Desktop Security Software

How To Identify A Virus Infected E-mail Message?

It is often difficult to identify an infected e-mail message. The way modern viruses and mass mailing internet worms function, messages can seem to arrive from friends or colleagues. In reality most infected messages are being automatically sent by another infected machine who has no idea their machine even has a problem. Since the virus or worm pretend to be the owner of the infected computer it can be hard for you when you get unexpected email messages from them.

Here are a few important things to watch for:

1) E-mail messages from people you don't know (including and especially SPAM). These are usually the culprits that put a virus on your computer.

2) E-mail messages from friends or family that you were not expecting (especially if they contain attachments). It is possible that these may not be from people you know, but may actually be spam messages.

3) Attachments in an email with subject lines that seem inappropriate or strange, even if it's from someone you know. For example, an email from your retired father who is on a beach in Mexio titled "Update on system report" is suspicious.

4) You should NEVER EVER launch an attachment that ends with an .exe, .pif, .com, .bat, or .scr extension until you have scanned it with up-to-date virus scanner. Even files ending with .doc, and .xls (word and excel documents) can carry macro viruses and should be scanned. It does not matter if you completely 100% trust the person it came from. SCAN IT.

5) Never open SPAM email. Spam email is too easy to copy and use to send a nasty virus. I'm not saying spammers send viruses, but virus senders/creators do use spam-like messages to send their viruses, Trojans, and internet worms around.

6) If you're not 100% sure the email is legitimate, call the sender and ask before opening the attachment. If you're sure you've received an e-mail message with a virus, you should delete the email WITHOUT opening the email or the attachment. If it is important, it can always be resent.

7) Email is becoming the #1 method for viruses, worms and Trojan horses to spread. Take extra special care with your email, and you will not only protect yourself, but prevent yourself from accidentally becoming a spreader of virus loaded email messages.

The smartest thing to do is simply install a very affordable antivirus program (like Norton, McAfee, or PC-cillin) and set it to automatically scan all incoming and outgoing email messages and attachments. This way you protect your own computer, and make sure you don't forward any infected messages to your friends and family.

The most important thing you have to realize is that viruses cannot get on your computer by themselves. You do have to put them there by opening files that can contain the harmful viruses. They could wipe out your hard drive, which could be detrimental for you if you have important files stored there and for which you don't have a back up disk.

If you do get a virus on your computer, you don't have to panic. If a virus is active in the memory, the anti-virus software may not be able to detect it. If you really want to make sure your computer doesn't have a virus, turn it off and reboot it using a disk that you know doesn't contain any virus such as your antivirus software's recovery disk.

About the Author
Eric Koshinsky
Learn how to remove blackworm virus and how to block trojan horses, spyware, computer viruses, in the future. Large choice of Computer Security Articles

How To Identify A Virus Infected E-mail Message?

It is often difficult to identify an infected e-mail message. The way modern viruses and mass mailing internet worms function, messages can seem to arrive from friends or colleagues. In reality most infected messages are being automatically sent by another infected machine who has no idea their machine even has a problem. Since the virus or worm pretend to be the owner of the infected computer it can be hard for you when you get unexpected email messages from them.

Here are a few important things to watch for:

1) E-mail messages from people you don't know (including and especially SPAM). These are usually the culprits that put a virus on your computer.

2) E-mail messages from friends or family that you were not expecting (especially if they contain attachments). It is possible that these may not be from people you know, but may actually be spam messages.

3) Attachments in an email with subject lines that seem inappropriate or strange, even if it's from someone you know. For example, an email from your retired father who is on a beach in Mexio titled "Update on system report" is suspicious.

4) You should NEVER EVER launch an attachment that ends with an .exe, .pif, .com, .bat, or .scr extension until you have scanned it with up-to-date virus scanner. Even files ending with .doc, and .xls (word and excel documents) can carry macro viruses and should be scanned. It does not matter if you completely 100% trust the person it came from. SCAN IT.

5) Never open SPAM email. Spam email is too easy to copy and use to send a nasty virus. I'm not saying spammers send viruses, but virus senders/creators do use spam-like messages to send their viruses, Trojans, and internet worms around.

6) If you're not 100% sure the email is legitimate, call the sender and ask before opening the attachment. If you're sure you've received an e-mail message with a virus, you should delete the email WITHOUT opening the email or the attachment. If it is important, it can always be resent.

7) Email is becoming the #1 method for viruses, worms and Trojan horses to spread. Take extra special care with your email, and you will not only protect yourself, but prevent yourself from accidentally becoming a spreader of virus loaded email messages.

The smartest thing to do is simply install a very affordable antivirus program (like Norton, McAfee, or PC-cillin) and set it to automatically scan all incoming and outgoing email messages and attachments. This way you protect your own computer, and make sure you don't forward any infected messages to your friends and family.

The most important thing you have to realize is that viruses cannot get on your computer by themselves. You do have to put them there by opening files that can contain the harmful viruses. They could wipe out your hard drive, which could be detrimental for you if you have important files stored there and for which you don't have a back up disk.

If you do get a virus on your computer, you don't have to panic. If a virus is active in the memory, the anti-virus software may not be able to detect it. If you really want to make sure your computer doesn't have a virus, turn it off and reboot it using a disk that you know doesn't contain any virus such as your antivirus software's recovery disk.

About the Author
Eric Koshinsky
Learn how to remove blackworm virus and how to block trojan horses, spyware, computer viruses, in the future. Large choice of Computer Security Articles

Virus or Spyware - What's the diference?

This month's article is one of the things I still find comes up as a frequent question, "what's the difference between Viruses and Spyware"? I will try and clarify that here. One of the biggest slowdowns of a PC is caused by viruses, adware or spyware as it's often called. Before you can benefit from any other optimisation tips or improvements you really need a system relatively free from those pests.

A virus is a piece of malicious software code written to cause some kind of damage to a computer system or network or even the Internet itself. Viruses spread, similar to their biological namesake, from one machine to another and can spread havoc wherever they go. They are most commonly spread by sharing files with others or through email attachments where they can be set up to send themselves to all the addresses in your email address book.

Adware is usually dowloaded and installed along with some other program without your knowledge and unlike a virus doesn't spread by itself. Very often you click "OK" without reading the terms and conditions and by doing so you agree to have the files installed. An example is you see a "free" program on offer that you think might be useful and download it without thinking. Even some anti-spyware programs install adware and the website earns money from the ads that are clicked on.

The catch is that the extra files introduced are used to determine things like your surfing habits and the data is used to serve up popup ads or redirect your browser to a page other than the one you wanted. Some of the programs can be used to install keyloggers which can send back information about passwords and bank details etc. Adware is not a security problem it is more an annoyance especially when you have ten different programs trying show ads. The amount of computer resources it uses up slows your system to a crawl.

Spyware is more malicious and evil intentioned and is designed to steal something from you. It can be downloaded by visiting the wrong types of websites or along with other files the same way as adware. Spyware can often be hard to remove as it can continually recreate itself and hide somewhere on your hard drive.

Programs such as trojans can be used to allow access to hackers at a later date. From the story of the Trojan horse where the Greeks hid inside the wooden horse left as a peace offering and were wheeled in to the fort by the Trojans themselves. Then at night the Greeks crept out of the horse and opened the gates and let the enemy in. Trojans and adware unlike viruses don't spread themselves.

It is wise to run more than one spyware checker as no one system gets rid of them all. You can never be certain you have every one removed because new ones may not have been discovered and the Spyware program doesn't recognise it yet. I use the two free ones "Spybot" and "Adaware" and I also use http://www.pcsandthings.com/CounterSpy.htm which comes from a reputable company that specialises in removing spyware.

Sometimes people say to me "doesn't my anti-virus software remove spyware"? Well the answer is most don't and even if it does I always find a specialist product works best. Beware also of bogus spyware scanners available on-line which actually install their own spyware once they have removed their competitors. Sometimes you run a free scan and it finds all sorts of nasties but you will have to sign up and pay to remove them. I have even seen it that they find things that don't exist or try to frighten people into believing they have lots of spyware when all they have are advertising cookies.

Cookies are small text files that websites leave on your system so that when you return they can customise the page that loads or they can count you as a returning visitor. They are harmless and most of them are useful. They can be easily removed by deleting them in your browser settings.

So you need to be running a suitable and up to date antivirus program and one or more Spyware checkers.

More tips can be gotten from my website at http://www.pcsandthings.com

About the Author
Dave tries to make your computing experience a bit less stressful and helps you to speed up your computer with free tips at www.pcsandthings.com

Who Needs a Firewall?

You do! Read more to find out what a firewall is, how it can keep you safe, and how to get one.

A Firewall is, actually, pretty much the same as its non-tech definition. A firewall, in building construction, is set up to contain or prevent fire from traveling from one side of the wall to the other - an extra bit of protection, if you will. A firewall on your pc does, essentially, the same thing.

Seven Design Avenue describes a firewall this way:

A firewall is a safeguard utilized by many Local Area Networks (LANs) or Wide Area Networks (WANs) to protect the network from unauthorized access from the outside. They are basically gates that verify the users before they leave or enter the network by way of a User ID, Password or IP address.

bytown internet explains it another way:

A Firewall is a system which limits network access between two or more networks. Normally, a Firewall is deployed between a trusted, protected private network and an untrusted public network. For example, the trusted network might be a corporate network (ie: Queens University), and the public network might be the Internet. A Firewall might grant or revoke access based on user Authentication, source and destination network addresses, network protocol, time of day, network service or any combination of these. These settings are normally controlled by the Network Administrator.

So how can a firewall help you - the average, home user?

By giving an extra level of blocking protection against spam, viruses and other malware.

Those lucky enough to be running WinXP SP2 (that's Windows XP, Service Pack 2) already have a built-in firewall that they can use. All they have to do is turn it on. Here's how to make sure you have SP2 and your firewall turned on:

How do I know if I'm running Windows XP? Easy enough. On your Desktop, right-click once on My Computer and choose "Properties". The little window that pops up should tell you which operating system you are running. If not, you can also open My Computer and choose Help: About Windows from the taskbar at the top of the window.

Ok, I'm running WinXP - how do I know if I have Service Pack 2? The same way we just went through! Both of the ways listed above will tell you if you are running Service Pack 2 (or sp2).

Great! How do I make sure my firewall is turned on? First off, go into your Control Panel (usually found on the Start menu). Find the "Security Center" and open it up. You should see the firewall as one of the security features offered - simply make sure it's switched to "On".

I don't have Windows XP or Service Pack 2 and I have no plans to upgrade any time soon. That isn't a problem. There are other legitimate, and trustworthy firewall sites on the Internet (of course, there are some of the other kind, too!).

About the Author
Shanna Riley - Professional i.t. tech & geeky-girl gamer who feels her duty to warn the average user about the dangers of the Internet. http://homecomputersafety.com

Web Surfing Security

Too many computer users neglect to do the basic maintenance of their computer. The result is a clear path to their personal information. Hackers are diligently at work everyday trying to find the weakness in your system so that they may be able to steal your personal information. Others would simply like to create trouble and destroy your hard drive.

There is a wide variety of protective software available, such as adware removers, antivirus tools, keypatrol agents, spyware blasters and so on. These are effective only if put to good use.

Think of yourself as a pilot doing a pre-flight inspection. The pilot is responsible for doing a thorough inspection of his airplane before any passenger boards the plane. He needs to be sure that all safety precautions have been taken to guarantee that all mechanical and electronic devices are working and that the mechanical inspections are up to date. He needs to verify that the aircraft is in good operating condition. Once the plane is off, it is too late to start wondering if such and such a device is working properly.

Your computer is your responsibility. Just like a pilot needs to go through a checklist, you also should make yourself a checklist of things to verify before you surf the Internet. Once connected, it is too late to realize that your system is not up to the challenge. If your system is not checked, if you are vulnerable to the attacks, you could pay a severe price.

You need to purchase good tools for this job. It is acceptable to try free tools to evaluate their quality but once you have found a good tool, purchase it and put it to work.

One of the biggest problems for the average computer owner resides in the fact that he/she simply refuses to take the time to read about their new tool. They would like to simply buy it, install it and never think about it again. You need to take the time to educate yourself on the functioning of any tool you buy.

