Troubleshooting and Resource Guide for Windows 95/98/ME/XP/Vista
Free Computer Technical Support
Free Computer Help Forums
Computer "How To" Articles
Rescue The PC
Maintain The PC
Speed Up The PC
Warp Speed!
Surfing The Net
Tidbits
The Bleeding Edge
Relevant Links
Newsletter Archive
Awards
About Toejumper.net
Home
Web Toejumper.net
 

Maintaining Your PC - Virus Scanning and PC Security

virus scanning Viruses are the computer world's great boogerbears. Most computer problems blamed on "some damn virus" are actually caused by something else. (Take a look at www.vmyths.com for information on this.) However, they do exist and you do need an anti-virus program. I used to prefer an anti-virus program that doesn't forcibly set itself up in my computer and run on startup (it changes your setup, sometimes not to the good). However, most experts recommend that you set your anti-virus program to run automatically in the background, and that's a good idea. I've gone over to having an antivirus scanner run full-time for the simple reason that I've been burned too many times. Remember, if you don't have one that runs on its own, you'll need to run it yourself, and on a frequent, regular basis. Virus scanners are essentially the same; you don't need the most expensive or the most advertised one to be safe. You do need to keep it updated, however; choose an antiviral program that is easily updated, preferably by a periodic visit to a particular Web site. The market leaders such as Norton AntiVirus, PC-Cillin, and McAfee offer updates as often as once a day. (McAfee is no longer supporting any of its earlier versions; you'll either have to update to Version 7 or find another utility.) If you choose to use one downloaded from the Internet, use one that is recommended by a reliable shareware provider such as ZDNet, C|Net, Tucows, or others. (AVG provides a nice freebie at www.grisoft.com/us/us_index.php, but I wouldn't rely on it to protect you from everything.) Store a clean copy of your virus scanner on a write-protected floppy; some viruses are designed to trash virus scanners. If you're the kind of user who rarely downloads files or receive e-mail attachments, you can possibly get by with a regular visit to housecall.trendmicro.com/ and follow the HouseCall logo, though I wouldn't recommend relying on this as a solo protection scheme. Trend Micro's inbuilt antivirus software will scan your drive for viruses and simpley delete infected files. (Netscape users will have to download a free Java plug-in for HouseCall to work; MSIE users get to skip this step, as HouseCall is ActiveX-based.) Another Net-based antiviral scan, McAfee Clinic, is offered for $40 a year at www.mcafee.com/ as part of an entire package of McAfee tools; Symantec is now offering a free virus and system security check at www.symantec.com/securitycheck/, as is Panda at www.pandasoftware.com/activescan/com/ and Freedom at www.freedom.net/onlineviruscheck/. A useful freebie, Frisk's F-PROT, is listed on my AntiVirus, Security Programs, and Password Managers page. It's a DOS-based program, but that shouldn't scare you off; it's free, it's powerful, it's frequently updated, and you need a DOS-based antiviral utility in case a virus or something else trashes Windows. Another good source of free antivirus programs is Avast, makers of Avast! (www.avast.com/). Good information is available at Dr. Solomon's Virus Central (www.drsolomon.com/vircen/index.cfm), Stiller Research (www.stiller.com/), WildList (www.wildlist.org/), and ZDNet's Help Channel (www.zdnet.com/zdhelp/). And, the serious-minded virus hunters will use more than one anti-virus utility, since no one program detects all known viruses. You can find out plenty of general info on all things viral at www.governmentsecurity.org/articles/
Placesthatvirusesandtrojanshideonstartup.php.

Note: don't waste your time with a visit to www.freevirusscan.org/. It's a practical joke site that does nothing except waste your time.

As an exercise, try this. Create a text file with Notepad and type (or cut-and-paste) the line of garbage text below exactly as it appears. Save and then run your virus scanner over it. Does it work? If not, get a new virus scanner. This is the EICAR test virus. It is quite harmless, yet is a good test to see if your AV software is up to scratch. You may need to rename your .TXT file to a .COM, .EXE or .BAT extension for your scanner to grab it. The line of text is as follows:

   X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* (no break in the line)

