Computer and Network Security in the 21st Century
We live in an age of constant information and persistent connectivity. The advent of the Internet and the bloom of mobile technology have thoroughly transformed our lives in ways that we could only dream about just a few decades ago. The Internet, its components and its numerous associated technologies have created a new paradigm; one that needs to be protected against numerous cyber threats that seem to arise faster than we can detect them.
Individuals, families, organizations, and businesses must take certain protections when accessing the online world. All computing devices, from desktops to laptops and from tablets to smartphones, can be potentially affected by security breaches and cyber attacks. The importance of computer and network security these days cannot be understated. Cyber threats are not limited to Internet-connected devices; today virtually any computer system is at risk of being compromised.
Understanding Cyber Threats and Dangers
To describe the state of cyber threats these days, it is important to understand that the computer security industry and those who attempt to undermine it are incessantly involved in a cat-and-mouse game. As major network breaches and data heists continue to make headlines, the consequences of cyber attacks are becoming more severe each day. Privacy intrusions, identity theft, loss of data, and compromised systems are very serious issues that should be addressed promptly and properly.
Cyber criminals these days are increasingly looking to exploit weaknesses and to create more destructive malware. The main dangers are unsecured or poorly protected systems; the main threats are harmful malware creations and digital extortion.
A 2014 report from Symantec, a respected computer and network security firm, indicated that the number of malware increased by 26 percent in 2014, which means that there were nearly one million new malware variants discovered each day. Symantec has also observed that malware continued to grow in quality, as well as quantity. More than a quarter of those threats are now targeting virtual machines, which means that the old belief of virtualization being a safe method for observing and detecting malware by the security researchers is being challenged.
Digital extortion is a cyber attack vector that has seen significant growth in recent years. According to Symantec, these attacks grew 113 percent in 2014. They were mainly carried out by means of ransomware deployed by means of a Trojan attack, which often consists of a fake software update executable. Crypto ransomware is a disturbing trend that prevents access to data files until the victim makes a payment, which ranges between $300 and $500 for individuals; for affected businesses, the ransom demand could be thousands of dollars.
Purpose of This Guide
Although the reports from security firms are certainly alarming, it is important for computer users to understand that they can still use their devices and safely access the Internet as long as they understand cyber threats and take the appropriate measures to protect themselves.
Understanding the current cyber threat environment and learning about antivirus programs, computer security suites and safety practices can go a long way in terms of keeping systems protected. It's not just the matter of personal safety; since the Internet connects all of us, computer and network security has become matter of responsibility on a global scale.
Chapter 1: Malware
What Exactly is Malware?
In personal and business computing, the term “malware” has come to replace the previously used term “virus.” Malware, in essence, is a computer program, software application or script that has been coded for the purpose of achieving a malicious or nefarious purpose, such as disrupting computer operation, gathering sensitive information, or gaining access to private computer systems.Its name is a compound of the terms “malicious” and “software.”
Malware is a buzzword or umbrella term to describe modern threats to computer security. There was a time when the term virus was more widely used because the replication and spread of malicious code were intended to take place in viral manner, from one computer to another; however, the tangible code being deceitfully spread has always been malware.
It is interesting to note that one of the earliest reports of malware dates back to the 1980s; it was an intrusive prank virus designed to be spread via floppy disks. Years later, computer security analysts noticed a shift from antics towards malevolence as viruses became sophisticated and destructive.
These days, malware ranges from the disruptive to the destructive and from the intrusive to the felonious. Malware can reside in infected computers, in website directories, in mobile apps, desktop software, email messages, USB keys, etc.
Computer security specialists classify malware according to heuristics, intent, generation, and technique. The categorization of malware is vital for computer security since it enables the development of containment and removal strategies. Malware classification also helps to maintain certain standards of research and collaboration among network security experts.
Computer users who become familiar with malware terms and categories tend to be more attuned to potential threats and the strategies they can use in order to protect their devices against them.
The major categories of malware are as follows:
Starting in the early 1980s and until about 2010, news media outlets classified computer security threats into either attacks by hackers or infections by viruses. The idea of a self-replicating computer program dates back to the 1970s, and it was first tested in a military computer network that predates the Internet.
Today, a computer virus is referred to as software that replicates itself by inserting its copies into other computer programs, data files and such. The transmission methods of computer viruses are known as infection vectors, which means that they must first attach themselves to a host and later find a method to reach another host. Malware can be found within the virus, and the execution of the malicious code may result in espionage, disruption, deletion, corruption, or destruction; in some cases, the malware may seek to hijack a system for the purpose of granting remote access.
It is important to note that a computer virus cannot be spread without a human action, in order to keep infecting other areas of the system. Also, one of the greatest dangers of computer viruses is that they may spread undetected for the purpose of staying dormant and waiting for future instructions; this is one of the methods used to build botnets.
Malware that achieves a viral state across networks is known as a worm. Essentially, a worm starts out as a virus; it may infect a host via an email message, but it will seek a sophisticated method to replicate over a network. A typical method involves finding email addresses and sending malicious messages to unsuspecting recipients.
The most common infection vector of computer worms involves a malicious email attachment that has the ability of self-replication within a system, thus making it more difficult for antivirus software to contain and remove the threat. Worms operate in manifest fashion, which means that they gather lists of targets for infection. There is an inherent network security problem with worms insofar as theyutilize too much system memory and resources, causing the network and Internet servers, as well as the individual computers, to stop responding.
Trojan Horse Attacks
This has been one of the most sophisticated malware attacks ever developed, and it continues to cause headaches for network security specialists. The Trojan horse is named after the wooden horse that ancient Greek soldiers used to deceive the Trojans and invade their city.
A Trojan horse piece of malware requires a benevolent digital structure to hide the malicious code. These days, such structures masquerade as MP3 files, videos, freeware, shareware, PowerPoint attachments, etc. The attack vector is often an email attachment or a link to download an infected file. In the late 20th century, pop-up advertisements were among the most commonly used attack vectors by Trojan horse malware perpetrators.
Whereas the mythical horse-like structure used by ancient Greek infantry was intended to mesmerize the enemy, modern Trojan horses are designed to trick computer users by gaining their trust. One of the most devious examples of Trojan horses is malware that masquerades as an antivirus program or a computer security app; this is the bait that computer users take before they realize that they actually executed malicious code on their systems.
When it comes to malware sophistry, rootkits are among the most advanced attacks that a computer user can suffer. In essence, a rootkit is a malicious software suite that seeks to give unauthorized users remote access to a system. Rootkit targets are often system administrators, software developers and even network security specialists.
A rootkit is a blended threat in the sense that it first requires gaining unauthorized access before intrusion, installation and operation can begin. The term ‘’rootkit’’ is a combination of two terms; “root” comes from the nomenclature of the UNIX operating system and ‘’kit’’ stands for the collection of software tools contained therein. Having “root access is” akin to administrator access in Microsoft Windows, which means that a rootkit attacker will have permission to do just about anything to a computer system.
Malware that exploits an existing security hole is known as a backdoor attack. The most unfortunate trigger of a backdoor attack would be computer security loophole in an operating system. In fact, backdoor detection has become a flashpoint in the computer security arms race.
Three major computer security actors these days are: white hat, gray hat and black hat hackers. When it comes to backdoor detection in an operating system, hackers will examine lines of code and multiple situations to find an exploit. Depending on the hats worn by these hackers, the reactions will vary. A white hat hacker who finds a backdoor in Apple OS X 10 may immediately notify developers; a grey hat hacker may look for a vulnerable Mac operated by a security consultant and gain backdoor entry before claiming discovery of a zero-day exploit; a black hat hacker will keep discovery a secret and find ways to exploit and profit from this security issue.
Hackers who dedicate considerable efforts to backdoor discovery and exploitation are known as crackers; they are highly respected in the computer security field if they wear white or gray hats. They are considered a nuisance when they choose to wear black hats, and they may even be pursued by law enforcement agencies.
A botnet (also known as a zombie army) is a group of computers that have been hijacked to a certain extent. A single computer in a botnet is known as a zombie, and the owners or end users may not be aware that their systems are being utilized to carry out malicious tasks while being controlled by malware. As with other computer security terms, this one is a combinationof the terms “robot” and “network.”
The advent of the World Wide Web and the shift from a client/server architecture to the modern cloud computing paradigm have made it easier for botnet developers to ply their nefarious trade. Using network security tools, hackers can search for computers with unsecured connections that can be hijacked and turned into zombie machines. Lack of firewalls and antivirus software that have not been updated are the two most common causes of zombie army conscription.
Although at one point botnets were mostly utilized to carry out distributed denial-of-service (DdoS) attacks, the most common use these days involves fake website traffic schemes to exploit online advertising.
