Malware consists of programs such as viruses, worms, Trojan horses, and rootkits that are designed to harm your computer.
A computer virus is a program that attaches itself to an application or "host file" and then spreads by making copies of itself. Some type of human action (e.g. opening an attachment) is always required for a virus to take effect. Once a virus gets onto your computer it might modify, delete, or steal your files, make your system crash, or take over your machine.
A computer worm is like a virus, but it infects other computers all by itself, without human action and without a host file. It usually infects other computers by sending emails to all the names in your email address book.
A Trojan horse is a program that tricks you into running it by appearing useful or harmless. However, once it is run it damages your computer, usually by providing "back door" access to the computer. This allows hackers to control or use your computer, destroy or steal files, install viruses or spyware, or run arbitrary programs.
A rootkit is a program that allows an intruder to gain access to your system without your knowledge by hiding what it is doing on the system. The intruder can then install difficult-to-detect back doors into your system to seize control.
Macro viruses are a special kind of virus that can infect Microsoft Office (e.g. Word, Excel, PowerPoint) documents. In Microsoft Office, macros allow you to run certain processes automatically (e.g., a certain sequence of keystrokes or formatting functions), but they can also be used to create viruses. These viruses are activated when you open a Word, Excel, or PowerPoint document that is infected.
There are many ways that malware can get into your system. One of the biggest dangers is opening email attachments that contain malware. You can also get malware from downloading infected files when file sharing, from clicking on links in instant messenger or chat rooms, or from active content applications on Web pages.
Delete suspicious emails with attachments: Attachments are the main way malware gets onto your computer. Attachments include office document files (e.g., with .doc or .xls suffixes), program files (e.g., with .exe or .bat suffixes), and compressed files (e.g., with .zip suffixes), all of which can contain malware. The CERT Coordination Center advises users to apply the so-called "KRESV" test to detect suspicious emails. KRESV stands for:
- Know: Do you know the sender?
- Received: Have you received email from the sender before?
- Expect: Are you expecting the e-mail?
- Sense: Do the subject header and attachment name make sense?
- Virus: Does it contain a virus? You will need antivirus software to check this.
If an email with attachments fails any of these tests, delete it. If you know the sender, contact him or her to make sure that the message is legitimate.
Download anti-virus updates: Installing anti-virus software is the first step towards protecting yourself against viruses (see Tools below). But for this software to do its job, you must keep it up to date with information on the latest viruses. New viruses are constantly being created. Anti-virus software vendors try to keep up with these new viruses by issuing virus signature updates and making them available online. Falling behind on updates can allow a new virus to slip through without being detected by the anti-virus software. Most anti-virus software has an option for automatic updates or notification of update availability.
Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.
Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example):
- Open the Spybot application and look for the navigation bar on the left side of the program.
- Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom.
- Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats.
- Select all the threats and click the button labeled Fix selected problems.
- Only perform file transfers from trusted sources: This reduces your risk of downloading files infected with malware and introduces accountability, so that you have a better chance of getting a response if you do have a problem.
- Scan all files that you receive through file transfer: It is a good idea to scan the files that you receive from P2P networks with your anti-virus software to detect malware. This may slow down the transfer, but it will help keep your computer safe.
- Avoid clicking on links: Links are commonly used in community applications, especially with instant messaging. Be aware that these links may actually download malware onto your computer.
Perform frequent backups: Save your important data on a regular basis so that you can recover from a malware attack or intrusion. Thumb drives, CDs, and DVDs are good storage and transport media for large amounts of data. If possible, store your backup media in different location from the computer itself to keep them from both being destroyed in a fire or other disaster.
Don’t open digital files on your computer if you are not sure about the source: If you don't recognize a file, don’t double-click on the file to see what it is. By doing so, you may activate a virus in your computer.
Do not run macros from digital documents that you don’t know the source of: Some MS Office documents have applications called macros embedded in them. Most complex Excel files, for example, use macros to dynamically implement charts and graphs. You must be careful when opening files with macros, because they can sometimes contain viruses. You can set Microsoft Word to ask you before you open a file if you want to run the macro application or not (see Settings below). MS Office documents containing macros will ask you for permission to run the macros, as shown in the figure below. Only enable macros if you know the source of a document and you know that the document contains macros.
Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. Although this might not be necessary for mobile devices, it does lower your chances of contracting a computer virus, so check if your brand supports this configuration. If it does, activate it.
Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:
- Scanning all files: All files on the computer will be checked regardless of the extension or file type.
- Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc".
- Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.
If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method.
Set your anti-virus software to make scheduled automatic scans: All major anti-virus packages offer the possibility to set scheduled full scans for viruses and malware. So, for example, every Friday night at 9:00 the anti-virus software will search for viruses and malware installed in the computer. Consult your anti-virus software's manual for more information on how to set this feature.
Set your web browser security level to Medium or High: Your browser's security level setting determines how much active content it allows. Internet Explorer has pre-defined "Default Level" security levels to choose from. You may also customize these Default Level security settings, which is more involved than simply selecting a Default Level.
