Virus Protection

Previous page
Table of content
Next page

A virus is a program that causes malicious change in your computer and makes copies of itself. Sophisticated viruses encrypt and hide themselves to thwart detection. There are tens of thousands of viruses that your computer can catch. Known viruses are referred to as being “in the wild.” Research laboratories and universities study viruses for commercial and academic purposes. These viruses are known as being “in the zoo,” or not out in the wild. Every month, the number of viruses in the wild increases.

Viruses can be little more than hindrances, or they can shut down an entire corporation. The types vary, but the approach to handling them does not. You need to install virus protection software on all computer equipment. This is similar to vaccinating your entire family, not just the children who are going to summer camp. Workstations, personal computers, servers, and firewalls all must have virus protection, even if they never connect to your network. They can still get viruses from floppy disks or Internet downloads (via modem).

Types of Viruses

Several types of viruses exist, but the two most popular are macro and boot sector. Each type differs slightly in the way it works and how it infects your system. Many viruses attack popular applications such as Microsoft Word, Excel, and PowerPoint, which are easy to use and for which it is easy to create a virus. Because writing a unique virus is considered a challenge to a bored programmer, viruses are becoming more and more complex and harder to eradicate.

Macro Viruses

A macro is a script of commonly enacted commands that are used to automatically perform operations without a user’s intervention. Macro viruses use the Visual Basic macro scripting language to perform malicious or mischievous functions in Microsoft Office products. Macro viruses are among the most harmless (but also the most annoying). Since macros are easy to write, macro viruses are among the most common viruses and are frequently found in Microsoft Word and PowerPoint. They affect the file you are working on. For example, you might be unable to save the file even though the Save function is working, or you might be unable to open a new document— you can only open a template. These viruses will not crash your system, but they are annoying. Cap and Cap A are examples of macro viruses.

Boot Sector Viruses

Boot sector viruses get into the master boot record. This is track one, sector one on your hard disk, and no applications are supposed to reside there. The computer at boot up checks this section to find a pointer for the operating system. If you have a multioperating system boot between Windows 95/98, Windows NT, and Unix, this is where the pointers are stored. A boot sector virus will overwrite the boot sector, thereby making it look as if there is no pointer to your operating system. When you power up the computer, you will see a Missing Operating System or Hard Disk Not Found error message. Monkey B, Stealth, and Stealth Boot are examples of boot sector viruses.

Note 

These are only a few of the types of viruses out there. For a more complete list, see your antivirus software manufacturer’s website, or go to Symantec’s website at www.symantec.com/.

Updating Antivirus Components

A typical antivirus program consists of two components:

  • The definition files

  • The engine

The definition files list the various viruses, their type and footprints, and specify how to remove the specific virus. More than 100 new viruses are found in the wild each month. An antivirus program would be useless if it did not keep up with all the new viruses. The engine accesses the definition files, or database, runs the virus scans, cleans the files, and notifies the appropriate people and accounts. Eventually viruses become so sophisticated that a new engine and new technology are needed to combat them effectively.

Note 

Heuristic scanning is a technology that allows an antivirus program to search for a virus even if there is no definition for that specific virus. The engine looks for suspicious activity that might indicate a virus. Be careful if you have this feature turned on. A heuristic scan might detect more than viruses.

For an antivirus program to be effective, you must upgrade, update, and scan in a specific order:

  1. Upgrade the antivirus engine.

  2. Update the definition files.

  3. Create an antivirus emergency boot disk.

  4. Configure and run a full on-demand scan.

  5. Schedule monthly full on-demand scans.

  6. Configure and activate on-access scans.

  7. Update the definition files monthly.

  8. Make a new antivirus emergency boot disk monthly.

  9. Get the latest update when fighting a virus outbreak.

  10. Repeat all steps when you get a new engine.

If you think this is a lot of work, you are right. However, not doing it can be a lot more work and a lot more trouble.

Upgrading an Antivirus Engine

An antivirus engine is the core program that runs the scanning process; virus definitions are keyed to an engine version number. For example, a 3.x engine will not work with 4.x definition files. When the manufacturer releases a new engine, consider both the cost to upgrade and the added benefits.

Warning 

Before installing new or upgraded software, back up your entire computer system, including all data.

Updating Definition Files

Every week you need to update your list of known viruses—called the virus definition files. You can do this manually or automatically through the manufacturer’s website. You can use a staging server within your company to download and then distribute the updates, or you can set up each computer to download updates.

Scanning for Viruses

An antivirus scan is the process in which an antivirus program examines the computer suspected of having a virus and eradicates any viruses it finds. There are two types of antivirus scans:

  • On-demand

  • On-access

An on-demand scan searches a file, a directory, a drive, or an entire computer. An on-access scan checks only the files you are currently accessing. To maximize protection, you should use a combination of both types.

On-Demand Scans

An on-demand scan is a virus scan initiated by either a network administrator or a user. You can manually or automatically initiate an on-demand scan. Typically, you’d schedule a monthly on-demand scan, but you’ll also want to do an on-demand scan in the following situations:

  • After you first install the antivirus software

  • When you upgrade the antivirus software engine

  • When you suspect a virus outbreak

Note 

Before you initiate an on-demand scan, be sure that you have the latest virus definitions.

When you encounter a virus, scan all potentially affected hard disks and any floppy disks that could be suspicious. Establish a cleaning station, and quarantine the infected area. The support staff will have a difficult time if a user continues to use the computer while it is infected. Ask all users in the infected area to stop using their computers. Suggest a short break. If it is lunchtime, all the better. Have one person remove all floppies from all disk drives. Perform a scan and clean at the cleaning station. For computers that are operational, update their virus definitions. For computers that are not operational or are operational but infected, boot to an antivirus emergency boot disk. Run a full scan and clean the entire system on all computers in the office space. With luck, you will be done before your users return from lunch.

On-Access Scans

An on-access scan runs in the background when you open a file or use a program. For example, an on-access scan can run when you do any of the following:

  • Insert a floppy disk

  • Download a file with FTP

  • Receive e-mail messages and attachments

  • View a web page

The scan slows the processing speed of other programs, but it is worth the inconvenience.

A relatively new form of malicious attack makes its way to your computer through ActiveX and Java programs (applets). These are miniature programs that run on a web server or that you download to your local machine. Most ActiveX and Java applets are safe, but some contain viruses or snoop programs. The snoop programs allow a hacker to look at everything on your hard drive from a remote location without your knowing. Be sure that you properly configure your on-access component of antivirus software to check and clean for all these types of attacks.

Warning 

Many programs will not install unless you disable the on-access portion of your antivirus software. This is dangerous if the program has a virus. Your safest bet is to do an on-demand scan of the software before installation. Disable on-access scanning during installation, and then reactivate it when the installation is complete.

Emergency Scans

In an emergency scan, only the operating system and the antivirus program are running. An emergency scan is called for after a virus has invaded your system and taken control of a machine. In this situation, insert your antivirus emergency boot disk and boot the infected computer from it. Then scan and clean the entire computer.

Tip 

If you don’t have your boot disk, go to another computer and create one.



Previous page
Table of content
Next page
Network+ Study Guide
Network+ Study Guide
ISBN: 470427477
EAN: N/A
Year: 2002
Pages: 151
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Microsoft WSH and VBScript Programming for the Absolute Beginner
PMP Practice Questions Exam Cram 2
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
FileMaker 8 Functions and Scripts Desk Reference
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy