Avoid those products that do not present a means of validating the programs of the antivirus.
This procedure is recommended even for diskettes and CD-ROMs
containing any honestly supplied software application.
Cases of infected CD-ROMs have been reported by the press,
as the CONCEPT macro virus (attacking Word documents) that
was the most widespread virus ever by DOC files in
installation CD-ROMs.
While the contaminated file is not executed THERE IS NO possibility
of the virus to get a copy of it into the memory, the only place where
it is harmful.
Nonetheless, if the contaminated file or the worm file is executed only
once, a copy of the offending code will find its way to the memory.
If it is a virus it will contaminate every other program that is loaded
or loaded henceforth and/or control areas and certain files in the hard disk. If it is a worm it may set up its destructive action to be carried out immediately or later on.
Virus will also infect control areas and/or certain files in
any diskette, with the write-protection seal found OPEN,
located or inserted from then on in its drive.
Therefore, if detected in time (before being executed) it should
be immediately excluded shoving away any danger of it getting
into the memory along with all the nasty consequences that will
certainly result. That's the key reason for scanning oftenly and
indispensably on the occasions listed above.
However if the compulsion of erasing UNKNOWN FILES is really irresistible,
move them first to a previously created folder with significant name
like C:\DEL_WAIT or C:\QUARANTINE or C:\DEATHROW etc. and wait several
weeks before definitely deleting them. It is much easier to move them
back to its original folder if some application asks for any of them
or if the computer performance is somehow hampered, than to re-install
the application or the operational system again from scratch.
Bear in mind that subfolders are needed to be created under the folder
suggested above, each with the same name of the original folder the
moved files came from so that one knows where to copy them back if
it comes to be necessary later on.
The above suggestion requires the user to be skilled enough to create new
folders and move (cut and paste) files among folders of the hard disk
or diskettes.
In case of uncertainty take the following steps:
If the virus alert DOES persist in any step it is
high probable it is really a virus and/or a software
corruption. Power off the
computer and follow the TENTH COMMANDMENT below.
(A) - DISKETTE COPIES: Copies of whole diskettes (disk copy, not
file copy) singly or in batches may be time consuming and moments of
distraction may induce the user to copying empty diskettes into the
original ones, fatally overwriting their contents beyond repair.
(B) - APPLICATION INSTALLATION DISKETTES: These diskettes are
to be read, not to have anything written on them by the user.
However, some suppliers may write few data on some of these
diskettes during the installation process.
Even so, it is recommended that these diskettes be kept with
the write-protection seal "CLOSED" because the installation
process will advise to open it only on the diskettes deemed
necessary, but be assured that the computer is really clean
of virus before doing so.
Chances are that, if that diskette were already contaminated and even
write-protected when previously used, the computer would still be clean
depending upon the type of the virus in the diskette and the operation
previously performed with it.
But, if the computer is started up with a contaminated boot sector
diskette in its drive, the boot sector will be read (the write-protection does not prevent reading) by the computer and the virus will go straight to the memory even if the boot up process is interrupted by a message somewhat like this: "Disk contains no system. Remove it and press any key".
More complex and delicate stages of a work file should be
saved EVERY 3 TO 5 MINUTES. Example: Mounting a complex table
in a text editor or an intricate formula in a spreadsheet.
However, the saved file is the unique issue of the user's work at this stage and anything that happens to it will jeopardize all the user's efforts.
For extra protection it is recommended every time the user finishes working on important work files:
For these operations the user has to be acquainted with the following
commands:
As explained in the item "HOW DOES THE ANTIVIRUS WORK", when a known virus has no antidote the only solution is
to delete it. If it is a work file (Word DOC file or Excel XLS file)
that has no backup there is no way to recover it.
For veteran users the backup making activity is so relevant that
some have been saying that "The main role of computers is to
produce removable backups of the user's work."
Operational systems (DOS, Windows etc.) have commands for the preparation
of boot-up diskettes but, due to the increasing size of the antivirus
files, these diskettes need to have a DOS file called CONFIG.SYS with
commands to enable the memory above the 640 Kb DOS limit so that the
antivirus, also to be run from the diskette, be effective at all.
DOS=HIGH
Furthermore, the file C:\WINDOWS\HIMEM.SYS must be copied
to the boot-up diskette.