Spyware and Adware
Botnets can be configured to spread spyware and adware, two terms that respectively combine the terms “spy” and “advertising” with “software.” Early versions of adware were somewhat benevolent and may not have qualified as malware; these days, however, these applications have evolved into dangerous malware.
In the past, adware was a common method to fund software development. Users who downloaded freeware such as peer-to-peer (P2P) file sharing apps expected to see some level of advertising. In recent years, however, adware evolved into spyware and turned malicious.
Spyware is the term used for software that gathers information about the user, such as their website browsing habits, logins data, or credit account information, without their knowledge,and transmits it to interested parties.
Adware and spyware applications are blended threats that may combine the use of viruses, worms and botnets. These malware applications can be designed to serve ads, redirect users to certain websites, track behavioral information, or even steal sensitive information such as credit card numbers and passwords.
This combination of “ransom demand” and “software” is a nasty malware attack that seeks to extort victims by locking them out of their data unless they make a credit card payment to get rid of the restriction, which tends to be encryption.
Ransomware is often delivered via Trojan horse. The most infamous ransomware applications are called CryptoLocker and TorrentLocker. Not all variations of this malware will encrypt data; some lock the screen and display a full-screen image or notification, which prevent victims from using their system, until they agree to pay for ransom.
Although there are many documented cases of successful ransomware payments made, there is a great risk of credit card information falling into the wrong hands and creating an even greater threat to victims in terms of fraud and identity theft.
This combination of terms “scary” and “software” is a blended threat that is interesting insofar as being a variation of ransomware that seeks to exploit emotional weaknesses.
A scareware attack almost always begins with a Trojan horse vector masquerading as antivirus software. Once executed, scareware displays a window, screen or menu that resembles the results of virus scan. Almost invariably, these results suggest that a dangerous security threat has been found, and that the only way to remove it is by making a credit card payment.
Social media is an attack vector of major concern that involves scareware. This sophisticated attack involves a malware group setting up a credible Internet presence as computer security experts offering a free download of an antivirus application. This particular attack may also involve a number of fake followers and phony comments related to computer and network security issues.
Gaining the trust of potential victims is essential to the success of scareware attackers. A 2010 investigation revealed more than 10,000 domains dedicated to distributing scareware, and many of them offered victims a cloud-based scan that merely displayed a pop-up window with an alarming message about a virus found and a solution that could be applied by means of a credit card payment.
Chapter 2: Viruses
What is a Computer Virus?
A computer virus is a cyber threat designed to replicate itself and spread to other systems through various means. In essence, this is a piece of malware with classic and distinct characteristics that emulate the behavior of biological infectious agents.
Despite the popular propensity to using the term “virus” to describe all cyber threats, it is important to note that not all malware consists of computer viruses; however, all viruses are malware. Understanding the origin, motivation and mechanism of viruses can help users protect themselves against these threats. Viruses can only cause harm if computer users are not aware of them.
Computer viruses emerged from 1970s research on self-replicating software. This research was conducted for benevolent purposes; the idea was to create an application that would not require a human to manually locate an executable file, copy it and physically transport it to another machine. The earliest successful deployments of computer viruses featured practical jokes such as mysterious messages displayed on computer screens; this may have accidentally prompted their future malicious use.
The malicious purposes of viruses range from pranks to espionage and from file deletion to system disruption. The malware within a virus attack always depends on external actions performed by unsuspecting users or by other scripts.
Common Types of Viruses
Over many decades, computer security experts have identified several types of viruses, which can be classified based upon their provenance, intent, deployment method, technique, generation, platform, and effect. A piece of malware can be determined to be a virus if it presents self-replicating and spreading characteristics.
The most common types of viruses identified by the computer security community include:
Boot Sector Viruses
These are disruptive threats that have mostly faded into antiquity since they involve booting from an external drive. Modern variants have been found on USB drives that attempt to infect the hard drive boot sector so that the computer cannot start.
Direct Action Viruses
These are self-replicating threats that infect the root of the drive where the operating system resides, where they lie in wait for another condition to occur in order to execute. A common mechanism calls for execution upon starting up.
These are devious pieces of malware that rewrite a directory and file path, thereby driving users to despair when they are no longer able to execute an application or open a document that has been moved from its original location.
These are the most common viruses; they attach themselves to other files such as Web browsers or email programs, where they lie in wait to be executed by users.
These viruses tend to target applications such as Microsoft Excel, which run Visual Basic macros.
These destructive threats have an implicit intent to delete information by overwriting it.
These are disruptive and persistent threats that aim to infect available RAM, thereby sucking up system resources and causing computers or mobile devices to operate very slowly or even crashing altogether.
How Do Computer Viruses Operate?
A virus is a script or a code segment that replicates itself seeks to be attached to an executable host. In order for the virus to operate as coded, its host must execute, at which point it may replicate again and seek another executable file to attach itself to. Additional lines of code within the malware may display messages or carry out other instructions past a certain date.
Depending on the intent of the malware author, a virus may infect a system and lay in a dormant state for days, weeks and even months; the reasons for such delays may be tactical or malicious; for example, a virus may be coded to perform a task on the user's birthday or it may allow some days to pass after a visit to a certain website for the purpose of not attracting suspicion.
Computer viruses are coded in such a way that they do not alert users; however, an interesting feature common to all of them is that they need human interaction to come full circle. Such interaction may involve mouse clicks, tapping on an icon, swiping a touchscreen, or turning on a device. Even if a computer is programmed to turn on by itself at a scheduled time, such programming must first be defined by a human.
Peer-to-peer (P2P) file sharing applications are particularly vulnerable in terms of computer virus propagation. All it takes is for one user to share an infected MP3 or torrent file to put thousands or even millions of users at risk since. Virus coders often write replicating scripts to look for shared folders of P2P sharing apps such as Ares, BitTorrent and Shareaza so that all files therein become infected.
What Kind of Files Can Spread Computer Viruses?
Just about any type of digital file that can be transferred from one computing device to another can be a potential host to a virus, and this would include smartphones, tablets, video game consoles, and even portable MP3 players.
An interesting type of cyber threat is the virus hoax, whereby a social engineering prompt, such as a chain email message, warns about a non-existent virus. These hoaxes prey on computer security fears and are typically started as a prank or an act of cyber vandalism. An infamous virus hoax from the early 21st century involved tricking Microsoft Windows users to delete jdbgmgr.exe, a system file with a teddy bear icon. This was actually a Java Debug Manager, and deletion of the file had the potential of bringing about instability to the operating system.
Chapter 3: High-Risk Virus Factors
As legacy cyber threats, computer viruses are malware creations that seek to take advantage of unprotected systems. As personal computing becomes more widespread on a global basis, the number of unprotected systems is multiplying due to reckless behavior by many users.
When virus writers sit down to create their devious malware, they think about factors of vulnerability. They already know about the ongoing arms race between cyber criminals and the computer security industry; when a virus writer knows that their skills are limited to coding malware that may be detected by antivirus software, they will look for other avenues to exploit.
Vulnerability factors are like gold for virus writers and couriers. It does not matter whether a virus writer is motivated by ideology, greed or sociopathic behavior; finding an unprotected computer or a flaw in a security system is an invitation to infect.
By learning about vulnerability factors, computer users can learn about how they can keep their systems protected against potential virus infections and malicious code execution.
Unsecured Operating Systems
Virus writers create malware that is specific to operating systems, and Microsoft Windows happens to be the most targeted one among them. When computer security researchers set up honeypots, which are unprotected computers connected to the Internet, they often choose machines powered by popular versions of Windows.
The number one reason virus writers and couriers prefer Windows is its sheer popularity; simply put, the vast majority of desktop and portable computers in the world are powered by Windows. The Windows version is equally important to the virus writer and cybercrime groups; for example, a system running a home version of Windows 95 would be very enticing to someone who wants to hit a soft target. A hardcore virus writer looking for notoriety, status and street cred would look for a corporate version of Windows 10.
In the days when the command-line Disk Operating System (DOS) ruled the world, Microsoft developed Windows versions right on top of it, which means that users could not set up accounts, restrictions, file permissions, etc. From Windows 3.1 to Windows 95, 98 and the ill-fated Windows Me, OS security was somewhat lacking; this situation was vastly improved with Windows NT and its variants, from Windows XP to the very popular Windows 7 and later, Widows 8, which offered their users a modern, multi-user platform that supportsall the essential security settings, including the ability to restrict user account permissions.
As of 2015, there are more viruses in the wild for Windows 7 and Windows XP than for any other OS in the world. Windows 10 is becoming very popular due to its fortress-like security features such as two-factor authentication, system isolation, Hyper-V secure execution, per-application virtual private networking (VPN), advanced app signing, and more. This has not stopped virus writers from coming up with malware for Windows 10, but it has significantly slowed them down.
