Inoculating Yourself Against Computer Viruses


You have an increasing number of options for where you can install antivirus software to protect your home network. Figure 3-6 shows the possible locations. First, antivirus software must be installed on each computer in your home network.

Figure 3-6. Where You Need to Have Antivirus Protection


In addition, many ISPs offer a feature to turn on antivirus protection for your e-mail account in their network. If this is an option with your ISP, definitely turn it on. It is much better to intercept and destroy viruses at your ISP than to let them reach your home network and then try to detect and destroy them.

Finally, antivirus software is working its way into home network routers. When widely available, this would be a great place to enforce your antivirus security.

So, you may be asking yourself, "If I turn antivirus on at my ISP, do I need to have it on my computers, too?" The answer is yes, absolutely. Antivirus at your ISP typically only protects e-mail and does little to protect the other communication paths between your computers and the Internet. Only computer-based antivirus can catch everything into and out of your PC today.

What about antivirus on your home network router? Well, it's possible that because the router sees all the traffic into and out of your computers that it might become the preferred enforcement point for antivirus, and you would not need it on each computer. This is probably where antivirus is going, but it is not quite there today. In the meantime, we recommend buying a software program that specifically provides antivirus protection for each of your computers.

Turning On Antivirus at Your ISP

Many ISPs offer built-in antivirus protection within their e-mail services. Check with your service provider to see whether this is an option. If it is, it is certainly something you should take advantage of. Many, many viruses multiply themselves by using e-mail to grow the infection to other computers. Detecting and stopping these viruses inside the e-mail system of the service provider is preferable to waiting until they are already inside your home network.

How to enable antivirus protection with your service provider will vary widely and depend entirely on how they have chosen to set up their services. Enabling the protection is easy. We use EarthLink as an example:

Step 1.

Log in to the EarthLink My Account page using your account user ID and password.

Step 2.

Click TURN ON Virus Blocker (see Figure 3-7).



Figure 3-7. Enabling the EarthLink Virus Blocker


When new e-mail arrives to your mailbox at EarthLink, it is scanned for viruses. If it is found to be infected, the e-mail is routed to a special quarantine folder so that it will never be downloaded to your computer's e-mail inbox file.

Installing Antivirus Software on Your Computers

As discussed in Chapter 1, you have a couple of options for purchasing antivirus software programs for each of your home computers. You can purchase only antivirus or pay a little more money for an entire security bundle. Security bundles are offered by the major security software vendors, and include a whole suite of protection, including antivirus, firewall, spyware/adware blocking, parental control, antispam, and so on.

We recommend checking out the security bundles from the leading security software vendors in Table 3-1.

Table 3-1. Leading Security Software Bundle Vendors

Security Bundle Provider

Internet Address

McAfee Internet Security Suite

http://www.mcafee.com

Symantec Norton Internet Security 200x

http://www.symantec.com

Trend Micro PC-cillin Internet Security

http://www.trendmicro.com

ZoneAlarm Security Suite

http://www.zonelabs.com


Whether you decide to opt for the bundle or just for the antivirus software, the steps and descriptions here are roughly the same.

Figure 3-8 shows the main control panel for McAfee's product (the example shown is part of the security bundle).

Figure 3-8. McAfee VirusScan (Component of McAfee Internet Security Suite)


Figure 3-9 shows the main control panel for Symantec's product (the example shown is also part of the security bundle).

Figure 3-9. Symantec's Norton AntiVirus (Component of Norton Internet Security 200x)


All four (McAfee, Symantec, Trend Micro, and Zone Labs) are good products. All also require an annual subscription fee to receive virus signature updates (which is critical). Shop around and compare. Many have free 30-day trials you can download so that you can find which one is right for you.

Scanning Your Computer for Viruses

When you install antivirus software, it will perform an initial scan of your computer to detect whether existing infections exist. After that, the software typically is set up to perform periodic scans to ensure that no infections find their way onto your computer.

Figure 3-10 shows an example of the McAfee product performing a scan.

Figure 3-10. Scanning for Viruses with McAfee VirusScan


In this case, as shown in Figure 3-11, nine infected files were found on the computer, including two known viruses and seven undesirable adware programs (see Chapter 5, "Tip 5: Lock Out Spyware and Adware"). The antivirus scanner recommends what to do with the infected files (fix, delete, or quarantine them).

Figure 3-11. McAfee Scan Completed and Viruses Deleted


Figure 3-12 shows a scan with the Symantec antivirus product on another computer. In this case, five infected files were found and deleted.

Figure 3-12. Symantec Scan Completed and Viruses Deleted


Most infections can be automatically repaired by the antivirus software. Severe infections may require more work. In general, clicking the Fix (for Norton) or Clean (for McAfee) buttons tells the antivirus software to attempt to repair the file to its original state; clicking Delete tells the software to trash the file; and clicking Quarantine tells the software to isolate the file from the rest of your files by placing it in a special holding area.

