Virus Protection Networking

A virus is a program that causes malicious change in your computer and makes copies of itself. Sophisticated viruses encrypt and hide themselves to thwart detection. There are tens of thousands of viruses that your computer can catch. Known viruses are referred to as being “in the wild.” Research laboratories and universities study viruses for commercial and academic purposes. These viruses are known as being “in the zoo,” or not out in the wild. Every month, the number of viruses in the wild increases.

Viruses can be little more than hindrances, or they can shut down an entire corporation. The types vary, but the approach to handling them does not. You need to install virus protection software on all computer equipment. This is similar to vaccinating your entire family, not just the children who are going to summer camp. Workstations, personal computers, servers, and firewalls all must have virus protection, even if they never connect to your network. They can still get viruses from removable storage media or Internet downloads.

Types of Viruses

Several types of viruses exist, but the popular ones are file viruses, macro (data file) viruses, and boot sector viruses. Each type differs slightly in the way it works and how it infects your system. Many viruses attack popular applications such as Microsoft Word, Excel, and PowerPoint; they are easy to use and it’s easy to create a virus for them. Because writing a unique virus is considered a challenge to a bored programmer, viruses are becoming more and more complex and harder to eradicate.

File Viruses

A file virus attacks executable application and system program files, such as those ending in .COM, .EXE, and .DLL. Most of these types of viruses replace some or all of the program code with their own. Only once the file is executed can the virus cause its damage. This includes loading itself into memory and waiting to infect other executables, further propagating its potentially destructive effects throughout a system or network. Examples of file viruses are Jerusalem and Nimda (although Nimda is usually seen as an Internet worm) may also infect common Windows files, as well as files with extensions such as .HTML, .HTM, and .ASP.

Macro Viruses

A macro is a script of commonly nacted commands that are used to automatically perform operations without a user’s intervention. Macro viruses use the Visual Basic macro scripting language to perform malicious or mischievous functions in data files created with Microsoft Office products, for example. Macro viruses are among the most harmless (but also the most annoying). Since macros are easy to write, macro viruses are among the most common viruses and are frequently found in Microsoft Word and PowerPoint. They affect the file you are working on. For example, you might be unable to save the file even though the Save function is working, or you might be unable to open a new document—you can only open a template. These viruses will not crash your system, but they are annoying. Cap and Cap A are examples of macro viruses.

Boot Sector Viruses

Boot sector viruses get into the master boot record. This is track one, sector one on your hard disk, and no applications are supposed to reside there. The computer at bootup checks this section to find a pointer for the operating system. If you have a multi-operating-system boot between various versions or instances of Windows, for example, this is where the pointers are stored. A boot sector virus will overwrite the boot sector, thereby making it look as if there is no pointer to your operating system. When you power up the computer, you will see a Missing Operating System or Hard Disk Not Found error message. Monkey B, Michelangelo, Stoned, and Stealth Boot are examples of boot sector viruses.

Nearly any virus that falls under one of these three categories can be implemented as a Trojan Horse. Just as the Greeks in legend attacked Troy by hiding within a giant horse, a Trojan virus hides within other programs and is launched when the program in which it is hiding is launched. DMSETUP.EXE and LOVE-LETTER-FOR-YOU.TXT.VBS are examples of known Trojan Horses. Displaying extensions for known file types can help you remain vigilent against such naming tricks. These are only a few of the types of viruses out there.

Updating Antivirus Components

A typical antivirus program consists of two components:

  • The definition files
  • The engine

The definition files list the various viruses, their type, and their footprints and specify how to remove them. More than 100 new viruses are found in the wild each month. An antivirus program would be useless if it did not keep up with all the new viruses. The engine accesses the definition files (or database), runs the virus scans, cleans the files, and notifies the appropriate people and accounts. Eventually viruses become so sophisticated that a new engine and new technology are needed to combat them effectively.

Heuristic scanning is a technology that allows an antivirus program to search for a virus even if there is no definition for it. The engine looks for suspicious activity that might indicate a virus. Be careful if you have this feature turned on.A heuristic scan might detect more than viruses; removing harmless code might cause unpredictable results.

