Viruses:

Today, the differences between Spyware and Viruses have narrowed. Most Security product vendors have therefore combined AntiSpyware and AntiVirus capabilities into their security products. The following are some of the popular Security products currently available in the market, as well as links to each product's information on their respective websites, sorted in ascending alphabetical order:

1. AVG Security Products (http://www.avg.com/in-en/homepage)

2. Kaspersky Security Products (http://www.kaspersky.com)

3. McAfee Total Protection (http://home.mcafee.com/Store/Package.aspx?pkgid=275)

4. Norton 360 (http://www.symantec.com/norton/360)

5. Norton AntiVirus 2010 (http://www.symantec.com/norton/antivirus)

6. Norton Internet Security 2010 (http://www.symantec.com/norton/internet-security)

7. SpyBot Search & Destroy (http://www.safer-networking.org/index2.html)

Despite being the first amongst Computing nuisances, Viruses have not been exterminated. They have not been (exterminated) in the physical world too, so take heart... The reasons for non-extermination of Computer Viruses are;

1. The number of Computers and computer users today is many times what it was, even 5 years ago. Today, there are many more Computers, computer users, faster Internet links and many more Internet-connected users, resulting in quicker and more widespread propagation of viruses. Most of the early viruses were contained within a specific region or continent. Today, Viruses have frequently spread to all continents, before they are even detected!

2. Today, a Computer that is not connected to the Internet is rare. Even Home Computers have fast broadband connections today whereas in the past, corporate Computers alone were usually connected to the Internet. More connected users and faster Internet connections naturally results in faster propagation of viruses and propagation across larger areas, before they are discovered

3. Earlier, Viruses were written to propagate by means of infected media (floppy disks, etc.), but today,. viruses do not propagate that way. Today, computers are used for a variety of purposes - Browsing, e-Mail, etc. Virus developers have recognized this and 'updated' their ugly creations to harness this fact. Today, almost all viruses spread over the Internet, specially over e-Mail.

4. Anyone - even a school kid - can write a simple virus. However, developing an effective antidote to even a relatively-simple virus would take a large Antivirus vendor a few days, since they would need to first inform the computing public about the new virus, study it thoroughly, develop a solution that (a) removes the infecting code (b) reverses the damage caused by the virus, as far as possible and finally, (c) make the antidote available to the computing public.

The truth is, anyone with a fairly elementary knowledge of programming can develop a virus that would take many man-hours to unravel. Every new virus - or a new strain of an existing virus - needs to be first studied, its code analyzed, and then, the antidote developed.  It is for this reason that Antivirus developers will always end up catching up with the virus developers. It is for this reason, that Viruses refuse to go away!

So what is the bottom line - do you sell off your Computer, smash up your Modem or stop browsing/ e-Mailing? Obviously not - even if you could actually do it! Why, you would not stop stepping out of your home just because the number of traffic accidents is rising every year, would you? No. The answer lies in taking basic precautions to reduce as much as possible, the chances of your computer getting infected!

Here are the steps that you should take to ensure that your Computer remains reasonably well-protected from Viruses. Since viruses propagate over e-Mail today, these double up as healthy e-Mail usage practices as well:

1. Purchase a legal copy of a top-notch Antivirus Program. A cheap or free (or pirated!) program will not do - you are investing on protecting your computer as well as your data - years of hard work. Do not cheat yourself by going in for a pirated, free or cheap solutions!

2. Update your Antivirus Program as frequently as possible. It is best to update it at least once every 2-3 days!

3. Be extremely careful opening e-Mail. Today, the overwhelming majority of viruses are designed to spread through e-Mail. Its a cinch that you have received mail with the subject line "Your Password", "Hello", "Your Bank Documents", etc. These e-Mail would also contain attachments, usually in compressed Zip format. Do not open such attachments, for the attachments contain virus code! When you receive such mail, here is what you should do:

   1. If the mail has arrived on your office Computer, inform your IT Department about it. They may want to come over and inspect the mail.  Under no circumstances should such mail or its attachment be opened!