An Internet-connected system running Windows 95 without a firewall or antivirus shield would be like Christmas to a virus writer, but the reality is that there are not too many such systems around anymore.
These days, even computers operating on Apple OS are not safe. This once unpenetrable system suffered its own share of security breaches in the past few years, which served as a reality check for many Mac owners who believed their computers to be immune to such attacks. Apple reacted by introducing safety features to help keep users and their devices safe. The security issues also prompted many antivirus companies to offer more and more security solutions for Apple devices, especially for the latest iOS 9.
The Linux OS is often mentioned as being far more secure than Windows and even Apple OS X; there are three reasons for this. First, Linux is not very popular and thus the target size is drastically reduced. Second, Linux does not easily grant root access to anyone, which is something that Windows grants through its Administrator privilege. Finally, there are so many different versions of Linux packages, distributions and shells that it becomes difficult for virus writers to code the precise declarations that will compromise the OS.
Undisciplined Installation of Security Patches and Updates
In 2014, Windows XP became a risky operating system because Microsoft ceased providing support in the form of security patches and updates. Since 2003, Microsoft has been releasing OS security bulletins and patches through Windows Update. In the past, Microsoft gave Windows users too much leeway in terms of accepting or choosing to ignore security updates. As of 2015, these updates are installed automatically, seamlessly and in the background, thus avoiding undisciplined installation that may compromise OS security.
Lack of Security Software
Needless to say, any system is vulnerable to viruses and other threats if it connects to the Internet without security applications. Firewalls and antivirus programs, known these days as Internet security suites, must be enabled, updated and active in all systems from desktops to laptops and from smartphones to tablets.
Too Many Users for One System
It is easy to understand how a greater number of users per system can result in a more vulnerable system. User behavior is unpredictable, particularly when it comes to Internet security. This does not mean that a computer can't be configured to accommodate multiple users; this isa normal pratice in many homes and in settings such as Internet cafes and libraries. Still, such a set up requires additional security considerations.
Unsafe Internet and Computing Practices
The Internet is the main carrier of computer viruses these days; after all, millions of systems are linked by this massive network, which enables viruses to quickly spread around the world. In fact, being connected to any network can increase the potential for infection; this includes ad hoc, Wi-Fi, Bluetooth, and LAN systems.
The more unfamiliar a network connection is, the more likely it is to be risky; this can also apply to dark corners of the Internet that offer pirated software or illegal downloads. Less-than-savory websites that specialize in pornography or gambling have been known to host viruses, often without the knowledge of administrators.
Opening email attachments without scanning them first is a very risky behavior that is similar to attaching external hard drives or USB keys without previously installing security software. It is important to remember that viruses can replicate through just about any medium or file; this means that any read/write digital situation can become a potential vector for infection.
Chapter 4: Antivirus Program
What is an Antivirus Program?
A part was removed as it referred to security suites
Antivirus software is at the heart of any computer and network security strategy. In essence, an antivirus application scans, detects and removes malware while keeping an eye on any file that enters the operating system; the application will also monitor registry changes and other events such as high memory usage.
The development teams of antivirus applications include computer scientists and security specialists engaged in the discovery of malware; when a new threat is detected, its code and binary behavior is analyzed and added to databases that are downloaded by each user. Comprehensive applications also block threats such as suspicious websites before users can access them.
Main Features of Antivirus Programs
Modern computer antivirus programs have long lists of protective features, but the most important are:
Certifiable Protection: Computer and network security is a self-regulated technological discipline. Various professional organizations and agencies establish standards and minimum criteria for antivirus software; these agencies also offer a certification program as a service for consumers and the industry. Certifiable protection means that an antivirus application is able to detect and remove 100 percent of all the known cyber threats.
Virus Scan: Antivirus programs must be coded to perform various types of scanning. On-demand scanning is the most common; it simply allows users to activate the feature whenever they want. Heuristic scanning is an advanced feature that looks specifically for newly discovered malware. On-access scanning is very active; it checks new files as they are introduced to the system. Scheduled scanning is preferred by users who do not want to be at their computers when a scan is in progress.
Updates: The ability of an antivirus program to stay updated is crucial in these days of high cybercrime activity. Most updates are automatic; still, some users enjoy being able to visit a developer's website and get more information about the updates before allowing them. The main purpose of an antivirus update is to add and modify the malware definition database in accordance to all the known threats.
Removal Tools: Although most antivirus programs these days remove malware automatically, some computer security vendors offer separate removal tools for specific threats. One example is Microsoft; although this tech giant stopped supporting the Windows XP operating system in 2014, it continued to update its Malicious Software Removal Tool for the Internet Explorer browser, which operates separately from other security components. Standalone removal tools for specific threats were made popular by the W32.Sasser worm circa 2004.
Additional Features: Message scanning is a modern feature that checks the integrity of all incoming traffic from email programs, social networks, chat programs, etc. Script blocking monitors the execution of suspicious routines written in Java, Visual Basic, Flash, etc. Auto clean is a feature that removes threats as soon as they are detected in the backgrounds, thereby instilling peace of mind among users; however, some antivirus programs also feature a virus vault or quarantine sector, which protects the system while allowing users to review the threat information collected prior to deletion. Quarantined malware does not pose any danger to a system; it remains in a frozen state until the user indicates that it should be permanently removed, but not before learning about when the threat was detected, where it came from and what it could do.
Price: Antivirus programs have a variety of pricing and acquisition schemes. A few are available from vendors that offer free and paid versions; others can only be purchased through subscription methods. The choice between free and paid comes down to the needs of users and their likelihoods to face cyber threats. In general, paid versions offer more than just a virus scanner; they are full-fledged computer security suites.
Choosing the Best Antivirus Protection
The bottom line of computer security these days is that the threat climate is continuously heating up, and thus every single computing device should be protected accordingly. Choosing the right security solution requires consideration of the following factors:
Compatibility: This is the first step. Each antivirus software has a list of minimum system requirements that must be met in order for them to provide optimal protection. The specifications of each program also include any potential conflicts with other software.
Style of Computing: Some antivirus solutions are more comprehensive than others. Constant protection is a standard, but the extent of protection and the features depend on whether a system is being used for business, gaming, school or other.
Certification and Ratings: AV-Comparatives, AV-Test, Checkmark, ICSA Labs, NSS Labs, and VB100% are respected security agencies that constantly test and rate antivirus programs. As expected, the reputable names in computer security tend to get good marks, but some of the lesser-known brands get solid ratings as well.
Purchase Method: The real-time protection offered by antivirus programs can be obtained via secure online stores. Antivirus software downloaded from secure sites is updated and installs automatically; this is not always the case when purchasing boxed programs from brick-and-mortar stores that sell software on compact discs. Downloading from a trusted vendor is always preferred.
Best Antivirus Programs on the Market
To the benefit of all computer users, the antivirus program marketplace is competitive and diverse. The following antivirus programs are the best in the market and are highly recommended. What sets them apart are their features and the strategic processes coded by their developers; it is up to individual users to determine which is the best solution for their needs.
Bitdefender Antivirus Plus
Users looking for products that consistently rank among the top of their categories should look into Bitdefender Antivirus Plus. This Romanian company is well-respected in the computer and network security field due to its ability to remain at the forefront of malware detection and protection against cyber threats.
Newcomers to Bitdefender may find the initial virus scan process a bit lengthy. Once this first-time task is accomplished, future scans become seamless and take less than 10 minutes to complete in most systems. BitDefender can adjust to the systems it protects so that it never takes up more than 10 percent of of available memory or resources.
Aside from the high ratings issued by independent labs to Bitdefender Antivirus Plus, this solution includes useful features such as Rescue Mode, browsing protection, and even a solid password manager. One of the outstanding features of Bitdefender Antivirus Plus is called Autopilot; this is a default operational mode that can be adjusted so that it matches various profiles such as work, gaming and cinema.
The international security researchers and developers behind Kaspersky are renowned for their sheer dedication to protecting the world against malware. Many of the security alerts issued by Kaspersky Lab are major discoveries of cyber weapons, botnet rings, ransomware outfits, phishing crews, and even major hacking clans that specialize in major data heists and cyber attacks.
The Kaspersky Antivirus program features a standard scan and remediation process that is augmented by a feature labeled as System Watcher, which actively monitors files, folders and operating system processes, keeping them safe from viruses and malware. Other features include security tuneups for browsers and the ability to create rescue disks.
McAfee Antivirus Plus
The reputation of the McAfee brand in the field of computer security is undeniable. After all, this is the brand chosen by tech giant Intel as their flagship security solution. The two classic factors that computer users associate with McAfee are: dependability and ease of use.
McAfee Antivirus Plus is a very attractive program that offers comprehensive protection for modern users who synchronize their devices. A standard license of McAfee Antivirus Plus extends protection to all Windows, Mac OS, iOS, and Android devices owned by an individual user; when installed on a single computer, the software automatically searches the network and prompts users to protect all devices.
In addition to the virus scanner and active monitoring features, McAfee Antivirus Plus comes with extras such as phishing protection and a firewall that can be customized to control program access and file streams. In laboratory certification tests by ICSA and West Coast Labs, this antivirus solution received very high ratings for its ability to detect malware and suspicious files as soon as they were downloaded or else introduced to a system via USB, external or network drives.
Trend Micro Antivirus+ Security 10
Trend Micro has been around for more than 20 years, and it has always been distinguished as one of the fastest and most affordable antivirus solutions. In the last few years, the various computer security products developed by Trend Micro have gone through a process of consolidation. The latest version of the award-winning Trend Micro Antivirus+ Security was released around the same time as Microsoft released its long-awaited Windows 10; perhaps it is for this reason that the interface resembles the operating system.
Trend Micro is known as being a silent computer security partner in the sense that it does not display as many warnings as other products; one reason for this is that its recognition engine is very strict and accurate. Even if an infected file is accidentally allowed to enter the system by a careless user,Trend Micro will prevent code execution.
For most Windows users, Trend Micro Antivirus+ Security 10 provides sufficient protection. In terms of malware blocking and low impact to a computer's overall performance, this program gets high ratings by most independent laboratories.
ESET NOD32 Antivirus
In the digital world, computer security firm ESET is a respected name. Unlike most antivirus programs that release new versions on an annual basis, ESET NOD32 Antivirus performs major upgrades to its core software periodically and delivers constant updates to its definition database. This is a leading computer security brand in Europe, where ESET can be seen installed in public settings such as Internet cafes and airport terminals; this is a testament of its reliability.
Since 2014, ESET NOD32 Antivirus has been constantly receiving excellent ratings from testing labs, which praise its ability to quickly detect and neutralize malware and phishing threats.
Avast Pro Antivirus
Users who need antivirus protection that goes beyond a desktop computer often choose Avast Pro. This product is widely known for its free versions for personal and business use. The malware scan, detection and removal functions of Avast Pro Antivirus can be installed in various computers as well as Android-powered smartphones and tablets with a single, affordable license.
Avast Pro is one of a few antivirus programs that offer a free version. This security solution gets high marks by tech reviewers and independent testing labs such as AV-Comparatives. In addition to the antivirus scan and removal function, the premium version of Avast Pro Antivirus includes a Pay Mode function of extra security for online shopping plus a Sanbox environment that can be used to test suspicious files.
Millions of computer users around the world have enjoyed the protection of AVG Antivirus for years. Those who upgrade to the premium AVG Antivirus version enjoy even more comprehensive protection at a very affordable price.
In terms of virus scanning and protection, the detection rate is similar to many of the top-ranking products mentioned in this chapter. The AV-Test Institute certifies the AVG virus scan as 100 percent detection with almost no false positives. When AVG runs into a persistent threat that it cannot remove, it continues to notify the user and prevents code execution until it can be removed, which usually happens when the definitions database is updated.
The latest version of this antivirus program has received high marks from both tech reviewers and independent labs, and premium features such as the Online Shield, PC Tuneup and Data Safe make it a must-have security product. The Online Shield alone makes AVG Antivirus a great product for computer users who spend considerable time browsing the Web and sharing files with remote users.
Panda Antivirus Pro
This computer security brand is popular among many users due to its free version, which comes highly recommended by security analysts; it utilizes a blended approach to scanning that takes advantage of cloud resources to complement the local scans. When dealing with files introduced by external devices such as USB drives, Panda Antivirus Pro applies a “vaccination” function to keep the system safe.
The premium version of Panda Antivirus Pro provides even more comprehensive protection through powerful features such as a personal firewal, Wi-Fi protection, mobile device security, and even Android anti-theft and recovery.
Chapter 5: Anti-Malware Program
What is an Anti-Malware Program?
An anti-malware program is a software application coded for the purpose of preventing, detecting and removing malicious software. Any script or application that can cause damage to a system, thereby aggravating or endangering its users, can be considered malware, which includes viruses, spyware, adware, keyloggers, scareware, Trojan horses, etc.
Anti-malware programs are an essential component of security suites, which also feature other utilities such as antivirus programs, firewalls, and anti-phishing strategies. Depending on the functionality and setting intended by its developers, an anti-malware program can act as a shield to block malware infections in a single device or an entire network.
Understanding Antivirus and Anti-Malware Programs
Over the last few decades, the term “antivirus program” has become synonymous with anti-malware. Technically, they are distinct components of a computer security solution; an antivirus program scans and removes self-replicating malware threats intended to propagate through various methods while an anti-malware program handles all threats.
In other words, using an anti-malware solution provides more protection than using only an antivirus program; however, the fact that the term “antivirus” has entered the popular lexicon to describe many aspects of computer security makes it a bit difficult to understand the functionality of applications that actually detect and remove all sorts of malware and not only legacy cyber threats.
When widespread use of the Internet went beyond the confines of information services such as America Online, Prodigy and CompuServe, cyber criminals mostly used viruses, Trojan horses and worms as their preferred attack vectors; accordingly, computer security firms mostly developed solutions designed to protect against these threats.
Over time, cyber criminals added adware and spyware to their nefarious arsenals, and the initial responses by computer security professionals were varied: some firms researched these new threats and developed modules separate from their antivirus programs to handle them while others tried to integrate them into a single application. Some new security firms became fully dedicated to spyware and adware research, but marketing professionals decided that sticking to the traditional antivirus label was the best course of action.
Most cyber criminals prefer the broad range of malware options at their disposal these days; for some hacking crews, the thought of using computer viruses, Trojan horses and worms may not be as attractive as coming up with a zero-day exploit or a blended threat such as the Facebook “dislike button” phishing campaign.
The Case of the Fake Facebook Button
In the case of the fake Facebook button, hackers took advantage of a September 2015 news media item about the social network and its intention to develop something that could be construed as the opposite of the ubiquitous “like” button. Facebook developers were indeed working on a new feature that may allow users to indicate negative feedback; however, CEO Mark Zuckerberg clearly explained that it would not be a “dislike button.” This did not stop hackers from creating a set of links and social media updates that purportedly invite unsuspecting users to click on malicious links so that they can sign up as beta testers of the new button.
As expected, the victims of the Facebook attack clicked on links to malicious websites where they were instructed to input their credentials and password so that they could click or tap a fake dislike button; upon doing so, their systems became infected with malware designed to look at their list of followers so that the malicious links could be shared for the purpose of stealing personal information.
A traditional antivirus program would not have detected the fake Facebook button attack; furthermore, it would not have offered users the needed protection of blocking the malicious websites. Anti-malware solutions are needed to handled these attacks.
Main Features of Anti-Malware Programs
Most anti-malware programs offer real-time protection in lieu of on-demand or periodic scanning, which means that users are protected from threats even before these have an opportunity to infect; they are caught upon entering the system.
The advanced removal functionality of anti-malware programs is able to completely delete multiple threats, even those that an antivirus component fails to remove. In addition to removing malware, these programs can also block malicious websites that can infect systems or steal personal information.
Anti-malware programs can be purchased as standalone products or as part of a computer security suites. It is important to note that these programs are designed to be compatible with existing antivirus and security suites.
Best Anti-Malware Programs on the Market
There are several anti-malware programs to choose from these days, but the following stand out as the best in terms of protection and value.
This software comes in two versions: Free and Premium, and both are highly recommended by computer security experts. The free version is useful for the detection and removal of all types of malware and rootkits; however, it does not offer real-time protection or malicious website blocking.
Malwarebytes Anti-Malware Premium provides real-time protection and handles all tasks automatically; furthermore, it looks for chameleon threats, which are sophisticated malware apps designed to terminate the execution of security suites or else attempt to modify them. Independent laboratories tend to give Malwarebytes products very high ratings in terms of reliability.
This innovative anti-malware solution harnesses the power of cloud computing to deliver additional protection to its users. Watchdog Anti-Malware favors a multiple engine approach to scanning, which means that it expands its definition database by connecting to cloud sources. Using this approach is similar to getting multiple opinions from various doctors, and it amplifies security by comparing the fingerprint of suspicious applications against several definition databases.
This cloud-based approach to protection against malware speeds up the scanning process by not taking up as many resources, and it also saves time by only having to upgrade the core program and not the definition database. As long as a system is able to connect to the Internet, Watchdog Anti-Malware is able to offer real-time protection.
