Malware: Defenses

1
Malware Defenses
2
Kinds of malware

• Viruses
• Macro Viruses
• Memory-resident viruses
• File infector viruses
• Boot Viruses
• Trojan Horses
• Hoaxes
• Worms

3
Some avoidance tips

• Install an anti-virus program and keep it up to
  date
• McAfee or AVG from http//free.grisoft.com/
• Be wary of unexpected links and attachments
• Don't use P2P/BitTorrent
• Never turn off your anti-virus or your firewall.
• Check thumb drives, floppies, burned CDs and DVDs
• Don't accept files from unknown people when using
  Internet Chat programs such as MSN Messenger, IM,
  Yahoo Messenger, IRC.

4
Symptoms of a sick System

• Frequent crashes and system restarts
• slow/erratic performance
• Broken/erratic internet connection
• An active internet connection in an otherwise
  idle computer
• Stuff in your sent folder you didn't send.
• Missing or corrupt data/files.

5
What to do?

• Update your antivirus software.
• Disconnect from the internet turn off your
  modem/router and wireless. (Quarantine every
  computer)
• If your antivirus found the virus and cleaned it,
  you are fine, otherwise
• Boot into safe mode
• Do a system virus scan. Repeat until clean.

6
If you cannot get on the Internet...

• Your virus may have fiddled with a file called
  HOSTS
• Its full name is
• C\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
• on most systems (XP and VISTA, probably Windows 7
  also).
• Its contents should only be
• 127.0.0.1 localhost
• and (in Vista, Windows 7)
• 1 localhost
• There may be some lines with ipv6xx names on
  them, they are OK.
• Edit the file with Notepad

7
Operating System Security Features

• KEEP YOUR OS UP TO DATE set it to check for
  updates periodically (at least once a week).
• Install and run antivirus software keep it up to
  date (it should update automatically).
• Keep your Firewall operational.
• In Vista and Windows 7, (and in the MAC), every
  time some program tries to change the system in
  some significant fashion, a window prompt
  appears. Called UAC in Windows, it can be turned
  off. DON'T

8
More System Security Features

• Be sure to set up all accounts as STANDARD
  accounts have a special Administrator account
  (hopefully called something else) for admin
  tasks.
• Windows has something called Data Execution
  Prevention (DEP). To set
• In XP use sysdm.cpl, Advanced, performance,
  click on Settings and choose the level.
• In Vista/Windows 7 system, Advanced System
  Setting, Advanced Tab, Settings, DEP settings.

9
Viruses on Other devices

• On the MAC before OS X there were about 60-80
  viruses. only a handful for OS X. So, not a real
  problem however
• PC viruses can happily live (dormant) in MAC
  files.
• Newer MACs can run Windows, and there, all bets
  are off.
• Unix/Linux have seen a handful of Virus, none for
  monetary gain. It is possible, now, to run
  Windows in Linux, so, again, the Caveat above
  applies. Also, PC viruses can exist in any file.

10
Viruses in Phones/PDAs

• Attacks against cell phones Through SMS
  messages. The possibility existed. Otherwise
• Five kinds of devices
• Symbian
• Handful, spread through Bluetooth
• RIM (Blackberrys)
• None known
• Iphones, etc.
• None known, unless the phone is jailbroken
• Windows Mobile Phones
• Too new.
• Android
• Some apps have been malicious, but not been able
  to spread.

11
If your virus doesn't remove,try

• http//www.sarc.com/avcenter/tools.list.html
• http//us.mcafee.com/virusinfo/default.asp?idvrt.
  
• http//www.kaspersky.com/removaltools
• http//www.bitdefender.com/site/Download/browseFre
  eRemovalTool/
• http//www.f-secure.com/download-purchase/tools.sh
  tml
• http//www.microsoft.com/security/malwareremove/