Generally software is well written by qualified programmers. Professionally written software will include all the instructions that you need to obtain the best performance of the tool. If this is not the case, keep on searching. Go to a trusted site such as CNET and read the comments from other users about the tool you are thinking of buying. Take the time needed to do good research and remember you are putting all your information at risk when you connect to the Internet.

Once you are confident that the software you are purchasing is of the highest quality, then take your time and read all the documentation provided. Once you have done this, and only then, install the software. Make sure to add the tool to your list of daily maintenance.

If you have not done so yet, locate and read all the recommended procedures for the software that protects your computer.

Create a text file and save it on your desktop. You will want this file to contain your checklist of things to do everyday before you start surfing the Internet.

Here is a possible list of the things that should be done before you start surfing:

1) Check your antivirus for updates. Regularly run your antivirus. If at any time your antivirus locates a virus, you need to update your antivirus, disconnect from the Internet and do a full scan of your computer with the updated antivirus. Always make sure your antivirus is actively protecting your computer.

2) Clean your computer cache and your temporary files. You can pick up software for this at CNET: http://www.cnet.com

3) Clean your history

4) Update your adware remover. Run your adware remover. Again you can try free adware removers from CNET but please buy the full package when you find one that you know will protect you. You truly need all the functions of the software, not just a portion of the functions which is usually the case with Trial Version software.

5) Update your firewall and check the settings. Some clever hackers can change the settings of your computer, therefore putting you at risk.

6) Check for mail protection agents and make sure that they are active.

7) Run a scandisk

8) Update your browser

This is a sample list. Create one that applies to your computer and to the software installed on it. Keep your list updated and make sure that you do what you put on your list. Creating a list and not following it will be of no use.

We cannot totally protect ourselves against the perils of the Internet but we can at least make sure that we do all that we can. Take the proper precautions and you too can have a safe journey on the Internet.

Jay is the web owner of http://www.dsl-in.com DSL, a website that provides information and resources on DSL, DSL Service, and DSL Service Providers. You can visit his website at: DSL Service

Desktop Security Software Risks - Part 2

This is the third in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.

Reason #2: the Desktop Security Software Risks

The risks of placing software on the desktop are such that I will be breaking this article into two parts.

There are many advantages to putting security and anti-virus software on the desktop. They range from efficiency to money. Under previous ways of thinking if I can capture security and virus problems at the desktop I can prevent them from going any farther. That works well in a non-connected environment. In the connected environment it makes more sense to centralize the software and monitor connections in and out. Basically "firewall" all the appliances from each other.

In a previous article we discussed the security risks inherent with desktop software designed to be the protection layer between you and all those bad people out there on the Internet. Here now we will discuss some more mundane issues regarding the risks of putting security software on the desktop: Drag Drag steals clock-cycles from your processes so that it can run in a higher priority mode. Anti-virus software especially places a drag on your computer. Depending on your settings (and the default settings are usually very aggressive), every time you run a program or open a file, real-time file scanning takes place and your files are scanned for viruses. This slows down your processing. Accessing larger files takes longer. You can see a discernible lag time between when you start a program/open a file and when you can actually access it. Compatibility After the obvious issue of "drag" is compatibility. Often security and anti-virus rules get in the way of your doing business on your computer. While you may get away with using older versions of such packages as Word, Sims, Photoshop, etc. on your computer with the new XP operating system, it's unlikely your security software will be completely compatible. Why? Many packages rely on very low-level functionality to be able to do the tasks they set out to do. Anti-virus packages have to be able to operate at a level closer to the hardware than most packages. They need to do this to prevent virus software from taking precedence from them. While many packages offer backward-compatibility the opposite is not true: forward-compatibility. There are several reasons for this: a package written for Windows 98 will not anticipate all the changes to the operating system that are implemented for Windows XP. While your Win98 anti-virus program may work under XP, it won't work at its peak performance. It can't. It's just another reason for centralizing your security. By siphoning all your traffic through a security screen at your ISP, for instance, you offload the need for updates and staying up-to-date on your security software. This then becomes the job of the service provider. Updates Having the software on your desktop means you are responsible for maintaining that software. In the case of office productivity software or image editing software, if new versions come out with features you're not interested in, you don't update. With new viruses appearing on the landscape every day, you can't afford not to continually update your software. If you don't update for a month or two, you run severe risks of infection. You also will incur potential long update cycles as your software has to be upgraded to handle all the new threats. This makes the desktop these days a somewhat ineffective solution. Nearly two-thirds of all the PCs that have anti-virus protection installed do not update their definitions regularly. These PCs might as well uninstall the software for all the good it's doing them. Lost Time As mentioned in the above discussion, you can lose considerable time if you don't update regularly. Long intervals between updates can translate into long update cycles. If you have a slow connection to a vendor, your down time is much longer as you have to wait for the files to be downloaded and then you have to wait for your software to update itself. Solution The better solution is to move to a centralized solution in which all the software, all the updates are the responsibility of the service provider. You pay for the service of having your email cleaned before you receive it. When email arrives at your service provider's mailbox, it is checked for malicious tendencies and stripped if bad. You notice no long waiting, no downtime, no drag, no incompatibilities.