   2. If the mail has arrived on your home computer, immediately delete the mail and empty it from the Deleted Items folder as well. Again, do not open the attachment!

      1. Save yourself time by deleting e-Mail that looks like it has been sent by famous people whom you do not know. For example, if you have never met David Beckham, it is unlikely that he would be mailing you over the mail account david.beckham@gmail.com, isn't it? These are pranks and it is possible that such mail contains virus code as well  Delete them forthwith: DO NOT read/ open any attachments in such mail!

      2. Do not open mail from mail domains that sound like popular mail domains. If the sender of a mail has taken the pains to cloak his mail domain to make it appear like one of the popular ones, it is very likely that the sender is up to no good. So if you receive mail from somebody@yarhoo.com, (sounding similar to the mail domain yahoo.com), it is best to delete the mail right away without reading/ opening its attachments!

4. Ignore Chain Mails. Delete them immediately. Do you receive a number of chain mails? We do and it is very likely you do too. If you have a group of friends/ classmates who exchange jokes and stuff, thats okay of course. We are however concerned about chain mails you receive from strangers. Following are some varieties of chain mails:

   1. "Get Rich Quick" mail promising you that you can earn thousands of dollars merely by spending an hour on the Internet every day. Usually, you need to buy a book or a CD or something from sites that send such mail. If you do make the purchase, count yourself lucky if you make even a few cents a day, using the promised get-rich-quick methodologies! Ana at the worst end of the spectrum, you may end up downloading a nasty virus...

   2. Mail seeking your assistance in locating missing children/ pets, etc., after natural calamities such as a Tsunami. Sure, they make sad reading. Sure your human kindness swells up on reading such mail. But wait a minute - most of them are fraud mail, the product of mischievous minds, so your humanitarian feelings are simply wasted!

   3. Mail with "Words of Wisdom", with the request that you to forward the mail to more friends, if you want something wonderful happening to you in the next 3 days/ a week/ a fortnight. Usually, such mail warns you of dire consequences if you do not do so! These are usually mail sent out by e-Mail harvesters. Reply to them and they add your e-Mail Address to the Spam mail they keep sending out. Reply to them and you are bound to have your Inbox filled with junk mail every day thereafter! And oh of course, you might be downloading a virus too...

   4. Mail informing you that you have been chosen for a free gift/ a large sum of money due to some unique turn of events. If you reply to mail naming you as the inheritor of a large sum of money, you could next be asked to send in a small amount of money towards the expenses of couriering you your huge "inheritance". If you do send in the courier expenses and never hear from the sender of the mail again (which is what will happen too), it is one more naive Computer user that the sender has conned - YOU! Even if such mail does not contain viruses, its a waste of your time, isn't it?

Not all the above categories of mail contain viruses: some of them are merely attempts to appeal to your good nature and rid you of some of your hard-earned money. Some others merely serve the purpose of confirming your e-Mail address and that you are in the habit of checking it regularly, so that they may send you more of their spam mail in future. Some others are merely pranks. In any case, ALL of them waste your precious time. Whatever be the motive of such mail, we recommend that you adopt the following practices for tackling such mail:

1. NEVER reply to such mail. By replying to such mail, you are only telling the sender, "Yes, this is my e-Mail address and I check the mail in it regularly. So send me mail to this e-Mail account, I will read it! Thank You!"

2. NEVER even Unsubscribe to mail that you have not subscribed/ consented to receive - the effect is exactly as we outlined in 1. above - as if you had invited the sender to send you more unsolicited spam! (See 6. to understand what to do in such cases). The Rule here is, "If you have not Subscribed to a mail, DO NOT Unsubscribe from it as well!"

3. NEVER open the attachments of such mail: No attachment opened, no risk taken!

4. NEVER click on the link in such mail. Clicking links in such mail once again tells the sender that you exist, your e-Mail address is valid and that you regularly check the e-Mail address!

