trenchant

about what I know and what interests me

Computer virus types; Symptoms & effects of infection; Review on free antivirus, firewall & antispyware

My lil laptop caught cold!

Etiology (study of disease causation) of common cold says there are over a hundred different kinds of viruses that cause common cold. In addition, that is one reason why one cannot ideally gain immunity to common cold.

My laptop is no super man, so she got one too, a bitter cold.

This post attempts to discuss:

  1. A few basics of computer viruses.
  2. The other kinds (Worms, Trojan horses, Spy-ware, Ad-ware).
  3. The Effects & Symptoms.
  4. How get rid?
  5. How gain immunity?
  6. The ‘anti’ ware – a review.

A few basics of computer viruses:

By definition: A virus is a computer program that is designed to cause undesirable effects on computer systems. There can be several such definitions though but the following is a list of features that make a program a virus:

  1. Generally a piece of code that implants itself on executable files (*.exe)
  2. Self replicating and self propagating – can make copies of itself and systematically spread file to file, computer to computer.
  3. Implements intentional damage (read as unexpected behavior of the computer) intended by the perpetrator.
  4. Generally require user action to show effect.

Types:

  • File Infectors – Viruses that attach themselves to files, usually to .exe, .com and .bat files. Further, there are three groups of viruses of this kind.
    • Group one – Overwriting viruses: They overwrite their code into infected file erasing contents. These are primitive and they can be found very quickly.
    • Group two – Parasitic or cavity viruses: They copy themselves into begin/end/middle of infected files and usually do not change the original function of the original file.
    • Group three – Companion viruses: They do not change the content of files but either replace and rename the original file or make a double of the original file.
  • Boot viruses – Every logical drive has a boot sector, a master boot record and a partition table (one per physical drive). Boot sector contains information about the data on the disk, formatting information and a small boot program that is run when you boot your system. A virus affecting this boot program loads itself into memory at boot time and spreads to other drives. Master boot record usually uses a master boot program that locates the starting location or bootable partition from the partition table. Infection to this program might lead to even disk crashes.
  • Macro Viruses – we know macros from MS Excel as a small set of instructions that result in a certain way for a certain input. Now this category of viruses are usually written as a macro on an MS office file (a word or excel doc). They propagate with the word docs and infect the office software and files.

Read the ‘history of computer viruses’ here . In addition, a timeline of viruses and worms here

That was a brief of my knowledge about viruses.

We have often come across many other terms that point to malicious activity on computers and networks.

The other kinds (not viruses?):

  • Worm: These generally self-replicating scripts propagate over a computer network. Unlike viruses, they do not attach themselves to files. These generally target at consuming network bandwidth and designed to spread rapidly. They are capable of sending huge amounts of spam e-mail!
  • Trojan horse: The Greek term Trojan means someone who comes in disguise. You would know better if you saw Troy. In computers terms, a Trojan horse id defined as a malware that generally aims at making a system vulnerable to allow unauthorized access via the network. These generally come packed neatly in the form of photographs, screensavers etc. Apart from allowing remote unauthorized access, these also upload/download files more Trojans without the user’s knowledge.
  • Spy-ware: As the name suggests, these are certain things that enter computers as spies to spy! Most basic spy-ware are software that watch, interrupt, log and report user’s interaction with the system. Identity theft and fraud is the motto most often. A basic example would be recording keyboard strokes and mouse clicks and transmitting them to a third party. The info could have credit card numbers, Id/Passwords etc! Spy-ware generally get downloaded from webpages and get installed as ActiveX controls. They make use of flaws in the browsers JavaScript handling capability to get installed. These are capable of changing registry keys and register themselves in place of the normal programs or as associations. These unlike viruses and worms are not self replicating.
  • Ad-ware: These are privacy invading software that aim at delivering unsolicited advertisements. They generally come bundled with software (free software/shareware especially!).

The Effects & Symptoms:

The most dangerous of the lot are, I would say, Boot viruses, Trojan horses and Spy-ware.

Boot viruses aim at altering the file organization on computers and they aim at corrupting data and eventually make the computer unusable unless the user goes through re installation. This would cost a lot of time and money! Symptoms: 1. Your system doesn’t boot or cries out ‘”no boot devise”; Drives or directories are go invisible.

File infecting viruses and worms target degrading system performance. Symptoms: Your computer seems sluggish. Inexplicable and unjustified  CPU & Memory usage is a general symptom of infection.

Trojan Horses compromise the user’s integrity and security over networks allowing access to third parties. They might at least install spy-ware and ad-ware!. Symptoms: You suspect unsolicited access to data on your computer. You see lots of ads pop up as you browse the internet.

Spy-ware record and transmit sensitive user data. Symptoms: You just saw your credit cared statement with purchases that you haven’t made, someone probably got hold of your credit card number and even worse, the cvv number and expiry date as well. Your keyboard behaves erratic.

We’ve seen how bad the world can be. Call the police!

How get rid?

In these times, all of us have heard of anti-virus , anti-spyware, firewalls, registery mechanics etc. This one is good, that one has so many features, that costs this much and much more of that.

Yes, we heard some of those right. There are several tools out there to help protect or machines from malice. I recommend that an internet using fellow should have at least one up-to-date anti-virus program, a firewall and a ad-ware/spy-ware removal tool.

That is good if we were just starting to have trouble. But if we’re neck deep into it? I personally would format my machine’s hard drive clean and start afresh. But that isn’t an intelligent solution and at times, for many of us, not at all a feasible option. We’d better obtained the good (see the ‘anti’ ware section) tools first.

Lets get the anti-virus in place. Generally, most anti-virus software have a virus definitions database. This database would contain information about the viruses that have already been detected elsewhere. The definitions also generally come with the appropriate remedy.But installing the ati-virus might not be just enough. While the software might be built with the most general virus definitions but it might not be up-to-date. There are lots of them who are churning out new viruses each day. These virus databases are generally maintained on anti-virus s/w vendor websites. They can either be downloaded in the form of .exe files or the anti-virus software might have an update definitions option, given that you have an internet connection.

It is recommended that you scan the whole system. All of the harddrive and even the external storage like USB harddrives and pendrives.

The antivirus software might detect several infections (viruses, worms, trojans etc.) The s/w generally does one of the following things: Quarantine the infected files/Clean or repair infected files/delete infected files.

Some antivirus s/w wont detect spy-ware and ad-ware. We might need special s/w for that(see the ‘anti’ ware section).

Now that we have cleaned the mess up. We need to stay alert to stay healthy.

How gain immunity?

Update and Scan regularly – Most anti-virus s/w have automatic update feature, where by, they update the virus definitions and solutions automatically from the s/w vendors website. If the s/w doesn’t update automatically do the update manually. Updating isn’t just the only thing. We better did a periodic scan of the system to be sure. Most anti-virus s/w have an inbuilt scheduler that can be configured for a periodic scan.

Although it is not practical that we become completely immune. As human race always saw, the more advancement in health care we did, the more new diseases we got! There always the bad guys  (some of them,great coders) who keep making new viruses. 🙂

The ‘anti’ ware – a review:

There are several of them out there, each flaunting more features, promise of more efficient  protection.

Antivirus:

I have started with Norton anti-virus once long ago. Norton comes at a price. It guzzles a load of system resources. After all we need to our computers to do some work for us and not just stay protected running an anti-virus right?

I then tried a few like McAffee, TrendMicro, BitDefender, AVG etc. The latest reviews on these can be seen here.

