- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 10, 2003


  Where to Start
  AntiVirus Vendors
  Hoaxes & Virus Myths
  Macro Viruses
  Recent Outbreaks
  Virus Zoos


  Books on Security
  Disaster Recovery
  FAQ's & Tutorials
  Intrusion Detection
  Legal Resources
  Online Seminars
  Password Security
  Security Links
  Securing Networks


How many viruses are there?

The straight answer is it depends on who you ask. Antivirus companies may give you largely inflated figures that go up dramatically every year because it helps sell software. Sure there are thousands of known viruses. Many are slight variants of other viruses and are classified as an individual virus, even if a single byte of code was changed. A large percentage are platform dependent (they only affect UNIX, Apple, or Windows systems), and the vast majority are antiquated, dormant, or so poorly written that there not even a credible threat. 

A more balanced way of looking at the virus threats is to examine what is actually circulating around the world, or "in the wild". The industry standard reference is at, which updates a global list of circulating viruses that is updated monthly. On average, the number of viruses actually circulating in the wild is around 600 -  a far cry from the 15,000 to 25,000 viruses often claimed by vendors. 

Instead of focusing on how many viruses a vendors claims their software can identify, look for how quickly they respond to new outbreaks. New trojans and worms can circle the globe in mere hours infecting thousands of workstation, servers, and networks, before virus definitions can be updated. Protecting your network may depend on your ability to patch your servers and workstations quickly.





Anti-Virus FAQ's and Introductory Articles

Articles, FAQ's, and other Guides
Computer Virus and Malware Primer for Network Administrators NEW!
This primer won't make you an expert overnight, but it will introduce you to the basic concept of malware, identify the various types of viruses and malware, explain common industry terminology, decipher the CARO virus naming convention, and provide additional information that will help you research, combat, and recover from a malware threat or outbreak. It also includes some proactive steps you can use to help prevent a major outbreak on your network. Source:

CkNow AntiVirus Tutorial
An excellent, comprehensive, plain English tutorial on computer virus history, common terms, and anti-virus technology. Source: CKnow

Who Goes There? An Introduction to On-Access Virus Scanning, Part One
By now, most savvy computer users have anti-virus software (AV) installed on their machines and use it as part of their regular computing routine. However, most average users do not know how anti-virus software works. This two-part series will offer a brief overview of a particular type of anti-virus mechanism know as on-access virus scanners. Source:

An overview of Computer Viruses and Anti-Virus software
A slightly dated, but well written introduction to the topic. (last updated Jan 1997)

AntiVirus Policy
Sample AV policy suitable for home or small office. Source:

Computer Viruses
This report briefly introduces computer viruses and how they effect network security. Many people are afraid of viruses, mostly because they do not know much about them. This report will guide you in the event of a virus infection. Source: Helsinki University of Technology

Computer Viruses Demystified
Despite our awareness of computer viruses, how many of us can define what one is, or how it infects computers? This paper aims to demystify the basics of computer viruses, summarizing what they are, how they attack and what we can do to protect ourselves against them. Source: (Oct 1999)

Computer virus prevention: a primer
This white paper describes the current virus situation, common virus entry points, procedures for preventing infection, types of anti-virus software, deployment and administration of anti-virus software, and measures for recovering from a virus attack. Source: (Aug 2000)

Dangerous E-Mail: Return to Sender
How active content made the Melissa virus and the ExploreZip worm possible Source: Network Magazine (Sept 1999)

Dr Solomon's "Don't Panic" Guide
An excellent guide for new administrators on what to do if you're infected.

Dr Solomon's AV Toolkit Technical Notes
Various Whitepapers and other technical guides.

Evaluating Anti-Virus Software for Home Use
All anti-virus products are not created equal. Before you run down to your local computer store or jump on the Internet and order some anti-virus software, take a moment to think about what you need and why you need it. This article will provide readers with an idea of the things they should consider when they are considering which anti-virus software to purchase. Although this discussion will not assess software from specific vendors, it will offer some resources to allow readers to assess the best software for their purposes. Source:

Glossary of virus types
Description of the most common and interesting types of viruses and other malicious software. Source: (Dec 1999)

IBM's Scientific Papers   
Another great resource that will keep you busy for hours. Make sure you check out The Generic Virus Writer: An excellent and unique profile of 4 virus writers by Sarah Gordon. Part 2 is finished and available here.

Introduction to Viruses and Malicious Code, Part One
In this, the first of a two-part series, we will introduce you to viruses and other malicious code that can threaten your data and system security. We will discuss the different types of viruses and malicious code, what they are, how they infect your computer and what damage they can cause. Source: (Dec 27 2000)

Introduction to Viruses and Malicious Code, Part Two
In the second part of this series, we will describe how you can protect yourself and your valuable information against malicious code and discuss a variety of recovery techniques in the event of a virus 'attack' Source: (Dec 27, 2000)

An Introduction to Viruses and Malicious Code, Part Three: Detecting and Resolving Virus Infections
In this installment, we will take a step-by-step approach in dealing with a virus infection. As well, we will look at a real-life example of removing a worm from an infected system. Source: (April 30, 2001)

Heuristic Techniques in AV Solutions: An Overview
Heuristic technologies can be found in nearly all current anti-virus (herein referred to as AV) solutions and also in other security-related areas like intrusion detection systems and attack analysis systems with correlating components. This article will offer a brief overview of generic heuristic approaches within AV solutions with a particular emphasis on heuristics for Visual Basic for Applications-based malware. Source:

How Nimda changed computer security
This week marks the first anniversary of the Nimda virus attack, an event that may have driven more corporate IT security changes during the past 12 months than the Sept. 11 terrorist attacks did
. Source: ComputerWorld (Sept 16, 2002)

Introduction to computer viruses
What is a computer virus? How infection occurs. How viruses escape detection. Virus side-effects. How viruses spread. Anti-virus measures. Source: (May 1998)

Java Security FAQ
Java can be a useful tool, but can also be used to write malicious applets that can wreak havoc. This FAQ by Sun Microsystems should clear up some of the major issues.

