Jump to content

Antivirus, Firewall, Spyware, HJT, Windows Update

Chris

By Chris,
in Essential Guides

 Share

Recommended Posts

Chris Newbie

Chris

Posted
Posted

The use of Antivirus

When you are using the Internet you can without knowing it, infect your computer with a virus. You could download what appears to be an innocent looking file, however this file may have a virus waiting inside of it. As soon as you double click on this file you have just set the virus running and you probably wouldn't know about it. Viruses can also spread via email in the form of an attachment, the content of the email makes you open this attachment and before you know it your computer is infected with a virus.

For more information on the different types of viruses please click here

So to protect your computer from a virus you would need Antivirus protection that can detect and delete a virus.

There are FREE Antivirus solutions that can be downloaded to prevent your computer from getting infected with a virus.

Such as...

AVG

avast! 4 Home Edition

AntiVir® Personal Edition

There are also paid for Antivirus solutions such as...

Norton Antivirus

McAfee VirusScan

Panda Antivirus

NOD32

For a comparison on many Antivirus applications please click here

Email Scanning

An email is probably the most common way that a virus will spread, an Antivirus application that can scan incoming and outgoing email will help to prevent your computer from becoming infected.

A Test Virus...

If your computer is infected with a virus, your Antivirus scanner should inform you of an infection. To be informed you would need to be infected with a real virus, but there is a test virus that can be used to show you the user, how your Antivirus scanner reacts to a possible infection.

This test virus is harmless and is used to show you how your Antivirus responds to an infection. This test virus is known as the EICAR test string and you can find more information about it here

1.jpg

[image 0.1]

This is how Norton Antivirus 2004 responds to EICAR [see Image 0.1]

McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

For more information please here

Note: You can use McAfee AVERT Stinger along side any other Antivirus application, but as McAfee AVERT Stinger can only detect certain viruses you must not rely upon this application solely for the protection against viruses.

Online Virus Scans

There are many free online virus scans available such as...

HouseCall

Symantec Security Check

Panda ActiveScan

Note: Do not rely upon free online virus scans as a substitute for a dedicated Antivirus application. Use an online virus scan as a second opinion...

The use of a Firewall

A Firewall is a software or hardware barrier that sits between your computer and the Internet. The idea is that the firewall monitors all incoming and outgoing data, the firewall will allow or disallow the flow of this data depending upon the permissions you set up.

For example you may want to allow certain applications to access the internet, so you would grant permission for these applications to access the internet. You may on the other hand want to deny applications access to the internet.

For more information on Firewalls please click here or here

INBOUND AND OUTBOUND

INBOUND data, is data that is sent TO your computer.

OUTBOUND data, is data that is sent FROM your computer.

Software or Hardware Firewall?

A software firewall is just that it is an application that will monitor the flow of data and you can configure these types of firewall through the application.

A hardware firewall is a physical device and because of this they can be very expensive.

The question obviously is which one shall I get?

For ease of use and to save all of your money a software firewall is the option to go for. A hardware firewall is in my opinion, over the top for a home user. There is no reason why you cannot buy one, but a software firewall would be more suited to the home user.

Does a Router help?

See: Not just for networks, and can save, a lot of hassle

Internet Connection Firewall - Windows XP

Windows XP does have a firewall, however the firewall only protects you from the flow of data that is inbound. It cannot protect you from any data that is outbound. It is because of this that the Windows XP firewall is not recommended.

Windows XP Service Pack 2

The firewall in Service Pack 2 will be updated to monitor outbound data, so you will have control over which application can access the internet - so watch this space.

Which Software Firewall?

There are free software firewalls that are available to download such as...

Zonealarm

Kerio Personal Firewall

There are also paid for firewalls such as...

Symantec's Norton™ Personal Firewall 2004

PC-cillin Internet Security

With any firewall you will most certainly have to configure which applications can have access to the internet. Once this is done you can sit back and forget it...

