Computer Viruses and How to Avoid Them

What is the difference between "malware" and a virus?

Malware is shorthand for "malicious software" and is used to describe an entire group of programs that includes advertising, tracking, key-logging, ID or credit theft or that cause other bad or undesirable activity. Simply explained, a "virus" is a computer program that invades or infects a user's computer by replication from another source (a disk, a USB flash drive, a network or the Internet), and then performs malicious functions on the new host computer. It's the malicious functionality that poses the problem, and for that reason viruses could be also called "malware."

 

A virus is just one type of Malware.


There are many different undesirable things that computer malware does. Earlier viruses simply performed mischievous tasks, such as deleting data or program files. But the authors of newer malware are driven by the desire to steal enough sensitive data in order to eventually steal money. Some are thus designed to scan and send information from a victim’s computer back to the author of the malware. Still others keep track of actual keystrokes typed by an unsuspecting user. Some plant annoying "popup" advertisements on a computer. There are a few types of malware that will perform any of the above, but also attach themselves to email addresses so that they get automatically sent to the user’s address list to replicate on an ever growing number of systems. Sophisticated malware might even install itself on the hidden "boot sector" of a computer hard drive, or try to make a network server vulnerable to a hacker (a person who gains unauthorized access to a computer network). But, the most common type of malware, by far, is the malicious program that deceitfully disguises itself as a good or useful program, seeking to get results which the user did not intend.

The fact is that malware has caused billions of dollars in losses to computer users. People have lost valuable data and have had personal and financial identities stolen. Whole companies have been compromised or crippled by malware infections. At the very least, the average user suffers from the slowdown or complete hijacking of their system through a malware infection. It is therefore imperative for computer users to know some basics about viruses, or "malware," in order to protect themselves.

Types of malware

1. Virus - The original malware. Malicious code attaches itself to other program files so that the execution of the host file also executes the malicious code. The malicious code also causes the virus to replicate itself by copying its code onto removable media or other computers in a network. Back in the 1980s, the first "in the wild" viruses spread themselves mostly through shared floppy disks, and performed everything from pranks to data destruction. By the 1990s, Internet "bulletin boards" were unwitting spreaders of viruses. Today, very little malware is of the virus type.
2. Trojan - These comprise 75% or more of all malware, according to security experts. As the name from classical Greek mythology suggests, Trojans operate by deceit, tricking a computer user to trust a fraudulent program. Most Trojans are actually a complex of files - pop-ups that steer the unsuspecting user to a harmful website, or just install more malware, even when clicked to shut down; downloaders that bring in supporting malware programs; hijackers that shut down operating system functions and security; bots that may use the host computer as a slave to the malware author’s intentions; backdoors that make an infected computer open to free scanning by the malware author. Trojans operate independently of other programs, and thus do not need to attach themselves to other executable files as a classic virus does. The most popular Trojans, these days, masquerade ironically as anti-virus programs. The user experiences sudden low computer performance, and then sees a pop-up offer with a phony virus scan report, urging the user to purchase the program offered as a solution to the computer problems they are experiencing. Naive and unsuspecting users then type personal information into the form provided (including name, address and credit card info). This information is never used to purchase the phony software. Rather, the Trojan authors use the stolen info to open new credit card accounts in the user’s name, and then sell those accounts on the underground market within minutes of receiving it.
3. Worm - A Trojan that has the capacity to infect computers from other infected systems by scanning for IP addresses on vulnerable computers on the Internet or within a network, then replicating itself. Many phony anti-virus programs start out as a worm infection. Worms are also notorious for attaching themselves to email address lists. Users falsely believe that Trojan infections come mostly from certain "dangerous" or risky websites. In truth, worms may employ any website that users visit as stepping stones to their computers.
4. Spyware - Software programs that "spy" on users, observing data, keystrokes, screens and/or web sites visited. This is a broad category of malware and includes everything from adware to keyloggers (see below). Unlike viruses, Trojans and worms, spyware typically does not self-replicate by infecting other computers or removable media, but is downloaded through Internet connections.
5. Keylogger - A particular type of spyware that is designed to steal "live" information. It secretly keeps track of such things as the user’s keyboard keystrokes, video screens, or streaming network data, and transmits that information back to the malware author. This malware attack is more rare, but it poses the serious risk of loss of private identity information, including credit cards, bank account info, Social Security numbers, and computer passwords.
6. Rootkit - A stealth program that allows continual unauthorized access to a computer by a person unknown to the user. This malware replicates itself on a victim’s computer usually as a worm or a Trojan. It quickly shuts down user account controls and security designed to prevent unauthorized access. It can then steal and transmit info or simply provide a "back door" for a hacker. Rootkits are usually quite sophisticated, and often include the ability to deflect detection from weaker and more modest anti-virus programs.
7. Phishing - Typically an email message that is "fishing" for personal information. The victim receives a randomly sent message that appears to be an official request from an Internet service provider, a bank or some other service or organization. The graphics in the message typically look professional and authentic, though the grammar in the message is sometimes suspiciously bad. An appeal is made to the user to provide "lost" information. However, NO organization or bank will ever seek information this way. Such fraud should always be reported to the organization or service that is being used as a cover.
8. Adware - The most benign of all types of malware, it can still annoy users with commercially-charged pop-ups and reduced system performance. Adware often gets installed without user’s consent, and often when downloading program updates, trial software and games or other services. Some adware functions as spyware by tracking the user’s favorite web sites and targeting the user with advertising that is likely to be the most appealing. Adware can hijack web-search functions. The most common form of adware is the browser "toolbar," which ostensibly provides services such as search windows and quick-access icons. These toolbars slow computer and Internet performance, take screen space from web pages, and can even be a conduit for more serious malware.

