Similar to motorists who travel at 10 miles per hour below
the posted speed limit in the left-hand lane, programmers
who deliberately create and distribute malicious computer
programs don't have a clue. They have a great deal of
knowledge and expertise but they can't seem to figure out
how to function by simply following the rules. This article
briefly explains how most computer viruses compromise
vulnerable computers and how you can make your computer and
valuable data much less vulnerable to a malicious executable
or "virus."
Malicious Executables
All malicious programs are "executable" files. On computers
running MS-DOS or Windows based operating systems; .exe and
.com are the common extensions for these files.
Virus
A Virus is a computer program created for the sole purpose
of destroying data on your computer. The virus may destroy
non-crucial files, or it may be programmed to erase all
files. A virus can cause an infected computer to perform
certain actions on certain dates or issue serious commands
such as deleting your entire system registry, totally
disabling the operation and booting up of your computer.
Viruses are distributed through executable files that we
receive from friends, download off the Internet or even
install ourselves. A virus will often come disguised as a
Trojan which serves as the carrier for the virus.
Trojan
A Trojan is a program that usually appears to be safe, but
contains something harmful inside such as a worm or virus.
You may download a game or an image, assuming that it's
harmless, but once you execute the file, the worm or virus
goes to work. Sometimes they will simply annoy you, but many
are specifically designed to cause severe damage to your
system.
Worm
Worms operate a bit differently. These programs replicate
themselves over and over again. Worms generally arrive
through an email client. Machines become infected if the
user accepts a Trojan file that contains a Worm in its
payload. The majority of these programs are designed to
exploit email address books stored on a mail server or hard
drive. When you open a Trojan email attachment that contains
a worm, the Trojan tells the worm file to propagate with all
email addresses it finds and to email itself to each
address, thus repeating the process.
The "Love Bug" is a good example of each of the above. It's
a Trojan because it arrives disguised as a "Love Letter"
when it is actually carrying a harmful program. It's a virus
because once executed, it infects files on your computer,
turning them into new Trojans. It's a worm because it
propagates itself by sending itself out to everyone listed
in your email address book or IRC client.
Bacteria
Bacteria programs are simply designed to replicate
themselves many times, thus causing a lack of resource or
slowdown of the computer.
Spyware
Spyware is usually designed to log marketing data from the
computer and send it to a web-server which stores the
information in a database. Because these programs are fairly
easy to develop and distribute, they have become popular
with identity thieves.
Botnet
Similar to Spyware, Botnet applications are designed to copy
software programs installed on individual computers and
network computers within companies and organizations. Once a
network has been exploited, the Master Botnet will usually
command the Botnets that are located on the rest of the
network and implement actions from the central server.
Computer-based Prevention
Note - If your computer is on a Local Area Network or LAN at
your dealership or you have a laptop that is at times on a
LAN, don't change ANY configuration settings without first
checking with the Network Administrator.
Installing anti-virus software is important, but more and
more every year anti-virus software by itself is not enough.
If you are running an MS-DOS or Windows based operating
system the following precautions will greatly decrease your
chances of becoming infected and are mandatory now at many
large corporations:
1. - Don't store installation programs, ("Setup.exe" files),
on your hard drive. Many viruses replace these files with
their corrupt setup files making it easy for you to
accidentally "install" them.
2. - Most anti-virus programs allow you to scan individual
files before opening them. Scan ALL executable files before
opening.
3. - Utilize "classic view" instead of "Windows XP" or "Web"
view with Windows Explorer. Many viruses replace the "Folder.htt"
file utilized by "Windows XP" view with a corrupt VBScript.
Once infected, each time you utilize Windows Explorer to
view a folder you execute a virus that dramatically slows
down your machine. To switch to "classic view", do the
following:
"Right-click" on the task bar, (bottom of screen), select
"properties", then "Start Menu." Select "Classic Start
Menu."
4. - Don't "Hide extensions for known file types." By
default Windows Explorer will hide the extension of known or
common file types such as .doc and .rtf. Most viruses that
are executed through e-mail utilize this vulnerability. Once
on your hard drive, the virus may display the same icon for
a Microsoft Word document, but it is actually linked to a
malicious executable. You would never know that the file is
an ".exe" instead of a ".doc" because the extension is not
visible. To correct this, open any folder, from the tool bar
select "tools", "folder options", "view", then un-check
"Hide extensions for known file types."
5. - Know what programs on your machine are executed during
system start-up. Select "Start", "Run", type "msconfig",
press "Ok" or hit "Enter." Select the "Startup" tab and look
at the programs that are starting each time you start your
computer. Familiarize yourself with each program and check
them periodically. That way if something unfamiliar shows up
you will recognize it.
Software-based Prevention
Note - If your computer is on a Local Area Network or LAN at
your dealership or you have a laptop that is at times on a
LAN, don't install ANY software without first checking with
the Network Administrator.
Anti-virus software is crucial. AVG Anti Virus is an
excellent program and is offered in a free downloadable
version at http://www.grisoft.com.
Spyware is often overlooked by Anti-virus algorithms. There
are many excellent Anti-Spyware programs available.
A free version of SpyBot Search and Destroy can be
downloaded at:
http://www.safer-networking.org
A free version of AdAware SE Personal can be downloaded at:
http://www.lavasoftusa.com/software/adaware/
I utilize both SpyBot and AdAware and have had several
instances where items missed by one program were discovered
by the other. After running a scan with both programs, I
have never had to deal with any missed items, UNLESS the
item was an Active X control.
"Active X" controls, (Flash, Swish, etc.), are elements that
have benefited Web surfers tremendously. They allow Web
sites to come alive using multimedia effects, interactive
objects, and sophisticated applications that create a
dynamic user experience.
Unfortunately, they can easily be manipulated into
Spyware/Adware. These objects are often overlooked by
Anti-virus and Anti-spyware programs. SpywareBlaster is a
program that was specifically designed to detect and to
prevent the installation of corrupt Active X controls. A
free version of SpywareBlaster can be downloaded at:
http://www.javacoolsoftware.com/spywareblaster.html
After installing each program, take the time to read the
"Readme" files. Familiarize yourself with the application
and how it works. Many times the default configuration of
these programs may cause the program to conflict with other
applications or devices on your machine. Obviously you won't
be able to manipulate the program until it fits your
specific needs if you're not familiar with it.
Once installed, utilize and keep these programs updated at a
minimum on a weekly basis. With all Anti-virus and
Anti-Spyware applications, keep an eye on the "Ignored
Items" list upon opening the program. (Some malicious
programs have figured out how to make themselves "Ignored"
by scanning software). If you find that any items have been
checked as an "Ignored Item", simply de-selecting the item
and continuing with the scan will usually do the trick.
In conclusion, I can tell you this from experience - when it
comes to dealing with malicious programs, prevention is
much, MUCH easier to obtain than the cure!
J.C. Hurst is the IT/Internet Marketing Director for The
Ziegler Corporations.
You may contact J.C. at 800.726.0510
|
