Google
A A A A A
WEB ARTICLES
2 bounce or...
Anti Virus Advice
Apache Configuration
Dual booting an Acer Aspire
Fluid Tables
Freeware
HTML e-mail is EVIL
Online Security
Netiquette
RAMpage
Spam Fighting
SSIs & XSSIs
SSI, XSSI & CGI variables
Tips


Follow georgedillon on Twitter







 

ANTI VIRUS ADVICE

Like Netiquette and Basic Online Security this page exists so I don't have to keep sending the same advice to my friends. Much of the advice here is also repeated at greater length on those two pages and you are advised to read all 3 articles together.

  1. Protecting yourself
  2. Healing yourself
  3. Informing yourself
  4. Warning others and why not to do it
  5. Protecting others

1. Protecting yourself

HOW TO AVOID GETTING VIRUSES

You can't!

If you use email, sooner or later your address will be sitting in the address book or mail folder of someone else's machine when they trigger a virus and within less than a second that virus will be coming your way.

But receiving (or simply coming into contact with) viruses is not the same as being infected by them. Everyone who uses the internet will sooner or later get sent a virus or ten, but with a few basic precautions your system need never become infected.

The 3 basic rules of virus avoidance are the same as the first three rules of Basic Online Security, i.e. 1. Keep your patches up-to-date, 2. Keep your virus scanner up-to-date and 3. Be cautious of attachments.

With the existence of at least one very good FREEWARE antivirus suite, namely AVG Antivirus Suite there is absolutely no reason not to have at least one AV suite installed on your system. AT LEAST one? Yes, you can install and use more than one - but be warned that running two different antivirus protection suites at once will cause your system to seize up. The trick is to use them in different ways. You can (and I do) use one program to do a boot/start-up scan of your essential system files (I use AVG for this) and another (e.g. Norton) for your always-on protection. And there is nothing to prevent you installing three or more AV scanners for treble-checking suspicious files, provided only one AV suite is set to auto-protect. I actually have 4 antivirus suites installed on my system, although in practise I only use 2 of them every day. The others are for when AVG and Norton disagree - to give me a third opinion when I cannot decide if the discrepancy is because one is throwing up a false alarm or the other has failed to detect something nasty.


  Back to top    Back to top

2. Healing yourself

WHAT TO DO IF YOU DO GET A VIRUS

Don't panic!

Firstly, are you sure you have actually been infected by a virus? What are the REAL first signs of having a virus? Sometimes people panic when their anti-virus software throws up an alert, and start warning everyone - "I've got a virus, so you probably have it too!" when in fact the AV software has done it's job, and detected and quarantined the nasty.

So before you do anything, take a moment to think. In most cases a few hours or even a few days delay will make no difference to whether the virus damages your system or not. If the payload is triggered immediately upon infection then it's too late anyway. If not, it's most likely that the payload is triggered on a particular day (such as the anniversary of the Chernobyl disaster) or by certain types of activity - so pause and consider your options.

I repeat the question - What are the REAL first signs of having a virus?

Of course it depends on the virus, but apart from your system behaving strangely and/or files being corrupted, the most likely first sign will be emails from all your friends telling you you have a virus (since, unlike you, they have been sensible in keeping their patches and AV signatures up to date). (Unfortunately, while it may be the first real sign of infection it might also be a false alarm since even if/when you receive such emails from several different people, YOU may not be the one who is infected... the reason for this that viruses can forge the sender information - see below...)

If you suspect you may have a virus, the best thing to do is to try to identify it. Make a note of the name of the virus in any alert you have received (or check the infectious email for keywords, such as suspicious website addresses) and then find out what that virus is and what it does. If you can still get access to the internet (if not use a friend's computer to) do a search on one or more of the major antivirus companies' websites:

SYMANTEC:
http://www.sarc.com/avcenter/vinfodb.html

SOPHOS:
http://www.sophos.com/search/

TREND:
http://www.antivirus.com/vinfo/

McAFEE:
http://vil.mcafee.com/default.asp?

Often the information available on these sites is very comprehensive - how the virus spreads, how it gets into your machine, what are the signs of its presence, what damage can it do and how can it be removed. You will probably be able to download a free fix for it - in which case removing the virus may be as simple as downloading the fix, booting your machine from a floppy and running the fix.


