Cscu module 03 protecting systems using antiviruses

1 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

Protecting Systems UsingAntiviruses

Simplifying Security.

Module 3


The need for protecting valuable data pushing the demand for antivirus products in Northern region.

Market for Antivirus Becoming Aggressive in North IT Market

http://www.itvarnews.net

With explosion in the use of networks and also increased use of internet has definitely created a new conduit for computer viruses to spread at a rapid rate. Earlier viruses used executable files and would typically be no more than an annoyance by displaying harmless phrases. The latest viruses are much more sophisticated and able to cause extensive and irreparable damage to files. Some viruses are able to spread themselves to other computers on the Internet or network causing widespread damage to many systems. Thus to counterattack these problems and to keep up with the accompanying rise of malicious web activity a number of vendors are busy rolling out layers of updates of Antivirus. We at ITPV, contemplated in the Northern region about how the Antivirus vendors are doing, what is the demand, which segment is booming and whats the future of this technology.

3 March 2011, Thursday


Module Objectives

The Most Dangerous Computer Viruses of All Time

Introduction to Antivirus Software

How Does Antivirus Software Work?

Antivirus Software 2011

Steps to Install Antivirus on Your Computer

How to Test if Antivirus is Working?

Choosing the Best Antivirus Software

Configuring McAfee Antivirus

Configuring Kaspersky PURE

Antivirus Security Checklist


Module Flow


How Does Antivirus

Software Work?

Steps to Install

Antivirus





The Most Dangerous Computer Viruses of All Time

CIH (1998)Estimated Damage: 20 to 80 million dollars worldwide, countless amounts of PC data destroyed. Unleashed from Taiwan in June of 1998

Melissa (1999)Estimated Damage: 300 to 600 million dollars

ILOVEYOU (2000)Estimated Damage: 10 to 15 billion dollars

Code Red (2001)Estimated Damage: 2 billion and 600 million dollars (2.6B $)

SQL Slammer (2003)Estimated Damage: Because SQL Slammer erupted on a Saturday, the damage was low in dollars and cents. However, it hit 500,000 servers world wide and actually shut down South Korea’s online capacity for 12 hours

Blaster (2003)Estimated Damage: 2 to 10 billion dollars, hundreds of thousands of infected PCs

Sobig.F (2003)Estimated Damage: 5 to 10 billion dollars, over 1 million PCs infected

Bagle (2004)Estimated Damage: Tens of millions of dollars and counting

MyDoom (2004)Estimated Damage: At its peak, slowed global Internet performance by 10 percent and Web load times by up to 50 percent

Sasser (2004)Estimated Damage: Tens of millions of dollars

In the past few years, numerous PCs have been infected by computer viruses and there have been computer viruses that affected the global economic growth drastically

The top 10 most destructive computer viruses of all time according to techweb:


A computer connected to the Internet is always at high risk, and it is always recommended to install antivirus software on the system

A computer virus can degrade the performance of a computer and can delete the stored computer data

An antivirus program protects the computer against viruses, worms, spywares, Trojans, etc.



7

Today in the digital domain, loads of data is stored on computers and it has become significant to protect the data

When a PC is connected to the Internet, the PC has to combat different malicious programs such as viruses, worms, Trojans, spyware, adware

Cyber criminals such as attackers and hackers use these malicious programs as tools to steal important information such as personal data stored on the computer

These programs pose a severe threat to the computer and may destroy its functionality in different ways

Malicious programs pave their way into one’s PC through email attachments and spam email, through USB drives, visiting a fraudulent website, etc.

Due to the invasion of malicious programs in cyberspace, antivirus programs have become necessary for computers

If your computer has a good antivirus program installed, then the PC is protected and combat all types of malicious programs

Need for Antivirus Program


Module Flow


Steps to Install

Antivirus




How Does Antivirus

Software Work?


How Does Antivirus Software Work?Most of the commercial antivirus software uses two techniques:

Uses virus dictionary to look for known viruses while examining files

Detects suspicious behavior from any computer program

Virus Dictionary Approach

While examining the files the antivirus software refers to the dictionary of known viruses identified by the author of antivirus softwareIf a bit of code in the file matches with that of any virus in the dictionary, then the antivirus software can either delete the file, repair the file by removing the virus, or quarantine it

The antivirus software monitors the behavior of all the programs instead of identifying the known viruses

Whenever a program with suspicious behavior is found the software alerts the user and asks what to do

Suspicious Behavior Approach

Antivirus software will try to emulate the beginning of each new executable code that is being executed before transferring control to the executableIf the program seems to be a virus or using self‐modifying code then it immediately examines the other executable programs

Other Ways to Detect Viruses


Antivirus Software 2011

http://www.mcafee.com http://www.symantec.com http://www.avast.com http://www.kaspersky.com http://www.vipreantivirus.com

http://free.avg.com http://www.comodo.com http://www.bitdefender.com http://www.pctools.com http://www.eccouncil.org


Module Flow


Steps to Install

Antivirus




How Does Antivirus

Software Work?