5. If you are sorely tempted to click the link in such mail, here is something that is a little safer:

   1. Copy the link by highlighting it and pressing Control-C

   2. Open your Browser (or a second Browser window) and paste the link into it, then browse to the site

Such sites are rarely genuine and their contents rarely interesting, in any case.

MAKE SURE you mark the sender as a Junk Mail Sender, in your e-Mail client software. Under Outlook and Outlook Express, highlight the junk mail and right-click it. Then, in the pop-up window that comes up, left-click on the option for classifying the mail as Junk/ Spam. If you use popular free e-Mail service providers such as Yahoo/ GMail/ Hotmail/ AOL, you again have options for classifying mail as Junk/ Spam/ Bulk Mail. Go ahead and mark the mail, so that any subsequent mail you receive from the same sender goes directly into your Junk Mail folder, not your Inbox!

MAKE SURE you delete the mail, once you classify it as Spam/ Junk/ Bulk Mail. Usually, the mail gets moved to your Spam Folder when you classify it as Junk. Therefore you will need to go to your Junk Folder and delete these mails. You may also need to empty it from the Deleted Mail folder, depending on your e-Mail client/ e-Mail service provider. Whatever be the case, do this at the earliest - there is no profit in keeping the mail and thus, cluttering your Hard Disk. Or worse - keeping a virus-carrying mail on your computer!

Interestingly, the answer is Yes! Symantec have recently (August 2009) taken the initiative to bring out a list of 100 'Dirtiest' Websites, in terms of infections. The selection is based on number of threats detected by their top-notch Security product, Norton Safe Web.

The Methodology used is briefly explained as;

"To find the dirt, Norton Safe Web crawls the Web and performs analysis of millions of sites, and benefits from a network of more than 20 million Norton Community Watch members that automatically submit suspicious URLs for analysis in real-time. The list of the top 100 Dirtiest Web Sites of Summer 2009 was compiled based on number of threats detected by Norton Safe Web as of August 2009."

Here is a brief of the 'Filthy Facts':

• Average number of threats per site on the Dirtiest Websites list is roughly 18,000, compared to 23 threats per site for all sites rated by Norton Safe Web

• 40 of the Top 100 Dirtiest Sites have more than 20,000 threats per site

• 48% of the Top 100 Dirtiest Web sites feature adult content

• 3/4 of the Top 100 Dirtiest Web sites have distributed malware for more than 6 months

• Viruses are the most common threat represented on the Dirtiest list, followed by Security Risks and Browser Exploits

Here is a link to the page: http://safeweb.norton.com/dirtysites - DO NOT visit any of the sites listed therein!

A Zero Day strike refers to the first day that a new Virus or Spyware strikes Computers, usually on a large scale. This is a much-feared attack, for, at such times, nobody (except the makers of the Virus/ Spyware) knows how to remove it!

Security programs (i.e., AntiVirus and AntiSpyware programs) work by identifying and removing known threats, but a Zero Day strike is something that may not be noticed by them! Even if their Security algorithms detect that the script is up to no good, the security product is incapable of removing the threat from your Computer if it is infected, since it is still 'Day Zero', as far as the appearance of the threat is concerned. As a result, Zero Day strikes usually leave large numbers of Computers dead across large parts of the globe. Thanks to the proliferation of broadband Internet access and Gigabit Networks, they travel undetected across continents in the blink of an eye, affecting Computers along their path!

Thus, even though your Operating System, AntiVirus, AntiSpyware and other programs are up-to-date, a zero day strike can leave your network crippled. There is worse to come: Security products manufacturers need time – usually a few days, sometimes as much as a whole week, before they are in a position to release an update to their products: an update that can remove the zero day virus and repair your Computer, restoring it to its former, healthy status! So until the time that patches are available by Security product vendors, users have no choice but to shut down their Computers and Networks! Once security patches are developed by vendors, the threat is countered and the threat is no longer classified as a Zero Day Strike if it strikes your Computers, since patches are now available!

Despite the outlook being gloomy, there are a couple of things you can do, so as to minimize the chances of catching a zero day virus. Here are the things you can do:

1. Keep Security up to date. Today, many AntiVirus and AntiSpyware programs check for updates every 15 minutes or so – and download them, if available, from the vendor’s website. Norton AntiVirus products Norton AntiVirus 2009, Norton Internet Security and Norton 360 have what they call “Pulse Updates”, which checks with the Symantec server every 15 minutes of so.

2. Keep an eye on your Computers. Virus-infected systems will behave abnormally: the earlier you spot erratic system behavior, the better your chances of emerging with minimum damage. This is even more true with Zero Day strikes: your Security products will not show any infection, therefore you need to play it by the ear! Following are tell-tale symptoms of what could be a zero day attack:

   1. A sudden increase in the time one or more Computers take, to shut down and/ or start up

   2. A sudden increase in Internet Bandwidth consumption from one or more machines on the Network

   3. A sudden slowdown in Internet and/ or Network speeds

   4. A sudden increase in unusual error messages

   5. A sudden spurt in Computers misbehaving, freezing and/ or crashing

3. If you notice any abnormal activity on one or more machines, the best thing to do is to immediately plug those machines out of the Network – physically pull out their Network Cords even, so as to minimize the chances of the suspected Virus/ Spyware spreading to other Computers on the Network

4. Keep an eye on Security News. At WellOiledPC, we have made this easy for you by linking up with Symantec: virtually every page carries Symantec Alerts, which is updated in real time with the Symantec Server! You can do your bit and help make the world a safer place for computing by writing in to Symantec, McAfee, AVG and other Security product vendors, explaining the abnormal behavior of your Computers!

5. Install Host Intrusion Prevention Systems or Host Intrusion Protection Software: these do not rely on ‘Lists of definitions’ or ‘Signatures to block viruses’. Instead, they identify threats by analyzing the behavior of your system. They work on Rules-based Monitoring, thus preventing intruders from making unwanted changes. With well-written rules, the chances of stopping a Zero Day attack are a lot better than traditional Security products.

6. The more recent Security products heuristically assess potential system damage by studying what a piece of newly-downloaded code can do to your system. Symantec products Norton AntiVirus 2009, Norton Internet Security and Norton 360 work on a mixture of heuristic and list-based identification methods, just as other products from McAfee and AVG.

7. Monitor Internet and Systems usage – this is useful information if you need to call in experts for analyzing what you feel could be a serious security breach!

8. Keep a list of dangerous Websites and block the URLs of such websites. Click here for a list of 100 most Dangerous Websites!. For more White Papers on Computer Security, click here!

9. Ensure that you block all dangerous websites, including the list in 8. above! The best protection against security breaches is blocking dangerous URLs, through your Host Intrusion Prevention System!

10. Keep Backups of all important data – this point can never be over-emphasized!

1. Your fight against Zero Day strikes should be in place before you are actually hit by one. It is important to not only have an IT Plan ready, the plan should be familiar to Business Unit Heads and other senior personnel too. For example, if a Zero Day attack is suspected, the very first step is to disconnect the suspected Computer(s) from the Internet as well as the Network. Now, if it is suspected that a Server running an enterprise-critical process is infected, there should be complete agreement between senior personnel across the organization, that stopping the spread of the virus is more important than continuing to work, however mission-critical it is for the infected server to be up!

Getting senior personnel to agree on the above is one half of the agreement. The other half is the Service Level Agreement (SLA) between the IT Department and the Business Units. The IT Department needs to lay down just how many days they will require to bring up all Computers, the Network and the Internet, during a Zero Day attack. Yes of course, it is difficult to do that, for patches will come from the Security Products vendor! However, the IT Department needs to ensure that alternative measures – spare Servers, Bandwidth, Desktops, Notebooks, etc. are pressed into service to replace those taken out of the Network, until such time that the affected systems are repaired and all data restored!