However if your firewall does block anything inbound it will most certainly tell you about it, and it will tell you every time. It's best to turn of this "feature" and to just ignore the warnings.

Test Your Firewall

To make sure that your firewall is configured properly, have it tested by having your IP address scanned.

The following sites offer such scans...

Gibson Research Corporation

S.O.S.

Symantec Security Check

Spyware, Adaware, Somebody Is Spying On You!

Spyware is software or hardware installed on a computer without the user's knowledge which gathers information about that user for later retrieval by whomever controls the spyware.

Spyware can be broken down into two different categories, surveillance spyware and advertising spyware.

Surveillance software includes key loggers, screen capture devices, and trojans. These would be used by corporations, private detectives, law enforcement, intelligence agencies, suspicious spouses, etc.

For more information please here

There are many applications to combat spyware and the following are probably the most popular.

Spyware Detection - The following applications can detect and remove spyware.

2.jpg

[image 0.2]

Ad-aware 6 Standard Edition [see Image 0.2]

3.jpg

[image 0.3]

Spybot-S&D [see Image 0.3]

Spyware Prevention - The following applications can prevent spyware from being installed.

4.jpg

[image 0.4]

SpywareBlaster [see Image 0.4]

5.jpg

[image 0.5]

SpywareGuard [see Image 0.5]

6.jpg

[image 0.6]

IE-SPYAD [see Image 0.6]

For a guide to installing IE-SPYAD please click here

Browser Hijacking

There is a despicable trend that is becoming more and more common where the browser settings of web surfers are being forcibly hijacked by malicious web sites and software which modifies your default start and search pages.

Sometimes internet shortcuts will be added to your favourites folder without asking you. The purpose of this is force you to visit a web site of the hijacker's choice so that they can artificially inflate their web site's traffic for higher advertising revenues.

For more information please here

7.jpg

[image 0.7]

StartPage Guard is an application that locks your internet start page and prevents it being changed from a browser hijack. [see Image 0.7]

8.jpg

[image 0.8]

CWShredder can remove cool web infections. [see Image 0.8]

Use Another Browser

Microsoft's Internet Explorer is by far the most used browser on the planet and it because of this that many browser hijacks can cause havoc on your computer. Microsoft's Internet Explorer is not as secure as you may think and Microsoft's Java VM has it's problems.

So using another browser such as Firefox or Opera would be wise as these browsers are more secure and do not fall victim to a hijack.

If you still want to use Microsoft's Internet Explorer then you might want to think about removing Microsoft's Java VM and installing Sun Java.

See: Remove Microsoft Java Virtual Machine and Install Sun Java™

See: Sun Java Website

Using Hijack This

9.jpg

[image 0.9]

Download: HijackThis

Hijack This is a valuable tool that can be used to scan your system and to report what is happening on your computer. It can report, malicious applications, browser hijacks and even the innocent applications.

Most of what Hijack this finds can be innocent but it can also find the nasty stuff, so it's best to consult somebody on what you can safely remove.

See: How to Download, Extract and Run Hijackthis

You can the post in the Hijack This and Spyware Removal Support where you can be advised on what to remove - if anything. [see Image 0.9]

You could also use: Autoruns

Updating Your Software

To stay protected against the most recent viruses and spyware threats, you must get into the habbit of updating your software...

For Example: If you use Adaware to scan your computer, just before you scan, check to see if there is an update. The update will contain the lastest detections and when you scan adaware will scan for the new threats.

If you do not update, adaware can detect the lastest threats.

Updating your Antivirus

You must ALWAYS update you antivirus application to stay protected against the newset viruses. Without these update your Antivirus cannot detect the newest viruses and you could be infected with a newer virus.

Keep it effective...

With any application, to keep it effective always check to see if there is an update. Some applications will do it manually whilst other require you to check manually.

To keep track of updates and to inform other user of updates take a look at Security Issues and Updates

Windows Update

See: Welcome to Windows Update

Windows [all versions] have their problems as exploits and flaws, have been exposed. The exploits and flaws can be taken advantage of by a virus or even a person.

