wopclogo

Staying Ahead of Viruses

adbanner

...your easy, authoritative guide to a well-oiled PC!

FAQs:

Is Google Chrome good for me?

Review of Mozilla CometBird

Is it time for Vista on older PCs?

Help! My PC is running slow!

Help! My PC keeps Crashing!

Optimizing Windows Registry

Help! My PC does not start!

What is Hard Disk Fragmentation?

Which is the Best Browser?

Do I buy a Notebook or Desktop?

What are the Best PC Specs for me?

Are my Virtual Memory Settings OK?

Is my Screen Resolution optimal?

Best Spyware Protection methods

Best Virus Protection methods

Best Spam Protection methods

WellOiled Links:

Site Map

Friends Listing

Our Security Policy

Testimonials we have received!

WellOiled Services:

Free and Paid Services

Chat with us!

Sign our Guestbook!

Join our Discussion Forum!

Fill in our Membership Form

Advertise with us: Banners & Links!

(Click the above links for answers. To return, click Go Top links)

 pcworm

What are Viruses?

Viruses are tiny programs created by unscrupulous people across the world that cause your PC to malfunction. Some of the most diabolical Viruses access your personal information with the objective of using your Credit Card, Bank or Paypal Account balance! Viruses (and Spyware) are DEFINITELY NO LAUGHING MATTER, despite the above image of a green worm eating a Desktop PC, with yet another happy green worm laughing from inside the monitor!

Go Top

What is the difference between Viruses and Spyware? Do I need different solutions to tackle them?

Viruses were the first man-made pests to affect the world of computing and first appeared in the mid 1980s. Spyware is a much more recent phenomenon, having appeared on the scene in the late 1990s. Viruses and Spyware are similar in many respects, yet quite different in others. Hence, they are considered as different threats by Computer professionals. Let us look at the similarities first:

 

Similarities between Viruses and Spyware:

  1. Both Viruses and Spyware are created by malicious persons/ organizations. Both are software code that, when run on a Computer, cause the Computer to behave unexpectedly

  2. You need to guard your computer (and yourself) constantly against both varieties of threats

  3. Both Viruses and Spyware slow down your Computer. Sometimes, making them so slow, that you could tear your hair out in frustration!

  4. While Viruses are generally easier to create - schoolkids have been known to create viruses, creating Spyware requires more skills

  5. Both Viruses and Spyware are harmful. You could get involved in lengthy legal hassles (depending on the Cyber Laws of your country), if your Computer is affected by Viruses or Spyware, even if you are completely innocent!

  6. Both Viruses and Spyware have quite effective antidotes (solutions). You MUST purchase these solutions - DO NOT pirate these! Again, purchasing and installing them alone isn't sufficient; you must update them as and when the vendors of your Antivirus and AntiSpyware solutions release updates and/ or patches. If you do not update them regularly, your Computer will be susceptible to all Viruses and Spyware that are released since the date of your last update!

 

Differences between Viruses and Spyware: Method of distribution and infection

Viruses: Today, Viruses are mostly transmitted over e-Mail. One common method is to send them as e-Mail attachments - if you open them, the malicious code gets deployed on your Computer. The other common method is to send you links in your e-Mail: if you click on the link, you are taken to a website that affects your Computer.

Spyware: On the other hand, Spyware is rarely distributed as e-Mail attachments. More common methods of distributing Spyware are as links in e-Mail you receive, as well as through Junk Software Programs. These junk software promise wonderful things, however, in reality, they are merely a ruse to get you to download their spyware! Therefore, if you are in the habit of downloading software programs from various kinds of sites, you are a prime candidate for Spyware!

Differences between Viruses and Spyware: Types of damage caused

Viruses: Typically, Viruses send out thousands of e-Mail over your Internet connection, using the tiny SMTP (mail-sending) engines built into them. They pick up e-Mail addresses randomly from your e-Mail client (Outlook/ Outlook Express/ Eudora. etc.) and shoot off a randomly-worded mail. This slows down your Computer and may even cause your e-Mail service provider to suspend your e-Mail domain! Other types of Virus actions include deleting one or all files on your Hard Disk, repeatedly causing your Computer to reboot, etc.

Spyware: Spyware could cause you much more grief, in comparison with Viruses. What would you feel if someone had access to your Bank Account details, Credit Card information and other financial stuff? What if the person used YOUR money for his/ her needs? All this without you suspecting anything at all! Well, this is precisely what some of the more dangerous Spyware do... They ferret out your personal information, plus your address, mobile phone number, e-Mail address and whatever else you may have stored on your Computer. This information is then streamed out to the developers of the Spyware, right under your nose! Spyware rarely cause system slow-downs or crashes as they are not targeted to attack your Computer or your system files - they are targeted to attack YOU by tricking you to part with your sensitive financial information!

Go Top

Differences between Viruses and Spyware: Types of Solutions

Viruses: Viruses are checked by Antivirus solutions. Some of the most prominent Antivirus solutions are;

  1. Norton Antivirus (http://www.symantec.com/index.jsp)

  2. McAfee Antivirus (http://www.mcafee.com/us)

  3. AVG Antivirus (http://www.grisoft.com)

  4. BitDefender (http://www.bitdefender.com)

Spyware: Spyware are checked by AntiSpyware solutions. Some of the prominent AntiSpyware solutions are;

  1. Norton 360 and Norton Internet Security (http://www.symantec.com/index.jsp)

  2. McAfee Total Protection & Site Advisor Plus (http://www.mcafee.com/us)

  3. AVG Internet Security (http://www.grisoft.com)

  4. SpyBot Search & Destroy (http://www.spybot.com/index2.html)

 

A few products like Norton 360 offer protection against both Viruses and Spyware. However most solutions developers develop separate solutions for Viruses and Spyware.

 

Why do people create Viruses?

Virus creators are motivated by the great profits in stealing your information and identity. The gains are huge and this drives them into creating Viruses. Other Virus creators feel a sense of satisfaction in bringing down an entire network of PCs. Still other Virus creators do so to vent their anger (real or imagined) against organizations, people, races, political issues, societies and other stuff.

 

How do Viruses cripple PCs?

Unfortunately, Viruses have become more and more sophisticated. Today's Viruses utilize a variety of stealth technologies to access your information in ways that are completely new - and a lot more difficult to detect by most PC users. Today’s Viruses usually spread by means of e-Mail. Once you open an e-Mail containing a Virus as attachment, it spreads into your machine and through your machine, to other PCs on the same network or through the Shared folders on the PCs in the same network. Once they infect a machine, Viruses are capable of sending out thousands of mail from the affected machine, using the e-Mail address book on the affected machine. The Virus picks up a name from the affected PC’s address book at random, creates a random e-Mail and sends it out to other addresses it finds in the address book. Thus, if you receive a Virus that has the name of your colleague sitting in the next cabin, it does not mean that he has sent you the Virus. Equally important, it does not mean that his PC is compromised either. The only fact that can be established is that the affected PC that has sent out the mail (and the PC could be just about anywhere in the world!) has your colleague’s name (perhaps yours as well!) in its address book!

Go Top

How do I know when my PC is infected by Viruses?

  1. The first signs that your PC is affected are when your PC slows down measurably for no apparent reason, crashes while working or sometimes refuses to shutdown!

  2. You may find that although your Hard Disk’s light shows frantic activity, your programs take very, very long to start up, if it is affected by Viruses.

  3. You may also have your PC freezing for minutes together, then responding to your commands.

  4. Another sign of Virus infection is unexplained crashes – your PC reboots suddenly.

  5. You may also find that your machine does not switch off even after hours when after you click Shut Down, if it is affected by certain kinds of Viruses!

  6. More advanced symptoms of a Virus infection are when programs do not work – the machine would not start up, if Windows is corrupted by a Virus.

  7. If you miss all these tell-tale signs, do not be surprised when your identity gets compromised and you find your bank balance or Paypal account should have had a lot more funds than what it shows!

 

Since Viruses are mostly mail-borne today, is there any way of identifying whether a mail contains a Virus?

Unfortunately, there is no way of correctly identifying whether a mail contains a Virus or not, merely by inspecting it. However, there are a few basic precautions you can and must take, to safeguard your PC and yourself. Note, if you use free e-Mail services (Hotmail, GMail, Yahoo, AOL, Indiatimes, Rediffmail, etc.) alone, the chances of Viruses getting into your mail are much lesser: these organizations are huge and they take a lot of care to ensure that their member’s mails are safe.

 

If you use your organization’s e-Mail address (and your organization isn’t large like an IBM or hp), you need to be careful about the mail you open. If you receive mails where the message says stuff like “Here are your Bank Documents” or “Good Day” or “Here is your password”, do not open the attachment. Usually, these mails contain a compressed attachment of the ZIP format, which when expanded, would reveal a PIF format file. DO NOT open such attachments, for these are Viruses! PIF files are executable files – no one has any reason to send you executable files over mail! When you receive such mail, what you need to do immediately is to get in touch with your organization’s Systems department and forward a copy of the suspect mail to them, for their analysis and action. Just remember: whatever you do, DO NOT open such mail!

 

Is the problem of Viruses getting better or worse?

Unfortunately, both the number and intelligence of Viruses has been increasing exponentially over the years. While there are Laws and Virus creators continue to be awarded strict penalties, the creation of Viruses have continued unabated: stiff penalties haven't stopped murders/ bank robberies, have they? In fact, Virus creators have been forced to stay one-up ahead of the authorities. As a consequence, the current crop of Viruses is capable of doing much more damage than those that were around, say even 5 years ago.

 

Ten years ago, Viruses merely infected files. Today though, a single Virus can bring down an entire corporate Network and keep it down until it is properly fixed - which could take weeks, yet leave permanent scars (lost data, lost time, lost orders, etc.) on the affected organization's fortunes! Today's Viruses launch full-scale attacks against both individual PCs as well as entire networks consisting of thousands of networked PCs. And since the stakes are much more: an increased bankroll, wholesale destruction of a much-hated organization's web presence, far-more stiff sentences, malicious attackers are constantly 'innovating', to invent new ways of avoiding detection.

Go Top

What are the methods by means of which Viruses avoid detection?

Two methods that Virus creators currently favor to avoid detection are Rootkits and Polymorphic Viruses. You need to give your PC that extra muscle to fight off these attacks - after all, your PC holds private information about you that you have probably forgotten long ago! To give you an example, if you keep the softcopies of your Credit Card statements (like I do too), anyone with access to your mail could access it!

 

Let us look at each of these stealth technologies that Viruses currently use:

1. Rootkits
 Rootkits have been around in the UNIX world for some time. Recently though, they have been tapped by Virus creators to write Windows-specific Viruses. Rootkits attempt to keep for themselves information about itself, its accompanying files if any, its Registry Keys and its Network Connections hidden. If successful, become completely invisible to the PC and Operating System that it has infected! Safe in its invisibility, it can now enable its developer to access and run the very root of a PC. If your PC is affected by Viruses running on this stealth technology, you could be replying to an e-Mail, while the Virus is busy sending out information to its creator - and you may not even notice that your system is running a tad sluggishly, if you have a powerful machine!

So what do Rootkits do? Just about anything they want to! Once they become invisible to your PC (by gaining control of your PC, modifying system information about itself, hiding its system processes, etc.,) they would take over your identity and pilfer your confidential, personal data or wreck the data on your machine or do both - whatever they are programmed to do! Now now, don't think of selling off your Desktop and Notebook and living the rest of your life as far removed from PCs as possible! Fortunately for you and me, there are a few basic precautions we need to take, to keep Viruses out of our machines. These are discussed in the next FAQ (Frequently-asked Question)

2. Polymorphic Viruses

Polymorphic Viruses are written in a way that enables them to rewrite their code every time they replicate and infect a new file, even on the same PC! Thus, they are able to pass undetected, even when its first 'avatar' has been detected and deleted! Imagine PC Viruses capable of putting on a false moustache, beard or wig... that's precisely what Polymorphic Viruses are capable of!

If you think Polymorphic Viruses are cute because they can change the color of their hair (figuratively speaking), think again! With their ability to run alongside the operating system (thanks to being undetected), they are in a position to do whatever its maker programmed it to do! They could be programmed to commit an online crime - and YOU would be hard-pressed defending yourself, when the evidence, indicating that the crime was committed using your machine, is presented!

 

Don't work yourself into a sweat though - check out the safeguards mentioned under the FAQ titled "How do I minimize the chances of Virus infection?" and follow them, to be reasonably secure from Virus attacks - protect yourself from being hauled off for crimes that you did not commit!

Go Top

How do I minimize the chances of Virus infection?

Although the tips for home PCs and office PCs is very similar, we will explain the steps separately, for your convenience. For your Home Desktop or Notebook, you must follow the steps detailed below, to minimize the risk of Virus infection:

  1. Install a powerful antivirus tool that contains powerful Rootkit and Polymorphic virus detection technology

  2. Check for updates and patches to your Antivirus program every day - the importance of this step cannot be over-emphasized!!

  3. Equally important, check every week for updates and patches to your Operating System. See Tip Box for our recommendation on an automated solution for Patch Management

  4. Upgrade to the latest version of your Browser, in case yours is not the latest version. For example, if you are currently using Internet Explorer 6, (it has a few vulnerabilities and security holes) consider upgrading to Internet Explorer 7. This version is much better equipped to handle viruses and malicious threats. Most virus creators target Microsoft products for use in infiltrating systems by bypassing its defenses. This is largely due to the fact that Microsoft has such a gigantic market share in the business! You may even want to consider shifting to an alternate Browser such as Mozilla Firefox!

  5. Run a software-based Firewall on your home Desktop/ Notebook to protect it from Viruses - a hardware Firewall would be too expensive to deploy at home! See the section on PC Security, for various Software Firewalls for your home PC. Windows has a rudimentary software Firewall built into it – keep it turned on at all times! A Firewall - whether hardware or software-based, will make it that much more difficult for Rootkits to spread or wreck your systems

  6. Turn off and remove unneeded Windows services. The Windows default installation installs many auxiliary services that are just not required for the kind of work most people do with their home PCs. For example, FTP services, Telnet Services, Web server services, etc., are all services that most users would never be using at home. Some of these are services that home users are probably not even aware of! Any of these auxiliary services, when left on, could become a carrier of polymorphic attacks on inadequately-protected PCs. Once these unnecessary services are removed, threats have fewer carriers in to your machine. Moreover, you too have fewer services to maintain by means of patch updates! On a server - with adequate Firewalls, Antivirus and AntiSpyware programs running, leaving these services on would not cause too much worry. In fact, a server would require many of these services running on it too!

  7. Do not use easy-to-guess Passwords - Password Cracking has reached quite high levels of sophistication! Complex Passwords help prevent wholesale damage and destruction, even where the PC is compromised. Similarly, cultivate a habit of changing your passwords once every fortnight - or ever once a month! You may want to ask us here - "How do I keep track of changed Passwords?" Very legitimate indeed, but the answer is very simple too: use Password Managers to store (and correct, whenever you change your password) your current password for each application/ e-Mail/ Website logon, etc. See Tip Box for our recommendation on Password Managers

Go Top

Tip:

Password Corral is an excellent freeware Password Manager that lets you store all your Passwords, the Website URL (if relevant) and the e-Mail Address (if any) for each associated site. Download Password Corral from the following site: http://www.cygnusproductions.com. It is a small download, with the installation occupying under 1.5 MB (excluding your Passwords data file) on your Hard Disk!

Password Corral is Highly Recommended by WellOiledPC! Thanks to David M. Fornalsky and Michael P. Johnson, for this excellent Password Management solution!

  1. Do not open attachments from strange people or from strange-sounding e-Mail addresses.

  2. Look out for resemblances with well-known e-Mail addresses: it is easy enough to create a fake e-Mail address called georgebush@yahoo.com and send anyone a mail using it, to give you an example! So unless you are expecting a mail from President Bush, just do not open the mail!

  3. Look out for resemblances with well-known mail services. If you receive mail from, say someone@yarhoo.com, the mail is most likely fake, its resemblance to yahoo.com not withstanding!

  4. Whatever you do, DO NOT open mail from strange sources. Especially mail from strangers, with file attachments of the .VBS, .BAT, .EXE, .PIF and .SCR file extensions. Opening such mail is not gonna do either your system, yourself, or your organization's Systems department any good, believe me! If you rigorously follow this tip, chances are that you will never have to format your Hard Disk, since you have not actually run the Virus!

  5. Be extremely careful when you visit unfamiliar websites… merely visiting a compromised website can cause your machine to get infected if certain browser vulnerabilities on your machine are not patched! Be especially careful when your Browser asks you if you should install an Active-X or Java component, when you visit unfamiliar sites. If you choose to install the component, you may discover later on that it does not do what it claimed to do and instead, it may end up giving you nightmares!

  6. Do not use pirated software. Software procured from shady sources may not work, may not be complete and may contain viruses. It is also extremely unlikely that you would be able to download patches and service packs brought out by its manufacturers, if the software isn’t authentic!

  7. One more tip - do not execute (install or run) software that has been downloaded from unfamiliar Internet sites, unless the software has been scanned for viruses and certified as clean by your Antivirus program.

Go Top

You must also follow the following precautions/ recommendations, when using your office PC, to minimize the risks of losing your data or even, bringing the corporate network down!

  1. The organization must have a strong hardware Firewall solution in place, between the LAN/ WAN and the Internet. Windows has a rudimentary software Firewall built into it – keep it turned on at all times! A Firewall - whether hardware or software-based, will make it that much more difficult for Rootkits to spread or wreck your systems

  2. Turn off and remove unneeded Windows services. The Windows default installation installs many auxiliary services that are just not required for the kind of work most people do with their machines, For example, FTP services, Telnet Services, Web server services, etc., are all services that most users would never be using, services that they are probably not even aware of! Any of these auxiliary services, when left on, are carriers of polymorphic attacks on an inadequately-protected machine. Once these unnecessary services are removed, threats have fewer carriers in to your machine. Moreover, you too have fewer services to maintain by means of patch updates! On a server with adequate Firewalls, Antivirus and AntiSpyware programs running, leaving these services on would not cause too much worry. In fact, a server would require many of these services running on it too!

  3. In a networked environment such as at offices, if a single machine (or group of machines) is/ are affected by such viruses, you must immediately snatch off the machine's Network Cord. This will snuff out the viruses’ chances of reaching out, infiltrating and infecting other machines on the network. Once isolated as described, infected machine(s) should be allowed back onto the network ONLY AFTER they are thoroughly inspected, cleaned and verified to be disinfected and harmless! From start to finish, such an operation could typically take anything from 4 hours onwards to a few days per infected machine!

  4. Always keep your patch levels up-to-date, especially on PCs that host public services and are accessible through the firewall, such as HTTP, FTP, Mail, and DNS services (for example, all Windows-based PCs should have the latest Service Pack and Updates installed.). As mentioned elsewhere too on this site, this step is VITAL for the health of your PC! The simplest way to ensure that this is done is to install BigFix, as detailed in the Tip Box on BigFix

  5. Do not use easy-to-guess Passwords - Password Cracking has reached quite high levels of sophistication! Complex Passwords help prevent wholesale damage and destruction, even where the PC is compromised. Similarly, cultivate a habit of changing your passwords once every fortnight - or ever once a month! You may want to ask us here - "How do I keep track of changed Passwords?" Very legitimate indeed, but the answer is very simple too: use Password Managers to store (and correct, whenever you change your password) your current password for each application/ e-Mail/ Website logon, etc. See Tip Box for Password Corral, our choice of Password Manager

  6. In case of Enterprise e-Mail Servers, configure the e-Mail server to block or remove all e-Mail that contains file attachments with the file extensions .vbs, .bat, .exe, .pif and .scr. These are the most common file formats used by virus creators for spreading their ugly creations. In fact, no savvy PC user would send you an e-Mail with any of the above attachments: all well-configured e-Mail servers today are configured to reject all mail with these attachments!

  7. Isolate infected PCs by immediately pulling out their Network cord. Subsequently, perform a thorough check-up of the affected system. If necessary, format the Hard Disk, re-install the Operating System and all the Programs and data, using trusted, safe media for the task. Note that this is a job for trained specialists and that it could take them days, before restoring a compromised system to its pristine, clean state!

  8. Do not open attachments from strange people or from strange-sounding e-Mail addresses.

  9. Look out for resemblances with well-known e-Mail addresses: it is easy enough to create a fake e-Mail address called . georgebush@yahoo.com and send anyone a mail using it, to give you an example! So unless you are expecting a mail from President Bush, just do not open the mail!

  10. Look out for resemblances with well-known mail services. If you receive mail from, say someone@yarhoo.com, the mail is most likely fake, its resemblance to yahoo.com not withstanding!.

  11. Whatever you do, DO NOT open mail from strange sources. Especially mail from strangers, with file attachments of the .VBS, .BAT, .EXE, .PIF and .SCR file extensions. Opening such mail is not gonna do either your system, yourself, or your organization's Systems department any good, believe me! If you rigorously follow this tip, chances are that you will never have to format your Hard Disk, since you have not actually run the Virus!

  12. Be extremely careful when you visit unfamiliar websites… merely visiting a compromised website can cause your machine to get infected if certain browser vulnerabilities on your machine are not patched! Be especially careful when your Browser asks you if you should install an Active-X or Java component, when you visit unfamiliar sites. If you choose to install the component, you may discover later on that it does not do what it claimed to do and instead, it may end up giving you nightmares!

  13. Do not use pirated software. Software procured from shady sources may not work, may not be complete and may contain viruses. It is also extremely unlikely that you would be able to download patches and service packs brought out by its manufacturers, if the software isn’t authentic!

  14. One more tip - do not execute (install or run) software that has been downloaded from unfamiliar Internet sites, unless the software has been scanned for viruses and certified as clean by your Antivirus program.  

Go Top

Are there ways to know if a Virus attack is likely, so that I may be even more careful?

It would indeed be wonderful if we could 'predict' Virus attacks... we would like to be able to predict Earthquakes, Tsunamis and other disasters too, besides predicting a lot of other things that could make us rich overnight, don’t we? Unfortunately, predicting Virus attacks is doomed to be yet another fixture - and a permanent one at that, in such a lengthy wish list…

 

Nobody – except the Virus creator of course, knows exactly when a Virus is first released. However, there are other kinds of people who try to take advantage of the general panic, that the mention of Viruses evokes. These are probably people who are incapable of writing a single line of software code or create even the simplest of Viruses, yet dream of their moment of notoriety! From time to time, such people send out e-Mail, with the claim that a new Virus is doing the rounds, that neither Microsoft nor Symantec (or other well-known companies) could withstand. Variations of this mail mention that Microsoft or Symantec have just released the solution for this Virus. Usually, such mail 'advises' you on what you need to do to prevent this virus from attacking your PC.

 

At least on one occasion I remember, the advise was to delete a Windows system file... deleting it did not cause Windows to crash luckily, but it caused great consternation amongst users, with people divided on whether to delete the said file or let it remain! Three days later, Microsoft and a host of other vendors declared that the said file should not be removed! At other times, a link is provided in the mail, advising the recipient to 'download and fix' the claimed virus.

 

As a savvy user, you need to remember the following, so as not to fall prey to such pranks:

  1. Companies like Microsoft or Symantec (or anyone else) do not send out mail without their Logo and other corporate identifiers.

  2. Unless you have explicitly allowed these organizations to send you mail, they would not do so. They would not like to be caught sending unsolicited mail - they have their reputations to protect after all!

  3. Ask yourself the question: "Why have I been singled out for this munificence, from a stranger?" If there is no reason, you have your answer - the mail isn't a favor at all!

What solutions are available for protecting my Computer from Viruses?

To check out best-of-breed Antivirus solutions, various kinds of Antivirus solutions, the pros and cons of each type, a comparison of Antivirus solutions and to purchase recommended Antivirus Solutions, click on the following link: http://www.welloiledpc.com/antivirus.htm.

Go Top

Please Note: the tips and points given in this page are all VITAL, for maintaining a healthy and trouble-free PC!