Monday, November 28, 2005

Lesson VII - The Big Guns

Good for you. You invested in anti-virus software because you know how easily computer viruses can invade your system. Then, you carefully studied the system requirements and installation instructions before installing the program on your computer. As a result, you see the anti-virus program icon sitting in your System Tray and feel secure knowing the software runs automatically when you perform such tasks as downloading files from the Internet or copying files from a CD onto your hard drive. So, is that it? Not quite.
To get the most out of your anti-virus software, you need to do more than simply install it and let it go to work, and that’s what we plan to stress throughout this article: Make sure your anti-virus software operates at its fullest potential.
Although software developers design most anti-virus programs to work in the background, and the software then protects your system without requiring you to think about it too much, understanding how these programs work can better help you preserve your valuable data.
If you already have anti-virus software installed on your computer, chances are good you’re using a product from one of the two leaders in the worldwide anti-virus market: Network Associates’ McAfee Security group or the Norton family from Symantec. Of the products these two leaders produce, both have consumer software—namely Norton Anti-virus and McAfee Virus-Scan Home Edition—that detects and removes malware (software written for illegal and/or malicious purposes).
Specifically, experts divide malware into a few categories:
  • Viruses—programs designed to destroy data or halt operation on systems by copying themselves into files and executing when users open those files
  • Worms—programs containing code that replicate themselves until they fill targeted drives and networks, thereby consuming an enormous amount of time and resources
  • Trojan horses—programs that falsely appear to be useful applications, such as games or utilities, but really serve a hidden agenda, such as stealing financial information from systems

There are classifications more specialized than the ones we mention, of course, but these three categories at least give you a general sense about what anti-virus programs have to face.

In simple terms, anti-virus programs work by scanning files for code that identifies malware, and in doing so, these programs rely on one or multiple (typically the latter) identification methods. For one thing, anti-virus programs look for virus signatures (strings of data that identify a virus) and then warn users if they’re about to place a virus on their computer. Anti-virus programs also use heuristic scanning, which places suspect files into a virtual computer running in a protected memory space so the programs can scan for malware-like activity. In addition, anti-virus programs use a method called integrity checking, which records the state your system is in and monitors it for changes.

Both Norton Anti-virus and McAfee Virus-Scan Home Edition use several similar methods for identifying and neutralizing malware. And even though both are highly capable programs, they offer a different set of features. Here’s a look at these two popular software packages and some of the customizations you can make to ensure they’re working as hard as they can.

Sunday, November 27, 2005

Norton Anti-Virus (My First Choice in Virus Protection)

