Countermeasures Computer_virus

1 countermeasures

1.1 antivirus software
1.2 recovery strategies , methods

1.2.1 virus removal
1.2.2 operating system reinstallation


1.3 viruses , internet

countermeasures

antivirus software

screenshot of open source clamwin antivirus software running in wine on ubuntu linux

many users install antivirus software can detect , eliminate known viruses when computer attempts download or run executable file (which may distributed email attachment, or on usb flash drives, example). antivirus software blocks known malicious websites attempt install malware. antivirus software not change underlying capability of hosts transmit viruses. users must update software regularly patch security vulnerabilities ( holes ). antivirus software needs regularly updated in order recognize latest threats. because malicious hackers , other individuals creating new viruses. german av-test institute publishes evaluations of antivirus software windows , android.

examples of microsoft windows anti virus , anti-malware software include optional microsoft security essentials (for windows xp, vista , windows 7) real-time protection, windows malicious software removal tool (now included windows (security) updates on patch tuesday , second tuesday of each month), , windows defender (an optional download in case of windows xp). additionally, several capable antivirus software programs available free download internet (usually restricted non-commercial use). such free programs commercial competitors. common security vulnerabilities assigned cve ids , listed in national vulnerability database. secunia psi example of software, free personal use, check pc vulnerable out-of-date software, , attempt update it. ransomware , phishing scam alerts appear press releases on internet crime complaint center noticeboard. ransomware virus posts message on user s screen saying screen or system remain locked or unusable until ransom payment made. phishing deception in malicious individual pretends friend, computer security expert, or other benevolent individual, goal of convincing targeted individual reveal passwords or other personal information.

other commonly used preventative measures include timely operating system updates, software updates, careful internet browsing (avoiding shady websites), , installation of trusted software. browsers flag sites have been reported google , have been confirmed hosting malware google.

there 2 common methods antivirus software application uses detect viruses, described in antivirus software article. first, , far common method of virus detection using list of virus signature definitions. works examining content of computer s memory (its random access memory (ram), , boot sectors) , files stored on fixed or removable drives (hard drives, floppy drives, or usb flash drives), , comparing files against database of known virus signatures . virus signatures strings of code used identify individual viruses; each virus, antivirus designer tries choose unique signature string not found in legitimate program. different antivirus programs use different signatures identify viruses. disadvantage of detection method users protected viruses detected signatures in recent virus definition update, , not protected new viruses (see zero-day attack ).

a second method find viruses use heuristic algorithm based on common virus behaviors. method has ability detect new viruses antivirus security firms have yet define signature , gives rise more false positives using signatures. false positives can disruptive, in commercial environment, because may lead company instructing staff not use company computer system until services has checked system viruses. can slow down productivity regular workers.

recovery strategies , methods

one may reduce damage done viruses making regular backups of data (and operating systems) on different media, either kept unconnected system (most of time, in hard drive), read-only or not accessible other reasons, such using different file systems. way, if data lost through virus, 1 can start again using backup (which recent). if backup session on optical media cd , dvd closed, becomes read-only , can no longer affected virus (so long virus or infected file not copied onto cd/dvd). likewise, operating system on bootable cd can used start computer if installed operating systems become unusable. backups on removable media must inspected before restoration. gammima virus, example, propagates via removable flash drives.

virus removal

many websites run antivirus software companies provide free online virus scanning, limited cleaning facilities (after all, purpose of websites sell antivirus products , services). websites—like google subsidiary virustotal.com—allow users upload 1 or more suspicious files scanned , checked 1 or more antivirus programs in 1 operation. additionally, several capable antivirus software programs available free download internet (usually restricted non-commercial use). microsoft offers optional free antivirus utility called microsoft security essentials, windows malicious software removal tool updated part of regular windows update regime, , older optional anti-malware (malware removal) tool windows defender has been upgraded antivirus product in windows 8.

some viruses disable system restore , other important windows tools such task manager , cmd. example of virus ciadoor. many such viruses can removed rebooting computer, entering windows safe mode networking, , using system tools or microsoft safety scanner. system restore on windows me, windows xp, windows vista , windows 7 can restore registry , critical system files previous checkpoint. virus cause system hang or freeze , , subsequent hard reboot render system restore point same day corrupted. restore points previous days should work, provided virus not designed corrupt restore files , not exist in previous restore points.

operating system reinstallation

microsoft s system file checker (improved in windows 7 , later) can used check for, , repair, corrupted system files. restoring earlier clean (virus-free) copy of entire partition cloned disk, disk image, or backup copy 1 solution—restoring earlier backup disk image relatively simple do, removes malware, , may faster disinfecting computer—or reinstalling , reconfiguring operating system , programs scratch, described below, restoring user preferences. reinstalling operating system approach virus removal. may possible recover copies of essential user data booting live cd, or connecting hard drive computer , booting second computer s operating system, taking great care not infect computer executing infected programs on original drive. original hard drive can reformatted , os , programs installed original media. once system has been restored, precautions must taken avoid reinfection restored executable files.

viruses , internet

before computer networks became widespread, viruses spread on removable media, particularly floppy disks. in days of personal computer, many users regularly exchanged information , programs on floppies. viruses spread infecting programs stored on these disks, while others installed disk boot sector, ensuring run when user booted computer disk, inadvertently. personal computers of era attempt boot first floppy if 1 had been left in drive. until floppy disks fell out of use, successful infection strategy , boot sector viruses common in wild many years. traditional computer viruses emerged in 1980s, driven spread of personal computers , resultant increase in bulletin board system (bbs), modem use, , software sharing. bulletin board–driven software sharing contributed directly spread of trojan horse programs, , viruses written infect popularly traded software. shareware , bootleg software equally common vectors viruses on bbss. viruses can increase chances of spreading other computers infecting files on network file system or file system accessed other computers.

macro viruses have become common since mid-1990s. of these viruses written in scripting languages microsoft programs such microsoft word , microsoft excel , spread throughout microsoft office infecting documents , spreadsheets. since word , excel available mac os, spread macintosh computers. although of these viruses did not have ability send infected email messages, viruses did take advantage of microsoft outlook component object model (com) interface. old versions of microsoft word allow macros replicate additional blank lines. if 2 macro viruses simultaneously infect document, combination of two, if self-replicating, can appear mating of 2 , detected virus unique parents .

a virus may send web address link instant message contacts (e.g., friends , colleagues e-mail addresses) stored on infected machine. if recipient, thinking link friend (a trusted source) follows link website, virus hosted @ site may able infect new computer , continue propagating. viruses spread using cross-site scripting first reported in 2002, , academically demonstrated in 2005. there have been multiple instances of cross-site scripting viruses in wild , exploiting websites such myspace (with samy worm) , yahoo!.