A few features one might have to look for:

  1. Download size for installation file – Some anti-virus software claim that that they have all the features in the world. Sorry, we need only a few good ones. Choose the one that suits your need, the file size would vary accordingly
  2. Ease of use (installation and Interface)
  3. On-access Scanning – Files are scanned as they are accessed. This helps protect particularly when we’re downloading files. The anti-virus scans the downloaded file just as it arrives.
  4. On-demand Scanning – Almost all anti-virus programs have this. Files/folders/drives can be chosen for scan as the user wishes to.
  5. Scheduled Scanning – User can schedule when to scan and which area to scan.
  6. Script Blocking – Java and VBS scripts might pose with virus-like behavior. This feature helps block such scripts.
  7. Quarantine – Infected Files have to be separated before they infect other files. Anti-virus s/w generally put such files in a virus-vault or quarantine so that users wont access them until cleaned.
  8. Auto-Clean – Automatically attempts to clean and recover infected files.
  9. Automatic Incremental Update – Virus definition updates are automated. And the s/w updated only the latest definitions or those that are not present already.
  10. Manual offline update – In case there is no internet connection, we might require to download the virus definitions from an internet cafe and transfer to our home PCs. This feature isn’t generally found.
  11. E-mail protection – for email clients like outlook. Most of us wont use this.

Many of today’s anti-virus programs have these features but most of them come at a price. I looked for freebies!

AVG topped the charts previously. Now here is the order:

  1. Avira AntiVir
  2. Avast
  3. AVG

My favorite today is Avira AntiVir. Light on resources, easy to use, fast update.

Then, thats not it, we need a personal firewall too.

Firewall:

Again there are a lot of them. Windows firewall is quite quirky I heard. I’ve tried Zone alarm probably one of the best to date. Its a freeware.

Feature of interest:

  1. In-boundprotection – Alerts and warns about connection attempts from outside.
  2. Out-bound protection – Programs and web pages that are beign used currently on your machine attempt to connect to the internet for various reasons. This feature provides alerts and helps you configure access.
  3. Program access control – to specify which all programs need to go online and which all want to but still need not as per the user’s choice.
  4. Stealth Mode – When online, your computer constantly receives and responds to information requests from other computers. In stealth mode your computer will not respond to the flow of queries unless you opt to override.

And then the Spy ware?

Anti-spy ware:

Generally the anti-virus s/w and the firewall should be enough as they have anti-spy ware already. But then a separate and efficient program wouldn’t do any harm.

Ad-Aware is my favourite. Download its free version. It also updates the definitions and has features that one would expect of an anti-virus program. It scans for spy-ware and removes them.

For more info, go through resources here.

Well, thats a lot of work! Keep safe keep your systems happy. Hope the post helps. Please leave comments.

7 Responses to “Computer virus types; Symptoms & effects of infection; Review on free antivirus, firewall & antispyware”

  1. Chandra says:

    hey… really a good and informative article… my Mcafee 30 day trial version is going to expire in a few days… I would try Avira this time…

    and blog looks too cool in this new theme 🙂

  2. karteekmanchala says:

    Bharath,

    You have composed a very good song. nice.

    Very informative.

  3. […] An Antivirus, a Firewall and all the XP compatible software that you need. This gets you ready. Please go through A review on Viruses, Antiviruses and Firewalls. […]

  4. I have come across this relevant one while checking email:

    Phishing and Spoofing:

    What is ‘phishing’ all about – and how do I spot it?
    Phishing emails are used to fraudulently obtain personal identification and account information. They can also be used to lure the recipient into downloading malicious software. The message will often suggest there are issues with the recipient’s account that requires immediate attention. A link will also be provided to a spoof website where the recipient will be asked to provide personal/account information or download malicious software. Monster will never ask you to download software in order to access your account or use our services.

    How is it different than ‘spoofing’?
    Spoof emails often include a fraudulent offer of employment and/or the invitation to serve as a go-between for payment processing or money transfers. This scam is primarily directed at a general audience, but it can also reach Monster members Like with phishing emails, the sender’s address is often disguised.

  5. I had earlier named this post as: When my laptop caught cold – viruses – free ‘anti’ ware. But that did not fetch many visitors. 🙁 So, renamed it to what it is now and published anew. Thanks for reading.

  6. Prabin P.B says:

    I have visited your blog after you post a comment in the blog catalog. Your blog is very very informative. I would like to follow you in the blog writting. I like the blog. It is pretty smart

Please share your thoughts

Clef two-factor authentication