Chapter 6: Firewall and Security Suite
What is a Firewall?
Firewalls are important components of a computer and network security strategy; they are combinations of software and hardware elements designed to monitor data connections for the purpose of preventing harmful traffic.
In essence, firewalls act as barriers or filters that protect computing devices based on a set of network traffic rules that allow or block connections. As part of a computer security suite, firewalls stop hackers from gaining unauthorized access to computers or other devices, and they also monitor outgoing traffic so that malicious software that may already be present does not connect to an external source.
The rules programmed into firewalls are guided by access lists of trusted network places or websites; they are guided by a positive control model, which means that they stop and block all traffic that is not on their authorization list.
In the world of personal computing, firewalls did not emerge until the early 1990s. Previously, business router devices featured access control lists that determined the Internet Protocol (IP) addresses that should be allowed to connect with a network. These lists were mostly used to prevent connections to private intranets.
How Do Firewalls Work?
A firewall is guided by a set of policies and functions through filters that prevent intrusions and block suspicious code executions from connecting with potentially harmful networks. Not all the functions of firewalls limit access; in many cases, firewalls make virtual private networking (VPN) possible through security measures.
All bits and bytes of information that pass through a network are monitored by firewalls. Instead of leaving a system wide open to the Internet, firewalls shut down a system and create choke points where all traffic must be routed for the purpose of being vetted.
Among the features of modern firewalls, the IP blacklist is one of the most important, and it is updated through certificates or through a security suite; other features include intrusion detection and a control panel to modify settings.
Types of Firewalls
Firewalls currently in use include: packet filter, application-layer, stateful, proxy, and next-generation; they use various techniques to keep systems safe.
Packet filtering is the traditional method of rejecting all traffic unless it is on an authorized list.
Application gateways impose restrictions on specific software while circuit-level gateways examine sensitive TCP and UDP ports.
A proxy server technique is similar to a packet filter in the sense that it examines all packets, but it does so remotely and anonymously.
Next-generation firewalls combine the techniques above and also interact with hardware systems to actively apply security policies by actively scanning ports, listening for protocol activations and monitoring applications. These firewalls are the most likely to be found in modern security suites.
What is a Security Suite?
Antivirus programs are legacy components of computer security that scan and remove self-replicating cyber threats. These days, computer viruses have taken a backseat to numerous threats collectively known as malware. Whereas in the past computer users could find comprehensive protection with an antivirus program, that single solution is no longer enough to withstand the numerous security issues in the era of cloud computing and synchronized mobile devices.
In terms of security, computer users these days face multiple threats on multiple devices. This situation can hardly be kept secure by an antivirus program, which is why the computer security industry has developed what is known as security suites, which many people choose to call antivirus programs for the sake of tradition.
Computer security suites are software collections with components that work collectively and individually to protect systems against multiple threats. Modern security suites are full-blown security solutions that protect not only desktop and laptop computers but also smartphones, tablets, video game consoles, advanced MP3 players that connect to the Internet, and also the people who own and use these devices.
The basic approach of computer security suites is to provide layered protection through components such as: antivirus program, anti-malware program, firewall, privacy protection, parental controls, secure backup, browsing protection and other.
Main Features of Security Suites
Depending on the developer and the marketing strategy of security suites, they may offer different levels of security, such as:
Entry-level security suites, which may be offered for free, as they provide three or more components that can keep users relatively safe with an antivirus program, a firewall, real-time protection, and some online privacy measures.
Advanced security suites, which are comprehensive solutions that augment the entry-level security suites with safe browsing options, secure backups, password lockers, anti-phishing strategies, system tuneup tools, email attachment protection, and protection across all mobile devices.
The ultimate of choice of computer security suite will depend on the needs of the user; however, given the state of cyber threats these days, advanced security suites are highly recommended due to their many features that not only offer protection but also provide useful tools that keep systems running optimally.
Best Security Suites on the Market
When evaluating a security suite, users should make sure that they are reviewing the latest version, which is indicated by the year.
BitDefender Internet Security
This powerful collection of security tools is designed to run in the background with minimal input from users. The antivirus program rates high in comparative tests, and its firewall features an additional intrusion detection module that can filter even the least suspicious attempts. The parental control modules are among the best in the industry, which explains why BitDefender is often recommended for families.
Kaspersky Internet Security
As a computer security firm, Kaspersky is one of the most highly regarded in terms of research. Cyber criminals and even state-sponsored hackers who work on behalf of governments see Kaspersky researchers as their most formidable foe. At the consumer level, the Kaspersky security suite has many features such as Safe Money, a module that offers online banking protection, gaming profiles to minimize interference, and spam analysis tools.
Symantec Norton Security
The antivirus component of this security suite is legendary for its reliability, and its added features make it a great product. Symantec can run on underwhelming desktops and netbooks with low resources without holding up the system. Parental controls and mobile protection tools are included along with the traditional modules.
Trend Micro Internet Security
As one of the most respected names in malware removal, Trend Micro products are ideal for users who spend a lot of time browsing the Internet for work, study or entertainment. This security suite offers two levels: Maximum and Titanium; the latter includes protection for various mobile devices and a password manager. Trend Micro scans browsing sessions in real-time for added privacy.
McAfee Internet Security
Tech giant Intel chose McAfee as its flagship security brand a few years ago, and it has been increasing its protection options ever since. The user interface is one of the easiest to navigate, and additional tools such as the file shredder, vulnerability monitor and tuneup utility keep systems running at their optimal level.
Norton Internet Security
This security suite is specially designed for users who want protection for their Apple systems. The Mac license of Norton Internet Security 5.0 performs full system scans and provides real-time monitoring and protection of vulnerable locations such as iPhoto and iTunes. Additional features include online banking and browsing protection through Norton Safe Web, a special mode that quickly looks up information from Facebook or other sites without compromising the system.
AVG Internet Security
This security suite has become popular in the last few years because it was one of the first to be offered for free, although the no-cost version does not offer all the components that make it a full-fledged security solution. The antivirus, malware removal, link scanner, and email protection modules are free, but the firewall, tuneup utility, data safe, spam monitor, and mobile device protection can only be found in the premium version. AVG is a very highly respected name in the computer security industry, and it offers very affordable products.
Panda Internet Security
This security suite is distinguished by its antivirus program, which is routinely rated as one of the best by independent testing laboratories. Additional features include a data shield for sensitive information, anti-theft protection for mobile devices, a personal firewall, and parental control. PC users who select Panda Internet Security can extend protection to one Android device with a single license; one Apple device can be protected with a multiple license.
Chapter 7: Symptoms of an Infected Computer
Signs of an Infected Computer
Widespread infections of computer viruses have been around since the early 1990s and have not stopped since. In 2008, Consumer Reports released a study that estimated the odds of a desktop or laptop computer being infected with malware at one in 14.
Even though today computer viruses are considered to be legacy cyber threats, there is still an entire industry dedicated to their detection and removal. Modern antivirus definition databases have millions of entries and virus fingerprints, and yet the odds of someone using a desktop, laptop, smartphone, or tablet getting infected remain high.
Similar to the way biological viruses mutate, computer viruses evolve through the nefarious work of their authors, who seek to make their malicious creations difficult to detect. As a malware category, viruses are interesting in the sense that their infections can actually result in erratic functionality that allows users to notice that something is wrong with their systems. Whereas other malware apps function in a very stealthy manner, computer viruses tend to announce their presence once they start the replication and infection process.
The following “symptoms” of computer virus infections can help users determine if their systems have been compromised and if they need to take action:
Numerous Pop-Up Windows
Just about all Web browsers these days block those pesky pop-up advertisements that were common before the end of the 20th century. Some browsers give users the option to allow or block pop-up windows and notifications. However, if these items pop-up even when the browser has been set to block them, or when a browser is not in use, chances are that the system has been infected.
Strange Error Messages
Misspelled error messages or notifications that warn users about a virus infection followed by a prompt to “click here to download” are classic signs of a computer virus at work.
Strange Email Messages
Some computer users see strange messages coming from people on their contact list and immediately think that the computers of the senders have been compromised. More than likely, the recipient's computer is the one infected with the virus, and the messages are engineered to look as if they are coming from addresses on the contact list.
Some forms of ransomware are propagated by means of a computer virus. These nasty infections prevent computer users from operating their systems, and they also display ransom messages directing users to input their credit card numbers so that they can regain control.
Disabled System Functions
Some viruses are known to disable vital functions that could be used to get rid of them. A common example in a Windows computer is to disable the Control-Alt-Delete key sequence to access the Task Manager; other examples include blocking access to the Control Panel or Registry Editor.
