By Lincoln Tracy WEB110-LO1

Understanding MalwareAnd Building a Free Security

Suite

By Lincoln Tracy WEB110-LO1

IntroductionThe Internet is growing every day, and with growth

comes new risks to the security of your computer and your privacy. Viruses and malware are becoming more aggressive every year.

Even most casual computer users know that antivirus software is essential. However, many are still unaware that premium quality protection that is sold for $200.00 or more can be attained for free.

In this presentation, the reader will be given an overview of types of malware and the appropriate software to combat them. Links to recommended software choices will be given, and by the end of the presentation the reader will be given a brief and concise introduction to a very powerful and totally free antivirus suite.

By Lincoln Tracy WEB110-LO1

Malware and ProtectionTYPES OF MALWARE

TYPES OF PROTECTION

Trojans: programs that appear desirable but actually contain harmful code.

Adware: software packages which automatically plays, displays, or downloads advertisements to a computer

Crimeware: can secretly access a computer user's online accounts or financial services

Rootkits: enable continued privileged access to a computer while actively hiding its presence from administrators

Conventional Disk Scanners: Scans a user’s entire computer for malicious code file by file.

Memory Resident Scanners: Scans the active files in your computers memory as you download or use them.

Behavior Based Protection: Watches for suspicious activities involving vital parts of the user’s computer

Start-up Scans: Run before an operating system starts up and gives hidden virus a chance to become active and invisible to other antivirus programs.

Firewall: block unauthorized access while permitting authorized communications.

By Lincoln Tracy WEB110-LO1

Conventional Disk Scanner Conventional disk scanners provide an extremely thorough scan of all files on a hard disk drive. Because they scan each individual file’s coding, this scan can take a long time, especially if there are many files on a hard drive. It can take several hours for a scan of a large hard drive to complete. The scan works by comparing the code of the file against an automatically updated list of rules called “virus definitions”. When a file contains coding that has been deemed suspicious the file is set aside into a safe zone or “quarantined “ so it cant affect the system. The user is then notified and can delete the file, or attempt to extract and remove the malicious code. Conventional Disk Scans are started either by the user. It is recommend that this type of scan be run every 1-2 weeks on any system that regularly accesses the internet.

Malwarebytes

•Relatively fast among competition•Regular updates provide new virus definitions•Uses few system resources, leaving you free to work while the scan completes•Free version provides excellent protection•Small file size

By Lincoln Tracy WEB110-LO1

Resident Memory ScannerResident memory scanners scan the files that are being used in the computers active memory. Most start up at system boot when the operating system starts. When a user accesses a file, that file is loaded into the computer’s system memory so that it can be processed. Resident memory scanners scan all of the data as it enters the system memory before the file has a chance to become active or have its instructions executed. Think of them as a filter. When a file’s contents don’t pass an inspection by the virus definitions, the file is quarantined and the user is alerted and asked to take action.

Resident memory scanners are where some users go overboard. Running two scanners like Bit Defender and Norton at the same time causes unnecessary resource use and unexpected instabilities. One Resident memory scanner, in conjunction with other types of scans is more than adequate.

Avast! Antivirus

• Professional quality protection, even in free version• No hassle; starts, protects and updates automatically• Daily updates keep definitions consistently up to date.• Uses few system resources for the quality of protection it provides• Provides start up scans and conventional disk scans as well as resident memory scans

By Lincoln Tracy WEB110-LO1

Behavior Based ScannerBehavior based scanners run as a background service like resident memory scanners. What sets these scanners apart from other types of scanners is the fact that they don’t monitor the code of objects, but instead keep watch over the vital parts of a system. Certain crucial parts of an operating system that affect how a computer behaves are rarely, if ever changed. This type of scanner keeps these important parts of your system safeguarded from change. If any suspicious activity occurs; such as the creation of a second administrator account, one of the first signs of rootkit invasion, behavior based scanners report this activity to the user before any changes are made.