The cost involved in virus attacks is not limited to the
damage caused to the computer, whose cleaning may even be relatively
short in time but, primarily involved with the usually long term operation of cleaning tens, hundreds and perhaps thousands of diskettes spread
over an organization.
.
THOU SHALL USE A MEMORY RESIDENT ANTIVIRUS
The simple fact of having an antivirus stored
in the hard disk does not mean anything as far as virus protection goes.
As programs can only do anything (good or bad) if a copy of its is
loaded in the active memory, it is indispensable that, the antivirus program has to be permanently in the memory, waiting for any virus invasion, if it is to render any level of protection at all.
Programs (useful or harmful) cannot do
anything in the magnetic media where they are inertly stored. They
just keep waiting to have a copy of theirs to be loaded (open) in the active memory where then they are able to perform the functions
they were created for.
Antivirus installation programs usually
prepare the resident code of the antivirus to be automatically loaded in
the memory whenever the computer is started up. However, some installation programs present
this capability as an option that should always be chosen by the user.
Nevertheless, even if the antivirus resident
code is set up in the memory there are some occasions when it is
advisable to disable it temporarily. Some honest programs may conflict
with the antivirus code in the memory and produce unpredictable results.
So, most good quality antivirus allow the user to enable and disable
the resident antivirus code for these occasions.
Example: Before undertaking the recommended operation of defragmenting the hard disk, it is advisable to disable the resident antivirus code,
but it should be enabled again as soon as the defragmentation is over.
(See "Defragmentation" in this site at "THE TEN COMMANDMENTS OF AVOIDING WINDOWS CRASHES").
THOU SHALL NOT USE TWO MEMORY RESIDENT
ANTIVIRUSES AT THE SAME TIME
Never use more than one memory resident antivirus
at the same time, though others may be stored in the hard disk.
This is so on account of the fact that the
memory resident code of an antivirus occupies the same critical
control areas of the virus invasion. If another antivirus is loaded
in the memory it may display false alerts of virus or
yield unpredictable results or lock up the computer.
Always uninstall a previous antivirus
before installing a new version of the same product or a new
product.
THOU SHALL NOT USE AN UNKNOWN ANTIVIRUS
Looking for an antivirus select one that is
traditional in the market.
Resident antivirus software has to be of very good quality in order to spare system resources and be compatible with the system requirements, otherwise they are often responsible for crashes.
(See "Windows System Resources" in this site at
"THE TEN COMMANDMENTS OF AVOIDING WINDOWS CRASHES").
On the other hand, cases have been known of false
"antivirus" that in spite of its apparent honest aspect they actually
introduced virus and virus ancillary files in the hard disk.
VIRUSCAN® and most traditional antivirus developers produce
means of validating their original codes lest they have been tampered with
en route to their customers.
THOU SHALL KEEP YOUR ANTIVIRUS UP TO DATE
The key issue in an antivirus application is its
updating. There is no point in installing the software engine in
the memory and leave the virus signature files (DAT files in VIRUSCAN®)
that come with it without frequent updating.
By occasion of the updating of this home page,
the amount of known viruses was over 50,000 and growing at
an average rate of 200 to 300 a month.
The software engine itself requires upgrading
every 3 or 4 months.
It is highly recommended that the cautious user check the Internet
sites of his/her antivirus supplier, once a month, in order to:
After the download of the the virus signature files and/or of the software engine they need to be installed according to the supplier instructions.
This process involves an operator skilled at least to execute a program at
the command line (or through the Windows Explorer) and to copy files
from a folder to another in a hard disk.
Some suppliers offers the possibility of
automatic updating from their sites with little involvement of the user
when connected to the Internet
Those to whom these operations are beyond
their capabilities should look for the help of someone skilled enough,
preferably monthly but never for more than 3 months.
Remember that a period of 3 months with
no updating stands for a possible exposure to at least 600 new virus
(whose infections are more frequent than those of the older ones).
THOU SHALL ALWAYS SCAN FOR VIRUS.
As viruses or worms may surreptitiously invade one's system despite all precautions, it becomes crucial that
scanning operations be performed periodically.
A total scanning should be made
every time the antivirus engine and/or its virus signature files
are updated so that the system files and control areas are checked
for the 80 to 150 new virus antivenins that become available every month.
ATTENTION: Eventual scanning should UNFORGIVINGLY be performed on the following occasions:
CD-ROMs cannot be contaminated but the supplier may
have inadvertently stored a contaminated program in it.
