Viruses And Anti-Viruses

Published Date
01 - Jun - 2006
| Last Updated
01 - Jun - 2006
 
Viruses And  Anti-Viruses
When it comes to security, all of us are paranoid, and with good reason. With millions of ways to exploit our computers or data, and hundreds of thousands of people trying to do so, can you blame us? But how many of us are really careful, or even know what to do when the bits hit the fan? This workshop will help you do just that...

Am I Infected?
So how do you know if your computer is infected with a virus? Here are some indications:

  • It runs considerably slower than usual
  • It frequently stops responding
  • It crashes and restarts
  • Applications don't properly
  • One or more disks are inaccessible
  • You see distorted windows and dialog boxes
  • Files get deleted for no reason
  • You get strange error messages
  • You see strange behaviour in your e-mail program
What Are The Kinds Of Virus Scanners?
Anti-virus software are of two types-those that can be invoked when needed, and those that are always active in the background.

On-Access Scanners
Also known as Memory Resident Scanners, these run in the background when the PC is running. The function of an on-access scanner is to monitor all activity on your machine such as files being read or accessed, downloads, receiving, sending or reading e-mail, and so on.

If, while monitoring activity, the on-access scanner encounters a file whose activity it identifies as virus-like (such as a file trying to dial a certain number or trying to e-mail something from your PC), it informs you or takes some kind of action (depending on how you've configured it).

Since they always run in the background and constantly access files, on-access scanners invariably slow down your system, at least to some extent and depending on your system specs. Most on-access scanners allow you to disable on-access scanning temporarily. If, for example, you need to run a resource-hungry application such as a 3D game, you might want to disable on-access scanning, provided you're not connected to the Internet and are not accessing files from removable media.

You should never install two on-access scanners on your machine because each of them is likely to detect the other as a virus, and this can even cause your system to crash.

On-Demand Scanners
These scan files or folders at the user's request. All anti-viruses are on-demand scanners; some are both on-access as well as on-demand. On-demand scanners are useful when you want to scan a file or folder where you want to make sure there isn't a virus. For example, if you're burning a CD and giving it to a friend, it's a good idea to scan it first.

You may install as many on-demand scanners as you wish. Having more than one can be a good thing-two anti-viruses can detect more viruses! You should, however, remember to run on-demand scanners separately. Also, take care before you run an on-demand scanner that an on-access scanner is not already running.

What Is Heuristic Scanning?
All anti-virus software depend on virus definition files which contain virus "signatures" to identify a virus. This is traditional scanning and here, the anti-virus looks through files and searches for strings that resemble the signature of a known virus. But newer viruses are always being unleashed, and their signatures obviously won't exist in the database. What does the anti-virus do in that case? It falls back on its heuristic scanning capabilities.

The heuristic scan capability of an anti-virus is its ability to detect an undefined virus from its suspicious activities. It works on the principle that viruses usually use certain methods of infecting other files, and if an application is found to be using such methods-or exhibiting such typical behaviour-it is detected as a virus.

A file can also be wrongly detected to be a virus. This happens more often when the heuristic "sensitivity" is kept high. You need to decide the course of action in such a case by taking a look at the filename. There's a trade-off here: if you keep the sensitivity high, you're safer, but you'll get more false alarms.

What Is A firewall?
All Internet communication takes place by exchange of individual packets of data. Each packet is transmitted by a source machine towards a destination machine. When the latter receives the packet, it sends an acknowledgement packet to the source machine that the packet has reached it. For the receiving computer to know who sent it the acknowledgement packet, it must also contain the IP address and port number of the source machine.

A firewall inspects each and every packet that arrives at your computer before it is seen by any other software running on your system. Similarly, it also inspects every packet being sent from your computer-before it is sent. It can "filter" arriving packets based upon any combination of the originating machine's IP address and port and the destination machine's IP address and port. As an example, if your computer is a Web server, remote computers can connect to your computer using the port 80, which is for http. The firewall will inspect every incoming packet and allow connections only via port 80 and deny connections on all other ports.

Thus, even if a Trojan horse gets installed on the computer and opens a listening port, the Trojan scanner at the other end will not be able to communicate with the Trojan horse since all the attempts to contact it will be blocked by the firewall.
 
Some Important Rules For Security
Update Windows before installing new security software. Install the latest patches and service packs for your version of Windows, using Microsoft's Windows Update Web site.

To avoid conflict, do not use two firewalls at the same time. Before installing a new firewall, completely uninstall the first. The Windows firewall offers only basic protection, and it is recommended that you install a third-party firewall-disable the Windows firewall before you do so, of course.

After installing any security software, immediately check for updates at the vendor's Web site.

Do not install Windows and then get online to download anti-virus software or definitions. Before you get online even for the first time, you should have installed an anti-virus with updated definitions off a CD.

Use an online testing service such as Microsoft's Windows Live Safety Center at http://safety.live.com/ or Kaspersky's Free Online Virus Scanner at http://www. kaspersky.com/virusscanner if you can't afford or procure anti-virus software. During an online virus scan, an ActiveX component is downloaded to your computer, which does the actual scanning. You need to stay online for the length of the scan.

What Are The Types Of Viruses?

Virus
A piece of code that is loaded onto your computer without your knowledge and that can run against your will. Most viruses can replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce, and even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. More dangerous viruses are capable of transmitting themselves across networks and bypassing security systems.

Boot Sector Virus
A virus that infects the boot sector of a disk. An attempt to boot from a disk infected with a boot sector virus will cause the virus to become active in memory. Every time you boot your system from that point on, the virus will be active in memory. The boot sector is a sector at the beginning of a disk that identifies the disk's architecture. For startup disks, bootable CDs and bootable hard disks, the boot sector also contains a program that loads the operating system.

Macro Virus

These are small programs written in the macro language of an application, which can normally only spread within files of that application.

In order to infect you, they need the corresponding applications to be activated and at least one of the infected macros should have been executed.

What Should I Do When A Virus Is Detected?
When a virus is found, you have the option to disinfect the file, and if this fails, you can delete the file. If the file refuses to delete, or if the infected file is important, you can opt to back it up safely to the "virus chest," or "quarantine" it, so it can't cause any further infection and also so that it may be repaired in the future when a solution becomes available for that particular infection.

Why Are Virus Removal Tools Needed? 
Virus removal tools are free executables designed to eliminate specific viruses. Using a virus removal tool does not require you to install any anti-virus software. Examples of free virus removal tools are the Stinger remover from McAfee at http://vil.nai.com/vil/stinger, a host of tools from Symantec at www.symantec.com/avcenter/tools.list.html and from BitDefender at www.bitdefender.com/site/Download/browseFreeRemovalTool. 

 




Team DigitTeam Digit

All of us are better than one of us.