Naturally, the SLA will depend on the amount budgeted by the company for such unforeseen and unexpected situations

• A complete set of duplicate servers, Computers, etc., will double the annual IT budgets!

• Organizations need to internally discuss and decide just where they would like to be between these extremes!

2. Get in touch with your Security products vendor immediately. They are better placed to understand what's going on and their advice will add value to your own Zero Day Strike Plan!

Note that your Security products vendor will need detailed information about the symptoms. Maintaining detailed Logs is thus important! When they study your logs, their response will be one of the following two possibilities:

1. “Oh Yes, we have a patch for that!” – this implies that your patch management program is ineffectual; you need to improve on that score!

2. “We haven’t come across this before…” – this usually means you ARE undergoing a Zero Day strike. Therefore the earlier you call in your Security products vendor, the less damage you will incur!

Antivirus solutions today are available across a broad range of categories. Let us look at each of these categories:

Freeware v.s. Commercial Solutions

The first classification of Antivirus solutions is into Freeware Antivirus Solutions and Commercial Antivirus solutions. AVG Antivirus, developed by Grisoft, is a popular freeware antivirus solution. (They have a commercial version of their Antivirus solution as well). It is fairly obvious that vendors do not give the same attention to a free solution, compared to what they give to a commercial solution. Neither the features, nor the frequency of updates would be quite the same as that which commercial solutions offer. Since your peace of mind depends on a virus-free computing experience, we DEFINITELY DO NOT recommend free antivirus solutions.

Online v.s. Offline solutions

Online Virus scanners are also available, with some of them (like the one offered by BitDefender - http://www.bitdefender.com) being completely free as well. Some of them - including BitDefender, offer commercial, offline solutions as well. We at WellOiledPC do not recommend online solutions, since online Virus scanners do not continuously check or protect your computer. You may have removed all viruses with an online virus scanner, but this is no guarantee that you will not get attacked the next time you connect to the Internet! Moreover, online virus scanners take a very long time to scan. For example, 10 GB of data takes over 6 hours to scan, using the online version of BitDefender, over a 256 kbps broadband link!

Online scanners are however a great choice if you want a second opinion. Say if you doubt the working of your currently-installed antivirus solution and have all the time in the world to check out its efficacy. Online Antivirus solutions are no substitute for offline, full-time, real-time antivirus solutions though.

Enterprise v.s. Personal solutions

As the names suggest, Enterprise Antivirus solutions take care of all computers on the corporate network, while Personal solutions take care of individual Computers. Every Antivirus vendor offers both these versions of antivirus solutions today. The working of these solutions differ in one aspect: while the personal version is completely installed onto a single computer - which is then protected from viruses, the enterprise-wide solution usually needs to be installed on an Antivirus server. All computers across the organization would connect to the Antivirus server, thus remaining free from viruses, as well as getting routinely updated for antivirus patches and updates, by connecting to the local Antivirus server.

It is the Antivirus Server that checks the antivirus vendor's website for updates and patches, downloading them to its hard disk. All computers connected to the antivirus server are installed with the client version of the enterprise-wide antivirus solution alone. The clients check with the enterprise's Antivirus server and if it finds fresh updates or patches, these are then updated on the client as well, soon as a computer logs onto the network.

The benefit? Imagine an organization of 1000 computers. Assuming that an update is half an MB, the organization would be downloading 512 x 1000, i.e., about 500 MB, if each machine were to individually download the update from the antivirus vendor's website. Enterprise antivirus solutions drastically cut this down - in this case, the download is a mere 512 KB, as the clients update themselves from the corporate antivirus server over Ethernet, not from the antivirus vendor's site over the Internet! Moreover, it makes sure that all Computers on the network are completely up-to-date - no delay in updating the Antivirus solutions on individual Computers

due to delays on the part of the user!

