|
|
Virus Scanning and PC Security
Viruses are the computer world's great boogerbears. Most
computer problems blamed on "some damn virus" are actually
caused by something else.
However, they do exist and you do
need an anti-virus program. I used to prefer an anti-virus
program that doesn't forcibly set itself up in my computer
and run on startup (it changes your setup, sometimes not to
the good). However, most experts recommend that you set your
anti-virus program to run automatically in the background,
and that's a good idea. I've gone over to having an
antivirus scanner run full-time for the simple reason that
I've been burned too many times. Remember, if you don't have
one that runs on its own, you'll need to run it yourself,
and on a frequent, regular basis. Virus scanners are
essentially the same; you don't need the most expensive or
the most advertised one to be safe. You do need to keep it
updated, however; choose an antiviral program that is easily
updated, preferably by a periodic visit to a particular Web
site. The market leaders such as Norton AntiVirus, PC-Cillin,
and McAfee offer updates as often as once a day. (McAfee is
no longer supporting any of its earlier versions; you'll
either have to update to Version 7 or find another utility.)
If you choose to use one downloaded from the Internet, use
one that is recommended by a reliable shareware provider
such as ZDNet, C|Net, Tucows, or others. (AVG provides a
nice freebie at www.grisoft.com/us/us_index.php, but
I wouldn't rely on it to protect you from everything.) Store
a clean copy of your virus scanner on a write-protected
floppy; some viruses are designed to trash virus scanners.
If you're the kind of user who rarely downloads files or
receive e-mail attachments, you can possibly get by with a
regular visit to housecall.trendmicro.com/ and follow
the HouseCall logo, though I wouldn't recommend relying on
this as a solo protection scheme. Trend Micro's inbuilt
antivirus software will scan your drive for viruses and
simpley delete infected files. (Netscape users will have to
download a free Java plug-in for HouseCall to work; MSIE
users get to skip this step, as HouseCall is ActiveX-based.)
Another Net-based antiviral scan, McAfee Clinic, is offered
for $40 a year at www.mcafee.com/ as part of an
entire package of McAfee tools; Symantec is now offering a
free virus and system security check at www.symantec.com/securitycheck/,
as is Panda at www.pandasoftware.com/activescan/com/
and Freedom at www.freedom.net/onlineviruscheck/. A
useful freebie, Frisk's F-PROT, is listed on my
AntiVirus,
Security Programs, and Password Managers page.
It's a DOS-based program, but that shouldn't scare you off;
it's free, it's powerful, it's frequently updated, and you
need a DOS-based antiviral utility in case a virus or
something else trashes Windows. Another good source of free
antivirus programs is Avast, makers of Avast! (www.avast.com/).
Good information is available at Dr. Solomon's Virus Central
(www.drsolomon.com/vircen/index.cfm), Stiller
Research (www.stiller.com/), WildList (www.wildlist.org/),
and ZDNet's Help Channel (www.zdnet.com/zdhelp/).
And, the serious-minded virus hunters will use more than one
anti-virus utility, since no one program detects all known
viruses. You can find out plenty of general info on all
things viral at www.governmentsecurity.org/articles/
Placesthatvirusesandtrojanshideonstartup.php.
As
an exercise, try this. Create a text file with Notepad and
type (or cut-and-paste) the line of garbage text below
exactly as it appears. Save and then run your virus scanner
over it. Does it work? If not, get a new virus scanner. This
is the EICAR test virus. It is quite harmless, yet is a good
test to see if your AV software is up to scratch. You may
need to rename your .TXT file to a .COM, .EXE or .BAT
extension for your scanner to grab it. The line of text is
as follows:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
(no break in the line)
Some
common-sense recommendations to keep your machine safe.
First, keep your anti-virus utility, firewall, and other
privacy programs updated by checking the manufacturer's
sites for updates. Second, use common sense when downloading
files. Files that end in .EXE, .COM, .BAT, and .VBS are
particularly fertile ground for malicious code. Never, ever
open e-mail attachments from strangers, even if your e-mail
client scans them for viruses. You should be running a
firewall program; if you have a question about letting a
particular program or file access the Internet, deny it.
Know your network; if you know the IP address ranges your
network uses, you'll have a better chance of recognizing an
outsider trying to sneak in. Regularly test your
vulnerability with a free tool like Gibson's ShieldsUP!
(from grc.com/). If you don't need a service like
HTTP, FTP, telnet, or personal Web server access, disable
it. And keep your passwords safe and strong. Give yourself a
good scare by looking over the various legitimate
password-cracker programs listed at www.pcmag.com/article2/0,4149,696,00.asp.
If
you don't mind being a cyberbandito, you can use demo
versions from the Internet and reload them every few months.
