Protecting your computers from invaders: antivirus-software powerhouse Symantec offers tips for keeping viruses, worms, and Trojan horses at bay.Most people who use a computer and the Internet for business and/or personal activities are familiar with the potential havoc that can be wrought by computer viruses. These little programs often make news headlines and are capable of everything from annoying computer users to costing corporations millions of dollars because of lost time and destroyed information, as well as other damage to digital assets. The first step in protecting against the damage viruses cause is to understand exactly what a computer virus is and how it behaves. A computer virus is a program that replicates by inserting or attaching itself to other computer programs or media and can disrupt a computer system's functional abilities. Computer viruses come in both benign and malignant varieties. Viruses can be programmed to disrupt a computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage but simply to replicate themselves or make their presence known by presenting text, video, or audio messages. Much like biologic viruses, computer viruses are also capable of infection rates of varying speeds, and they can be polymorphic polymorphic - polymorphism (they can reproduce self-operational clones) or metamorphic met·a·mor·phic adj. 1. also met·a·mor·phous Of, relating to, or characterized by metamorphosis. 2. Geology Changed in structure or composition as a result of metamorphism. Used of rock. (they can evolve into different strains). Different classes of Internet threats, such as worms and Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
Trojan horses are programs that are hidden in software that programmers deliberately include without the user's knowledge. They are impostors--files that claim to be something desirable but, in fact, are malicious. An important distinction between Trojan horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse programs and true viruses is that Trojan horses do not replicate themselves. Trojan horses contain malicious code that, when triggered, causes loss--or even theft--of data. For a Trojan horse to spread, a user must "invite" the program onto his/her computer--for example, by opening an e-mail attachment A file that rides along with an e-mail message. The attached file can be of any type. E-mail programs make it easy to attach a file. For example, in Eudora, all you do is select Attach from the Message menu, browse through the folder hierarchy to find the file you want and then double or downloading and running a file from the Internet. [ILLUSTRATION OMITTED] Evolving Threats In the past, viruses were transmitted via floppy disk. This infection process is extremely slow by today's standards. The Internet has provided a medium by which viruses are transmitted from host to host with amazing speed through e-mail, peer-to-peer file sharing Copying files from one computer to another. See peer-to-peer network, file sharing protocol and file and printer sharing. , or instant-messaging applications; virus infection has come to take place predominantly through e-mail attachments. Human nature is a funny thing, and virus writers often exploit it to create viruses that trick computer users into opening malicious programs. This tactic, called "social engineering," preys upon a person's curiosity or desire to be included or receive free items. Once a user opens an infected e-mail or an attachment is run, computers can become infected. Today's trends show increased numbers of a new type of threats called "blended threats." The difference between traditional viruses and today's blended threats is that blended threats attack multiple points, spread without human intervention, and exploit vulnerabilities. They also use multiple methods to propagate, such as becoming embedded into HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. files of an infected server, infecting any visitors to a particular Web site, and even sending e-mails with a worm attached. Multiple methods of propagation can make containment of a blended threat an even greater challenge. Blaster, Welchia (or Nachia), and SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process are examples of high-profile blended threats that used the methodology of attacking known security flaws in operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and database applications. This type of attack (exploiting known security flaws) is unique for virus-based attacks in that it might not require a file to be run on a targeted computer. The initial propagation of the attack runs in computer memory and can achieve global infection in minutes or hours rather than days, making blended threats very hard to defend against. It is possible that the convergence of computers and everyday devices means that new types of threats will be created. The methods of infection and distribution will also evolve with the increased use of new devices that share information easily because they use the same basic technology. We already have handheld computers, phones with Internet access See how to access the Internet. , and other appliances that are designed to automatically connect to networks when they are within a certain physical distance of the wireless environment and attempt to communicate with the network. These new technologies and devices are quickly approaching the functionality and critical mass necessary for them to become potential targets. Protection Antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. is critical in defending against computer viruses and other malicious programs (often called "malware"). Antivirus software identifies and protects against these threats by taking parts of the live electronic virus and using its characteristics as markers that are called "definitions." To identify viruses for which a definition might not be yet available, antivirus companies use a method of virus identification based on modeling behavior called "heuristics." In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , if it looks like a duck, walks like a duck, and sounds like a duck, then it must be a duck. Employing heuristics, the software uses the basic characteristics of viruses and other attack software to actively