Malware Myths and Misinformation, Part 1
This article is the first of a three-part series looking at some of the myths and misconceptions that undermine anti-virus protection. The fallacies we address here tend to begin with the words "I'm safe from viruses because..." Source:

Microsoft's Guide to Macro Viruses
A Basic Guide, but still has some useful information. The ironic thing is that Microsoft has unintentionally distributed several Macro Viruses on their own CD's. Get the full story here

Stopping Infection: An AntiVirus Tutorial Part 1
A decent primer by Diane E Levine, President of Strategic Systems Management, from Planet IT September 1999. Part 2 is here

Summary of Virus Reports sent to Avast Anti-Virus
A quick and interesting read...

The Evolution of 32-Bit Windows Viruses
The world of computer antivirus research has changed drastically since the introduction of Windows 95. One reason for this change is that certain DOS-based viruses that used stealth techniques and undocumented DOS features became incompatible with Win95. As a result, virus writers took on the challenge of investigating the new OS and began creating new Win95-compatible DOS-executable viruses and boot viruses. Source: Windows & .NET Magazine (July 2000)

The Evolution of Malicious Agents
This paper examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet. Source: SecurityPortal (April 2000)

The V-Files: A dictionary of file threats
This White Paper is an alphabetical lexicon containing descriptions of file types, formats, and virus information. Its purpose is to offer information about the types of files that can be infected by particular viruses. It also contains tips on how you can better protect your computer. Source: (May 1999)

Trend Micro Virus Primer
An excellent primer on how viruses work, how they are spread, common terminology, evolution of viruses, and what you can do about them.

List of FAQ's maintained for Virus related newsgroups

Understanding Virus Behavior in the Windows NT Environment 
A must read article from Symantec

Viruses - An Overview
Introductory guide to definitions, types of viruses, virus techniques, famous viruses, naming conventions, and useful links. Source: Security Portal

What's in a virus's name? Everything you need to know!
A look at how viruses get their name. Source: ZDnet (Jan 9, 2002)

ZDNet Virus SuperGuide 
Virus alerts, updates, and articles from Ziff Davis.

Antivirus Software May Cause Event ID 2011 
Microsoft Knowledge Base Article: 177078 - After you install Norton AntiVirus for Windows, you receive the following error messages: 

Antivirus Problems May Modify Security Descriptors Causing Excessive Replication of FRS Data in Sysvol and DFS
Microsoft Knowledge Base Article: 284947 -
This article describes the symptoms that occur when antivirus programs perform virus scans on directories hosting FRS-replicated files including. Additional symptoms include: One program that is known to reset security descriptors during virus scan is Norton AntiVirus (NAV) versions 7.0 and 7.5. Other virus checking programs that modify security descriptors during virus scans will result in the same symptoms. 

Cannot Install or Remove Trend Micro PC-cillin 2000 
Microsoft Knowledge Base Article: 324632 - When you try to install or remove (uninstall) the Trend Micro PC-cillin 2000 antivirus program on a computer that is updated with Service Pack 3 (SP3) for Windows 2000, you may experience the following behaviors: 

Computer Disappears From NetBIOS Browse List After a Restart 
Microsoft Knowledge Base Article: 320758 - Approximately 45-60 minutes after you restart your Windows NT 4.0-based or Windows 2000-based computer that is running either of the Computer Associates Inoculan or E-Trust antivirus programs, your computer may disappear from the NetBIOS browse list

How to Manually Remove the W32/SirCam@MM Virus from Windows 2000 
Microsoft Knowledge Base Article: 308717 - This article describes how to manually remove the W32/SirCam@MM virus from Windows 2000. Use this manual procedure only if you are unable to remove the virus by using the W32/SirCam@MM stand-alone removal tool,, that is available at the following McAfee Web site:

Stop 0x0000001E Error Message Occurs When You Run Norton AntiVirus 
When you use a computer that is running Windows NT and Norton AntiVirus, you may experience the following blue screen error message: Stop 0x0000001e (c000012d,xxxxxxxx,xxxxxxxx,xxxxxxxx) where the first parameter is c000012d and the others may vary.  

Using Virus Protection Features in Outlook Express 6 
Microsoft Knowledge Base Article: 291387 - This article describes several new features included in Microsoft Outlook Express 6 that are designed to protect you against viruses that may be transmitted through e-mail messages. 

Symantec Norton AntiVirus 2000 May Produce a Virus Alert During Service Pack 1 Installation
Microsoft Knowledge Base Article: 270120 - Norton AntiVirus 2000's Auto-Protect may detect the WM.NiceDay virus when you install a Windows Update or extract .cab files. 

Virus Hoax: Microsoft Debugger Registrar for Java (Jdbgmgr.exe) Is Not a Virus
Microsoft Knowledge Base Article: 322993 - There is a virus hoax that advises customers to delete a valid Windows file that is named Jdbgmgr.exe. This file is the Microsoft Debugger Registrar for Java. If you receive the e-mail message that is listed in the "More Information" section of this.

Pinky, Are You Pondering What I'm Pondering?
I think so Brain, but if we had a snowmobile, wouldn't it melt before summer?
- Pinky and the Brain in "This old Mouse"

Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.