PC Alamode Magazine - Comm Corner; How to install an Anti-Virus app, John Woody, Mike Espinoza

HOME

Meeting

Join / Renew

PC Alamode

About Us

HELP

Archives

Other

by John Woody
and Mike Espinoza

Index

Comm Corner

Computers and Security
How to install an Anti-Virus app

John Woody is a net working communications consultant specializing in small office, home office networks, training setup, and internet connectivity.

Michael Espinoza is owner of Technology Coaching, a training and consulting firm that specializes in the PDA market. He co-chairs the PDA SIG with John Woody.

In keeping with the Computers and Security theme, it is time to address in detail anti-virus protection and what is at stake with one’s computer to keep the nasty viruses away. There are two current reasons for doing this article. The first is that I had to clean my server this past month of a virus that had hit me earlier in the year. It was still lurking in the background after I had cleaned my other machines. The second reason is the latest threat from the SirCam and CodeRed worms that are running amok at this time. Both have taught me new lessons in being alert and protective of my equipment.

The virus I had to get rid of was called {W32.HLLW.QAZ.A} and simply replaced NOTEPAD with itself by renaming NOTEPAD.EXE. The next time NOTEPAD was used, it did things to the computer. There is a fix it by cleaning the REGISTRY pointer it installed and then renaming NOTEPAD.EXE back to itself. I had to disconnect each computer in my network and run the anti-virus program and the re-install patch on each. It was not hard to do, but did take a lot of time. It did bring home to me the need for keeping my anti-virus application up to date. Each time the QAZ.A showed itself, the Norton Anti-Virus application on my machines caught it and isolated it for deletion. As everyone knows, I have been preaching that theme forever.

The SirCam and CodeRed worms are different, not that hard to fix once detected, and also are big problems for the unwary. SirCam infects workstations and computers on a network. CodeRed is directed at servers. The CodeRed worm directs it’s attacks at specific Web sites. It has two variations, CodeRed and CodeRed II. The CodeRed worms are directed at NT and Windows 2000 (W2K) machines. Again, a Microsoft download patch fixes both OSs. The W2K OS requires Service Pack (SP1) to install. Again, the fix is more time consuming than really bad.

So how does a virus affect me
A virus is a program that is written by computer programmers (called hackers) who have malicious intent toward your computer. Virus programs are intended to be disrupt, steal, or destroy data on your computer. As with any program, viruses act out their functions when they are executed. In general, a program is a series of instructions that the computer executes to perform a specific task, i.e., word processing, spreadsheets, finance programs, etc. Viruses must be executed the same way. In order for a program to be executed, the program must reside in Random Access Memory (RAM). To get to RAM, the program must be executed, or run by a user. In the Windows OS environment, this execution of the program is accomplished by double-clicking the program icon or by typing the program’s filename within the RUN dialog box.

Virus programs have filenames just like valid programs such as EXCEL.EXE. Virus filenames, however, do not express what the program intends to do, such as destroy the hard drive as DESTROYDISK.EXE. Virus filenames are usually disguised as other programs by using valid filenames. Virus programs usually attach themselves to other programs to gain access to RAM.

Once the virus program is in memory, it depends on what the hacker intended for it to do. Many viruses immediately perform its program processing. This processing may change files, remove files, write to the monitor, or change the OS. Some viruses lie in wait until a specific date, then do their damage.

How a virus infects a computer
There are two common ways that a virus can infect a computer. The first method is via a floppy that contains infected files. The second is via infected files transmitted across the Internet. The first method was the only one I had seen until I got the QAZ.A via a Internet download. There is another virus that has become prominent in the recent past, that is the micro viruses found as word processing or spreadsheet macros in Microsoft Windows applications. Micro viruses have spread as a result of being spread over the Internet as e-mail. The micro viruses are inserted in application documents that are usually sent as attachments to e-mail. Macros are generated as utility programs within the word processor to help do certain functions. Most micros are the default in the late version Office suite programs such as Microsoft Office and Corel WordPerfect Office. The legitimate micros are good for work. The bad micros can ruin your whole day.

There are several types of viruses. The first is the boot-sector virus. This virus places special program instructions in the disk’s boot sector, which is loaded into RAM each time the computer is booted or started. The second is a polymorphic virus that changes form from one execution to the next. These are created to hide from virus-detection applications. A third virus is known as a Trojan Horse that attaches itself to another program the hitchhike into RAM. A fourth virus is called a worm. Worms infect other systems by replicating copies of itself across the Internet. A fifth virus as noted above is the micro virus.

Keep in mind that for a virus to function, it must gain access to memory. To gain that access, the virus must be part of a program execution. The virus must execute its instructions in memory before it can do anything. This brings us to a warning that should be tattooed on our forehead:

Never run a program or open a document that you receive from another user you do not know. If you receive a document or program file from someone you do know, do not open the document or run the program without first scanning the file’s contents with an anti-virus application.

Things to do to reduce virus risk
There are things that one can do to reduce risk from virus attacks. These techniques also help with security and privacy issues. Hackers gain access to computers or networks by obtaining Username and Password information. Do not give this information to anyone. Do not download and run “unsafe” programs. There are eight techniques that greatly reduce risk of virus attack. These techniques are:

Use Anti-Virus programs to scan the computer and its storage disk drives. There are several anti-virus programs that are available. McAfee Antivirus and Norton Antivirus are the two most used programs.
Stay current on virus signatures for the anti-virus program that you use. Virus signatures are the file segments that the anti-virus program uses to detect the virus. Each anti-virus application manufacturer has a Web site that provides these signatures for download.
Perform Backup operations on a regular basis. The data needs to be backed up to make sure that it is available. Some viruses destroy the data on the HDD. Backups provide a way to restore the data.
Open only attached documents sent to you by users you know and only after scanning the attachments for viruses. Attachments are great carriers of viruses. Word processed documents, spreadsheets, databases, graphics, and programs may hide viruses.
Do not exchange floppy disks with another user without first scanning the disk. This was the source of most of my virus problems until QAZ.A
Protect your computer or network with a firewall. Firewalls are combinations of hardware and software that prevents unauthorized users from using your computer.
Know what programs are running on your computer. To determine running programs, use one of the OS utilities such as Microsoft System Information to monitor your programs.
Fine-tune the browser security settings so that it becomes the first line of defense for you.

The two most important techniques from this list are Anti-Virus programs and regular backups. The third best technique is to scan everything before you use it. This brings us to Anti-virus programs. I have mentioned McAfee and Norton. Use one of these programs. Both provide anti-virus signatures that readily identify viruses, and, both keep their signatures up to date. I use Norton Anti-virus because it is the most user friendly. It’s Live-Update FTP feature is easy to use and is fool-proof for the most part. In fact, I have found that it is easier to just buy the latest version for my computers each year, than to try to re-subscribe each year for application updates. The Symantec Norton AntiVirus Research Center can be reached at www.symantec.com/avcenter. Another good site is the AntiViral Toolkit Pro (AVP) Web site at www.avp.com. These are examples of the information that is available for review. This is good place to check on the hoaxes that abound on the Internet. Nearly every scare that comes over the Internet is a hoax. The real threats will immediately be passed along and reported on by the techies and the news media.

Conclusion
Virus programs are a real threat to all computer users. The threat has been heightened for individuals and businesses by the advent of highspeed Internet communications. Broadband use, both DSL and direct cable, here in San Antonio have opened individual users to hacker and virus attacks. Again, I use Norton AntiVirus programs on all my computers. This program has been very good in catching the viruses that come to my computers from the Internet. Anti-virus protection is just one more of the security and privacy tools that computer users to maintain their computer use in good stead.