search for programs or code with similar or identical characteristics or behaviors, tagging matching code as potential attack software. Any organization can take some common steps to help protect against virus infections: Install antivirus software from a well-known, reputable company, update it regularly, and use it properly. New viruses come out every single day, and an antivirus program Software that searches for known viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns are added to a signature database that is downloaded periodically to the user's antivirus program via the Web. that hasn't been updated for several months will not be as effective against current viruses. Use the software's real-time scan feature and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file See executable code. . To protect your enterprise from the new generation of blended threats, you need to take a look at the security strategies you currently have in place. The "one threat, one cure" approach, such as installing only one antivirus software version, has become outdated. Enlist a comprehensive approach, creating a defensive barrier that is comprised of antivirus, content-filtering, firewall, vulnerability-management, and intrusion-detection measures. This will make your system extremely difficult and costly for intruders to compromise. All parts of the network must be protected, and there must be a response in place to provide security at different levels of the network, including the gateway, server, and client levels. Perform a virus scan virus scan Informatics A computer program that can ID code–geek speak for computer program subroutines–often found in computer viruses. See Computer virus. on any new programs or other files that could contain executable code before you run or open them, no matter where they originate. There are several cases of commercially distributed floppy disks and CD-ROMs spreading virus infections. Be extremely careful about opening binary fiies and Word/Excel documents from unknown or dubious sources. Be especially wary of files unexpectedly received as at tachments to e-mail or during an online chat session. E-mail and online chat seem to be the primary means through which many viruses are transmitted. Disable mobile code. In this context, mobile code is software that is transferred from a host to a client (or another host computer) to be executed (run). A worm is an example of malicious mobile code. If your e-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, you should seriously consider disabling this feature in your Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. . One of the best methods of preventing attacks is actively monitoring all software installed and run on your computer. Perform regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive, and a recent backup might be the only way to recover your data. If you think your computer might have a virus, don't overreact o·ver·re·act v. To react with unnecessary or inappropriate force, emotional display, or violence. . Overreacting (i.e., panicking) will cause undue stress related to a problem that is very manageable. Viruses and worms can be effectively identified and treated, and often data can be recovered and files repaired. Learn and understand the symptoms by trying to assess how your computer is behaving differently. Some common symptoms that could indicate your system has been infected are: * Your computer slows down without reason. * Unusual messages or displays appear on your monitor. * Unusual sounds or music are played at random times. * Your system has less available memory than it should. * A disk or volume (a volume is a fixed amount of storage space on a disk or storage tape) name has been changed. * Programs or files are suddenly missing. * Unknown programs or files have been created. * Some of your files have become corrupted or suddenly don't work properly. If a virus does infect your computer, follow the directions in your antivirus program for cleaning it from your computer. Scan the files you restore to make sure your backups weren't infected. For additional assistance, check your antivirus vendor's Web site and support services support services Psychology Non-health care-related ancillary services–eg, transportation, financial aid, support groups, homemaker services, respite services, and other services for your antivirus software. Bill Musson, a Certified Information Systems Security Professional Certified Information Systems Security Professional (CISSP) is a vendor-neutral certification governed by the non-profit International Information Systems Security Certification Consortium (commonly known as (ISC)²). (CISSP (Certified Information Systems Security Professional) The award for successful completion of an examination in computer security administered by the International Information Systems Security Certification Consortium (ISC)2. ) and Global Information Assurance Certification Global Information Assurance Certification (GIAC) is an information security certification entity that specialises in technical and practical certification as well as new research in the form of its GIAC Gold program. (GIAC (Global Information Assurance Certification) The award for successful completion of a course in computer security from The SANS Institute, Bethesda, MD (www.sans.org). Introduced in 1999, GIAC tests the practical application of the required knowledge. ) Certified Intrusion Analyst (GCIA GCIA GIAC Certified Intrusion Analyst (SANS Institute) GCIA Georgia Crop Improvement Association GCIA Global Christian Internet Alliance GCIA Genius Cats Intelligence Agency (humor) ), is a Senior Security Consultant for Symantec Corporation and is currently contracted to the U.S government, performing support for the Navy-Marine Corps Intranet Network Operation Center on Ford Island in Pearl Harbor, Hawaii. James Hukill, Jr., is a Security Consultant at Symantec and has worked in law enforcement and technology account management. He also is engaged in the Navy-Marine Corps Intranet project. For more information, e-mail symantec@connectpr.com. To comment on this article, please send e-mail to musson0304@nursinghomesmagazine.com. For reprints, call (866) 377-6454. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion