Keeping an eye out for
viruses
Computer viruses are
everywhere! This guide will show you how to stay alert and how to avoid getting
infections on your computer. Having an updated virus scanner is only a small
part of this, there are many ways that you can prevent having viruses other than
a virus scanner, as it will not always save you.
Types of viruses
There are many type of
viruses. Typical viruses are simply programs or scripts that will do various
damage to your computer, such as corrupting files, copying itself into files,
slowly deleting all your hard drive etc. This depends on the virus. Most
viruses also mail themselves to other people in the address book. This way they
spread really fast and appear at others' inboxes as too many people still fall
for these. Most viruses will try to convince you to open the attachment, but I
have never got one that tricked me. In fact, I found myself emailing people
just to make sure they really did send me something. It does not hurt to be
safe.
Worms
Worms are different
type of viruses, but the same idea, but they are usually designed to copy
themselves a lot over a network and usually try to eat up as much bandwidth as
possible by sending commands to servers to try to get in. The code red worm is
a good example of this. This worm breaks in a security hole in Microsoft IIS
(Internet Information Server) in which is a badly coded http server that,
despite the security risks, a lot of people use it. When the worm successfully
gets in, it will try to go into other servers from there. When IceTeks was run
on a dedicated server at my house, there was about 10 or so attempts per day,
but because we ran Apache, the attempts did not do anything but waste bandwidth
and not much as I had it fixed a special way. Some worms such as the SQL
slammer will simply send themselves over and over so many times that they will
clog up networks, and sometimes all of the internet. Worms usually affect
servers more than home users, but again, this depends on what worm it is. It is
suspected that most worms are efforts from the RIAA to try to stop piracy, so
they try to clog up networks that could contain files. Unfortunately, the RIAA
have the authority to do these damages and even if caught, nothing can be done.
Trojans
Trojans are another
type of virus. They are simply like a server in which enables hackers to get
into and control the computer. A trojan such as Subseven can enable a hacker to
do various things such as control the mouse, eject the cd-rom drive,
delete/download/upload files and much more.
MBR virues
Boot sector viruses are
another type, they are similar to file viruses, but instead they go in the boot
sector and can cause serious damage when the computer is booted, some can
easily format your drive simply by booting your computer. These are hard to
remove.
Most viruses have
various characteristics. For example, a worm can also be a trojan and also
infect the boot sector. It all depends on how the virus is written and what it
is designed to do. That's why there are not really strong structured categories,
as they can easily mix one in the other.
Know the potentially
dangerous files
Like any other files,
viruses must be opened in order to do something. Most viruses come through
e-mail as an attachment. Some will make it look like it's someone you know, and
it will try to convince you to open an attachment. Never open attachments at
any cost! Some viruses will infect files in programs, so opening a program will
actually open the virus, maybe the same one, or another part of it.
All files have what is
called an extension; This is the 3 last letters after the last period. For
example, setup.exe has a file extension of .exe.
Extensions to watch out
for are .exe .com .bat .scr .pif .vbs and others, but these are the most seen.
.exe .com .bat .pif and .scr are valid extensions for executables. A virus
writer will simply rename it to one of these and it will work the same way. .pif
is a shortcut to an ms-dos program and will have the ms dos icon, but will
still execute whatever code is in it, so an .exe can be renamed to .pif and be
run the same way. .bat is a batch file, which can contain instructions to do
various file activities, but again, a .exe can be renamed to .bat and it will
execute it! .vbs is a visual basic script. For some reason, Microsoft provides
this scripting language along with the scripting host to make it more
convenient to design and write viruses quickly and easily, I've never seen
another use for this scripting language other than for writing viruses. There
are programs that are written with that language, but it is compiled into an
exe. Exe is the usual extension for programs, you would not have a software CD
install a bunch of vbs files all over!
Bottom line is, if you
don't know what a file is just don't open it. Some viruses will sometimes be
named a way as to mask the real file extension to make it look like a harmless
file such as a image file. This is easily noticed, but can still be missed.
Simply don't open unexpected files.
