Viruses and the Norton AntiVirus Program
Ed Ash
January,
2002
(Revised 1/30/02)
Objective
Keep you out of trouble
To Be Covered
What are Viruses
Virus Types
How are they transmitted?
Avoiding Virus Damage
AntiVirus Programs
The Norton AntiVirus Program
References (All Web-based)
What Are Viruses (More generally: Malicious Software="Malware")
Programs, usually malicious, which are written to cause anomalous behavior to your computer without your permission
Damage can vary from minor to major
Who Writes them? (per PC World, May 2001)
Mostly smart, bored kids, teens to 30
Motives: malice, revenge, boredom, sense of belonging to a smart community
Over over 50,000 known viruses
200+ new ones introduced each month
"In the wild" viruses are considered to be in circulation
About 200+ in last year
Latest ("in the wild") Virus Threats (Jan 30, 2002)
See Reference 7 for latest virus threats
See Reference 6 for naming convention
Hoaxes: False virus reports
Examples: Budweiser, World Domination, AIDS Virus, Dear Friends, etc.
Please: Always check warnings against know hoaxes before passing on warnings
How? Reference 5
Virus (Malware) Types
Virus
A program, usually malicious, which executes and replicates itself
Many Types: File infector, Boot Sector, Macro, OLE Shell Scrap, etc.
Example: Michelangelo
Trojan Horse
A malicious program, in disguise,
Must be executed by user to do damage
Example: BackOrifice
Worm
Programs that replicate from system to system
Example: PrettyPark.Worm
Software Security Flaw
Defect in an application (e.g., Outlook Express) which allows malicious actions
Example: Wscript KakWorm, and Nimda (security flaws in Internet Explorer, Outlook Express)
Transmission Methods
Opening Infected Files
Floppys, CDs, Zip Disks, Networks
Downloaded files
Files attached to e-mails
Exploitation of software security Flaws
Downloading infected WWW file
Opening infected e-mail message or attachment
Avoiding Virus Damage
Install AntiVirus software and update it weekly (or immediately if new warnings are issued)
Also make and update Rescue Disks
How? See Norton Program below
Set Windows to display file extensions
How? 1. Open Windows Explorer, 2. View, Folder Options, View, Uncheck Hide File Extensions.... (in Windows ME, you need to go to control panel, folders)
Be aware of all file extensions before taking action
About the only safe files remaining are graphics (e.g., JPG, GIF, TIF), TXT, CSV, RTF, Music, Movies
Some infected files try to fool you by obscuring the real file extension: e,g, Iloveyou.txt.vbs
Always scan any new/unknown file before opening
How? See discussion of Norton below
Never open file attachments unless you are expecting them
Even then, manually scan them before opening just to be safe
How? See discussion of Norton below
Use Windows Update often for the latest software security "patches"
How? Start, Settings, Windows Update, or
http://windowsupdate.microsoft.com/
Configure Outlook Express so the message preview pane does not open
How? View, Layout, remove check mark in Show Preview Pane
Antivirus Programs
How do they work?
They scan files and compare them to "virus signatures"
Signatures must be updated as new viruses are found
Norton has signatures for >58,000 viruses
Scanning is done on demand or on access
Also use "heuristics," looking for unusual behavior
Some AntiVirus Programs
Norton AntiVirus
McAfee Virus Scan
F-Secure
Panda AntiVirus
PC-Cillin
Norman Virus Control
Online Types:
Internet Gateway's new E-mail scan
McAfee Virus Scan Online
Yahoo E-mail
Reference 4 compares relative performance of programs
Panda rated tops (perfect performance, fast, clear interface)
The Norton Antivirus Program
Latest Version 2002 (for Win98/ME/XP)
Features:
Auto-Protect
Starts automatically on Windows startup and runs in background
It monitors software use, downloads, file actions, floppy access
Icon in taskbar tray indicates it is active
Right clicking tray icon opens Norton program
Manual Scan
Any disk, folder or file can be manually scanned on demand
How? 1. Open Norton program, scan for viruses, select option, or 2. Right Click on file/folder/drive in Windows Explorer, Scan with Norton...
A full system scan is performed on installation
Custom scans can be set up (e.g., Download folder)
How? Open Norton program, scan for viruses, new, name and define scan
E-mail scans
Scans both incoming and outgoing messages
Use only with POP based mail:
Does not function with AOL or Web-based e-mail (e.g., Yahoo, Hotmail)
Automatically scheduled scans
How? Scan for viruses, schedule
Repair Wizard opens when virus is found
Options: Repair, quarantine, delete
Quarantine
Makes the file inaccessible
Quarantined items may be viewed for further action (repair, delete, submit, etc)
How? Open Norton program, reports, quarantined items, view report
Inoculation
A snapshot of your critical system files
Notifies you if changes are found
Allows you to restore original
Live Update
Internet connection updates:
Virus signatures
Program changes/patches
How? Open Norton Program, Click on Live Update Button
Automatic Update Options are available
How? Open Norton Program, Options, Live Update
Signature Updates free for one year
Renewal: $3.50
$9.95
Rescue Disks
Create Rescue Disks for starting system in emergencies
How? Open Norton Program, Click on Rescue Icon
Six (6) formatted floppy disks are required
Rescue disks should be updated as new signatures are available
Virus List
You may view a list of all the viruses for which you are protected
How? Open Norton Program, Reports, Virus List, View Report
Activity Log
You can view past virus and scanning activities
How? Open Norton Program, Reports, Activity Log, view report
Options Settings
Various options are available for configuring system
How? Open Norton Program, Click Options button
Recommended: Use the default options
References
Symantec Security Response:
Network Associates McAfee Virus Information Library:
Panda Security:
Web site has free removal utilities for some common viruses
Comparison of Antivirus Programs:
Hoax References:
Virus Naming Conventions:
Latest Virus Threats:
Topic for Next Beginner's SIG
"The Windows Control Panel"