If you’re looking for a program that sits in the background and protects your computer from malicious code while you perform other computing tasks, you’ll appreciate Norton Anti-virus. For the most part, the software runs automatically without any intervention from you, provided you accept the default configurations.
While installing the software, you’ll encounter the Information Wizard, which will help you register the software. The wizard also prompts you to select and configure several post-installation tasks, including Live Update (uses your Internet connection to obtain program and protection updates) and Rescue Disk (an option for Windows 98 Second Edition and Windows Me users; records a duplicate set of system startup files and drive partition information). Plus, the wizard will ask you to make a decision about setting up a weekly scan, an option available via Task Scheduler to automatically schedule a weekly scan of local hard drives, as well as perform a full system scan, which lets you manually scan your entire computer or individual floppy diskettes, drives, folders, or files. Of these four options, we recommend that you select all the tasks available on your system and follow the on-screen instructions.
After you get the software up and running, Norton Anti-virus monitors all incoming—and, in some cases, outgoing—files and checks them against its database of virus definitions. If a file matches one of the virus definitions, Norton Anti-virus automatically recognizes the threat, but the way in which it handles the threat depends on how you configured its AutoProtect feature.
AutoProtect does what its name implies: It automatically protects your system and sends you an alert when it detects malware or malware-like activity. The manner in which you proceed after you receive an alert depends upon your OS (operating system). If you use Win98 SE and WinMe, you’ll see an alert that indicates which file Norton Anti-virus deleted; click Finish to close the alert box. If you use Windows XP, you’ll see an alert that explains which file Norton Anti-virus repaired or deleted and what type of threat (virus, worm, or Trojan horse) attacked the file. If your Internet connection is active, you can then click the malware name to visit the Symantec Web Page that includes more details about the threat. To close the alert, click OK. If Norton Anti-virus can’t repair the file, it shows you two alerts; the first tells you that it couldn’t repair the file, and the second indicates you no longer have access to the file.
Most users should stick with AutoProtect’s default options. But if someone already changed the default settings, you can restore them by clicking the Options button at the top of the Norton Anti-virus software interface to open the Norton Anti-virus Options dialog box and modify a few options. First, select AutoProtect in the left pane. For the best overall protection, select the first three protection checkboxes: Enable AutoProtect, Start AutoProtect When Windows Starts Up, and Show the AutoProtect Icon in the Tray. Unless you’re extremely experienced in handling malware, select the radio button next to Automatically Repair the Infected File under the How to Respond When a Virus Is Found heading. Next, select the radio button next to Comprehensive File Scanning. Click OK to save your changes and close the dialog box.
This automatic protection procedure is only effective if your definition database is current. That’s why Live Update is such a valuable tool. Every four hours when you’re connected to the Internet, Live Update checks for updates to virus definitions and downloads and installs the latest definitions on your computer.
We highly recommend taking advantage of Live Update, but if you choose not to implement Live Update when you install Norton Anti-virus, you can always enable it later. To do so, open the Norton Anti-virus Options dialog box and select Live Update from the left pane. When you see the Automatic Live Update heading appear in the right pane, select the checkbox next to Enable Automatic Live Update. Also, make sure you select the other options Symantec recommends: Apply Virus Protection Updates, Apply Updates without Interrupting Me, and Notify Me of Norton Anti-virus Program Updates. Click OK.
Now, each time the software detects a new virus definition, it will download and install it onto your hard drive, often without you realizing it.

Saturday, November 26, 2005

Norton’s New & Enhanced Features

Norton Anti-virus includes several new features not found in earlier editions of the software. Laura Garcia, group product manager for Norton Anti-virus, says that Symantec noticed an important trend in consumer Internet usage and modified the anti-virus software accordingly.
“We see some changes, not just in the number of viruses, but in the type of channels through which they pass,” Garcia says. “The majority of infections are still through email, but for some [users], instant messaging has surpassed the use of email. We haven’t seen that many instant messaging viruses, but should instant messaging virus infections surpass email, we’re already ready.”
Norton Anti-virus scans and cleans incoming attachments from instant messaging applications such as Yahoo! Messenger, AIM (AOL Instant Messenger), MSN Messenger, and Windows Messenger. To make sure you’re protecting messages and attachments transmitting via these and other instant messaging clients open the Norton Anti-virus Options dialog box and select Instant Messenger from the left pane. In the What Instant Messengers to protect section, select the checkbox next to each program. Also, we recommend that you click the Configure New Users button, which automatically searches for and configures new instant messaging clients. Then, select the radio button next to Automatically Repair the Infected File and select the checkbox next to Alert Sender When an Infected File Is Received. Click OK.
The newest version of Norton Anti-virus also blocks worms from sneaking into your outgoing email attachments. The Worm Blocking feature scans your outgoing email attachments and notifies you if it finds any worms. Although this feature works automatically, just like many of the other features we discuss here, you can make sure it’s active by opening the Norton Anti-virus Options dialog box, selecting Email from the left pane, and selecting the Enable Worm Blocking and Alert When Scanning Email Attachments checkboxes. Click OK.
Script Blocking is another feature that works behind the scenes. Consider what happens after Norton Anti-virus compares a file you’re loading onto your computer against a database of known malware. If the file doesn’t include a known virus, Norton Anti-virus then looks to see if a script (sequence of instructions another program performs by design) is present that might promote malware-like activity. If Norton Anti-virus’ Script Blocking feature identifies potentially malicious behavior, it sends you an alert. The alert asks if you want to stop the script, let the script activity run once, let the entire script run, quarantine the script, or authorize the script to run without further alerts. If you trust the file, you may wish to authorize the script to run; but if you have any doubts, your best bet is to stop the script.
Script Blocking is active by default. Although we don’t recommend it, some users may prefer to turn this protection off, especially if they are developing or debugging scripts. If this is your preference, open the Norton Anti-virus Options dialog box, select Script Blocking from the left pane, and deselect Enable Script Blocking. Or, if you want Script Blocking to remain active but want to modify the program so it automatically stops suspicious behavior rather than merely alerting you, select the radio button next to Stop All Suspicious Activities and Do Not Prompt Me. Click OK.
Although most of Norton Anti-virus’ features work automatically in the background, you may want to manually scan individual files. For instance, let’s assume you question the security of a file you copied from a floppy diskette to your hard drive. To check it out, launch your Norton Anti-virus software and choose Scan for Viruses from the left pane. Now look in the right pane to review a list of tasks, starting with Scan My Computer and Scan All Removable Drives. Select Scan Files to highlight it, and from the Actions area below, click Scan. Next, browse your hard drive, locate the desired file, and click Open. Norton Anti-virus will scan the file and present you with its Scan Summary, which indicates whether it found an infection, how long the scan was, and what action the software took (such as quarantined, deleted, or fixed). Click Finished to close the dialog box.
One final note: When you purchase Norton Anti-Virus, it typically includes a one-year subscription service that lets you download the latest virus definitions and other important data. (If you bought a computer with Norton Anti-virus preinstalled, or if the software bundled with another hardware device, the subscription service is typically good for less than a year.) After the year is over, it’s crucial that you re-subscribe to the service or your virus definitions will be out-of-date. This is another reason to run Live Update: It will warn you before your subscription expires and let you re-subscribe.