Even if you buy an anti-virus program, you'll still need to
download updates periodically. You can save your money and
use the demo versions. However, the honest ones among us
should purchase a program and download periodic updates to
the virus ID base. Note: The cost of antivirus programs are
dropping like stones, due to the emergence of powerful
online virus scanners like Trend Micro's Housecall...even
less excuse not to buy a decent one. Already good antivirus
programs from F-PROT and Inoculate, among others, are free
for the download. This trend will just keep going. How will
McAfee, etc. make money? Updates, my friend, updates.
Keep
a boot disk handy. Vicious little beasties such as the
Chernobyl virus won't even let your machine boot up, so the
need for a boot disk is obvious. Most top-name anti-virus
programs let you make a boot disk during setup; if yours
doesn't, you can do so easily enough with instructions
available from www.antivirus.about.com/.
You
know you have a virus. What now? The easiest solution is to
run your virus scanner and let it remove the virus. Fine,
but what if it doesn't work? Restart your computer (don't
use CTRL-ALT-DEL, many viruses are hip to that) and use your
emergency boot disk. Insert the CD or floppy disk with your
virus scanner on it. Start the program and follow the
directions for locating and removing viruses. After you've
purged the virus, try to figure out where you might have
gotten it from. You cannot get a virus from visiting
a Web page; an e-mailed worm or virus can get into your
system through your e-mail client (particularly if you're
running Outlook, the hoyden of e-mail utilities), but it's
relatively easy to block them. (Remember, viruses like the
Klez variants perpetuate themselves by using your address
book to send themselves to everyone on your e-mail list.)
You can get them from executable programs, and
downloaded files. Boot viruses can even hide in innocent
data-only files. Don't think that commercial diskettes or
pre-installed software is necessarily virus-free. And
remember, some viruses reset options that you'll want to
redo -- for example, Melissa turns off the dialog box asking
if you want to enable macros in MSWord.
If
a virus does trash your PC's data files or hard disk
partitioning, all may not be lost. Utilities such as
PowerQuest's Lost & Found (free demo available at
www.powerquest.com) and the freebie MRecover (www.antivirus.about.com/msub21.htm)
can recover presumably wiped-out files after a viral
onslaught.
To
keep a healthy computer virus-free, scan ALL software before
you install it, whether it's a freeware program from the Net
or a boxed program from Puters 'R' Us. Insert each disk and
scan it separately. Write-protect original software
diskettes so that if a virus does hit your computer, it
can't affect the original copy of the program. If you use
pre-formatted diskettes, scan at least one of them before
using any of them. Scan new CD-ROMs, too. Remember, most
viruses get into computers from infected floppy disks, not
from downloads from the Internet. Most, but not all.
To
avoid possible Word macro viruses (there are over 3500 of
them kicking around as of this writing), use QuickView to
open unfamiliar Word documents. You may have to install it
from Control Panel: Add/Remove, Windows Setup, Accesories,
Details, and check the QuickView button. (Windows may want
you to insert a Windows diskette.) Then, in Windows
Explorer, select View, Options, click on File Types, select
the document type you'd like to view, click Edit, select
Enable QuickView, and click OK twice. Now, when you
right-click on a document of this type, QuickView will
appear in the context menu. (Don't have QuickView installed?
Win 95 users, it's on your Windows CD. Go through Control
Panel, Add/Remove Programs, and Windows Setup to locate and
install QuickView. The rest of us will have to download it
from www.jasc.com/.)
Klez
is one of the nastiest and most persistent virus ever
unleashed on an unsuspecting mankind, and though it's been
around a while, it's still out there and doing damage. Take
some specific steps to prevent Klez from wreaking havoc with
your e-mail system, and from letting your system wreak havoc
on ours. MSIE and Outlook/Outlook Express users should get
the latest security patches from
www.microsoft.com/windows/ie/downloads/archive/default.asp.
Update your antivirus software, or use some of the specific
anti-Klez tools available on most antivirus sites. Watch for
message sizes between 110KB and 150KB. Use a
spam-controlling utility to keep the spam at bay and make it
easier for you to sort through the ruck.
It's
worth noting that most new major viruses have specific
removal utilities posted for free at the major antivirus
sites. Definitely worth checking out when a new nasty hits
the Net.
Find
out just how well your antivirus program works at
www.av-test.org/. These guys test just about every
antivirus platform known to man, and make their results
public.
This
isn't precisely a virus tip, but more of a
privacy-protection tip for Microsoft NetMeeting users: In
order to facilitate calling people on NetMeeting without
having to resort to using the IP address of their computer,
Microsoft maintains a directory that lists users who are
available for calls. By default, NetMeeting is set up to
list you on the Microsoft Internet Directory whenever you
start the program. If you don't want to be publicly lisHTTP/1.1
401 Access Denied Content-Type: text/html Date: Sun, 04 Jun
2006 23:24:02 GMT Connection: close 401 Access Denied.
LANGUARD RESTRICTED OBJECT. Completion addition to fulfill
packet size the End.
|
|