If you get something
that appears like something legit, just ask the person it came from if they
sent it. Most viruses use a friend's address to make it look like it comes from
them. The virus does this by using the person's address when sending itself to
the address book contacts.
Downloads
Email is not the only
way to get viruses; P2P (file sharing programs such as kazaa, winmx, direct
connect etc) is also another way to get viruses.
When downloading
programs, the main thing to watch out for is the file size. If you are
downloading a program that you expect to be rather large such as a game, don't
grab a file that is 10KB, since it's most likely a virus. However, I've been
caught with a virus even with large files, so file size is not the only thing
to watch, as an exe is still valid even if junk is added at the end, so a 64KB
virus will still function even if it is turned into 650MB.
Icons are something to
look for too, fortunately, virus writers don't take time to put icons. If your
download should be a setup file, you should see the icon of a setup file. If
it's just the blank icon that typical plain or corrupted exes have, don't open
it.
Another thing to do,
which should be obvious, is to scan the file for viruses using updated virus
definitions. But don't rely on only your virus scanner, as they are not
perfect, and if the virus has not been reported to them yet, they won't know to
create a definition for it!
Changing settings to
stay safe
If you do open a virus,
you want to avoid it going to all your friends. The simplest thing to do is to
NOT use the windows address book. It is easy for viruses to get through and
Microsoft is not doing anything about it. Just don't use it. Put them in
spreadsheet or even better write them down somewhere. Don't use the address
book.
Another
"feature" to avoid is the auto preview. Some viruses can attempt to
open themselves just by opening the email. There are security holes in
Microsoft mail programs that allow this. In Microsoft Outlook, click on the
view menu and remove auto preview. You need to do this for every folder, but
the inbox is most important. In Outlook Express, click on the view menu and go
to layout. In the dialog box, you will see a check box for show preview pane.
Uncheck it and click ok.
Another thing you
should change, especially if you download a lot, is the option that allows you
to view the file extension. In Win98, go in any folder, click on view then
folder options and choose the view tab and where it says hide file extension
for known types, uncheck it. In win2k, it is the same process, but instead, go
in the control panel and open the folder options icon.
Avoiding server worms
Some viruses, mostly
worms, can exploit through servers and affect other servers from servers that
have been infected. A good example is the SQL slammer. This was a worm that
affected SQL servers run by Microsoft IIS and Microsoft SQL Server. Once the
worm gets in, that particular server starts trying to find more exploitable
driving internet connections to a halt in the process. Servers running Apache
were unaffected by that, except for the many hits to try to get in. IceTeks
received about 100 hits per day when it was run on a dedicated home server.
Most hits came from major ISPs and other big websites that had no clue they
were still affected.
The simple solution to
avoid these types of viruses is to NOT use Microsoft based server software for
your server, especially if it is a public server. The operating system is also
crucial, but the actual server software is much more. Apache, which is free, is
much more secure than Microsoft based server programs such as IIS. IIS may be
easier to understand and administer, but it saves a lot of hassle to learn how
to use Apache. IIS has a large number of vulnerabilities, such as the ability
to gain access to cmd.exe and basically delete the whole drive by doing a ../
request in the address bar. These don't require viruses, but simply commands,
but there are worms written to automatically make these commands. The code red
does this.
Removing a virus
The best way to do this
is to do a clean install. However, depending on how bad the virus is, a simple
clean install won't remove it. So to be extra sure, you'll want to do a low
level format. This is especially true of you got a boot sector virus, as even
repartitioning and formatting won't quite remove it, but sometimes you can get
away with an fdisk /mbr, but not all the time. here are various removal tools
for viruses, it is good to use them and see if they work, but proceeding with
the clean install is recommended. You never know if the virus is completely
removed by deleting files you suspect are infected. Some viruses such as the
Bugbear will close anti virus programs and other programs to make it hard and
annoying to figure out what to do. A clean install is the best way to ensure
that it's gone for good.
Viruses are out there,
don't be one of the many infected ones! Stay alert and stay safe! Don't open
unexpected files, regularly update your virus definitions and scan downloaded
files!
I hope this article was
useful for you!
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.