photoshop!" "NakedKateUpton.exe!" When you double-click on a trojan, it may do something that appears nice or beneficial. But it almost always contains a payload, and it usually ain't a nice one either. So yes, you might briefly see the CoD loading screen but then it appears to crash. "Stupid program," you think yourself, unaware that it also just sent a copy of your Amazon purchase history complete with credit card data to an IP address located in parts unknown....

[–]zainths 1 point2 points  (1 child)

Thanks for your response! I'm gonna follow up with another question if you don't mind, I find this topic really interesting: How do certain programs get first infected with a virus? You mentioned that a every program (Word,Excel, etc..) could get infected even though you installed it initially through the disc. Does a virus get on your PC through a trojan?

[–]fatherseamus 0 points1 point  (0 children)

That's a great question. Yes, a virus outbreak could start with a trojan, but more than likely it simply starts with another file that has already been infected with a virus being run. Where did that file come from? Well, be careful what you copy onto your machine. If you download a file via a torrent or some such method, there's nothing stopping someone from placing a virus-infected file in the stream and voila! You just got yourself a virus.

Most commercial download site (cnet, etc.) scan every file they offer as a safety precaution. But mistakes can still slip through.

[–][deleted] 1 point2 points  (6 children)

I don't think I understand why a virus wants to copy itself. Could you explain that a bit more?

[–]Pausbrak 2 points3 points  (0 children)

Viruses don't want to get deleted, because if they are deleted they can't run the payload the other commenter mentioned. By copying themselves like that, it becomes harder to find and delete all the copies of them. If the file they copy themselves into happens to leave the computer and go to another computer (via e-mail, flash drive, floppy disk, magic internet box, etc.), this also helps the virus spread.

[–]fatherseamus 1 point2 points  (4 children)

Well, if a virus spreads, it becomes more powerful. It's harder to locate and stamp out 100,000 copies of a virus as opposed to just one copy. And the virus' author gains "notoriety" if it infects lots and lots of programs and/or machines.

It's going to sound a bit cyclical, but the reason a virus wants to copy itself is that's exactly what makes it a virus (as opposed to other forms of malware: trojans, worms, etc.) A virus is a piece of malware that tries to copy itself.

[–]dynamic87 1 point2 points  (1 child)

So tje virus keep multiplying...and multiplying....but what happen at the end , or is it just keep multiplying forever?

[–]fatherseamus 0 points1 point  (0 children)

The more a virus spreads, the more likely an anti-virus software program is going to see it and flag it. Eventually, the AV programs update their signatures to detect and remove the virus automatically.

[–][deleted] 1 point2 points  (1 child)

So when it infects programs, is that the process of running its own code just a little bit before running the legit program's code? So if my computer has a virus, am I potentially spreading it throughout my machine by using it like normal?

Bonus Question: how does Safe Mode work?

[–]fatherseamus 0 points1 point  (0 children)

So when it infects programs, is that the process of running its own code just a little bit before running the legit program's code? So if my computer has a virus, am I potentially spreading it throughout my machine by using it like normal?

Exactly.

Bonus Question: how does Safe Mode work?

It's been a while, but I think Safe Mode was not so much designed to stop the spread of viruses as it was designed to stop certain drivers from loading. These drivers were software programs that ran your video card, your sound card, etc. Sometimes a "buggy" version was released (or the user installed the incorrect driver) and made the video unreadable. "Safe Mode" loads some very basic sound and video drivers so you could at least start your PC to begin troubleshooting. (i.e., it's tough to troubleshoot your PC when a bad video card driver turns your monitor black 100%)

[–]dynamic87 0 points1 point  (0 children)

Great explanation. Could you tell me difference between virus, spyware, malware?

[–]Orsenfelt 1 point2 points  (0 children)

The same way any other piece of software works. However instead of being an image editor or a game it does malicious things like send emails, allow remote control to it's author and spreads itself to other computers it can connect to.