Choosing the Best Antivirus SoftwareWhen purchasing an antivirus software, look for the various features and how they can best serve your needs

The most important things to be considered are:

Antivirus ScanningAntivirus Detection Accuracy

Check for antivirus software that scans and detects viruses accurately and detects the majority of threats

Scanning Speed

Check whether the antivirus software can perform the task quickly and efficiently

Resource Utilization

Ensure that the antivirus software uses minimal system resources and does not affect system performance when performing a scan


Hacker BlockingThis feature prevents other users from gaining unauthorized access and steal important data such as passwords and other confidential information

Bidirectional FirewallCheck whether the antivirus software is equipped with a software firewall or not to scan the both incoming and outgoing traffic

Technical SupportLook for good technical support so that issues are solved easily

Parental ControlsCheck for the parental control feature in the antivirus program that helps children browse the Internet safely

Easy Installation (and Easy to Use)The anti virus software should be user friendly and easy‐to‐use

On Demand and Scheduled ScanningThis options lets you schedule a scan according to user specified time. User schedule the scan daily, weekly or monthly

Automatic UpdatesThis feature keeps the user abreast of the latest online threats without the user having to visit the vendor’s

website to stay up to date

Spyware Detection & Prevention

Check for antispyware components to keep spyware at

bay

Email Scanning E‐mail Protection can monitor POP and SMTP ports and ensures that your computer doesn't contain a

threat to your computer



Module Flow


Steps to Install

Antivirus




How Does Antivirus

Software Work?


1

2

3

4

5

Review all the settings and click next until installation is finished

Once the installation process is finished, restart your computer

Download the antivirus and launch the installation of antivirus by double clicking the setup file

Most of the antiviruses follow a wizard‐driven installation process and necessary components are installed in the system by default

Steps to Install Antivirus on Your Computer

Agree to the legal agreement that might appear, click "I agree", and then click "Next" to continue


How to Test if Antivirus is Working?Step‐by‐step procedure to test the antivirus program1. Open a notepad and copy the following code onto it, and save the notepad.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR‐STANDARD‐ANTIVIRUS‐TEST‐FILE!$H+H*

2. Rename the file from New Text Document.TXT to myfile.com

3. Run the antivirus scan on this myfile.com file

4. If the antivirus is functioning properly, it generates a warning and immediately deletes the file

Note: Most antivirus will display a warning message in step 1


Module Flow


Steps to Install

Antivirus




How Does Antivirus

Software Work?



On the Main Security Center Console click Real‐time Scanning select Scan your PC

After selecting the Scan your PC option Select any one of the available three scan types (Run a quick scan, Run a full scan, or Run a custom scan)


On the Main Security Center Console click Real‐time Scanning select Schedule Scan Settings and decide how often you want to scan click Apply

After selecting the Schedule Scan Settings option Real‐time Scanning Settings select the file types, attachments, and locations that you want the antivirus to automatically scan and protect the computer from threats click Apply



Module Flow





How Does Antivirus

Software Work?

Steps to Install

Antivirus


After successfully installing Kaspersky PURE, follow the steps to configure Kaspersky PURE

Step 1: Activate the application

For Kaspersky PURE to be fully functional, it needs to be activated

You can:

Activate Commercial License with the purchased activation code

Activate Trial Version for the trial period of 30 days and get acquainted with the possibilities of the program

Activate Later, if you select activate later, the stage of Kaspersky PURE activation will be skipped. The application will be installed on your computer, but you will be able to update the application only once after its installation.

To continue the activation process, click Next

After the license is activated, click Next to proceed with the configuration



Step 2: System analysis

The Installation Wizard analyzes the system information and creates rules for trusted applications that are included in the Windows operating system. Wait until the process is completed.



Step 3: Completing installation

When the installation is complete, Kaspersky PURE Configuration Wizard will prompt with a message The installation is complete:

Make sure the box Start Kaspersky PURE is checked if you want to run the application immediately after the Configuration Wizard is closed

Clear the box Start Kaspersky PURE if you want to run the program later

In order to close the Configuration Wizard, click the Finish button



After configuring the Kaspersky PURE antivirus, launch the application and the program is ready for use

Configuring Kaspersky PURE: Backup and Restore


To configure Backup, click Backup and Restore

In Backup and Restore, click Create a backup task



Select the location of the files and click Next select the desired drive to store the backup files click Next

Specify a password to protect your data from unauthorized access and click Next



Configure storing different versions of files and click Next click Finish



Configuring Kaspersky PURE: Computer Protection

Computer Protection components protect your computer against various threats, scan all system objects for viruses and vulnerabilities, and regularly update Kaspersky PURE antivirus databases and program modules


Configuring Kaspersky PURE: Parental Control

To protect children and teenagers from threats related to computer and Internet usage, you should configure Parental Control settings for all users

If you have no enabled password protection when installing the application at the first startup of Parental Control, it is recommended that you set a password to protect against unauthorized modification of the Control settings

Now, you can enable Parental Control and impose restrictions on computer and Internet usage, and on instant messaging for all accounts on the computer


Kaspersky PURE: Administrative Tools

Using the Administrative tools, a user can configure the operating system and eliminate system vulnerabilities to provide reliable data protection

A user can:

1. Tune browser settings

2. Search for problems related to malware activity using the Microsoft Windows Settings Troubleshooting option

3. Permanently delete data

4. Delete some unused data

5. Create a Rescue Disk to clean the system after a virus attack

6. Erase user activity to protect the privacy


Module Summary

An antivirus program protects a computer against viruses, worms, spywares, and Trojans

A computer connected to the Internet is always at high risk and it is recommended to have antivirus software installed on the system

Most of the commercial antivirus software uses two techniques:

Uses virus dictionary to look for known viruses while examining files

Detects suspicious behavior from any computer program

In the virus dictionary approach, while examining the files, the antivirus software refers to the dictionary of known viruses identified by the software author

Whenever a program with suspicious behavior is found, the antivirus software alerts the user and asks what to do


Antivirus Security Checklist

Update antivirus software to get maximum efficiency

Always visit the vendor’s web site to download the patches

Do not use multiple antivirus programs on your computer simultaneously

Always perform link and email scanning

Enable firewall

Enable real‐time scanning

Always schedule scanning

Documents

Cscu module 03 protecting systems using antiviruses