Tim Klemmer CEO, OnceRed LLC http://www.checkinmyemail.com Tim Klemmer has spent the better part of 12 years designing and perfecting the first patented behavior-based solution to malicious software.

Desktop Security Software Risks - Part 1

by: Tim Klemmer

This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.

Reason #2: the Desktop Security Software Risks

The risks of placing software on the desktop are such that I will be breaking this article into two parts.

Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do to the user interface or what they do to make certain aspects of my life easier or more fun.

But there are problems inherent with software that resides on the desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What’s that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this?

http://www.checkinmyemail.com/Articles/image001.jpg

The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like the following

If UserBirthDate < “01/01/1960” then
IsReallyOld = “Yes
Else
IsReallyOld = “No”
End If

into something like the picture above, then the reverse is true: people have developed software that can take that gobbeldy-gook in the picture above and turn it somewhat into the if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.

So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of the latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering the software and then trying to decipher the results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.

The problem here is that your security software is at risk. If your vendor codes an error, the virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possible the virus author will figure out which file (or type of file) that is and bury his code there. If the vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.

That being said, there are other risks. As we have said, once software is on the desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where the anti-virus vendors put there software and put the links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate the computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.

This information is generally available all over the web and in manuals for operating systems, especially manuals on such subjects as the Windows Registry. But having the software teach you where things belong to be effective is powerful knowledge.

Lastly, and perhaps most significantly, is the issue of forebearance. The anti-virus vendors usually know more about the potential exploits inherent in programs than virus authors but they are bound by the fact that should they try to prevent them before the exploits occur, they could be branded as irresponsible for teaching virus authors about these very exploits.

For example, when Microsoft first released the macro capabilities of Word, anti-virus vendors immediately realized the potential for danger in macros, but they were handcuffed. If they released software that disabled macros before the first macro virus was ever released, they would signal to virus authors the inherent destructive powers of macros. They chose instead to wait, handcuffed by the limitations of desktop software.

Until the Internet there really has been no better medium for delivering virus solutions than desktop software. It was relatively inexpensive to deploy (either market the software and sell it in stores or provide free downloads on bulletin boards and web sites). It is, however, expensive to keep updated in terms of time and effort, even with automated update systems.

The Internet caused several things to happen: by becoming a powerful medium for sharing files, whole families of viruses disappeared practically overnight (boot sector viruses, for example); by becoming the option of choice for sharing files, it was easier to infect a single file and have thousands download it.

A better solution is to place the security software in an offsite appliance of its own making. All Internet, intranet, networking connections flow through the appliance.

Selling off the shelf hardware appliances with built-in security software is better than a desktop software solution but it still suffers –to a lesser extent- from the pratfalls that desktop software falls prey to.

Even better is to create a service that a 3rd party vendor manages in a secure environment. In such an instance both the software and the hardware are away from the prying eyes of the malicious software authors. This further reduces the opportunity for malicious authors to discover the tricks and techniques employed by the security vendors to protect you.

About The Author
Tim Klemmer
CEO, OnceRed LLC
http://www.checkinmyemail.com

Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.

timklemmer@checkinmyemail.com