Friday, July 23, 2004

Virus Knowledge

I just spent a lot of time replying to an email with some information about viruses and spyware/adware so I thought I'd share it here.


My profession is website design and computer maintenance and I see your issue frequently. One service I provide is virus and adware removal so I think I can lend you some information as well as some good links.

What:
Instead of getting technical about the differences between viruses, trojans, worms, adware, spyware, spam, 419ers, social engineering  etc let's suffice it to say that some bad people have created programs that can use your computer in malicious ways. These programs may (but don't always) delete things from your harddrive. These programs may simply watch your websurfing habits and do nothing more than report statistics back to a company that sells statistics (nothings about a single person). These programs may use keywords on your screen to deliver an advertisement to you. Some use your machine as a mailserver to send spam and viruses.

Why:
So why are people you know sending you email with nothing in it or email that has viruses? Doesn't that mean they have a virus? Not necessarily. Your email address is in my address book because at some point I received an email from you. So if my machine has the virus that uses my machine as a mailserver, it will look in my address book and send email to all the people I know but it will randomly choose one of the names and make it appear that they sent the virus. So there is no way to really know where the virus came from (unless you get real technical).

How:
How do we fix this? A whole industry has been created to try to eliminate the above problems. For your part you should use smart computing practices. Computers and the Internet are nothing more than a reflection of the real world. If you were in the parking lot of the grocery and some stranger said "here, eat this" you would run away and report the incident to management or the police. So why do we open email attachments that say "look at this!"? Curiosity. Human nature. Accidental clicks. Many more. The best way to protect is to have a decent antivirus program on your machine and make sure that you have it regularly (nightly if possible) update its virus definitions. A good antivirus program will check your emails coming in and going out.

Spyware is unavoidable. It gets on our machines through sneaky tactics and even the most wary computer user accidentally installs some at one point. Running a scan of your computer once a week to remove spyware/adware is good preventative maintenance. Just like our cars need the fluids checked, our computers need their scans.

Firewalls. A firewall protects you buy allowing data to move from your computer to the Internet and from the Internet to your computer only if you've authorized it. Any suspicious activity is halted by the firewall. You received a message asking "do you want to continue?"

Passive vs Active. Some programs actively scan your computer. They run all the time and often update themselves automatically when you connect to the Internet. In today's computing world you must have an active antivirus program. Passive is a program that you run. Scanning for adware and spyware can be passive programs that you run once a week or whenever you notice a slowdown or peculiar behavior on the computer. Active typically has a cost where passive is often free.

Where:
    Antivirus programs:
-Symantec (Norton) Antivirus ($49.95)   Right now they have a special.. buy antivirus and get a cd of Atari games
   Symantec has a variety of great products but with an old reputation of "slowing down your computer." I personally run Norton System Works and have no problems. I think Symantec is simply stigmatized from having been around so long and when harddrives were small and memory was a commodity anything "unnecessary" slowed your computer down.
   Symantec runs the Symantec Antivirus Research Center (SARC) and provides passive scans onine SARC is a great place to research and identify hoaxes before sending out a bogus warning to your friends and family (effective the warning becomes the virus).
-Avast ($free for home use)
-TrendMicro PC-Cillin ($49.95)    I periodically use TrendMicro's online scanner (passive) to double check and make sure my active antivirus is still doing its job.
-NOD32 ($60  Australian Dollars)   I know nothing about this one other than I have a friend that uses it
-McAfee ($49.99)   The Package.   They also have a free online scan

   Spyware/Adware Detection:
-Spyboy Search & Destory ($free) This is a MUST have program. Run it once a week. Make sure you have the latest updates.
-Ad-aware ($free passive; $39 active the plus version) Spybot catches things Ad-aware misses and vice-versa. They do a little double duty but better to overlap than miss something. I personally run Ad-aware Plus and it warns me whenever something is trying to change my registry so that if I wasn't installing something on the computer I can block the change. I recommend running this at the same time you run SpyBot

   Firewalls:
-Most of the antivirus company's above offer firewall software also. I use a piece of hardware for firewalling so I cannot comment on software firewalls other than to say I've heard Blackice and ZoneAlarm are effective.
-BlackIce ($39.95)
-ZoneAlarm ($39.95 for pro)   This page shows the pro version at $39.95 but shows a combined firewall/antivirus for $19.95    That pricing doesn't make sense. Buyer beware! Read the reviews and figure out what the difference is.

On the Internet, just like in the real world, you can find bargins but you typically get what you pay for.

I hope this helped! Feel free to call me or email if you have questions. My contact information is available at http://www.sidesigns.com.