  Back to top    Back to top

3. Informing yourself

There are professional organisations which issue virus warnings based on actual viral activity and not just rumours. Their warnings are not only accurate but informative and provide the information you REALLY need to anticipate and deal with any threat. I subscribe to four virus alert notification services, and while some are clearly more on-the-ball than others, when I receive more than one emergency alert I know that something bad is out there and it's time to update my signatures and be extra careful for a while:

Symantec AntiVirus Research Centre Newsletter:
http://www.sarc.com/avcenter/newsletter_regions/en.html

Sophos Email Notification:
http://www.sophos.com/virusinfo/notifications/

Trend Virus Info:
http://www.antivirus.com/subscriptions/default.asp

McAfee Dispatch:
http://dispatch.mcafee.com/sub.asp?s=22

and for anyone using Micros**t products, it is also essential to ensure your security patches are up-to-date by subscribing to:

Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/notify.asp


  Back to top    Back to top

4. Warning others and why not to do it

With the increase in virus activity, infectiousness and damage over the last 2 years plus the source-masking techniques used by most recent viruses, I have come to the conclusion that

YOU SHOULD NEVER WARN ANYONE ABOUT VIRUSES.

This may seem odd, even selfish, advice but viruses, like terrorism, often do more damage by spreading fear and prompting extreme pre-emptive measures, and costing more in time and money than they do by direct attack. In the old days, for example, running any always-on anti-virus scanner on a 486 with only 16Mb or Ram would make the system run so slowly it was simply better to turn the protection off (an unthinkable risk and unecessary system boost today).

The bottom line is that you are responsible for your own safety and no one else's. That's not to say you shouldn't behave responsibly. Quite the opposite. There are things you can and should do to prevent yourself becoming a danger to others. But issuing warnings should be left to the professional oprganisations mentioned above.

Obviously, issuing alarmist fore-warnings is irresponsible. But even when you have suffered a specific infection, it is very difficult to identify from what source a virus came to your machine and whether the virus has been sent from your machine and to whom. And since viruses are often quite sophisticated, unless you are an expert the chances are your warning will misinform. Take this example of a warning I recently received from a friend -

Im sending everyone in my address book this email - My Anti-virus detected a virus in my PC. Someone (will never know who) must have accidentaly sent an email containing this virus. The virus has now been safely removed from my PC. But i would strongly advise you run an anti-virus check on your own PC. (dont worry, you probably dont have it) and if you have it then let others know who are in YOUR address book.

I used AVG. free edition, from www.grisoft.com to remove mine.
As i have said, my PC is now FREE OF VIRUS, so there is nothing in this email that you can catch.

Although it is well-meant, almost everything about that 'warning' is wrong, - from the advice to forward the warning to everyone (breaking one of the golden rules of netiquette) to the hubristic assertion that her machine is virus-free - and the essential information which could actually forewarn any recipient (i.e. the identity of the virus, how it spreads and manifests and how to avoid/fix it) is totally missing.

IF YOU ARE GOING TO SEND VIRUS WARNINGS, DO YOUR RESEARCH.

OK if you must... then do it properly. Identify the threat, explain it in calm language and above all include URLS to authoratative sources of more information. I no longer bother trying to warn people who send me viruses, but as an illustration, here is a warning I sent someone in September 2001 when the volume of infected messages they were sending me became annoying:

You have the Sircam virus. As a result you are mailing me random documents as attachments (containing the virus). Please follow the recommended steps to clean your machine so as to stop this from happening you can get details from these pages:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A

and

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

Or... since the manual fix is rather tricky (and since you are not averse to clicking on dubious attachments ) you might like use the attached file - FixSirc.com (68 kb).

HTH

George Dillon

WHY NOT?

Whatever infection you might have caught, or alert you may have received - there is absolutely no point in your sending pre-emptive alerts to everyone in your address book. In fact it is always WRONG to do this. If your friends are uninfected, then you should neither alarm them nor annoy them with useless warnings. Their self-protection is their own responsibility (and may well be far in advance of your own - after all you're the one with an infected machine!). If they have been infected, it's already too late for a warning and probably best for you too keep your head low... after all YOU ARE NOT TO BLAME for their infection - THEY ARE, together with the virus-writer, of course!

So what about warning the senders of viruses you receive that they are/might be infected? Isn't that a responsible thing to do? Well sadly the answer is NO, not anymore... because...

