Antivirus Info

Up
Lovebug


If you've got an email account you could get a computer virus. All it takes is for someone else who has your email address stored on their computer to get a virus and they could unknowingly pass it on to you. The good news is that you can protect your computer with a few simple steps...

Step 1. Be Alert
Viruses are most likely to come unwittingly attached to email from people you know. Question the validity of any unsolicited attachment. If in doubt, ask the sender if they sent the attachment, and what it contains, before trying to open it. You should also check that the style of the message is typical of the sender. Many virus messages contain basic grammatical errors which can act as a useful warning sign that something is wrong.
Some basic file types, e.g. simple text and graphic files with .txt, .gif or .jpg file extensions, should not be able to act as a host for a virus. There are, however, viruses that disguise themselves with a double extension, e.g. .txt.vbs, the first extension is usually visible and familiar leading you to think the file is of a safe type but the second, possibly hidden, extension gives it the ability to execute malicious code. With the increasing use of macro scripting languages in major applications there is also the potential for many forms of apparently innocuous data files such as letters & spreadsheets to harbour viruses. Be particularly wary of programs & script files, such as those ending in .bat, .com, .exe, .hta, .shs or .vbs.
Save attachments to disk before opening them as this may unmask a virus that is 'pretending' to be a safer form of file and gives more opportunity for any antivirus software to examine the file.
Watch out for odd behaviour, such as your computer trying to dial the internet for no apparent reason or your email package taking an unusually long time to open or close. Information about the activity of different viruses and how to eradicate them may be found in the virus libraries of various antivirus companies, some of whom are listed below.
Pay heed to the warnings of currently active viruses, but avoid getting caught out by the hoax alerts. Use anti-virus sites to check any warnings you receive before emailing all of your contacts.
Don't install software just because some you know has sent it to you. A recent scam from Friends Greeting involved an installation routine in which the small print gave permission for the software to email a copy of itself to everyone in your address book - if it looks like a virus and acts like a virus...

Step 2. Update Your Software
Most software vendors release patches to improve the security of their products as time goes by. You can try to keep up to date by visiting their web pages periodically, however it can be difficult to track down all the security advice that may apply to your computer. The Windows Update site is a good place to start and should be able to work out which operating system patches your computer may need. I also like the BigFix system which is not restricted to Microsoft products and, in addition to program patches, offers useful tips on configuring & maintaining your system.
One of the most important patches relating to viruses is Microsoft's Scriptlet/Eyedog patch which is available here:-
    http://www.microsoft.com/Windows/ie/security/eyedog.asp
This tackles a security flaw which can be used to execute potentially harmful scripts, without your permission, from web pages or html format emails.

Step 3. Customise Browser & Mail Security
There are now a group of viruses, such as the KAK worm, that can attack your system from your web browser or mail package without you actively opening an infected attachment. These viruses act through scripts that are executed when you view a malicious website or HTML-based email message. Properly configured and up-to-date antivirus software should prevent such infections, but it is as well to set the security settings in your browser & to minimize the risks.

Microsoft's knowledge base article 215774 shows how to prevent malicious scripts from being activated in Outlook. I would recommend anyone using Outlook or Outlook Express takes the following steps to close this security loophole:-
bulletFrom the main Outlook window, select the menu item Tools... Options
bulletSelect the Security tab
bulletSet the Secure content zone to Restricted Sites
bulletClick the Zone Settings... button
bulletClick OK when you receive the following warning message:-
    "You are about to change security settings..."
bulletClick the Custom Level... button
bulletScroll down to "Script ActiveX controls marked safe for scripting"
bulletChange value to Disabled
bulletScroll down to "Scripting"
bulletCheck that "Active scripting", "Allow paste operations via script" and "Scripting of Java applets" are disabled
bulletClick OK, click Yes if prompted to confirm any changes, then click OK twice to close all dialog boxes

Similar steps to those above can also be taken to enhance the security of Internet Explorer and other packages. I'd recommend that in general you aim to disable features you don't use or ask the software to prompt before use. If you are not sure, err on the side of caution. At the very least you should review the default options to see if you are happy with the security they provide.