For an antivirus program to be effective, you must upgrade, update, and scan in a specific order:

  1. Upgrade the antivirus engine.
  2. Update the definition files.
  3. Create an antivirus emergency boot disk.
  4. Configure and run a full on-demand scan.
  5. Schedule monthly full on-demand scans.
  6. Configure and activate on-access scans.
  7. Update the definition files monthly.
  8. Make a new antivirus emergency boot disk monthly.
  9. Get the latest update when fighting a virus outbreak.
  10. Repeat all steps when you get a new engine.

We will look at the first steps in using antivirus software in the following sections. The other steps are beyond the scope of this book.

Upgrading an Antivirus Engine

An antivirus engine is the core program that runs the scanning process; virus definitions are keyed to an engine version number. For example, a 3.x engine will not work with 4.x definition files. When the manufacturer releases a new engine, consider both the cost to upgrade and the added benefits. Before installing new or upgraded software, back up your entire computer system, including all data.

Updating Definition Files

Every week you need to update your list of known viruses—called the virus definition files. You can do this manually or automatically through the manufacturer’s website. You can use a staging server within your company to download and then distribute the updates, or you can set up each computer to download updates.

Scanning for Viruses

An antivirus scan is the process in which an antivirus program examines the computer suspected of having a virus and eradicates any viruses it finds. There are two types of antivirus scans:

  • On-demand
  • On-access

An on-demand scan searches a file, a directory, a drive, or an entire computer. An on-access scan checks only the files you are currently accessing. To maximize protection, you should use a combination of both types.

On-Demand Scans

An on-demand scan is a virus scan initiated by either a network administrator or a user. You can manually or automatically initiate an on-demand scan. Typically, you’d schedule a monthly on-demand scan, but you’ll also want to do an on-demand scan in the following situations:

  • After you first install the antivirus software
  • When you upgrade the antivirus software engine
  • When you suspect a virus outbreak

Before you initiate an on-demand scan, be sure that you have the latest virus definitions. When you encounter a irus, scan all potentially affected hard disks and any floppy disks that could be suspicious. Establish a cleaning station, and quarantine the infected area. The support staff will have a difficult time if a user continues to use the computer while it is infected. Ask all users in the infected area to stop using their computers. Suggest a short break. If it is lunchtime, all the better. Have one person remove all floppies from all disk drives. Perform a scan and clean at the cleaning station. For computers that are operational, update their virus definitions. For computers that are not operational or are operational but infected, boot to an antivirus emergency boot disk. Run a full scan and clean the entire system on all computers in the office space. With luck, you will be done before your users return from lunch.

On-Access Scans

An on-access scan runs in the background when you open a file or use a program. For example, an on-access scan can run when you do any of the following:

  • Insert a floppy disk
  • Download a file with FTP
  • Receive e-mail messages and attachments
  • View a web page

The scan slows the processing speed of other programs, but it is worth the inconvenience.

A relatively new form of malicious attack makes its way to your computer through ActiveX and Java programs (applets). These are miniature programs that run on a web server or that you download to your local machine. Most ActiveX and Java applets are safe, but some contain viruses or snoop programs. The snoop programs allow a hacker to look at everything on your hard drive from a remote location without your knowing. Be sure that you properly configure the on-access component of your antivirus software to check and clean for all these types of attacks.

There is a host of great shareware and freeware available on the Internet today. Titles include Microsoft AntiSpyware, Spybot Search & Destroy and Ad-Aware, as well as Windows Update.

Many programs will not install unless you disable the on-access portion of your antivirus software. This is dangerous if the program has a virus. Your safest bet is to do an on-demand scan of the software before installation. Disable onaccess scanning during installation, and then reactivate it when the installation is complete.

Emergency Scans

In an emergency scan, only the operating system and the antivirus program are running. An emergency scan is called for after a virus has invaded your system and taken control of a machine. In this situation, insert your antivirus emergency boot disk and boot the infected computer from it. Then scan and clean the entire computer.

Another possibility is to use an emergency scan website like It allows you to scan your computer via a high speed Internet access without using an emergency disk.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

Networking Topics