A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Malware

Programs that are designed to harm your computer

Chat rooms, forums and instant messaging are all great ways to communicate online, but when using them you have to watch out for the threat of malware. Malware (short for "malicious software") is any software designed to harm your computer, such as viruses, worms, Trojan horses and rootkits.

  • A computer virus is a program that attaches itself to an application or "host file" and then spreads by making copies of itself. Some type of human action (e.g. opening an attachment) is always required for a virus to take effect. Once a virus gets onto your computer it might modify, delete, or steal your files, make your system crash, or take over your machine.

  • A computer worm is like a virus, but it infects other computers all by itself, without human action and without a host file. It usually infects other computers by sending emails to all the names in your email address book.

  • A Trojan horse is a program that tricks you into running it by appearing useful or harmless. However, once it is run it damages your computer, usually by providing "back door" access to the computer. This allows hackers to control or use your computer, destroy or steal files, install viruses or spyware, or run arbitrary programs.

  • A rootkit is a program that allows an intruder to gain access to your system without your knowledge by hiding what it is doing on the system. The intruder can then install difficult-to-detect back doors into your system to seize control.

In chat rooms, forums and instant messaging, you can get malware from clickable links that download the harmful files onto your computer. A virus needs only to be sent to the system as a file transfer in order to begin wreaking havoc, but it can also wait until a certain trigger occurs (e.g. a certain date and time, a double click on the filename, the presence of another file). The key to preventing malware infections is to only click on links and download files from credible sources while using community applications.

Protective Measures

Practices

  • Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

  • Only communicate with trusted sources: Do not assume that everyone who is chatting or communicating online has good intentions. Do not automatically trust the information given to you by someone, even if the other party has a familiar name, or is someone you personally know. He or she may be infected with a computer virus, or somebody else might be impersonating them. Always make sure you are talking to the person you know. If you have just started chatting with a new and unknown person, do not click any links that he sends you and do not accept any files from him.

  • Avoid clicking on links: Links are commonly used in community applications, especially with instant messaging. Be aware that these links may actually download malware onto your computer.

  • Conduct manual malware removal scans: Use a malware removal application periodically to remove viruses, hoaxes, and other such applications that might be installed in your computer without your knowledge. One such tool is Spybot. After installing Spybot, you can check your computer for problems, and the application will help you fix them.

Settings

  • Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. This lowers your chances of contracting a computer virus. To set real-time protection (using Symantec Norton Antivirus as an example), right-click on the Symantec Norton Antivirus icon in the icon tray in the right-hand bottom corner of the screen, then select "Enable File System Real-time Protection."

  • Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:

    • Scanning all files: All files on the computer will be checked regardless of the extension or file type.
    • Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc".
    • Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.

    If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method.

  • Set your anti-virus software to make scheduled automatic scans: All major anti-virus packages offer the possibility to set scheduled full scans for viruses and malware. So, for example, every Friday night at 9:00 the anti-virus software will search for viruses and malware installed in the computer. Consult your anti-virus software's manual for more information on how to set this feature.

  • Disconnect from the network if you have any security concerns: There are two ways to disconnect from a network. The first way is to shut your computer down entirely. The second way is to disable the network interface card on your computer.

    1. To do this in Windows, go to the Control Panel (Start > Settings > Control Panel) and double click on Network and Dial-Up Connections.

      fragments_02000001.jpg

    2. Select the name of the network interface that connects your computer to the Internet. It is usually labeled Wireless or Local Area Network.
    3. Right click on it, and select "Disable." When you disable the interface, the icon will turn a light gray color.

      fragments_02000002.jpg

    4. When you want to reconnect to the Internet, return to the interface icon, right click on it, and select "Enable."

Tools

  • Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

    Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

    PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

  • Malware removal applications: Malware removal applications can remove viruses and other harmful programs that might have been installed in your computer without your knowledge. There are many commercial and free malware removal applications, including Spybot , Ad-Aware , and Pest Patrol . They are designed to remove spyware, pop-up ads, and malware that traditional anti-virus packages don't remove completely.

  • Rootkit detection software: Rootkits cannot be detected by ordinary anti-virus programs because they are very good at hiding themselves. You need special software to detect rootkits, such as RootkitRevealer  by SysInternals and F-Secure Blacklight .

Connect Safely from Different Places

Mobile

Mobile devices are as susceptible to malware as any other personal computer, and they suffer increasingly from malware, although manufacturers continue to release patches to fix security gaps. As a resource, refer to "Is My Mobile Device Safe" for trends and tips.

Synchronize your PDA/phone daily: Synchronizing your PDA daily will create a back up copy of your data, allowing you to survive an attack should one occur. The best place to back-up your PDA is your desktop computer or laptop. You do not need to use special backup applications for PDAs or cell phones; synchronization is sufficient.

On the road

In community services applications you can get malware from clickable links that download the harmful files onto your computer. That’s why it’s important to only click on links and download files from trusted sources. You are more susceptible to being infected by malware when you use a public network to connect to the Internet, so be sure to take steps to protect yourself.

Never trust anyone who approaches you in a public place offering you help with your connection. Ask for their credentials or identification. They might just want to install malware on your machine.

Ethical Issues

The intentional distribution of malware is clearly unethical, since it disrupts and sometimes disables computers and can cause financial and productivity losses. Accessing hacker sites and trying out their tools is at best unwise, and using these tools against computers other than your own without permission is likely to be unethical or illegal, depending on the nature of the tools.

Legal Issues

Intentional distribution of malware is considered illegal worldwide. Famous malware programs like Code Red and the Melissa virus caused several million dollars in losses, and each started in a simple malware application. The creator of the Melissa virus was prosecuted under Title 18, United States Code, Section 1030  and sentenced to 20 months in prison and a $5,000 fine.

My home page