Return-Path: <sentto-279987-3884-1005841001-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 15 Nov 2001 08:18:09 -0800 (PST) Received: (qmail 2294 invoked by uid 510); 15 Nov 2001 16:15:30 -0000 Received: from n3.groups.yahoo.com (216.115.96.53) by all.net with SMTP; 15 Nov 2001 16:15:30 -0000 X-eGroups-Return: sentto-279987-3884-1005841001-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.52] by n3.groups.yahoo.com with NNFMP; 15 Nov 2001 16:16:42 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 15 Nov 2001 16:16:40 -0000 Received: (qmail 56275 invoked from network); 15 Nov 2001 16:16:40 -0000 Received: from unknown (216.115.97.167) by m8.grp.snv.yahoo.com with QMQP; 15 Nov 2001 16:16:40 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 15 Nov 2001 16:16:41 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAFGHRs26007 for iwar@onelist.com; Thu, 15 Nov 2001 08:17:27 -0800 Message-Id: <200111151617.fAFGHRs26007@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 15 Nov 2001 08:17:27 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Give.viruses.the.heave-ho!.Here's.how] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Give viruses the heave-ho! Here's how Robert Vamosi, Associate Editor, ZDNet Reviews, 11/14/2001 <a href="http://www.zdnet.com/anchordesk/stories/story/0,10738,2824299,00.html">http://www.zdnet.com/anchordesk/stories/story/0,10738,2824299,00.html> Merely owning antivirus software is not enough to protect your PC from infection. The software requires a certain amount of care and feeding beyond the initial purchase. Fortunately, a few minutes of prevention can prevent hours of frustration during a real attack. Installing antivirus software on your PC is the first step to safeguarding yourself from all the viruses out there. A good firewall can also help, by alerting you to some of the viruses, worms, and Trojan horses active on the Internet. Probably the best approach is to use both an antivirus program and a firewall. Today, I'll help you get the most out of your antivirus software, then in next week's column I'll discuss consumer-grade firewalls. WHEN YOU PURCHASE antivirus software, either in the store or online, it usually comes with a set of virus signatures--unique code that distinguishes one virus from another--that immediately go out of date. New viruses are created and discovered almost every day. That's why you should download the most recent signature files when you install your antivirus program (most products do this automatically). In order to stay protected, you must update your software whenever a new virus appears or, better yet, on a regular schedule (say weekly or biweekly). Antivirus software companies post the latest signatures, or .dat files, on their sites. Most also let you automatically update your software whenever you log onto to the Internet. So updating your antivirus software and running it before an infection hits should be enough to detect and remove a virus that is not active in memory, right? Not always, says Steven Sundermeier, product manager for antivirus software maker Central Command. SOME ANTIVIRUS UPDATES only identify viruses--they don't get rid of them--while others both identify and remove them. Why? Well, sometimes the update can't remove a virus. Most antivirus programs can identify a virus stored within, for example, an e-mail database, but cannot remove the virus until it is acted upon by previewing or opening an e-mail. Another time you cannot remove a virus: when using Windows Me and the infected file resides within the "_Restore" directory. Because Microsoft's System Restore utility does not allow files stored in the directory to be manipulated, you will have to work around this problem. (Microsoft offers a solution to this problem on its site.) Still, despite your precautions, say the unthinkable happens: your computer becomes infected with a virus and you send a lethal virus to everyone who's ever e-mailed you in your life. What next? I ASKED THE EXPERT, Sundermeier, whether downloading an updated antivirus signature file after being infected does any good. He said no, the virus would most likely block access to the infected files. Also, removing an active virus from memory can make the Windows system unstable. Some worms, such as MTX, are even smart enough to block Internet access to antivirus sites. Antivirus vendors have started releasing removal tools for specific, big-time viruses. These tools do more than simply disinfect the machine; they're designed to undo the damage. Sundermeier predicts companies will continue to offer these fixes. Short of a custom-removal tool, however, the way to remove an active infection is to boot from a clean operating system disk or gain access to the Windows Recovery Console (Microsoft explains how to do this on its site) and run a command-line antivirus scanner. Because viruses and worms entangle themselves in the Windows operating system, you must work outside the infected operating system to remove them. Another way to remove a virus is to reformat your hard drive and reinstall the operating system. I SHOULD NOTE that none of these removal techniques should be attempted without first backing up the data on your system. In theory, regular backups can mitigate the damage caused by active viruses. In practice, however, backups are somewhat of a pain. Say, for example, you perform a complete backup every Sunday, then only do partial backups (in other words, backup only those files that changed) Monday through Saturday. Should you lose your data on Thursday, you'll have to load Sunday's backup, plus the changes made on Monday, Tuesday, and Wednesday. On the other hand, losing your data is worse. Actually, I think the worst scenario is believing you have a backup only to discover the process has failed. As a rule, the more complete backups you have on hand, the better off you are. Has your computer ever been infected with a virus? What did you do? Was your antivirus software any help? TalkBack to me. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/bAmslD/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST