Embed Size (px)
Citation preview
Malware: Defenses
Kinds of malware
Viruses Macro Viruses Memory-resident viruses File infector viruses Boot Viruses Trojan Horses Hoaxes Worms
Some avoidance tips
Install an anti-virus program and keep it up to date
McAfee or AVG from http://free.grisoft.com/ Be wary of unexpected links and attachments Don't use P2P/BitTorrent Never turn off your anti-virus or your firewall. Check thumb drives, floppies, burned CDs and DVDs Don't accept files from unknown people when using
Internet Chat programs such as MSN Messenger, IM, Yahoo Messenger, IRC.
Symptoms of a sick System
Frequent crashes and system restarts slow/erratic performance Broken/erratic internet connection An active internet connection in an otherwise
idle computer Stuff in your sent folder you didn't send. Missing or corrupt data/files.
What to do?
Update your antivirus software. Disconnect from the internet: turn off your
modem/router and wireless. (Quarantine every computer)
If your antivirus found the virus and cleaned it, you are fine, otherwise: Boot into safe mode Do a system virus scan. Repeat until clean.
If you cannot get on the Internet...
Your virus may have fiddled with a file called HOSTS
Its full name is:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
on most systems (XP and VISTA, probably Windows 7 also). Its contents should only be:
127.0.0.1 localhost
and (in Vista, Windows 7):
::1 localhost There may be some lines with ipv6xx names on them, they are
OK.
Edit the file with Notepad
Operating System Security Features
KEEP YOUR OS UP TO DATE; set it to check for updates periodically (at least once a week).
Install and run antivirus software; keep it up to date (it should update automatically).
Keep your Firewall operational. In Vista and Windows 7, (and in the MAC), every time
some program tries to change the system in some significant fashion, a window prompt appears. Called UAC in Windows, it can be turned off. DON'T
More System Security Features
Be sure to set up all accounts as STANDARD accounts; have a special Administrator account (hopefully called something else) for admin tasks.
Windows has something called Data Execution Prevention (DEP). To set: In XP: use sysdm.cpl, Advanced, performance, click
on Settings and choose the level. In Vista/Windows 7: system, Advanced System Setting,
Advanced Tab, Settings, DEP settings.
Viruses on Other devices
On the MAC: before OS X there were about 60-80 viruses.; only a handful for OS X. So, not a real problem; however: PC viruses can happily live (dormant) in MAC files. Newer MACs can run Windows, and there, all bets are
off. Unix/Linux have seen a handful of Virus, none for
monetary gain. It is possible, now, to run Windows in Linux, so, again, the Caveat above applies. Also, PC viruses can exist in any file.
Viruses in Phones/PDAs
Attacks against cell phones: Through SMS messages. The possibility existed. Otherwise
Five kinds of devices:
Symbian
Handful, spread through Bluetooth
RIM (Blackberrys)
None known
Iphones, etc.
None known, unless the phone is “jailbroken”
Windows Mobile Phones
Too new.
Android
Some apps have been malicious, but not been able to spread.
If your virus doesn't remove,try:
http://www.sarc.com/avcenter/tools.list.html http://us.mcafee.com/virusinfo/default.asp?id=vrt. http://www.kaspersky.com/removaltools http://www.bitdefender.com/site/Download/browseFree
RemovalTool/ http://www.f-secure.com/download-purchase/tools.sht
ml http://www.microsoft.com/security/malwareremove/