For example the blaster worm shutdown computers world wide. To prevent this from happening an update had to be installed. Without this update, Windows could still be shutdown...

See: W32.Blaster.Worm

See: What You Should Know About the Blaster Worm

So installing Windows Updates can also prevent problems, the easiest way would be to install a service pack. The service packs contains many updates and you can leave it to install. However a service pack can be large, for example Windows XP Service Pack 1a is 125MB.

See: Windows XP Service Pack 1a Network Installation

Even when you have installed a Service Pack there may well be additional updates to be installed so you will have to go back to the Windows Update site to check for additional updates.

Windows Security Update CD

Luckily Microsoft offer a FREE CD full of updates, so you can forget all the downloading.

See: Windows Security Update CD

However: There are still additional updates to be downloaded [not many] so you would have to go back to Windows Update for these updates.

Compatibility Issues

The following only applies to Antivirus and Firewall applications.

Running ONE Antivirus and ONE firewall application together is fine, you should not have any problems.

However do not try and run TWO or more Antivirus applications at the sametime, this also applies to a firewall.

There can be complications and there is no need to have TWO or more antivirus and firewall applications running at the sametime.

For Example: Do not try and have Zonealarm and Kerio Personal Firewall running at the sametime.

If you use the Internet Connection Firewall - [Windows XP] then disable this if you are running a third party firewall.

Finally...

Do not become paranoid over securing and locking down your computer, as no one is after you.

If you are infected with a virus, you just remove the infection. If spyware is found to be on installed on your computer, don't worry it can be removed.

Just keep your software updated and a scan once a week should be fine.

Link to comment
Share on other sites
  • 3 years later...
APK Newbie

APK

Posted
Posted

A list of tools this guide has ovelooked:

ANTI-ROOTKIT SCANNERS:

    AVG AntiRootkit

    BitDefender AntiRootkit

    Rootkit Revealer

    Sophos AntiRootkit

    PrevX AntiRootkit

    F-Secure Blacklight

    McAfee Rootkit Detective

    Gromozon Rootkit Removal Tool

    KLister

    PatchFinder

    Rootkit Hook Analyzer

    RogueRemover

    VICE

    System Virginity Verifier for Windows 2000/XP/2003

    GMER

* Those are tools for scanning vs. ROOTKITS (which this guide seems to miss/omit (makes some sense though - rootkits originated on UNIX systems LONG AGO, but only the past year or two now have become part of many trojan/spyware/viruses in what is known as a part of their "blended threat" type attack technology in them)

(Look up each program online, & download them, PREFERABLY, from the site/software publishing house/programmers who made them)

APK

P.S.=> These are run MANUALLY, & do not (afaik in any of them) "stay resident", as do things like SpyBot 'Search & Destroy' has in its trayicon resident "teatimer" program, OR, like many antiviruses do in their trayicon + service combination for scanning files as you initially touch them (open), scanning them first, & THEN, allowing you to do the rest (read-write/close) you are doing w/ said files... apk

Link to comment
Share on other sites
Dencandy Newbie

Dencandy

Posted
Posted

A lot of hardwork there Chris, thanks very much. Just a couple of updates, though:

1 - SP2 for XP removes the old Microsoft Java Virtual Machine and replaces with the real thing - so you don't have to worry about that if you have SP2.

2 - If you have a router and are permanentlt connected to the internet and you test it with an on-line Firewall tester you are likely to get false information that some ports are open when actually they are closed. This is because a router mirrors most of the ports on your computer but has some always open to make it work properly. So you must check with the firewall manufacturer that the default standard setting on your computer firewall is Stealth (or Secure) on all ports. All the Firewalls mentioned, except Microsoft's own one, have Stealth as standard on all ports for outgoing and in-coming traffic. If you doubt this, or want to test it, you will have to by-pass your router and connect diretly to the tester through your modem. Most routers, as Chris says, these days also have a built-in hardware firewall so they are usually very secure.