Extremely Slow Computer Operation
When a computer takes a very long time to start, particularly when it seems that the desktop background appears but the rest of the icons and menu items take forever to display, a virus may be to blame. This does not always have to occur during startup; sometimes it may happen after closing a Web browser. Many viruses are known to use up a lot of system resources; if they are poorly written, they may cause a computer to hang or even crash. In some cases, the intent of a virus is to annoy users and crash systems or else compromise them by deleting system files.
Unexpected Shut-Down and Restart
Some viruses require a system to restart for the purpose of delivering their payload. When a computer suddenly shuts down or unexpectedly offers to restart, an infection by means of a Trojan horse attack may be to blame. If the computer shuts down after being unresponsive, this may be a sign of a virus downloading and hiding garbage files for the purpose of disrupting computer operation.
Strange Computer “Behavior”
Some of the earliest computer viruses were designed as pranks to startle users. To this effect, they used to manipulate the system volume and play sounds unexpectedly, open and close the CD tray, start programs deliberately, etc.
A classic sign of an infection is when a computer cannot complete a task and instead displays a system message that indicates it cannot find a file. If this happens when opening an application that used to work without problems, a virus may be busy deleting certain system files.
Missing or Extra Disk Drives
When a disk drive icon seems to have disappeared, or when an unfamiliar icon displays, it is better to run an antivirus program or contact a computer technician. More than likely, a virus is hiding the disk drive icon as a prank; also, clicking on the icon of an unfamiliar disk drive may be risky.
Mysterious Browser Navigation
Redirection to unfamiliar websites and strange bookmarks appearing in the favorites folder of a Web browser are classic signs of a virus infection that may result in spyware, such as advertising toolbars being installed.
No Signs or Symptoms at All
The most powerful viruses are written by skilled authors who prefer their coding to go undetected while performing their nefarious work. This is particularly the case with computer viruses that are designed to recruit computers as part of a botnet, which is a rogue network of zombie computers that infect others for the purpose of stealing information, hiding files, spying, or serving advertising illegally. Just because a virus does not make a computer display obvious signs of an infection, does not mean that it is not dangerous; in fact, the most harmful computer viruses are of the stealth variety.
Chapter 8: Scanning for a Computer Virus
Understanding the Role of Virus Scanning
Anyone who uses a computing device for personal, academic or business purposes should allow an antivirus program to perform a virus scan from time to time, particularly if the device is a desktop or laptop computer that connects to the Internet. Unfortunately, many computer users these days neglect to perform virus scans due to a false sense of security that is caused by a misinterpretation of technology.
Despite reports of cyber crime that dominate news headlines these days, Internet security research studies show that even people who work as computer technicians tend to wait months before running a virus scan; in many cases, these are people who manually set their device security settings to remind them when a scan is due and then simply keep postponing the task for months.
Virus scanning is the single most important computer security task these days. Due to the dangerous nature of computer viruses, just one infection may be enough to unleash massive self-replication and propagation if it is not contained in a timely manner. Even worse, the virus may propagate across an entire network, thereby infecting other devices and placing their users at risk.
Three factors of modern life are to blame for neglectful behavior in relation to computer security. First of all, modern systems are so powerful that they always seem to be running fine even though they may be infected. Second, virus writers have become so skilled at designing malware that they have figured out how to make their nefarious creations stealthy. Last, but not least, many users assume that installing any security application on their systems will automatically keep them safe.
Using an Antivirus Program for Scanning
Antivirus programs have been the cornerstone of computer and network security for many decades; they are still the most traditional and essential methods of digital protection. When antivirus programs are part of computer security suites, they are the main components, and they may simultaneously act as virus shields and scanners.
Two important things to keep in mind with regard to virus scanning are:
- Antivirus programs are designed to work in accordance to an upgrade continuum. What this means for computer users is that the burden is on them to install the latest version or to upgrade existing installations.
- A virus scan can only be as good and as effective as its definitions database, which must be constantly updated using an Internet connection. It is through this database that an antivirus program knows what malware to look for and how it should be removed. Once an antivirus program has been installed, the home tab usually displays the status of the definitions database and when it was last updated. As a general recommendation, it is better to manually search for updates prior to running a virus scan.
Virus Detection Methods
Virus Detection Methods
Antivirus programs feature a scanning engine that may use various strategies to locate and reveal malware; the four most common detection strategies are:
1. Signature-based: This detection method is the most traditional, and it is based on the information provided by the detection database once it has been updated. The signatures can either identify a specific malware code or they can serve as general guidelines and describe a whole family of malware.
2. Heuristic-based: This is a method that favors a general set of rules instead of checking files against malware signatures that have already been identified. The heuristic principle is based on the assumption that safe computer files tend to follow a certain code structure that is harmonious; anything that deviates from this norm may be treated as potentially being malware.
3. Virtualization: This is an advanced method that creates a virtual machine within a system, thereby creating a sandbox environment that is separate from the operating system, storage drives and peripherals. With this detection method, suspicious files are transferred to the sandbox so that they can be checked for infections and thoroughly tested before they are removed. This method minimizes the chances of potential malware causing harm to the system.
4. Cloud-Based Detection: This is a modern method that takes advantage of the power of cloud computing. With this method, desktops and laptops become clients of the remote server where the antivirus program is hosted. Using a reliable and stable Internet connection, the signatures of the files on the client side are sent to the cloud via a secure connection; thereby, the detection is performed remotely. Cloud-based antivirus programs perform some level of local detection with a scanning feature installed on the client system, which takes care of the removal process.
When it comes to the actual scanning method, users have three options:
1. Real-time Scan: In most modern antivirus programs and computer security suites, real-time scanning is the default option; it can also be activated manually by checking the “home” tab and choosing the “always-on” setting. In some programs, real-time scans are called “virus shields” or “on-access scans;” they offer continuous, full-time protection against viruses and malware.
2. On-Demand Scan: This scanning method must be manually initiated by the user. An additional option in this case is to select the folders, files and regions to be checked for viruses.
3. Start-Up Scan: This automatic scan is initiated by the antivirus program as soon as the system boots up. This is a fast scanning method that also checks systems and files contained in removable media components such as USB drives, external hard disks, memory cards, etc. The typical detection method in this scan is heuristic.
Scan Depth and Settings
The most common scan depth options that can be set by users are quick and full. Modern systems can easily handle constant full scans and without taking up too many resources or clogging up memory usage. A third option is the custom scan, in which users can decide the regions to be scanned and the level of scrutiny. The full scan is always recommended.
Most antivirus programs allow users to modify some settings, which can be found on the “custom” or “advanced” tabs. The typical settings that can be modified include:
- File extensions, which should always include executables such as .ini, .exe, .vbs, etc.
- File size, which can be set to exclude large files such as DVD-length movies.
- Archived files, which may include .zip and .rar, among others.
- Drives, which may be set to ignore unused hard drives, virtual folders, etc.
- Alerts, which may be set to constantly notify users about threat levels.
- Actions, which may be set to automatic or permission-based when malware is found and before it is removed.
Online Virus Scanning Options
Just like going to the doctor’s office to get a second opinion on a diagnosis, computer users can also look to the cloud for a complementary virus scan to ensure that their systems are fully protected and free of malware.
Security Addition, Not a Replacement
Online virus scanners do not offer real-time protection; for this reason, they should never be considered an adequate replacement for an antivirus program that is properly installed and updated. They are great supplements that can be activated whenever users believe that their systems may have been compromised despite the presence of an installed security solution.
Most online virus scan solutions are offered free of charge, and they typically scan for more than just viruses; they also look for other types of malware. Some online virus scanners are completely on demand, which means that they allow users to upload suspicious files for detection and evaluation; in this fashion, Internet security firms can augment their research and consider adding a new signature to their definitions databases.
Best Online Scanners
For the convenience of users who plan to run online virus scanners more than once on their systems, some vendors suggest the installation of an add-on feature such as a toolbar, a browser button or a desktop shortcut while others may require the installation of a small executable file that communicates to the server and initiates a cloud-based detection process.
For the most part, online virus scanners are great for users who want to check on the performance of their installed computer security suites and standalone antivirus programs. Some of the best online virus scanners are offered by: BitDefender Online, CA Online Malware Scanner, ESET, VirusTotal (on-demand), VirSCAN, Avast, TrendMicro, Jotti, F-Secure, Panda Security and other.
Another advantage of online virus scanners is that they provide users with more than just window shopping when they are looking for an antivirus solutions for their systems. These free security tools give users a sense of how various security vendors work and how they formulate their particular approach to computer protection. It is important to note that many of these online virus scanning options do more than detecting and removing legacy virus threats; they look for other malware categories such as spyware, keyloggers, Trojans, hijackers, ransomware, and potential phishing backdoors.
In the end, it is important for users to remember that online virus scanners are not meant to replace the security solutions that must be installed in computer systems at all times.
Chapter 9: Removing a Computer Virus
Dealing With Computer Viruses and Infected Systems
Although virtually all computer systems these days are protected by antivirus programs and security suites, malware infections are still a major issue that users have to deal with from time to time.
No computer system is completely impervious to cyber threats. A virus that seeks to take advantage of a zero-day exploit (a hole in software unknown to its vendor), for example, may find its way into a system before the definitions database is updated. In some cases, computer users neglect upgrading their antivirus software or else disconnect their systems from the Internet for a long time, thereby preventing the definitions database from updating. There is also the issue of malware that is designed to disable antivirus and security programs.
The most common signs that a computer is infected include:
Pop-up windows: Modern Web browsers have a default setting that blocks those annoying pop-up windows that very few Internet marketers are using these days. A sudden appearance of pop-ups could be a sign that a virus sneaked in and modified the browser settings.
Strange messages: Quite a few computer viruses are designed to spread spyware, and one of the most common methods to achieve this nefarious goal is to hijack an email program or to manipulate social network profiles. What usually follows is a string of phantom messages that contain gibberish plus a link; these are messages composed by the virus program for the purpose of propagation.
Hostage computer: Ransomware is a type of malware that often contains virus features that allow it to spread across the Internet. When a computer is taken hostage by ransomware, a demand message is displayed in the hope that the user will use their credit card to rescue the computer.
Strange behavior: When the right-click context menu in a computer running the Windows operating system unexpectedly stops working or when the Task Manager can no longer be accessed, a virus infection is suspected.
The above symptoms of an infected computer are just some of the most common. Other symptoms may seem more alarming, but they shouldn't be. When dealing with an infected computer, users should remember to stay calm; removing viruses and malware can be accomplished without deleting important files. The following are the four core methods of virus removal.
Using Antivirus Programs
Most antivirus programs and computer security suites take care of virus infections automatically; however, not all programs offer virus shields or real-time protection, and sometimes users forget to enable these features. When a virus sneaks in because a real-time protection was not activated, it is still possible for the antivirus program to detect it and remove it.
Preparing for a Scan
The first step is to open the control panel of the antivirus program and look for the update option. Next, all open programs should be closed, particularly Web browsers, unless the virus scan engine resides in the cloud. The option to perform a full system scan should be selected.
Deciding Between Different Actions
When a virus or malware infection is detected, users can choose from a few removal methods:
Clean: This option allows the antivirus program to remove only the malicious code from a file that was infected. If the clean method does not work as intended, a full deletion may be required.
Quarantine: A file can be placed in a “vault,” a special folder managed by the antivirus program where malware can be segregated for further evaluation and future deletion. Once a virus is placed in this folder, it is effectively isolated from the rest of the system and can be manipulated safely.
Deletion and removal: This is often the best option; it involves completely removing malware or the infected file from the system. In most cases, only the virus or malware itself will be deleted; however, there may be a risk of losing a file that has been infected if the malicious code could not be segregated and removed.
Dealing with False Positives
Users may run into false positives from time to time. A false positive is an incorrect detection by an antivirus program, which occurs when a pattern of code in the file matches the same pattern contained in a virus signature. This is more commonly experienced in real-time protection mode when users are downloading a file that they know is safe because it comes from a trusted source. Some virus program developers allow users to report false positives and to upload the file for inspection; another sensible option is to get second opinion by running an online virus scan.
Hands-on Removal in Safe Mode
The Windows operating system features a Safe Mode boot method that is ideal for virus removal. This boot method should be accessed after all external storage devices such as DVDs, USB sticks, memory drives and hard disks have been removed.
Booting into Safe Mode
For users of Windows XP, Vista and 7 versions, Safe Mode can be accessed by completely powering down their systems, turning on their computers and immediately tapping on the F8 key repeatedly until the Advanced Boot Options screen is displayed. From here, Safe Mode with Networking can be selected. On Windows 8 and newer versions, holding down the Shift key while booting up displays the Troubleshooting screen, in which the Advanced Options can be selected to find Safe Mode. On Mac OS systems, Safe Mode is known as Safe Boot, and it can be accessed by holding down the Shift key before pressing the power button without releasing it until the desktop appears.
What happens in a Safe Mode environment is limited by certain controls. Many applications will not be loaded, and the system will run the bare minimum of resources. When Safe Mode is entered, it is very likely that malware will not be loaded, thereby enabling the possibility of virus removal.
Deleting Temporary Files
If possible, the temporary files folder should be emptied before the virus removal process starts; this will not only speed things up but also remove malware contained therein. The Disk Cleanup accessory in the System Tools section of Windows has an option to delete the contents of the Temp Folder; an even better option is to allow an antivirus program or computer security suite to handle it.
Using an On-Demand Scanner
Start-up virus scans are typically disabled in Safe Mode, which means that an on-demand option should be selected in Safe Mode. After running the on-demand scan, the antivirus program will list removal options; once this is completed, the computer can be restarted normally.
If the computer does not have an antivirus program installed, the Safe Mode with Networking option will allow users to access the Web page of a trusted computer security firm for the purpose of downloading one of their solutions. Another option would be to access another computer that is not infected, downloading two antivirus programs and saving them to a memory card or USB drive. These programs can then be installed in the infected computer while in Safe Mode.
Removing Malware Manually
In some cases, the virus scan may detect malware that it can't remove on its own for some reason. This may be a false positive or it may be a persistent piece of malware created by a sophisticated virus writer. This may call for manual removal, which can be accomplished by looking up the scan report of the antivirus program, making a note of the file that couldn't be removed and searching for it online at the websites of reputable computer security firms. In many cases, they will offer a special removal tool designed to remove that particular virus. Many of these tools create a backup of the System Registry or set a Windows Restore Point in case a crucial file is accidentally deleted.
Confirming the Scan Results
To be completely on the safe side, once the system goes back to normal operations after virus removal, a second opinion should be obtained with an online virus scan from a reputable computer security firm.
Updating Software and Resetting Passwords
Another action to take is to make sure the operating system, antivirus program, computer security suite, and Web browsers are up-to-date. Users whose computers that were infected should also change their passwords in case they were affected by spyware or a keylogger that captured information they input into their computers for online banking, shopping and correspondence.
Removable Antivirus and Computer Security Devices
Many computer manufacturers include a rescue CD with the systems they release. These bootable solutions are ideal for situations when computer users want to reset their systems to factory standards so that they can reapply upgrades and update patches. A similar approach is used by the computer security industry in the form of antivirus removal devices, which users can create by downloading certain files and saving them into USB drives.
Virus removal devices are bootable USB drives that create a clean environment apart from the operating system. The most sophisticated virus removal devices actually install a dedicated operating system that accesses the resident OS externally; in this fashion, no malware is ever activated. These devices are highly recommended for the removal of rootkits, which are among the most dangerous and pernicious pieces of malware.
Users who create USB security solutions should keep in mind that they must be updated periodically. Even when they are not actively used, these devices should be updated by going to the website of the vendor who provides the download files and checking for the latest version. Some security firms offer solutions that update themselves whenever they are connected to the USB port of an Internet-connected system.
To use these removal devices, users must simply connect them to an open USB port and follow the onscreen prompts, which typically begin with a system restart. In some older and legacy desktops and laptops, the plug-and-play functionality of these devices may need to be activated by changing the boot order in the BIOS screen. A bonus feature of USB computer security solutions is that they can be used in multiple devices, but their usage should not preclude the installation of a real-time antivirus program.
Worst-Case Scenario for Virus Removal: Reinstalling the OS
Before the computer and network security field developed into the important industry that fights cybercrime these days, a common solution to dealing with malware and infected computers was to reset them to their initial state. In the PC world, this usually meant reinstalling Windows; in the Apple world of Mac computers, the operating system was rooted in the hardware, and thus it required a reset. In the past, an OS reinstall or reset meant losing personal data and custom settings; these days, however, the process is far more comprehensive and does not require computer users to lose too much.
It is important to remember that a drastic solution such as a reformat and OS reinstall should be complemented with additional security measures such as installing a permanent computer security solution and resetting all passwords, particularly those used for online banking purposes.
Modern OS versions offer several data backup methods such as hard drive images and cloud storage. Imaging is the most effective backup method since it also includes crucial customized settings and device drivers. A few older email systems store messages and attachments in a local folder; those can be exported to data files and saved in a USB drive or uploaded to a cloud storage solution.
Program files should never be backed up since they are most likely to have been infected with viruses; the reason behind this is that program files have executable features that virus writers seek to take advantage of.
Something else to remember is that an updated antivirus program or computer security suite must be installed right after the new OS installation is completed and before the data backup is transferred to the system. Ideally, the new installation should not be operated until real-time protection is activated and ready to detect any infected files that may have been accidentally backed up.