Comprehensive v.s. Purely Heuristic solutions

Comprehensive Antivirus solutions are designed to detect the malicious code of viruses. They have a large 'databank' of virus codes, against which each file on the computer is checked, before the Computer is certified virus-free. If virus code is found on a computer, the solution strips the code away, thus 'repairing'  the file. Comprehensive antivirus solutions also have a second line of protection: against unknown, malicious code, where it checks for virus-like code using heuristic technology. If suspicious code is found, the user is usually asked whether to repair the offending file, delete it, let it remain or move the suspicious file to the Quarantine folder, where it cannot infect the Computer.

The other category of Antivirus solutions works purely heuristically. These antivirus solutions employ heuristic algorithms alone to detect and repair viruses. They do not contain a database of malicious code: with the huge database of past virus code at their disposal, antivirus vendors are in a position to detect potentially malicious code, even without putting in a comprehensive database of virus codes into the programs.

Both varieties of antivirus solutions work well. The advantage of the Comprehensive solution is that it is specialized in detecting and repairing infections. On the other hand, the advantage of the purely heuristic solutions is that they are a lot faster at detecting and repairing infections. In addition, the best-of-breed Heuristic antivirus solutions check for spyware as well - a feature not found in Comprehensive antivirus solutions.

Another fact that ought to interest you: Comprehensive antivirus solutions slow down your computer quite dramatically - every time you access a file, it has to be scanned for all the virus codes in its database. Every time you send/ receive an e-Mail, it needs to be scanned for virus code and run through its database, before processing further. On the other hand, heuristic antivirus programs are much faster as they do not work by checking every bit of data against a database of known virus codes. Instead, it merely looks for patterns of code that could mean a virus, before processing your file/ e-Mail.

Lets start with what you SHOULD NOT go in for:

• We DO NOT recommend freeware antivirus solutions

• We recommend an online virus scan if:

  • You have plenty of time for scanning the infected computer by means of an online virus scanner

  • You are merely looking for a 'second opinion', about the computer possibly being affected

  • The infected computer is not a 'Production Computer", i.e., is is not running mission-critical/ important applications

• We recommend the Enterprise antivirus solution for organizations and the Personal antivirus solution version for individual computers

Either the Comprehensive or the Purely Heuristic antivirus solution is a good choice. Your choice here depends on whether you want a comprehensive solution - even if it means every complete virus scan of your computer takes half a day, or whether you want a quicker solution that checks for spyware as well, while being just as good as the comprehensive solution at destroying Viruses! It also depends on whether your machine is fast or slightly dated - Heuristic solutions would not slow down an older computer as much as a comprehensive antivirus solution would.

WellOiledPC Recommendation on AntiVirus Solutions:

Our analysis suggests that Norton AntiVirus 2010 and Norton 360 are the best AntiVirus solutions as of now, provided you have adequate RAM and have a newer processor. You will require a minimum of 512 MB RAM and at least a Celeron-based processor, to run the Symantec security products. Symantec, have a very long history of producing security products, dating back to the days of DOS. Their pedigree is therefore excellent! We team up with Digital River oneNetworkDirect, to bring you, our visitors, the very best in Security solutions - click on the links below, to check out and order your preferred security solution!

Please Note:

1. Norton product prices given at WellOiledPC may be different from that at the Digital River site. In case of any such discrepancy, the price mentioned at the Digital River site is correct.

2. All Norton product prices are for a 1-year subscription, at the end of which you need to upgrade (if a newer version has been released) or extend your subscription

Click here for our review of Norton 360

Click here for our review of Norton AntiVirus

Click here for our review of Norton Internet Security

On the other hand, if you have an older Computer with less RAM and do not plan to upgrade/ purchase a new Computer, you should go for Kaspersky/ AVG Security products.

A word of caution here: you should go in for free AntiVirus solutions ONLY if you are strapped for cash. It is YOUR Computer and YOUR interests that are at stake here - a freeware product is, after all, FREEWARE!

BitDefender Total Security 2010 provides comprehensive proactive protection against all Internet security threats, along with system maintenance and backup, without slowing down your PCs.