Friday, November 25, 2005

McAfee Virus-Scan Home Edition

As a robust yet user-friendly piece of software, McAfee Virus-Scan Home Edition makes the process of protecting a system from computer malware nearly invisible to the user. You install the program, and from then on, it automatically monitors all files that try to enter or leave your PC.
“For the average mainstream consumer, the most important part of the software is the automatic file protection,” says Lisa Smith, senior product manager of McAfee security consumer division. “What the consumer cares most about is that the on-access scanner, VShield, is automatically enabled so that it runs a check every time you access a file. When it finds and cleans an infection, it’s doing its part.”
The VShield scanning tool starts when you boot your computer, and it stays in memory until you shut down your system. It monitors hard drive files and scans diskettes, discs, messages, and attachments. It compares your files to a database of known computer malware, and when it finds a threat, it alerts you via a default message, custom display message, or audible signal.
Microsoft Outlook users can configure what type of alert VShield uses for its email-scanning component. Open the McAfee Virus-Scan Home Edition software and click Configure Automatic Protection Settings from the Tasks menu (in the main window of the user interface). Then, click the Advanced button and the E-Mail Scan icon. Doing so changes the name of the dialog box from its default name, System Scan Properties, to E-Mail Scan Properties.
Next, choose the Detection tab, make sure there’s a check mark in the checkbox next to Enable Scanning of E-Mail Attachments, and click Apply. Choose the Action tab, select Prompt for User Action from the drop-down menu, and click Apply. (If you want the program to automatically move, clean, or delete infected files, you can choose other options from the drop-down menu instead.) Choose the Alert tab and select the checkbox next to either Sound Audible Alert or Display Custom Message. If you select the latter, you can delete the message from the text box and type one of your own. Click Apply. Click OK to save your changes and close the dialog box.
Each day via your Internet connection and the Instant Updater feature, Virus-Scan checks with McAfee’s online service for virus definition updates, virus scanning engine updates, and product updates. The Instant Updater default value is Auto Update, so you might use the software for months without realizing that Instant Updater is communicating regularly with McAfee’s online service. If you want to decide when Instant Updater communicates with McAfee’s service, however, you can configure it to work manually.
From the main window, click Configure Instant Updater from the Advanced Tasks menu. Next, click Configure Automatic Updates, select the radio button next to Manual Update, and click Apply. Or, if you prefer that the program check for updates automatically but notify you before downloading and installing them, select the radio button next to Auto Inquiry and click Apply. Click the Home icon at the top of the user interface to return to the main window.