 

Prevent and cure

How to Prevent Malware Infections

The best way to be free of malware infections is to take preventative measures rather than relying upon removal after infection. Once infected, a computer is often very difficult to clean. Some malware will destroy a computer’s operating system, or make it so difficult to recover that wiping the hard drive and reinstalling the operating system, programs and data is the only solution. This is usually quite a chore, may be expensive if the user does not have the technical know-how and may be personally costly if the user’s own data has not been previously backed up. There are several preventive measures that every computer user can take:

1. Utilize a good anti-virus program. There is no substitute for this measure. Avoid the seduction of free anti-virus programs and the ones that come with Internet service providers, as they only do a mediocre job of prevention. A $40 to $50 investment in a good anti-virus program with an annual license to update itself regularly is pretty inexpensive insurance.
2. Manually scan your computer with an anti-virus program. All good anti-virus programs come with manual scanning features. Most will let you set a schedule for automatic scanning. This is good to do once a week, or every month, and especially if you see any suspicious activity on the computer screen.
3. Update key programs every time. The Ziff-Davis network cited a study done in Denmark earlier in 2011 utilizing results from half a million computers. The conclusion of the study was that some 99% of common malware infections could be avoided simply by updating Windows security patches, Internet Explorer, Java, Adobe Flash and Adobe Reader. The reason? Malware authors attempt to gain access to computers through weaknesses which the updates are written to prevent.
   (See: ZDNet - The Ed Bott Report, Oct 7, 2011. Summary: Want to avoid being attacked by viruses and other malware? Two recent studies reveal the secret: regular patching. A fully patched system with a firewall enabled offers almost complete protection against drive-by attacks and outside intruders.
   www.zdnet.com/blog/bott/if-your-pc-picks-up-a-virus-whose-fault-is-it/4039)
4. Use a hardware firewall. The SPI (Stateful Packet Inspection) firewalls that come with most newer routers is a great way to close unused ports and prevent hackers from intrusion. Even single computer homes and offices can benefit greatly from the use of a router. While utilizing a router’s hardware firewall, you may also use your operating system’s software firewall. Beware of using third-party software firewalls (such as those included with anti-virus software) which serve to slow down a computer. If you’re using a wireless router, make sure to encrypt your network with WPA or WPA2 level encryption, never the older and simpler WEP encryption.
5. Uninstall browser toolbars. Toolbars are the quarter-inch wide strips that layer near the top of a web browser. While some toolbars may be useful on a limited basis, they all steal screen space and clog up your Internet bandwidth only to provide revenue for the author. By definition, toolbars communicate with their authors, thus opening a vulnerability "hole" while the PC user is online. Utilizing the add/remove function in Windows machines is the best way to rid a computer of these browser plugins. Some of the most common toolbars include: AIM, AOL, Ask, Bing, Crawler, Dogpile, eBay, Google, My Way, My Search, My Web Search, Yahoo, etc.
6. Regularly delete browser cookies and "Temporary Internet Files." This is performed from within the browsers, themselves. Malware can hide amongst these files.
7. Do not click on pop-ups - shut them down alternatively. If you DO get a suspicious pop-up window, try using the "Alt-F4" combination to get rid of it rather than clicking on it and risking an unintended installation of a virus. If that combination does not work to close a window, use the Microsoft Windows "Task Manager" ("Ctrl-Shift-Esc") and the "Applications" tab. Simply click once on the listed application and then click the "End Task" button. After a forced-close, some browsers will attempt to recover the last page you were on the next time you restart. Select "No" or have it go to your Home Page instead.
8. Use an Anti-Malware application and keep it updated. While Anti-Virus applications will detect and block viruses, worms, and other programs that spread by design, they do not always detect or block programs that you allow to install on the computer. Clicking on pop-up advertising windows, opening, email or Instant messaging attachments, or downloading and installing games or other programs can trigger the installation of an undesirable application. Using a program to scan your computer periodically for programs your antivirus may miss is recommended. Programs like MalewareBytes, Spy Sweeper, or SuperAntiSpyware may catch and remove malware.