Viruses forge the sender information.

This has 2 serious and rather horrible ramifications...

Firstly, there is sometimes no way of knowing (and warning) even the one person who should be warned - the person from whose machine you were sent a virus. In the case above, where I warned the Sircam-sender, I had done my research, and I knew exactly where it was from, because I was getting 6 messages a day from the same complete stranger, all of them with sizeable attachments. However, that particular worm did not forge the From: or Replyto: addresses. The latest viruses do... which leads on to...

Secondly, you may receive messages warning you that you are infected and are forwarding viruses - and you may receive them from more than one source - when in fact you are virus-free. Here's how it can happen... 1). If you send an email to (for example) Tony Blair (or if someone you know forwards a circular using CC: instead of BCC: and both you and Tony B are included in the list) and Tony B does not clear out his inbox regularly, then your email address may exist in that message in his inbox until either he deletes it or... 2). Tony B then gets infected with the Saddam virus which searches his inbox for email addresses, randomly picks one (which happens to be YOURS) and then sends itself to all the 25,000 other addresses it finds AS IF IT CAME FROM YOU!!! 3). You then receive 25,000 irate messages completely out of the blue, some polite, some rather angry but all saying that you have and are forwarding the Saddam virus!


  Back to top    Back to top

5. Protecting others

There are steps you can take to reduce the risk that you pose to others. The first three rules of Basic Online Security are mainly about protecting yourself, but the fourth - Install a Firewall is also about protecting others by preventing rogue applications from establishing internet connections.

As well as the 10 Basic Online Security Rules, many of the rules of Netiquette actually concern issues of security, and how not to be a nuisance/danger to others: Don't use HTML formatted email, Don't send (Word) .DOC attachments Don't forward messages to everyone you know and Don't use To: or Cc: when sending messages to more than 1 person.

The last point in this list is one which has caused me some grief in the past, both because of the things I have received from friends of friends who have retrieved my address from such mass mailings, and the offense which some have taken when I have tried to explain why I was not happy at being exposed to greater risk by their irresponsible behaviour. The final straw, and the one which finally prompted me to write this was when the source of two previous viruses sent me this garbage:

> > > Subject: PLEASE FORWARD THIS MESSAGE
> > >
> > > During the next several weeks be VERY cautious about opening or
> > > launching
> > > any e-mails that refer to the World Trade Center or 9/11 in any way,
> > > regardless of who sent it.
> > >
> > > PLEASE FORWARD TO ALL YOUR FRIENDS AND FAMILY.
> > >
> > > FOR THOSE THAT DONT KNOW, "WTC" STANDS FOR THE
> > > WORLD TRADE CENTER
> > >
> > > REALLY DANGEROUS BECAUSE
> > >
> > > PEOPLE WILL OPEN IT RIGHT AWAY.....
> > >
> > > THINKING ITS A STORY RELATING TO 9/11
> > >
> > >
> > > (.....PLEASE BE CAREFUL....... :)
> > >
> > > BIGGGG TROUBLE !!!! DO NOT OPEN "WTC Survivor"
> > >
> > > It is a virus that will erase your whole "C" drive.. It will come to
> > > you in the form of an E-Mail from a familiar person.
> > >
> > > I repeat a friend sent! it to me, but called and warned me before
> > > I opened it.
> > >
> > > He was not so lucky and now he can't even start his computer!
> > >
> > > Forward this to everyone in your address book.
> > > I would rather receive this 25 times than not at all.
> > >
> > > If you receive an email called "WTC Survivor" do not open it.
> > >
> > > Delete it right away! This virus removes all dynamic link libraries
> > > (.dll files) from your computer.
> > >
> > > PLEASE FORWARD THIS MESSAGE

The irony was he thought he was doing the right thing, but by sending this (hoax) warning to everyone he knew, in the way he did, he only INCREASED the virus risk for everyone who received his message.


  Back to top    Back to top
 
[ Pop-up a printable version of this page ]
ANTI VIRUS ADVICE
http://www.georgedillon.com/web/antivirus_advice.shtml
[Updated - 06 July 2006]
Contact | Home | Kendo | Theatre | Web | Search

  Back to top    Back to top
Make payments with PayPal - it's fast, free and secure!
PageRank Checking Icon