To set a pre-defined Default Level:
- In Internet Explorer, click on Tools > Internet Options.
- Select the Security tab and click the Default Level button.
- Make sure the Internet zone (globe icon) is selected in the window, and move the slider to Medium-High or High. Click Apply.
Note the differences between the settings:
- The Medium security setting generally allows active content. The browser will run programs, sometimes only after prompting you, that perform animations, allow the browser to read documents in various formats, and otherwise improve your browsing experience. However, this also allows these programs to possibly introduce malicious or unwanted code or files to your computer.
- The High security setting prevents active content entirely. While this gives your computer better protection from malware, it may prevent you from viewing content on many Web sites.
Configure MS Word security settings: The latest versions of Microsoft Office (Word, Excel and PowerPoint versions 2000 and later) allow you to configure security settings for running macros. The recommended security setting, High, only allows "signed" macros to be run. Signed macros are digitally signed, which means they have a mechanism that confirms that the macro originated from the signer, and that it has not been altered. To set this in MS Word:
Go to Tools > Macro > Security.
Select "High" for strong security. Alternatively, you can select "Very High," which allows no macros to run. This is a good idea if you don’t use macros at all.
Set your firewall to filter the appropriate ports: Make sure your firewall is filtering the ports that correspond to the applications you use. For example, if you download files using FTP, you need to open and filter port TCP-21. If you use your computer as a public server, set filtering inbound as well. Make sure to always deny unused ports and allow regular traffic, not the other way around.
Disconnect from the network if you have any security concerns: There are two ways to disconnect from a network. The first way is to shut your computer down entirely. The second way is to disable the network interface card on your computer.
- To do this in Windows, go to the Control Panel (Start > Settings > Control Panel) and double click on Network and Dial-Up Connections.
- Select the name of the network interface that connects your computer to the Internet. It is usually labeled Wireless or Local Area Network.
- Right click on it, and select "Disable." When you disable the interface, the icon will turn a light gray color.
- When you want to reconnect to the Internet, return to the interface icon, right click on it, and select "Enable."
- To do this in Windows, go to the Control Panel (Start > Settings > Control Panel) and double click on Network and Dial-Up Connections.
Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.
Two popular anti-virus packages are Symantec’s Norton AntiVirus and McAfee AntiVirus . AVG , AntiVir and ClamWin are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.
PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless and Symantec AntiVirus for Windows Mobile .
Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .
Malware removal applications: Malware removal applications can remove viruses and other harmful programs that might have been installed in your computer without your knowledge. There are many commercial and free malware removal applications, including Spybot , Ad-Aware , and Pest Patrol . They are designed to remove spyware, pop-up ads, and malware that traditional anti-virus packages don't remove completely.
Spyware removal applications: Anti-virus applications generally do not rid your machine of spyware, but there are many commercial and free spyware removal tools available. Some examples are Spybot - Search & Destroy , Ad-Aware , Pest Patrol , and Microsoft Windows Defender . Make sure that you find a legitimate spyware-removal application, since some products touted as anti-spyware applications are ineffective or actually install spyware and adware on your machine. Spyware Warrior can point you to some good applications and tell you which applications to avoid.
Connect Safely from Different Places
Usually, large businesses have system administrators who configure and protect all computers in the company. For further information on the types of malware that your computer is protected against or for questions about the settings on your computer, contact your company's system administrator.
Handheld devices (i.e., PDAs) are as susceptible to malware as any personal computer, although there are currently fewer viruses for PDAs. Mobile phones do not suffer much from malware, and currently manufacturers are responsible for releasing patches to fix security gaps.
Viruses are usually disguised as authentic documents or pictures to get you to open them. However, as soon as you double click on them, they infect your mobile device with malware. Among digital documents, MS Office documents (Word, Excel, PowerPoint), digital pictures, and compressed files (archives) are the most susceptible to malware. If you own a smartphone – which is basically a computer that can make phone calls – you should be very careful not to download and open infected digital documents on your device.
On the road
Scan your computer for malware regularly, especially after it has been connected to a public Internet connection: If your anti-virus application allows you to perform manual anti-virus scans, perform a scan as soon as you get home from a trip where you used your laptop computer on a public network. Scan your computer before you connect it to your home’s Internet connection to avoid infecting other computers with any malware you may have encountered.
The intentional distribution of malware is clearly unethical, since it disrupts and sometimes disables computers and can cause financial and productivity losses. Accessing hacker sites and trying out their tools is at best unwise, and using these tools against computers other than your own without permission is likely to be unethical or illegal, depending on the nature of the tools.
Intentional distribution of malware is considered illegal worldwide. Famous malware programs like Code Red and the Melissa virus caused several million dollars in losses, and each started in a simple malware application. The creator of the Melissa virus was prosecuted under Title 18, United States Code, Section 1030 and sentenced to 20 months in prison and a $5,000 fine.