Some common-sense recommendations to keep your machine safe. First, keep your anti-virus utility, firewall, and other privacy programs updated by checking the manufacturer's sites for updates. Second, use common sense when downloading files. Files that end in .EXE, .COM, .BAT, and .VBS are particularly fertile ground for malicious code. Never, ever open e-mail attachments from strangers, even if your e-mail client scans them for viruses. You should be running a firewall program; if you have a question about letting a particular program or file access the Internet, deny it. Know your network; if you know the IP address ranges your network uses, you'll have a better chance of recognizing an outsider trying to sneak in. Regularly test your vulnerability with a free tool like Gibson's ShieldsUP! (from grc.com/). If you don't need a service like HTTP, FTP, telnet, or personal Web server access, disable it. And keep your passwords safe and strong. Give yourself a good scare by looking over the various legitimate password-cracker programs listed at www.pcmag.com/article2/0,4149,696,00.asp.

If you don't mind being a cyberbandito, you can use demo versions from the Internet and reload them every few months. Even if you buy an anti-virus program, you'll still need to download updates periodically. You can save your money and use the demo versions. However, the honest ones among us should purchase a program and download periodic updates to the virus ID base. Note: The cost of antivirus programs are dropping like stones, due to the emergence of powerful online virus scanners like Trend Micro's Housecall...even less excuse not to buy a decent one. Already good antivirus programs from F-PROT and Inoculate, among others, are free for the download. This trend will just keep going. How will McAfee, etc. make money? Updates, my friend, updates.

Keep a boot disk handy. Vicious little beasties such as the Chernobyl virus won't even let your machine boot up, so the need for a boot disk is obvious. Most top-name anti-virus programs let you make a boot disk during setup; if yours doesn't, you can do so easily enough with instructions available from www.antivirus.about.com/.

You know you have a virus. What now? The easiest solution is to run your virus scanner and let it remove the virus. Fine, but what if it doesn't work? Restart your computer (don't use CTRL-ALT-DEL, many viruses are hip to that) and use your emergency boot disk. Insert the CD or floppy disk with your virus scanner on it. Start the program and follow the directions for locating and removing viruses. After you've purged the virus, try to figure out where you might have gotten it from. You cannot get a virus from visiting a Web page; an e-mailed worm or virus can get into your system through your e-mail client (particularly if you're running Outlook, the hoyden of e-mail utilities), but it's relatively easy to block them. (Remember, viruses like the Klez variants perpetuate themselves by using your address book to send themselves to everyone on your e-mail list.) You can get them from executable programs, and downloaded files. Boot viruses can even hide in innocent data-only files. Don't think that commercial diskettes or pre-installed software is necessarily virus-free. And remember, some viruses reset options that you'll want to redo -- for example, Melissa turns off the dialog box asking if you want to enable macros in MSWord.

If a virus does trash your PC's data files or hard disk partitioning, all may not be lost. Utilities such as PowerQuest's Lost & Found (free demo available at www.powerquest.com) and the freebie MRecover (www.antivirus.about.com/msub21.htm) can recover presumably wiped-out files after a viral onslaught.

To keep a healthy computer virus-free, scan ALL software before you install it, whether it's a freeware program from the Net or a boxed program from Puters 'R' Us. Insert each disk and scan it separately. Write-protect original software diskettes so that if a virus does hit your computer, it can't affect the original copy of the program. If you use pre-formatted diskettes, scan at least one of them before using any of them. Scan new CD-ROMs, too. Remember, most viruses get into computers from infected floppy disks, not from downloads from the Internet. Most, but not all.

To avoid possible Word macro viruses (there are over 3500 of them kicking around as of this writing), use QuickView to open unfamiliar Word documents. You may have to install it from Control Panel: Add/Remove, Windows Setup, Accesories, Details, and check the QuickView button. (Windows may want you to insert a Windows diskette.) Then, in Windows Explorer, select View, Options, click on File Types, select the document type you'd like to view, click Edit, select Enable QuickView, and click OK twice. Now, when you right-click on a document of this type, QuickView will appear in the context menu. (Don't have QuickView installed? Win 95 users, it's on your Windows CD. Go through Control Panel, Add/Remove Programs, and Windows Setup to locate and install QuickView. The rest of us will have to download it from www.jasc.com/.)