Behavior based scanners are an important addition to any antivirus suite, since they provide a last line of defense against malware that may have snuck past other scanners.

Threatfire

•Unique set of regularly updated virus definitions that offers protection from commonly missed rootkits and other malware•Free version with great protection•Designed to work in tandem with other antivirus programs•Very small resource usage•Small file size.•Automatic protection and manual scans .

By Lincoln Tracy WEB110-LO1

Start-up Scanner

Start-up scans have a unique and vital role in an antivirus suite. Certain types of malware, namely rootkits and crimeware can remain hidden in places that are difficult or impossible for other types of scanners to see while the computer is active, such as the registry or active Windows system files. Start up scans require a user to restart their machines after scheduling a start-up scan. When the machine reboots, the start-up scan begins before any files are loaded for the operating system files and potential malware becomes active, and is able to hide itself in hard to scan territory. The scan looks at every file and folder on the hard drive, so it can be a time consuming ordeal.Fortunately, without any operating sytem or running programs to draw processing power, the scan is usually faster than a conventional disk scan. Start-up scans do not need to be run often. Most of the time it is recommended to run them when a user encounters symtoms of a virus without being alerted by other programs. Another good time to schedule a start-up scan is when a conventional disk scan reveals viruses that were not picked up by resident memory scans or behavior based scans.The recommended software for start-up scans is the aforementioned Avast antivirus. Avast refers to this type of scan as a “Boot-Time” scan.

By Lincoln Tracy WEB110-LO1

Symptoms and Recommended Actions

SYMPTOMS

RECOMMENDED STEPS

Computer runs slower than usual, particularly at start up

Advertisements , unwanted toolbars, search engines or homepages begin showing up

Unfamiliar desktop icons. Undesired functionality or glitches Unwarranted amount of network

activity Cant update virus software. Firewall reports of unknown

programs trying to access the Internet

Antivirus or other programs wont start

System has less available memory than it should

1) Uninstall any unauthorized software from the control panel. Run conventional disc scans. First with Avast and then Malwarebytes to check your files against two varying databases of virus definitions.

2) If problem persists, run a manual scan with Threatfire. This specific scan checks not only the default vital areas, but also scans for unfamiliar start-up processes and unauthorized administrator actions

3) If problem persists, back up and scan all important files, schedule a boot-time scan with Avast and reboot.

4) If problem persists, or boot-time scan returns no results, redo the boot-time scan after restarting in safe mode.

5) If problem is still not solved, consider formatting hard drive and reinstalling operating system. Regular scans will ensure that this step is never necessary.

By Lincoln Tracy WEB110-LO1

Browser ProtectionProtection while you browse the web is a crucial part of keeping your system safe.The source of many adware programs is from cookies that are downloaded while browsing or from spam emails that contain malicious code. Adware, spyware and other forms of malware can easily be transmitted this way. Since the internet is the source of all viruses, this is the most crucial level to be protected on.

Fortunately , this is yet another feature that is provided by Avast. Whenever a user attempt visit a website that has been reported as a source of malware of any sort to Avast’s central servers, Avast will halt the connection before its ever established. When used in conjuncture with an ad blocking browser plugin this is a nearly fool-proof way of avoiding 99% of malware altogether.

Adblock for FirefoxAnd Chrome is a great (and free) program that provides protection from connections that are sources of adware and spyware

By Lincoln Tracy WEB110-LO1

Conclusion The Internet can be a very dangerous place for a healthy computer. Without protection to their data, users can have their personal files and information compromised very easily. It is important for users to know some basic information about threats to their system. It is equally important that users take preventative measures to protect their information and data. Without taking any steps to protect this information, things like important documents, credit card numbers and emails can be lost forever, or compromised by unknown users using rootkits.

A final important fact that every computer user needs to be aware of is that good protection for their system doesn’t have to come from an expensive box from the mall. And it certainly doesn’t have to cost as much as 200 dollars a year. Premium protection for your computer can be attained for free.