So much so that many software suppliers recommend customers
to scan their magnetic media for viruses before installing
applications.
(See also the SEVENTH COMMANDMENT) below.
Compliance with the 2 first recommendations above
assures a high level of protection against virus contamination and
worm damage. As it may be seen through the COMPUTER SIMPLE DIAGRAM above, all INPUT to the CPU/MEMORY, namely the DISKETTE, the
CD-ROM (removable medias) and the MODEM (dynamic INPUT gateway to
the magnetic media) are covered by the above advised procedures.
The hard disk, being a fixed magnetic media, is regarded as a victim of the contamination and obviously not a disseminator of virus for itself,
though it may contaminate others through diskettes and networks.
The MODEM does not store any file and so the
antivirus does not look for vicious codes there. In this case, if a
contaminated file goes through the MODEM it is normally stored in
the hard disk and remains there harmlessly at this stage.
From this stage on, the virus or worm will always automatically
load itself in the memory whenever the computer is powered on.
For those work stations with many computers
and users it is also recommended to have an antivirus capable of
heuristically scanning all computers once a month for assessing
the possibility of new virus not so far included in the version of virus
signature files of the antivirus used.
THOU SHALL NOT EXECUTE UNKNOWN PROGRAMS
The greatest threat to the user's data is the
user him/herself. After all, the user is the one that constantly handles
his/her own data. Inadvertently the user deletes valid files, overwrites
valuable data, saves work files, not paying attention to what folder it
was bound to, and then complains of the "temper" of the computer
that "sometimes fails" to save the files (As a student of mine recently confessed to me).
Among the threats coming from the user there are
three unforgivable ones:
The result is the exclusion of files vital to
the system performance just because the user
"thought" the files were disposable.
The user considers the hard disk a bottomless
unfailing vault and not as a frail though
indispensable peripheral. Also, the user does not
deem it necessary "to waste time" with backup copies.
This human weakness is the door, hackers
take advantage of for introducing viruses
and mainly worms like the Trojan Horse
in computer systems.
Better than trying to clean modern huge hard disks it is recommended to perform oftenly the useful defragmentation process on them as explained in this site at "THE TEN COMMANDMENTS OF AVOIDING WINDOWS CRASHES").
As to the contempt of "wasting time" with preparation and managing backup files it is timely reminded that
not all known viruses have antidotes and these files have to be
mercilessly deleted. Furthermore, if the hard drive has to be formatted
due to an access denial, all work files will be erased altogether.
(See also the NINTH COMMANDMENT)
In relation to the curiosity in executing
unknown programs it is very important to remind that hackers around
the world are expecting the naïve user to do exactly this.
THOU SHALL BE WARY OF ABNORMAL BEHAVIORS.
There are lots of viruses poorly written with
bugs (small programming code errors) that downgrade the computer
performance, display strange mouse pointers, cause unexpected
results and/or frequent system lock-ups.
Elusive symptoms of hardware or software failure
may indicate that files became corrupted by the contamination action of
viruses though not necessarily being this effect the primary goal of
the virus maker.
Thus, it is advisable to scan the computer for
virus, if possible, whenever a hardware or software faltering is observed
or suspected.
Do not take these abnormal behaviors for those
caused by lack of "Windows System Resources" or honest applications
also badly written.
(See also System Resources in this site at "THE TEN COMMANDMENTS OF AVOIDING WINDOWS CRASHES").
FILE CORRUPTION:
Even without the action of harmful codes of virus and worms, normal files
may become corrupted during a normal computer session. It is due to
improper read/write operations, imperceptible electric current fluctuations and excessive waste of the surface of the magnetic media.
VIRUS FALSE ALERTS:
Actual hardware or software failures may eventually confuse an
antivirus into displaying false alarms of the presence of viruses.
Do not use the "Reset" button or Ctrl-Alt-Del.
Perform a thorough scan for virus on all hard drives.
THOU SHALL SHUT THE WRITE-PROTECTION SEAL OF
DISKETTES.
A sliding latch at the back of 3 1/2" diskettes,
when in the position "CLOSED" physically denies any writing on its
magnetic surface.
It is a safety seal against careless handling of a number of diskettes storing important, vital or sensitive data.
This sliding write-protection seal is paradoxically "CLOSED" when a square opening is visible. In the reverse position the diskette is "OPEN" for writing.
ATTENTION: To read, copy files from or copy a whole diskette THERE IS NO need to open the write-protection seal. It denies the writing but not the reading.
