Definition of a computer virus:
-A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a
computer's memory.
-Sometimes called “Malware”, meaning “malicious software; a broad term for all types of Viruses and Spyware.
-Computer viruses are called viruses because they share some of the traits of biological
viruses:
-passing from computer to computer like a biological virus passes from person to person. -a computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents.
Different Types of Viruses/Methods of
Infection:
-Classic Viruses - A virus is a small piece of software that attaches itself to real
programs or documents or hides deep in floppies and hard drives. For example, a virus might attach itself to a program such as a Microsoft Excel (Macro Virus) using a popular scripting language known as Visual Basic.
-Classic viruses are not as common anymore due to the lack of floppy disk use and that boot sectors are now protected. Also, Microsoft Office has come a long way in blocking this malicious code from running when an Office document is opened.
-examples: W97M.Melissa WM.NiceDay W97M.Groov .EXE or .VBS
Different Types of Viruses/Methods of
Infection:
-E-mail viruses - An e-mail virus moves around in e-mail messages, and usually
replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Included are Virus Hoaxes, warning of bogus virus attacks with hopes of spreading panic on the internet. File attachments in e-mail messages are a common way of infecting a computer, providing the user clicks on the attachment.
-examples:
Love Bug/ILOVEYOU (.VBS) MYDOOM
SOBIG
Good Times (hoax)
Melissa (Word Macro attacking NORMAL.DOT then using Outlook to spread) .BAT, .COM, .EXE, .SCR, .PIF and .SHS
Different Types of Viruses/Methods of
Infection:
-Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, all the while, clogging the internet with useless traffic.
-examples: W32.Mydoom W32.Netsky W32.Klez
Different Types of Viruses/Methods of
Infection:
-Trojan horses - A Trojan horse is simply a computer program which claims to do one thing (it may claim to be a game or newly release album) but instead does damage when you run it. It may erase your hard disk, send your credit card numbers and passwords to a stranger, or let that stranger hijack your computer to commit other attacks else where. Trojan horses have no way to replicate automatically.
-Files downloaded from file-sharing services such as Kazaa or Gnutella are particularly suspicious, because Peer-to-Peer (P2P) file-sharing services are regularly used to spread Trojan horse programs.
-examples: Readme.txt.exe Trojan.Vundo Trojan.ByteVerify
Spyware (also known as Adware)/Methods of
Infection:
-Spyware/adware - a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's
processing power. Typical tactics include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card
numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. According to recent estimates, more than two-thirds of all personal computers are infected with some kind of spyware/adware.
-examples: Hotbar Intelligent Explorer CoolWebSearch 180solutions browser hijackers
Dealing with Macro Viruses:
-Close Preview Pane - Some viruses have taken advantage of a vulnerability between Outlook/Outlook Express and Internet Explorer. With this vulnerability, some viruses can launch just by viewing them in the Preview Pane. To be safe, the Preview Pane can be turned off (under the View Menu) but be prepared for a user complaints.
-Open in WordPad - Open any strange Word documents that you receive by email or on disk in WordPad first. They won't open properly and the first 30 or more lines will be code garbage, but in the middle you'll find most of the text of the file, enough to check whether it's a genuine file that you need to open the proper way.
-High Macro Security - Unless needed for particular applications (old Access databases, for example) make sure Macro security is set to High (Tools menu> Macro> Security). Modern versions of Word will inform you that a document contains a macro and offer you the option "Disable Macros" before opening. Always choose this option without fail. You can always open the document a second time, with macros enabled, once you've
Dealing with Email Viruses:
-NO DOUBLE CLICKING!! - always be aware of what attachments are being open when double click within the email message. Saving the suspect file somewhere to examine is a safer solution. A virus must be executed (double-clicked) to be activated so saving a file to disk, even a virus, will not launch an attack.
-View True File Extension - Many people have learned that text files (.TXT) and
image files (.GIF, .JPG, etc.) are safe to launch because they are data and not executable software. They have learned to be leery of .EXE, .VBS and other extensions that are
executed immediately. Thus, virus writers try to trick more people using double
extensions, so "I LOVE YOU.TXT.vbs" is really not a .TXT file, but a .vbs file, a Visual Basic Script that is executed immediately.
-Stop it at the Gateway - ask your email ISP about virus scanning at your mail server; catching viruses BEFORE they get to the Desktop. If you run your own mail server
Dealing with Trojan Horse Viruses:
-Mind What You Download - NEVER download blindly from people or sites which you aren't 100% sure about.
-Mind What You Command - Never type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts (not even popular ones). If you do so, you are potentially trusting a stranger with control over your computer, which can lead to trojan infection or other serious harm.
Dealing with Spyware/Adware:
-Trust Lavasoft - Adware by Lavasoft is the most recommended Spyware/Adware removal programs available - plus its FREE. Some removal utilities, even ones that cost money, are in fact spyware applications themselves. (http://www.lavasoft.com)
-Scan, Remove, Repeat - Run Lavasoft’s Adware tool a few times to be sure the computer is Spyware free.
-Add/Remove - use the Add/Remove control panel to rid the computer of “helper” applications; applications not part of the standard office suite of software.
-Limited Access - unless a user absolutely needs to install software or an applications requires it, do NOT give user’s Administrative rights over their own computers. If
software needs to be installed, an Administrator should log on, install the software, then log back off.
In some rare cases, a user must be granted temporary Administrative rights so software is installed properly. After testing the software, remove the user from the administrative group.
-Block pop-up windows - either upgrade to Windows XP SP2 (Service Pack 2) or switch to Mozilla/FireFox to allow pop-up blocking.
Antivirus Software:
-Desktop/Standalone softwareNorton Antivirus (http://www.symantec.com) McAfee VirusScan (http://www.mcafee.com) AVG (http://www.grisoft.com)
Anti-VIR (http://www.free-av.com)
-Client/Server
Symantec Corporate Edition (http://www.symantec.com) McAfee VirusScan Enterprise (http://www.mcafee.com)
Antivirus Software:
-Symantec Corporate Edition-Available to non-profits via Techsoup (http://www.techsoup.org)
-5 users for $35, 10 users for $50, 25 users for $85 plus 2 year subscription -Centralized client management
Antivirus Software:Scheduled Maintenance
-Keep Virus Definitions Up-to-date - whether managed or standalone, verify virus definitions are being kept up to date. Definitions should be no more than two weeks old. -Setup Auto Scan - all antivirus software should be able to perform a routine system scan for viruses at least once a week. Set this scan (which takes at least 20 mins.) when the computer is on but the user is away (during lunch or a weekly staff meeting).
-Review and Delete Quarantined Files - Files caught be antivirus software are stored in a “quarantined” area so they can be “cleaned” if deemed important. However, 99% of the files which end up in the quarantined area are obvious viruses and should be deleted as these files will soon take up large amounts of hard drive space.
