Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keeping Your Computer Free of Viruses Stan VanDruff

Similar presentations


Presentation on theme: "Keeping Your Computer Free of Viruses Stan VanDruff"— Presentation transcript:

1 Keeping Your Computer Free of Viruses Stan VanDruff svandru@crosslink.net

2 These Terms mean “Virus” to the General Public Malicious Code Dropper Logic Bomb Time Bomb Trojan Horse Worm Virus

3 What is Malicious Code? Any program that causes damage or otherwise compromises a computer system. Could be a virus, Trojan horse, dropper, bomb, etc.

4 What is a Dropper? A program which has a legitimate use, but contains viruses which are secretly planted in a system. Droppers may actually be commercial software hacked to drop viruses. Definition from https://infosec.navy.mil/COMPUSEC/glossary.htmlhttps://infosec.navy.mil/COMPUSEC/glossary.html

5 What is a Logic Bomb? A program which executes on the occurrence, or lack of occurrence of a set of system conditions. Classic examples are programs which cease functioning if the programmer's name is removed from the company's payroll list. Definition from https://infosec.navy.mil/COMPUSEC/glossary.htmlhttps://infosec.navy.mil/COMPUSEC/glossary.html

6 What is a Time Bomb? A logic bomb activated after a certain amount of time, or on a certain date. The classic example is a program that ceases functioning on a given date, as a control for leasing it. Such a program is often re-activated by an appropriate password. Definition from https://infosec.navy.mil/COMPUSEC/glossary.htmlhttps://infosec.navy.mil/COMPUSEC/glossary.html

7 What is a Trojan Horse? A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself. It may arrive in the form of a joke program or software of some sort. Definition from http://www.symantec.com/avcenter/refa.htmlhttp://www.symantec.com/avcenter/refa.html

8 What is a Worm? A program that makes copies of itself, for example from one disk drive to another, or by copying itself using email or some other transport mechanism. It may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort. Definition from http://www.symantec.com/avcenter/refa.htmlhttp://www.symantec.com/avcenter/refa.html

9 What is a Virus? A program or code that replicates, that is infects another program, boot sector, partition sector, or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage. Definition from http://www.symantec.com/avcenter/refa.htmlhttp://www.symantec.com/avcenter/refa.html

10 These Aren’t Viruses, but They Still Spell Trouble Joke Myth Scam Hoax

11 What is a Joke? A harmless program that causes various benign activities to display on your computer (e.g., an unexpected screen-saver, turning your CDROM into a cup holder). Definition from http://www.symantec.com/avcenter/refa.htmlhttp://www.symantec.com/avcenter/refa.html

12 What is a Myth? An Often Lurid Story or Anecdote That Is Based on Hearsay and Widely Circulated As True –Aids Needles –602P Email Tax –Stolen Kidney –Klingerman Postal Virus For More Info, Visit http://www.scambusters.org/Scambusters22.html http://www.scambusters.org/Scambusters22.html Definition from http://www.merriamwebster.com/http://www.merriamwebster.com/

13 What is a Scam? A Fraudulent or Deceptive Act or Operation –Pay Per Minute (809) Scam –Free Credit Cards –Pyramid Schemes For More Info, Visit http://scambusters.org/http://scambusters.org/ Definition from http://www.merriamwebster.com/http://www.merriamwebster.com/

14 What is a Hoax? Usually an email that gets mailed in chain letter fashion describing some devastating highly unlikely type of virus, you can usually spot a hoax because there's no file attachment, no [valid] reference to a third party who can validate the claim and the general 'tone' of the message. Definition from http://www.symantec.com/avcenter/refa.htmlhttp://www.symantec.com/avcenter/refa.html

15 Example Hoaxes Good Times Deeyenda Bud Frogs Naughty Robot

16 Spotting a Hoax "VIRUS WARNING !!!!!!! If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.

17 Spotting a Hoax "VIRUS WARNING !!!!!!! If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP. First clue this is a hoax !!!!!!!

18 Spotting a Hoax "VIRUS WARNING !!!!!!! If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP. Dire predictions

19 Spotting a Hoax "VIRUS WARNING !!!!!!! If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM ; please share it with everyone that might access the internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP. Name dropping

20 Spotting a Hoax "VIRUS WARNING !!!!!!! If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP. Plead with you to spread it

21 If You Get a Virus Warning (Even from a Friend) Think First Most email virus warnings are hoaxes Suspect it unless it originates from your computer security group or your ISP Check these sites before passing it on: http://www.stiller.com/hoaxes.htm http://vil.nai.com/VIL/hoaxes.asp http://www.sophos.com/virusinfo/hoaxes/ http://www.vmyths.com/ http://www.virusbtn.com/Hoax/hoaxlist.html

22 What About Real Viruses?

23 Virus Types Boot Sector –Targets bootable hard drives and floppies File Infectors –Target executable files (e.g.,.exe,.sys, com) Macro Virus –Target Microsoft Word or Excel documents Email Worms –Use Your Email Software to Spread Like Wildfire

24 Dangerous Web Files May be hidden in HTML web documents: –ActiveX –Java (not Java Script) –VB Script Make sure your browser does not automatically execute any Microsoft Office files Set browser security settings to high

25 Vehicles to Spread Viruses Email Attachments Shareware Internet Downloads Friends Commercial Software

26 Why Viruses are so Prevalent 1)Curiosity 2)Ignorance 3)Global connectivity 4)Friends share everything 5)Complex software gives programmers more options to create and spread viruses

27 Curiosity Email from strangers makes us feel important We want something for nothing We’re a little gullible too: –From the email that contains the X97M.Papa.A Excel Macro Virus: Urgent info inside. Disregard macro warning.

28 Are There Really 50,000 Viruses? Yes (Symantec April ’01) –“Norton AntiVirus protects you from 49,250 viruses ” –Reported 62 new discoveries in April No (Wildlist March ’01) –225 distinct viruses verified by at least two participants –652 verified by one participant Sources:http://www.symantec.com/avcenter/http://www.symantec.com/avcenter/ http://www.wildlist.org/WildList/200104.htm

29 Viruses in the Wild WildList Organization –63 Professional reporters –Only monthly, but going real-time –Real threats, not academic curiosities –Attempting to standardize virus names –As of april 30, there were 662 viruses reported by at least 1 participant. 222 were reported by at least 2 participants.

30 Top 5 Active Viruses VBS.VBSWG2.X5/08/2001 W32.Badtrans4/11/2001 W32.Magistr3/13/2001 W32.HLLW10/09/2000 W95.Hybris9/25/2000 Source: http://www.symantec.com/avcenter/ (May 4, 2001)http://www.symantec.com/avcenter/

31 W95.Hybris.gen Infects Explorer.exe. Obtains the name of the computer. Retrieves the current user's email name and address. Chooses a random number of words from a *.doc or *.txt file to construct the subject and body of an email. Sends email to names from your address book.

32 W95.Hybris.gen If the computer has been infected for one month and meets other criteria, the virus –Erases CMOS and Flash BIOS (Windows 9x/Me only) –Overwrites every 25th file with [unpleasant] text as many times as it will fit –Deletes every other file –Displays [an unpleasant] message –Overwrites a sector of the first hard disk

33 Protect Yourself NOW! Upgrade your current anti-virus software and get the latest virus definitions Download a trial version of anti-virus software Run Norton Virus Check online Whichever option you choose, do it ASAP

34 Choosing an Anti-Virus Product Effective –Virus Bulletin 100% List Easy to use –Understandable interface and settings –Simple or automatic upgrades/updates Updated often

35 Use It! Scan weekly Use auto-protect feature for email and Internet downloads Scan email attachments again (just in case)

36 Keep It Up to Date! Update Anti-virus weekly (yes, weekly) Also keep these programs up to date: –Email client (especially Outlook) –MS Office (especially MS Word) –Windows 95/98/NT/2000/MacOS/Linux –Internet Browser

37 Practice Safe Computing Commercial Software, Shareware, Friends, and Internet Downloads—beware of –Bonus software or free gifts –Unknown or questionable sources Scan everything !

38 Practice Safe Computing Email—it is now possible to spread a virus in an email without attachments. If your email program can read HTML email, check your settings. Also beware of –Email from unknown senders –Unexpected attachments –Promises that are too good to be true –Senders who tell you to ignore virus warnings –Subject lines or file names that are risqué or otherwise enticing –Attachments with macros no matter the source

39 Protection from Macro Viruses Microsoft Word, Excel, and Powerpoint have built-in macro virus protection: On the Tools menu, click Macro, and then click Security. Make sure low security is not selected. Write-protect the global template Normal.Dot Visit http://office.microsoft.com/ and search on “Virus”http://office.microsoft.com/

40 Protection from Macro Viruses MS Word –Only Word documents or templates can carry viruses; TXT files and RTF files cannot. However, one can simply rename a *.doc file with the *.rtf extension to fool some (all?) anti-virus programs. Set your anti-virus scanner to check all file types— at least add *.rtf and *.txt.

41 Please—Be Careful Out There Practice safe computing (trust no one) Use anti-virus software Keep your software up to date

42 Whew! We Made It Stan VanDruff svandru@crosslink.net


Download ppt "Keeping Your Computer Free of Viruses Stan VanDruff"

Similar presentations


Ads by Google