Step 4. Install Antivirus Software
While being alert can prevent most viruses from getting onto your system, it still pays to get an antivirus package and keep it up to date. There are plenty of packages available, some of them free for personal use and available on the web or magazine cover disks. Most commercial packages allow updates to be automatically downloaded by the software for a year or so. It may also be possible to manually download updated virus definitions after this period without taking out a further subscription. You may also need to fetch updates manually if your computer connects to the internet via a local network and the proxy server/firewall is not compatible with the update mechanism of your package.

Here are some of the usual suspects:-
S|O|P|H|O|S Sophos Anti-Virus
This product is firmly aimed at the corporate marketplace.
Main site: http://www.sophos.com
Updates:  http://www.sophos.com/downloads/products
Virus Library:  http://www.sophos.com/virusinfo
Norton AntiVirus
While their various rivals have started giving away software and updates, Symantec enforce their update subscription periods, however from my experience this is the simplest package to update via it's "LiveUpdate" feature.
Main site: http://www.symantec.com/avcenter
Updates:  http://www.norton.com/avcenter/download.html
Virus Library:  http://www.sarc.com/avcenter/vinfodb.html
McAfee VirusScan
Many computers have this package pre-installed and it has featured on the occasional magazine cover disk. Even if you're no longer entitled to free automatic updates you can still download and install the latest virus definitions (compatible with version 4.0 upwards) from the website.
Main site: http://www.mcafee.com
Engine Updates: http://download.mcafee.com/updates/4xa.asp
Signature Updates:  http://download.mcafee.com/updates/superDat.asp
Virus Library:  http://www.mcafee.com/anti-virus
 Kaspersky™ AntiVirus (AVP) Kaspersky Anti-Virus
Not generally so well known this one, but it has featured on some cover disks and is currently supplied to Open University students and tutors. They also claim to have the largest virus library.
Main site: http://www.kaspersky.com
Updates:  http://www.kaspersky.com/updates.asp
Virus Library:  http://www.viruslist.com

Step 5. Review Antivirus Settings
Most antivirus software will offer an option to scan every file or just those that are commonly used to carry viruses. Ideally all files should be scanned, but this may slow down your computer unacceptably. If you have to scan selectively, try to ensure that your list of scanned file types includes:-

*.bat  *.com  *.exe   These are files that are typically "executed" as opposed to being "read". As such they should be checked as they are accessed before they have an opportunity to activate any malicious code that they may contain.
*.doc  *.xls Microsoft's Word & Excel are powerful programs however the built-in macro programming facilities of VBA can also be used to create self-propagating documents with potentially damaging side-effects. 
*.eml  *.msg   An email or messaging file. Sometimes viruses come buried in messages inside other messages. Enabling these file types should make sure these get checked before they can do any damage.
*.hta   An HTML application, attachments of this type are created by the KAK worm.
*.htm   Normally a web page, but used by the Lovebug/Loveletter worm for example.
*.scr   This is a program flagged as a screen saver, the BadTrans virus sends attachments of this type.
*.shs   A scrap object, as used by the LifeStages worm.
*.vbs   VBScript file, first widely exploited by the Lovebug/Loveletter.
<no ext> If possible include files with no extension. When you try to open such a file you will be asked which program you want to use to open the file and, depending on your AV engine, it is possible that it could then be opened without first being scanned. 

Conclusion
To avoid infection by computer viruses you need to be both well prepared and on your guard. It is not enough to simply buy an AV package, then "set it and forget it". There will always be new viruses written to slip by the existing virus lists or exploit newly discovered vulnerabilities in software and the speed with which viruses can spread over the internet leaves a window of opportunity for any new virus to reach your system before the update which will detect it. That said, most viruses still need a helping hand from you before they can get their hooks into your system. There's a variant of the Klez virus that claims to be a "fake Klez tool" designed to prevent future infection by the virus by making it look as if your computer is already infected. The message asks you to install the attached software and override any virus warning you may get. In essence, this is an attempt to convince you to activate the virus even against the warnings of your AV software. AV software is the second line of defence - your wits are the first.