Thursday, November 24, 2005

McAfee’s Updated & Advanced Features

The most recent version of McAfee Virus-Scan Home Edition, includes a couple of new features that deserve special mention. HAWK (Hostile Activity Watch Kernel) looks for behavior that indicates a new form of malware might be on your computer. For example, if a file sends email to more than 50% of your address book, HAWK could perceive this as malware-like activity. If it finds such a file, HAWK first prevents the malware from spreading, and then calls upon Virus-Scan to clean the file. HAWK works with any email client that supports SMTP (Simple Mail Transfer Protocol), such as Outlook, Outlook Express, and Eudora, but it does not support web-based email programs such as Yahoo! Mail.
In addition, HAWK incorporates McAfee’s Script Stopper, another new feature. Script Stopper detects potentially malicious activity (such as a script that attempts to rename a file on your computer) and stops the offending party (in this case, the script) before it can take action.
If Script Stopper is blocking acceptable scripts, however, and you want to add them to your “trusted script list,” you can do so. From the main window, click Configure Automatic Protection Settings, make sure there is a check mark in the Enable HAWK Script Stopper checkbox, and click Advanced. Then, select the HAWK icon (an action that renames the dialog box to Hostile Activity Watch Kernel Properties), choose the Script Stopper tab, and review the list of trusted scripts. Click the Add button to browse your hard drive or other drives and add scripts to the list. To modify the list, you also can select the name of a script and click the Remove button to delete it from the list, or click Clear List to clear the entire list. Click OK.
McAfee Virus-Scan Home Edition also includes several bonus components. The U.S. and Canadian versions include McAfee Firewall, a program that secures your Internet connection and keeps hackers from invading your system. But to take advantage of the firewall, you must first configure it because it is inactive by default. From the main window, click Firewall and let the McAfee Firewall Configuration Assistant walk you through the configuration process step by step.
From the first dialog box that displays, select the Filter All Traffic radio button and click next. Then, select the checkboxes next to Load McAfee Firewall Automatically at Startup and Place a McAfee Firewall Icon on the Desktop. (If you don’t want the Firewall active when you start your computer, deselect that particular checkbox.) Click Next.
Unless you’re part of a workgroup (in which case, your system administrator will probably set up options for you), deselect the checkboxes in the following dialog box and click Next.
When the McAfee Firewall searches your computer to find programs that can access the Internet, you’ll probably want to leave these settings alone if you wish to continue using these programs to go online, so click Next. Click Finish to activate the firewall.
PDA (personal digital assistant) synchronization protection is another notable component of McAfee Virus-Scan Home Edition. Each time you exchange data between your PDA and your PC; the software scans the files on your wireless device and prevents malware from transferring to your PC. The software supports most types of wireless devices using the Palm OS, Pocket PC, Windows CE, and EPOC OSes.
Win98 SE and WinMe users also can run Safe & Sound. (Because of the way in which WinXP handles file storage, this feature is not available to WinXP users.) Network Associates integrated this backup utility into McAfee Virus-Scan Home Edition. In a nutshell, this utility lets you create a protected area on your PC so that if you ever need a clean copy of a file, you can quickly access it. For more information on how to use this utility, type safe & sound in the search engine of the Help file bundled with McAfee Virus-Scan Home Edition.
Finally, it’s important to remember that McAfee Virus-Scan Home Edition comes with a year of free malware protection updates. And once your subscription reaches the 11-month mark, Instant Updater prompts you to renew your subscription by visiting the appropriate web page.

Wednesday, November 23, 2005

Use Them Well

Remember: No anti-virus program is foolproof, even the more popular ones such as Norton Anti-virus and McAfee Virus-Scan. Even so, understanding everything your anti-virus software can do and fully utilizing those capabilities is the best way to keep your computer virus-free.