Virus checkers – Why

 

Firstly, a bit of background. Virus is an emotive term that conjures up images of plague and pestilence when in fact, as far as computers go, its just software. Sometimes little more than a practical joke or a demonstration by a mischief maker that says “look what I can do”. Other terms can confuse but essentially they are all software, programs designed to do something unbeknownst to the person whose computer has been “infected”. Some terms are listed below:

  • Trojan: the virus is in another program that might wait before running or infect you whan you install the other program.
  • Malware: just bad software in general, possibly hijacking your browser with a different search tool that forces more advertising or even takes you to web sites that may actually load a virus onto your computer.
  • Adware is another term referring to software that pops up adverts or takes you sites you haven’t actually chosen. Not necessarily harmful but always annoying.
  • Worm is a standalone piece of software that spreads itself and may at some future point carry out some harmful action
  • RAT – remote access trojan that allows the creator (or someone else) access to your computer.
  • phishing – a virus or web site that deceives you into entering your password etc

All still software- a real virus can be airborne or transmitted on contact, in food etc, a computer virus can come  from a web site (usually by clicking on a dummy warning such as “Your Registry needs cleaning, you need XYZ…”, an email link (emails themselves don’t do any harm it is clicking on a link within them that does that (hold the mouse over the link or right click and (on the bottom left of your screen if not immediately at the point of clicking) you’ll often see that it is actually a totally different link, or whilst it might include a “kosher” word, it may not be right e.g. me.paypal.eu is NOT paypal.co.uk). Even if you do click on a link in an email, it is usually for “phishing” (see list above). NEVER enter security information except where you have explicitly gone to the web site directly via your browser. Also, be very careful when downloading software from the internet, if you have a good virus checker, it will warn you when you download. Sometime a false positve e.g. you are downloading a program to enable remote access by a consultant, e.g. TeamViewer. Because if CAN allow remote access it can be flagged as potentially harmful. Just be aware, especially from dodgy sites – I have heard frequent cases of infection from downloading the means to watch football over the internet (or of course porn!).

Many people I know are afraid that Facebook will “infect” them. Other than clicking on a link within a post, Facebook is probably one of the safest sites. The main danger of Facebook is the amount of time you can waste; YouTube is the same, safe as houses but it depends on what you click, check on the bottom left of your screen that the link is what it says it is. Even then, my wife downloaded a spreadsheet from a trusted facebook group. When she opened it her virus checker warned her about a macro about to run (a small program actually embedded in excel, often an intentional part of an uninfected spreadsheet). The virus checker prevented any problem. Facebook wasn’t the problem it was the link she clicked.

So, a virus is “just” software? And as such it is written in computer code.  You may hear talk of a virus “fingerprint”. All this means is that, because it is written in computer code, it has certain unique charateristics, like a book… if you enter a sentence long enough from any book, chances are there is only one book with that sentence. Same for a virus (ok it might be otherwise unintelligible machine code but identifiable nevertheless).

If you have a virus checker program it must periodically download a new list of virus fingerprints. The better ones do this frequently and the best will be identifying new ones very quickly. See the next post for more on virus checkers. The danger zone is the gap between a new virus being released and it being identified and included in the lists. Sometimes called “zero day” vulnerabilities because there is no time for a fix to have been created.  Once a new virus has been identified, virus checker publishers will usually make small programs that can be run once to undo any damage done. This is not always possible though and the best remedy is to make sure you backup all the things on your computer that you cannot bear to lose. Then the worst that can happen is a few hours spent reinstalling any affected applications (often this is where I am called in, unfortunately often with no backups available, though that is not always a problem, I have many means of file recovery). So get a good virus checker,make sure it updates frequently and  BACKUP!

 

 

 

Posted in Uncategorized.

Leave a Reply

Your email address will not be published. Required fields are marked *