Klez is one of the nastiest and most persistent virus ever unleashed on an unsuspecting mankind, and though it's been around a while, it's still out there and doing damage. Take some specific steps to prevent Klez from wreaking havoc with your e-mail system, and from letting your system wreak havoc on ours. MSIE and Outlook/Outlook Express users should get the latest security patches from www.microsoft.com/windows/ie/downloads/archive/default.asp. Update your antivirus software, or use some of the specific anti-Klez tools available on most antivirus sites. Watch for message sizes between 110KB and 150KB. Use a spam-controlling utility to keep the spam at bay and make it easier for you to sort through the ruck.

It's worth noting that most new major viruses have specific removal utilities posted for free at the major antivirus sites. Definitely worth checking out when a new nasty hits the Net.

Find out just how well your antivirus program works at www.av-test.org/. These guys test just about every antivirus platform known to man, and make their results public.

This isn't precisely a virus tip, but more of a privacy-protection tip for Microsoft NetMeeting users: In order to facilitate calling people on NetMeeting without having to resort to using the IP address of their computer, Microsoft maintains a directory that lists users who are available for calls. By default, NetMeeting is set up to list you on the Microsoft Internet Directory whenever you start the program. If you don't want to be publicly listed on this Internet directory (for all the world to see) when making a particular call, choose Call, Log Off from Microsoft Internet Directory on the NetMeeting menu bar. To stop being listed whenever you start NetMeeting, choose Tools, Options, then remove the check mark from the Log on to a directory server when NetMeeting starts check box on the General tab of the Options dialog box.

"Virus throttling" is a simple, yet revolutionary idea that promises to help control the propagation of viruses from infected computers. Read up on the subject at www.wired.com/news/infostructure/0,1377,56753,00.html and directly from the source at www.hpl.hp.com/techreports/2002/HPL-2002-172.pdf.

The topic of spyware, adware, and so forth is a big one, and one I've addressed in a SitePoint article from September 2002. It's not particularly up to date, but it's a good grounding in the topic. You can read it at www.sitepoint.com/article/888.

Be aware that the supposed spyware removal program Spyware Nuker is actually spyware itself. Find out more at camtech2000.net/Newsletters/a_new_spyware_tactic.htm.

A new variety of more pernicious and aggressive spyware, called stealthware, is making the rounds. MemoryMeter and Rapidblaster are two of the more well-known varieties. Typically their purpose is to track your surfing for advertising purposes, and channel ads to your display. You may notice strange icons in your system tray, or your browser (particularly IE) has been suddenly reconfigured. Whatever their M.O., they are all known for their covert, or "stealthy," entry. Some can even get by firewalls and other security measures. You find stealthware most at free Web hosting sites, porn sites, and "typo sites," or sites that catch visitors who misspell familiar URLs. Symantec has begun adding some of these apps to its antiviral databases, and legislation is pending to force stealthware vendors to disclose their programs' origins and ask permission to install themselves on your PC. If you use Ad-aware or Spybot Search &Destroy, chances are good that you're keeping these 'wares off your computer...that is, if you're keeping those programs updated. Spybot makes it easier to get rid of stealthware by using list of "good" and "bad" BHOs (Browser Handling Objects, often used by stealthware to slip into your browser and thereby into your computer), and letting you know if you have any problem BHOs installed. SpywareGuide, at www.spywareguide.com/, offers a Block List File program which changes your Registry to help block some of the more aggressive programs from installing themselves. Mozilla and Opera users, you're at much less risk than IE users, but you can still get burned. Be wary.

Every time a Web site plays music through your PC, it's using a protocol that can be exploited by hackers. (No, don't turn your music off; 99% of sites that regale you with music are legitimate.) There's a hole in every 98, ME, and XP system that lets hacker code enter your PC through the MIDI interface. (The MIDI is what plays those cheesy synth tunes; nowadays you hear them most when someone's cell phone plays a MIDI version of "Dixie" or Beethoven's Fifth when called.) You need to update to DirectX 9.0b; you can go to www.microsoft.com/technet/security/bulletin/ms03-030.mspx for more information and the patch.

The "Cool Web Search" tool is spyware, and a fairly pernicious example of the breed. Find out how to remove it at www.spywareinfo.com/~merijn/cwschronicles.html.

When all is taken into account, virus expert Ross M. Greenberg said it best: "More data has been lost by spilled cups of coffee on the keyboard than any virus attack." Don't be paranoid, just be safe.


 
 
 

Copyright © 1998 - 2008
Usage of this site constitutes acceptance of our Terms of Use
Terms of Use