Link to comment
Share on other sites
APK Newbie

APK

Posted
Posted
This thread or notice is FOUR years old but well worth being reminded of. B)

That's why I noted it "Makes Sense" above in my last post (as to why this person who started this thread 4 yrs. ago MAY have omitted ROOTKIT DETECTORS)...

:)

* They were only being "theorized" mostly back then on/for Windows!

(YES - Sure, EVEN "BACK THEN" (4++ yrs. back), yes, SOME attacks occurred in virus/trojan/malware/spyware etc. that were using this "technology" via kernel hooking &/or bootsector infectors + more ways, but not many were using it, afaik @ least on Windows)

Again: Originally, this rootkit threat came out of the UNIX world (where they are a reality for certain)!

(HOWEVER, nowadays, & on Windows? MORE & MORE of the "badware's" starting to appear bearing this tech, so that list of mine above's a way to "help keep clean" vs. ROOTKITS).

As a matter of interest. Eset Nod 32 found ALL the viruses in Chris's post IMMEDIATELY. It is regularly in the top two or three on the Virus Bulletin. :D I swear by it.

As do I, & in the security guide I did here, I also put up quite a bit of proof as to its strength in HEURISTICS ("smells like a duck, looks like a duck, tastes like a duck - IT MUST BE A DUCK) type tech, which spots things that signatures based virus detection just can't (impossible for that to do so in fact, it needs KNOWN quantities, mugshot matching in essence... unlike HEURISTICS, which spots what signatures detecting can't) & in tests I saw from 2005-2007, NOD32 took the crown there (& in speed/efficiency too).

APK

P.S.=> If you were to look up the term "blended threat" online, such as here:

=====================

SALIENT QUOTE:

=====================

http://anti-virus-rants.blogspot.com/2006/...ded-threat.html

"although it isn't generally well known, a piece of malware can be a virus and a worm and a rat and a rootkit and any number of other malware types all at the same time - the various malware types are not mutually exclusive in any way... anti-malware vendors (anti-virus vendors in particular) don't generally do a great deal to make this obvious to the general computer using public, often preferring to treat one type as taking precedence over the others... occasionally one may see a write-up that lists something as a "spyware worm" or something like that but generally not... this may be one of the more detrimental things that the industry practices because it misrepresents the breadth and scope of the threat that a particular pigeon-holed piece of malware poses... no malware type is an island unto itself, they can all be combined with one another and that is an important point to remember when dealing with the issue of what type of malware something is... another (better known) term for this, at least the way some people (like kaspersky) use it, is "blended threat"... symantec, on the other hand, reserve the term blended threat for those hybrids that include exploit code as one of the malware types in the combination... according to nick fitzgerald, symantec coined the term to mean just that so that is the more formal meaning - however i can see no reason why exploit code should be so special as to deserve a special term for it's hybrids and clearly others agree..."

=====================

There, as just 1 example? Well, you'll see rootkit technology mentioned... it's no longer just the province of *NIX only anymore! So, using "layered security" is the way, & this is just another set of tools, for another layer of attack possible vs. Windows folks now even... apk

Link to comment
Share on other sites
APK Newbie

APK

Posted
Posted

AND, LASTLY? ROOTKITS ARE ABOUT TO GET EVEN TRICKIER (trickier than Virtual Machine ones, that ride "underneath" your OS API visibility even):

http://it.slashdot.org/it/08/05/11/2044216.shtml

:(

* Man... what's next?

E.G.-> BIOS flashing hardware-infecting virus & rootkits?

APK

P.S.=> That's NOT impossible either... things that companies like ASUS & GIGABYTE use, to flash your BIOS from Windows, MAKES or rather PROVES, that is possible as well... apk

Link to comment
Share on other sites
  • 8 months later...
  • 2 months later...
  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy

  I accept