Security and Urban Legends

While it is important to be informed about the facts regarding malware, methods of infection, and methods of prevention, it is also just as important to know that there are some common public beliefs that are just not true. Here are some common "urban legends" that are patently false:

1. Anti-virus software companies conspire to write viruses so they can stay in business. Many computer users are tempted to believe this falsehood, but only because they do not understand how lucrative the criminal activity of malware authoring has become. If legitimate software companies were the actual criminals, someone would have blown the whistle years ago. The actual malware criminals enjoy both anonymity (they attack unseen from anywhere in the world) and impunity (there are limited resources and jurisdiction for prosecuting them, even when observed).
2. Viruses come mostly from questionable web sites. Computer users also typically believe that infections are the result of using social, illegal downloading or pornographic web sites. However, the fact is that malware infections such as worms and Trojans can attack from anywhere, and may use any legitimate and otherwise well-guarded web site as a stepping stone from one infected PC to another.
3. Free anti-virus programs are just as good as the paid-for programs. This is demonstrably not true. Observe the results of serious testing labs. If ever there were a good application of the "you-get-what-you-pay-for" principle, it would apply with anti-virus programs. Simply put, you pay for regular and effective program and virus definition updates. Licensed programs are anxious to push out good updates - often daily - to their customers. They want our business year after year, and therefore work hard to distribute good products, and largely succeed at it.
   (See: AV Comparatives - Independent Tests of Anti-Virus Software. www.av-comparatives.org)

Summary

Don’t let the threat of malware infections stop you from using the rich resources of computing. Just use your computer wisely. Utilize the measures outlined above. And exercise a healthy dose of suspicion about what you see on your computer screen, short of being paranoid. There is no reason why the careful computer user cannot buy things with a credit card, do banking and investments, and send critical business data over the Internet If possible, encrypt the data you are sending or utilize a VPN (Virtual Private Network). Certainly, you should never carry out financial transactions over a public wireless network. In spite of the risks - which are present primarily in the midst of carelessness - computers provide a powerful tool for use both on and off the Internet

For more assistance contact Technical Support here.

Creating a Strong Password

This document provides some simple guidelines for creating a user account or network access password which combines a higher level of security with a better chance of remembering it.

Why Do I Need a Password?
A personal computer system is very fast, but also very literal. It has no real means (in the human sense of the word) of distinguishing good data from bad or authorized commands from unauthorized. It simply does what it is told, for good or for ill.

With this fact in mind, it is not surprising that there are malicious entities (this writer hesitates to apply the word 'people') who are all too eager to force other peoples' computers to do things their owners would not wish them to do.

The Hack Attack!
Some computer users set up accounts with no password at all, or use a very simple password (a proper name, a simple number sequence or a string of repeated letters. Or, worse still, use their very user account name as their password! One technique used by malicious entities against such users is the dictionary hack. A computer is set up to transmit codes over a network, running through a list of words, names and number sequences.

If a match can be found with some other computer's user name and password, the "entity's" computer may then be able to transmit commands to the "victim's" computer, just as if it were a local user with a keyboard and mouse.

Piece of String vs. Combination Lock
Security experts typically recommend that computer user accounts should each be associated with a distinctive, strong password. The typical rules for defining a strong password are as follows:

• 8 to 16 characters in length


• Not a proper name or a "dictionary word"


• A mixture of uppercase letter, lowercase letters and digits.


• Optionally, includes "special characters (understroke, dollar sign, brackets etc.)

While it is true that a password such as "qqKJ_932vHc" meets the definition of a strong password, most computer users would probably have a rough time remembering it, until they had entered it many times from a "cue card". However, there is a technique which has been tested with a wide variety of Customers in a Micro Center Technical Support office, which may offer you a way to generate a strong, memorable password.

1. Begin with a word of your choosing. Example – sailboat


2. Separate the syllables. sail boat


3. Misspell the word in a phonetic way – for example, use a "q" instead of a "k", or a "y" instead of an "i". sael bowt


4. Place one or more numerals between, and / or on either side of the modified syllables. sael2bowt5


5. Substitute or insert at least one uppercase letter, somewhere other than the first character. sael2bowT5

You now have generated a strong password ("sael2bowT5") and a starting word ("sailboat") to use as a password hint. The password hint is designed to appear in a user account login window, to jog the user's memory and point the user toward the actual password.

Finally, if your operating system includes this feature, create a password reset file and write it to an optical disk, flash-drive or a memory module. This file will help you reset your own user password, should it be forgotten, mislaid or compromised.

How to Run the ESET Online Anti-Virus Scanner

If a working Anti Virus program is not available on a computer, the ESET Online Scanner can be used to detect and remove virus infections. To use the ESET Online Scanner, take the following steps:

1. Go to the page: http://www.eset.com/online-scanner.
2. Click on the ESET Online Scanner button.
   
   
   
   
   
3. Check the box by "Yes, I accept the Terms of Use" and Click the Start Button.
4. Allow the program to run if prompted by Windows User Account Control.
5. The default setting is to remove found threats. The following Advanced settings are available:
   
   
   • Select the type of applications scanned
   • Select the target drive(s) to be scanned
   • Use Customer Proxy Settings
   • Show a list of other installed Anti Virus software installed on system
   
   
   
   
   
6. Once the desired settings have been made, Click on the Start Button.
7. During the scan, threats that are found will be displayed.
   
   
   
   
   
8. Once the scan is complete, there is the option to "Uninstall application on close" by placing a check in the box. This will require the files to be downloaded again the next time ESET Online Scanner is run.
9. Click Finish.

Reference:
ESET. Online Anti-Virus Scan.
http://www.eset.com/online-scanner

UPDATE: ESET Renewal Setup

This guide will walk through the first step in renewing the ESET NOD32 or ESET Smart Security program. First determining whether you have ESET NOD32 or ESET Smart Security, and then proceeding to purchase the renewal.

Determine the ESET Program Version:

1. Close all open windows and programs on your computer. Be sure to save any work in open documents or files.
2. Click on the Start button in the bottom left corner of your screen.
   
   
   
   
   
3. Open All Programs, located just above the start button.
4. Select the ESET folder and open up the ESET Antivirus program. Write down whether it says ‘ESET NOD32’ or ‘ESET Smart Security’, you will need this later.
   
   
   

Locate ESET Username or Serial Number:
Note that only one of the two is necessary. If you already have your “EAV” username or your ESET Serial Number, proceed to Step 3.

