SysChat

SysChat (http://www.syschat.com/forum.php)
-   Security (http://www.syschat.com/tutorials/security/)
-   -   Malicious Programs - Prevention Is Much Easier than the Cure (http://www.syschat.com/malicious-programs-prevention-much-easier-than-1257.html)

Sami 12-05-2006 02:52 AM

Malicious Programs - Prevention Is Much Easier than the Cure
 
Similar to motorists who travel at 10 miles per hour below the posted speed limit in the left-hand lane, programmers who deliberately create and distribute malicious computer programs don't have a clue. They have a great deal of knowledge and expertise but they can't seem to figure out how to function by simply following the rules. This article briefly explains how most computer viruses compromise vulnerable computers and how you can make your computer and valuable data much less vulnerable to a malicious executable or "virus."

Malicious Executables

All malicious programs are "executable" files. On computers running MS-DOS or Windows based operating systems; .exe and .com are the common extensions for these files.

Virus


A Virus is a computer program created for the sole purpose of destroying data on your computer. The virus may destroy non-crucial files, or it may be programmed to erase all files. A virus can cause an infected computer to perform certain actions on certain dates or issue serious commands such as deleting your entire system registry, totally disabling the operation and booting up of your computer.

Viruses are distributed through executable files that we receive from friends, download off the Internet or even install ourselves. A virus will often come disguised as a Trojan which serves as the carrier for the virus.

Trojan

A Trojan is a program that usually appears to be safe, but contains something harmful inside such as a worm or virus. You may download a game or an image, assuming that it's harmless, but once you execute the file, the worm or virus goes to work. Sometimes they will simply annoy you, but many are specifically designed to cause severe damage to your system.

Worm

Worms operate a bit differently. These programs replicate themselves over and over again. Worms generally arrive through an email client. Machines become infected if the user accepts a Trojan file that contains a Worm in its payload. The majority of these programs are designed to exploit email address books stored on a mail server or hard drive. When you open a Trojan email attachment that contains a worm, the Trojan tells the worm file to propagate with all email addresses it finds and to email itself to each address, thus repeating the process.

The "Love Bug" is a good example of each of the above. It's a Trojan because it arrives disguised as a "Love Letter" when it is actually carrying a harmful program. It's a virus because once executed, it infects files on your computer, turning them into new Trojans. It's a worm because it propagates itself by sending itself out to everyone listed in your email address book or IRC client.

Bacteria

Bacteria programs are simply designed to replicate themselves many times, thus causing a lack of resource or slowdown of the computer.

Spyware

Spyware is usually designed to log marketing data from the computer and send it to a web-server which stores the information in a database. Because these programs are fairly easy to develop and distribute, they have become popular with identity thieves.

Botnet


Similar to Spyware, Botnet applications are designed to copy software programs installed on individual computers and network computers within companies and organizations. Once a network has been exploited, the Master Botnet will usually command the Botnets that are located on the rest of the network and implement actions from the central server.

Computer-based Prevention


Note - If your computer is on a Local Area Network or LAN at your dealership or you have a laptop that is at times on a LAN, don't change ANY configuration settings without first checking with the Network Administrator.

Installing anti-virus software is important, but more and more every year anti-virus software by itself is not enough. If you are running an MS-DOS or Windows based operating system the following precautions will greatly decrease your chances of becoming infected and are mandatory now at many large corporations:

1. - Don't store installation programs, ("Setup.exe" files), on your hard drive. Many viruses replace these files with their corrupt setup files making it easy for you to accidentally "install" them.

2. - Most anti-virus programs allow you to scan individual files before opening them. Scan ALL executable files before opening.

3. - Utilize "classic view" instead of "Windows XP" or "Web" view with Windows Explorer. Many viruses replace the "Folder.htt" file utilized by "Windows XP" view with a corrupt VBScript. Once infected, each time you utilize Windows Explorer to view a folder you execute a virus that dramatically slows down your machine. To switch to "classic view", do the following:

"Right-click" on the task bar, (bottom of screen), select "properties", then "Start Menu." Select "Classic Start Menu."

4. - Don't "Hide extensions for known file types." By default Windows Explorer will hide the extension of known or common file types such as .doc and .rtf. Most viruses that are executed through e-mail utilize this vulnerability. Once on your hard drive, the virus may display the same icon for a Microsoft Word document, but it is actually linked to a malicious executable. You would never know that the file is an ".exe" instead of a ".doc" because the extension is not visible. To correct this, open any folder, from the tool bar select "tools", "folder options", "view", then un-check "Hide extensions for known file types."

5. - Know what programs on your machine are executed during system start-up. Select "Start", "Run", type "msconfig", press "Ok" or hit "Enter." Select the "Startup" tab and look at the programs that are starting each time you start your computer. Familiarize yourself with each program and check them periodically. That way if something unfamiliar shows up you will recognize it.

Software-based Prevention

Note - If your computer is on a Local Area Network or LAN at your dealership or you have a laptop that is at times on a LAN, don't install ANY software without first checking with the Network Administrator.

Anti-virus software is crucial. AVG Anti Virus is an excellent program and is offered in a free downloadable version at AVG Anti Virus: HOME.

Spyware is often overlooked by Anti-virus algorithms. There are many excellent Anti-Spyware programs available.

A free version of SpyBot Search and Destroy can be downloaded at: The home of Spybot-S&D!

A free version of AdAware SE Personal can be downloaded at: Ad-Aware @ Lavasoft - The Original Anti-Spyware Company

I utilize both SpyBot and AdAware and have had several instances where items missed by one program were discovered by the other. After running a scan with both programs, I have never had to deal with any missed items, UNLESS the item was an Active X control.

"Active X" controls, (Flash, Swish, etc.), are elements that have benefited Web surfers tremendously. They allow Web sites to come alive using multimedia effects, interactive objects, and sophisticated applications that create a dynamic user experience.

Unfortunately, they can easily be manipulated into Spyware/Adware. These objects are often overlooked by Anti-virus and Anti-spyware programs. SpywareBlaster is a program that was specifically designed to detect and to prevent the installation of corrupt Active X controls. A free version of SpywareBlaster can be downloaded at: SpywareBlaster

After installing each program, take the time to read the "Readme" files. Familiarize yourself with the application and how it works. Many times the default configuration of these programs may cause the program to conflict with other applications or devices on your machine. Obviously you won't be able to manipulate the program until it fits your specific needs if you're not familiar with it.

Once installed, utilize and keep these programs updated at a minimum on a weekly basis. With all Anti-virus and Anti-Spyware applications, keep an eye on the "Ignored Items" list upon opening the program. (Some malicious programs have figured out how to make themselves "Ignored" by scanning software). If you find that any items have been checked as an "Ignored Item", simply de-selecting the item and continuing with the scan will usually do the trick.

In conclusion, I can tell you this from experience - when it comes to dealing with malicious programs, prevention is much, MUCH easier to obtain than the cure!

J.C. Hurst is the IT/Internet Marketing Director for The Ziegler Corporations. You may contact J.C. at 800.726.0510 -or- [email protected]


All times are GMT -4. The time now is 09:53 AM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54