When it doubt, click Fix or Clean (or the equivalent in the antivirus software you are using). If that fails, then click Delete.

Blocking New Virus Infections

Scanning the computer memory and files on the hard disk is a necessary periodic procedure. However, only doing disk scans is a little like waiting for the bandits to sell the stolen jewelry before apprehending them. Wouldn't it be better to catch them as they first try to break into the store?

All the antivirus programs have a feature for active scans, meaning whenever you receive a new e-mail, browse a web page, download a new file, or edit an existing file, the antivirus scanner kicks in to make sure no virus is introduced.

Active scanning is usually enabled by default with antivirus programs. Figure 3-13 shows an example of enabling this protection (assuming it was not set as the default).

Figure 3-13. Enabling Active Scanning with McAfee VirusScan


In general, you want to make sure that the antivirus program starts up its active scanner when Windows boots and that e-mail and attachments are scanned automatically, both incoming and outgoing.

Enabling Unknown Virus Detection (Heuristics)

As discussed earlier, we also want to turn on the ability to try to detect unknown viruses from their general behavior rather than from only specific signatures. For the McAfee product, this is done by configuring the scan options. Figure 3-14 shows the dialog window.

Figure 3-14. Turning On Unknown Virus Detection with McAfee VirusScan


Make sure that the Scan for new unknown viruses option is checked.

The Symantec option has a similar feature, called Bloodhound (see Figure 3-15).

Figure 3-15. Turning On Unknown Virus Detection with Symantec Norton AntiVirus


Make sure that the Enable Bloodhound heuristics option is checked.

Keep in mind that occasionally with this function, you will get some false positives, meaning the antivirus software will think a normal operating program is performing a suspicious action and raise the flag to you.

An example is whenever you choose to install a legitimate software program. It might trigger the antivirus software to raise a warning and prompt you for confirmation that you asked for the software to be installed.

Updating Your Virus Signatures

Another critical task to do with any antivirus program is to make sure it receives updated virus signatures automatically. It is usually the default, but Figure 3-16 shows how to enable automatic updates for the Symantec product.

Figure 3-16. Turning On Automatic Updates with Symantec Antivirus


Figure 3-17 shows the result after an update of the virus signatures has run.

Figure 3-17. Signatures Are Updated


Automatic updates require an active subscription with the antivirus software vendor. We cannot express how important it is to maintain the most current level of virus signatures (this means check your program for regular updates). If your signatures are even three to six months out of date, you are highly likely to be infected by one of the dozens of new viruses and worms that are created every month.

If you turn your computer (or even your network router) off when you are not using it, you will probably need to manually check for updates even if you have the auto-update feature enabled.

You might reason that you can cancel your subscription and get away with an older set of signatures and then rely on the heuristic scanning. Several evaluations have shown heuristics to be only approximately 60 percent to 70 percent effective in detecting unknown viruses. Some heuristic scanners also rely on the latest set of signatures to be most effective at detecting virus behaviors. The point is, you cannot rely on heuristics to fill the gap for not keeping your signatures current.

Windows Live OneCare

Windows is slowly integrating security functions. In Chapter 1, you saw that Windows XP offers a built-in firewall function. In Chapter 5, you will see a similar Windows built-in spyware/adware function called Windows Defender. For antivirus, Windows does not yet offer an integrated product, but there is a service named Windows Live OneCare that looks promising for integrated antivirus protection.

The intended pricing for this service looks comparable to other antivirus subscriptions. If you are interested, you can obtain the software beta (or production when it is released), at this link:

http://www.windowsonecare.com

After you install the OneCare software, the main control panel looks as shown in Figure 3-18.

Figure 3-18. Windows Live OneCare Main Status Panel


In addition to antivirus, the OneCare panel has integration with the functions for firewall, computer tune-up, file backup, and operating system updates.

By clicking View or change settings on the main OneCare panel, it is possible to change the antivirus settings, as shown in Figure 3-19.

Figure 3-19. OneCare Antivirus Settings


Check the Monitor for virus-like behavior box to enable heuristic scanning (covered previously in this chapter).

Figure 3-20 shows the result of a virus scan. This time the computer was free of worms and viruses.

Figure 3-20. OneCare Scan Completed


OneCare's antivirus program has many of the same features and operations as the other antivirus programs, including heuristic scanning, automatic updates, and active scanning of e-mail and file accesses.

It is not clear whether OneCare supports the same extensive list of known virus signatures as the other packages. A look at the OneCare threat list shows only a list of viruses identified as Top Threats. More information will undoubtedly be available when the product is officially released in mid-2006.



Home Network Security Simplified
Home Network Security Simplified
ISBN: 1587201631
EAN: 2147483647
Year: N/A
Pages: 130

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net