1. The ESET Serial Number located inside the ESET CD case, opposite the CD. If this information is not available, proceed to the next sub-step to find the username.
2. On the new ESET window, click Protection Status in the top left. A message will display detailing the expiration date and the ESET Username. Write down the case-sensitive ESET Username and include the dash when writing; this will be used later on.
   
   
   
   
   
3. The ESET Username begins with “EAV-“, followed by eight numbers.
4. If the “Your license will run out shortly” message does not appear and the Protection Status is green and on Maximum Protection, you do not need to renew your ESET program yet. The program will notify you when you are within 10 to 14 days of renewal.
5. Click on the link that says Click Here to Open the Purchase Page.

Choose Renewal Option:

1. On the new web page that appears, enter the ESET username in to the ‘Username’ field and click Submit.
   
   
   
   
2. If the username is not available, enter the Serial number. Do not enter both the username and the serial number.
   
   
   
   
   Note that the username and serial number in these examples are fictitious and will not work for renewal.
3. The next page contains renewal options for ESET NOD32 and ESET Smart Security, separated by program. Whether it is ESET NOD32 or ESET Smart Security depends on what you wrote down earlier.
   
   
   
   
   
   
4. Choose the license based on how many computers (listed as “Users”) the program will be used on and how many years the renewal will be good for. Example: If you want a one year license for three computers, get a 3 User, 1 Year item.
5. Once you pick the package, click Add to Cart for that item.

Buy Your Renewal:

1. On the Shopping Cart screen, click on Checkout on the right side.
2. Enter the information as with any online purchase.
3. Note that while it appears an item will be physically shipped, the digital download only copy of the ESET software does not ship a physical item.
4. Click the Accept button to finalize the order.

Once you’re finished here and you see the “Order Confirmation” page, keep that window open and go to the next part of the tutorial – ESET Renewal, Step 2.

ESET NOD32/Smart Security Protection Status

This article contains an explanation of the different colors of the protection status icons of the ESET NOD32/Smart Security antivirus software. If you have questions about what the icon color means for the protection of your system, use this article as a quick reference for interpreting the protection status icon.

1. Green (NOD32) Blue (Smart Security)
A green status icon (or blue for Smart Security) indicates that your computer is currently under the maximum amount of protection offered by the software. The production is updating correctly and the program is functioning optimally. In the main program window, reached by double clicking the protection status icon, you will see checkmarks next to the critical protection modules, they are:

• Antivirus protection
• Antispyware protection
• (Smart Security only, in addition to the two listed above) Personal firewall
• Antispam protection

2. Yellow
A yellow status icon with a white exclamation point (both NOD32 and Smart Security) indicates the program needs user attention and that the computer may not be ensured to maximum protection. The computer is still being protected, but one or more of the critical protection modules may be disabled which is putting the computer at risk. Some of the reasons for a yellow status are:

• Virus signature database is unable to update.
• The latest Windows updates are unable to update. (Note: Version 4 only.)
• The ESET license is within 15 days of expiring and will need to be renewed before protection can update.
• Document protection, Email client protection, and/or Web access protection is disabled.
• "Block all network traffic" on the ESET Personal firewall has been selected. The computer will not be at risk, but services, such as updates, will not be able to run.

Typically, the issues can be corrected these issues by following the actions that software recommends.

3. Red
A red status icon with a white exclamation point indicates that the computer is not ensured maximum protection and is vulnerable to threats. Usually, an alert message will explain why this status is active. One or more of the critical protection modules may have red exclamation points next to them. Reasons for a red status are:

• If the protection status icon turns red immediately after install, recheck the username and password associated with the product. A typo in those fields will keep the product from updating.
• One of the critical protection modules (antivirus protection, antispyware protection) is disabled.
• Real-time file system protection is disabled. This can be remedied by clicking Setup » Antivirus and antispyware protection » Real-time file system protection » Enable.
• The protection icon will turn red after the product license has expired.
• The personal firewall is disabled. This can be remedied by clicking Setup » Personal firewall » Network traffic filtering » Switch to filtering mode.

Reference:
ESET. Knowledge Base.
http://bit.ly/gZRcTo