For the lone home user the importance of the
diskette write-protection is restricted to the following cases:
It happens very often so it is advisable to close all the original
(source) diskettes to be copied BEFORE the copying operation. Of course the
target diskettes (that may be empty or not) have to remain with the write-protection seal OPEN otherwise the recording would be physically denied.
Anything written in the target diskette will be erased in a disk copy.
ATTENTION: The greatest usefulness of the write-protection in
relation to the antivirus security is when the user takes his/her own diskettes to someone else's computer.
As it is impossible to know beforehand whether a certain computer is
infected or not the rule of the thumb here is to always consider it as INFECTED even though it may not be so.
Despite many erroneous concepts and hoaxes about
virus infecting diskettes with the write-protection seal CLOSED, this is sheer myth.
LARGE WORK ENVIRONMENT (1): In working areas where a number of computer operators oftenly exchange diskettes among themselves, these diskettes
should always be delivered with the write-protection CLOSED and scanned
for virus when returned. Also the recommendation [1] of the FIFTH
COMMANDMENT (Scan for virus any incoming diskette) should be complied
with for those diskettes coming from other clerks and colleagues.
LARGE WORK ENVIRONMENT (2): Another sound precaution in working areas is not to power on an absolutely known clean computer before taking off any diskette in its drive (A:), presumably forgotten (or ill-intentionally inserted) by someone else.
THOU SHALL KEEP BACKUPS AND BOOT-UP DISKETTES
Taking into account that the user work in a
computer is entirely performed in the MEMORY, and that it is wiped out
when there is a power shortage or the computer is reset, the
safest routine is to SAVE THE WORK EVERY 5 TO 10 MINUTES.
Saving the work means that an up to date copy of the work file
being handled is transferred from the MEMORY to the magnetic media where they are safe for subsequent work sessions on the computer.
After finishing with any work file or a certain stage
of it, one has this file stored in the hard disk that is
not removable.
Therefore, if the computer fails or if the hard disk has to have all
its data cleaned by a necessary formatting process, the user will lose
all the time consuming efforts in the preparation of that work file.
To solve this problem, it is required the user to make copies of the work file to be stored in removable magnetic media (diskettes or magnetic tapes) as soon as one finishes with a work file or stages of it. These stand-by copies of files in a removable storage media are commonly referred to as Backup files.
Diskettes may also fail, even when new.
Applications have this command usually
at the "File" menu of its main screen.
Applications have this command usually
at the "File" menu of its main screen.
BACKUP FILES AND ANTIVIRUS SECURITY
That is: Whatever happens with the computer one is working with,
the backup diskettes will allow the continuation of the work, from the
point it was interrupted or near by, in another computer or in
the same computer after it had been fixed. Without backups the work
would have to be re-started from scratch.
BOOT-UP DISKETTE
A boot-up diskette allows the initialization process of a computer
using the codes in the diskette in its drive (A:) without
using any code from the hard drive.
This start-up process is indispensable for cleaning a hard disk from
virus in its files and control area called "boot sector", since
then the session will be free of virus in the memory, a sine qua non
condition to thoroughly cleaning a computer.
For novice users it is recommended that they look for expert counseling
in order to have a boot-up diskette prepared, with a CONFIG.SYS file containing the following command lines:
DEVICE=HIMEM.SYS
Remember to keep the boot-up diskette write-protection seal CLOSED and have it stored in a safe place. A backup of this diskette is also an advisable additional protection.
THOU SHALL NOT WORK WITH A VIRUS INFECTED COMPUTER
Never work with a computer that has been confirmed to be infected with viruses.
Sooner or later viruses will deliver their lethal payloads and render
the computer inoperative making cleaning operations harder to be performed if not impossible to be undertaken. Even if the virus is one with no lethal payloads, they normally corrupt vital files, slow down computer speed, cause frequent lock-ups and other operational shortcomings.
The infected computer will contaminate every
diskette with the write-protection seal OPEN that is used in its drive
(A:). The contamination may affect the files copied to or from the diskette
and/or the diskette 'boot sector'.
Therefore the longer it takes to clean an
infected computer the greater it will be the number of contaminated diskettes to be cleaned after getting rid of viruses in the computer.
NOTE THIS: A single infected diskette whose cleaning was overlooked will,
if used, contaminate the computer and many other diskettes again !
gab@pobox.com