Chapter 10: Safely Operating the Computer
Computer security analysts estimate that no personal or business computing device in the 21st century can completely avoid a cyber attack. It could be a virus or spyware, a keylogger or a rootkit; the attack vector is irrelevant. Everyone falls victim to modern threats. Still, there is a lot that computer users can do to protect their systems from becoming infected.
Prevention is crucial in terms of computer and network security, which often means sticking to certain rules and measures that require a bit of discipline; however, following these safe practices is often easier than removing certain infections.
Keeping the Operating System and Essential Software Up-to-Date
The first step in computer security these days is to keep the OS and major software applications, particularly those that connect to the Internet, up-to-date. Major OS developers such as Microsoft, Apple and Google commit a substantial amount of resources to security, and their most important function in this regard is the constant release of security updates and patches. It's not just the OS security that is augmented with every released patch; Microsoft, for example, often includes fixes for major software such as Internet Explorer and MS Office.
Choosing a Solid Security Solution
Antivirus programs and computer security suites that feature real-time protection are essential components of a preventive strategy since they detect malware threats as soon as they attempt to enter the system. These apps can also “immunize” systems by blocking malicious URLs, securing open ports, blocking the creation of backdoor exploits, and eliminating spyware threats.
Even with a virus shield or real-time protection enabled, full malware scans should be conducted periodically and each time external devices such as USB drives are connected. Some antivirus programs and all security suites feature a firewall component, which should be active at all times. If a standalone antivirus program does not offer it, the default firewall provided by the OS should be kept active.
Needless to mention, all computer security applications should be regularly updated for maximum prevention. The easiest way to accomplish this is to set the antivirus program or security suite to download and install files automatically.
Backing Up Data Regularly
An advantage of digital media and documents is that they can be securely backed up in case of a major system issue such as a security breach that requires reformatting the hard drive or reinstalling the OS. Data imaging utilities are ideal for this purpose, but the cloud storage backup components offered by security suites are also optimal.
Securing Web Browsing
The great majority of modern cyber threats are distributed and propagated from the World Wide Web. Although email and closed peer-to-peer (P2P) file sharing networks are still used by virus writers and malware authors to play and spread their nefarious trade, the Web has become the to-go Internet module to propagate cybercrime.
Various security suites offer safe Web browsing modules that rate the security of websites before they are accessed by users. In general, the dark side of the Web is not recommended for anyone to visit if they are concerned about computer security. Browsing hacker forums, pornography sites, torrent directories, and file sharing websites are often rife with viruses and malware.
Special caution should be applied when installing software downloaded from the Web. Unless it comes from a trusted source such as a computer security firm or an OS developer, there is always a risk of a downloaded application being infected; for this reason, the best course of action will always be to allow the antivirus program or the security suite to scan the downloaded file before being installed.
Enabling Browser Security Settings
Some Web browsers offer more safety features than others, but the level of security is ultimately determined by users who adjust the settings. At the minimum, the pop-up blocking feature must be enabled at all times, but other security settings that should also be constantly active include smart cookie managers and anti-phishing components.
An even better browsing strategy is to install a security suite that includes a Web security feature. Safe browsing components handle the management of the browser security settings and also advise users on how to protect their privacy online, particularly when they use online banking websites.
Staying Safe in Public Settings
In general, public computers should be avoided whenever possible. Although places such as universities, Internet cafes, hostels, airports, libraries, and hotels often try their best to keep their networks secure for the benefit of their customers, hackers and practitioners of cybercrime are always trying to attack these places. A similar risk is always present at public Wi-Fi hotspots provided at cafes, restaurants, lounges, shopping malls, etc.
If a public computer or a public Wi-Fi hotspot must be used, special care should be taken to log out of all online accounts as well as clearing the browsing history and Internet cache. A better option is to only use a personal computing device such as a laptop, tablet or smartphone. Also, it is recommended to use a virtual private network (VPN) when connecting to a Wi-Fi hotspot. Alternatively, some security vendors offer what is sometimes called a “computer on a stick,” which is a special set of software loaded in USB drives that can be used to provide a secure environment when using public computers.
Ensuring Online Account Management
Two of the most common acts of cybercrime perpetrated these days involve identity theft and fraudulent access of online accounts. Although news headlines many times report major data breaches by hackers who steal online credentials such as username and password combinations, the reality is that many hackers are able to gain unauthorized access to online accounts simply by guessing poorly managed passwords.
Password management should be practiced by all computer users these days, and the first step is to not choose words that are listed in a dictionary. The most common brute force attacks are known as “dictionary attacks,” which are essentially scripts that run a list of commonly used passwords to gain unauthorized access to online accounts. Strong password choices these days must include symbols, numbers and unusual letter combinations of consonants. It is also important to not use the same password across all online accounts; to this effect, some computer security suites feature a password locker utility to assist users in creating strong passwords and managing them for various accounts while keeping them safely encrypted.
Adopting Safe Email Practices
As one of the oldest components of the Internet, email is a classic attack vector used by hackers and virus writers to infect computers and spread their malware creations to computer systems around the world. What makes email so attractive to cybercrime perpetrators is that messages can be crafted in certain ways that facilitate their attacks.
Many of the practices recommended for the safe use of email are rooted in common sense. One of the first rules is to be very suspicious of unexpected messages sent by unknown senders. These messages should be promptly deleted, particularly if they contain attachments. Immediate deletion should also be applied to messages that ask for passwords or online banking information; banks will never ask for this information via email.
Email hoaxes and unusual messages that tell fantastic tales of individuals winning lotteries or receiving inheritances in foreign countries are either fraudulent or conduits of malware; these should be immediately deleted, particularly if the email service provider classified them as spam or junk mail.
Major cloud email providers such as Apple, Google and Microsoft scan all emails for viruses and other forms of malware; similar solutions are offered by computer security suites. In fact, security suites may also offer what is known as a link scanner, a utility that examines messages that came from suspicious IP addresses or that contain URLs deemed to be malicious.
Taking Precautions With External Storage Devices
USB drives, memory cards, external hard drives and even smartphones and tablets that connect to computers for file transfer and synchronization present a risk of infection. What makes USB drives and memory cards so attractive to cyber criminals is that they are essentially sophisticated vehicles for infections; since one of the main uses of these devices is to enable the physical transfer of files between computers, hackers are particularly fond of them.
Modern virus writers are focusing on infecting smartphones and tablets because they know that most users do not install security solutions on their mobile devices.
Fortunately, modern antivirus programs and computer security suites scan removable media and external devices as soon as they are connected to a system. It is important to allow security applications to scan these devices. If possible, the AutoPlay feature of these devices should be turned off for the purpose of mitigating risks.
Since virus writers and malware authors these days are concentrating on developing attacks on mobile devices and external storage devices, computers users should strongly consider installing security suites that extend protection to this technology as well.
The cyber threats that the computer and network security industry works hard to contain on a daily basis are not going away; if anything, they are becoming more prevalent and sophisticated. Malware has come a long way since the early days of computer viruses that propagated via floppy disks.
Many computer users who install the first antivirus program or malware scanner that comes to mind are later surprised and disheartened to learn that their systems have been infected, or that their security has been breached. This often happens when security is not given the proper consideration it deserves; if the average user reflects upon the information presented in this guide and takes the necessary precautions, there should be very little to worry about in terms of computer safety.
Good computer security starts with understanding the basic concepts of viruses and the assorted types of malware. Once the nature and motivation of cyber threats are understood along with the various attack vectors, the next step is to install the adequate tools. It is important to be able to make the right choice among the best antivirus programs and computer security suites available these days, particularly when users are very active online or when they need to protect more than one device.
What is even more important is to understand is that computer security is hardly limited to installing a software solution and expecting it to handle everything. This guide touched on the topics of malware removal, virus scans, software updates, and best safety practices; the reason these subjects were presented is that they all form part of a comprehensive computer security strategy.
The Internet can be safely used to its full potential just as long as proper safety measures are in place. For example, even if a virus sneaks past the firewall and real-time protection feature of a security suite, a savvy computer user should be able to recognize symptoms of an infection and get a second opinion from an online virus scan. Even if the threat cannot be removed the first time, a savvy user would know how to use a rescue device and how to recover from backup in case the hard drive needs to be reformatted and the operating system installed again.
In the end, computer users should not feel intimidated by the status quo of Internet security and cyber threats nowadays. The information explained in this guide boils down to obtaining the right security tools and using common sense when using tech devices. For those users who take all the necessary precautions, odds are good that they'll never have to deal with a major security problem. The main idea is to always put maximum effort into prevention rather than having to deal with the aftermath of a cyber threat.