Help :: Virus
Useful information to stay safe from computer viruses

Useful information to stay safe from computer viruses

Title: Interesting information for safety from computer viruses
Compiled by: Dr. Siwarak Siwamokatham
Source : ThaiCERT: Thai Computer Emergency Response Team, Computer Security Coordination Center, Thailand
Published on : 29 July 2004

Computer viruses are a problem that almost every computer user has experienced. However, even if you have had experience with computer viruses threatening your system in the past. But do you know what a computer virus actually is? How can computer viruses threaten your system? What is the solution to a compromised system? And the important thing is How to keep your system safe from computer viruses? As a Computer Security expert from the ThaiCERT agency (http://www.thaicert.nectec.or.th/) whose main mission is to disseminate knowledge and warn against computer viruses. The author would like to present a brief and basic understanding of computer viruses. So that you can effectively protect your system from being threatened by computer viruses.

What is a computer virus?

In the past, the word "computer virus" It is the definition of a program that creates problems and causes various damages. with computers and can spread itself from one file to another. Inside the computer But it cannot spread across computers on its own. The ability of computer viruses to spread across computers is caused by users using files that contain computer viruses on other computers, such as using diskettes or other storage media. that has files of computer viruses embedded in it to use etc.

However, over time, computer viruses have developed variations. Techniques for spreading, ability, and violence to cause damage to the system which is very different from before, so nowadays the word "Computer virus" Therefore, it has a broader meaning than before and a new term has been coined that "Malware (Malware: Malicious Software)" which means a set of computer instructions Any program or software that has been created with the intent to cause damage to computers or computer network systems and may have the ability to move from one computer to another or from one network to another on its own

That is, currently "computer viruses" is used in the meaning of "Malware" widely (This article is the same) which, in addition to referring to previous forms of computer viruses, also includes (or may be composed of the components mentioned below)

• Internet Worm, which refers to a program designed to be able to spread to other computers by itself. By using computer network systems such as e-mail or file sharing, the spread is rapid and wide
• Trojan, which refers to a program designed to infiltrate another user's computer system in various forms, such as programs or greeting cards, etc., in order to intercept, track, or control the operation of the compromised computer.
• Exploit code, which means a program designed to penetrate a system by exploiting vulnerabilities in the operating system or applications running on the system. So that viruses or intruders can take over, control, or do anything on the system
• Hoax virus news, which usually takes the form of sending messages one after the other, like sending a chain letter. This type of message uses the principles of psychology. Make the news trustworthy If the person receiving the message complies, it may cause damage to the computer system, such as deleting necessary data files of the operating system while pretending to be a computer virus. Causes the operating system to behave abnormally. etc.
  

  Note: When talking about hoax, I would like to present additional knowledge about the characteristics of another form of hoax that is not a computer virus. But it is a form of computer crime that is becoming more and more common nowadays, that is "Phishing" This is e-mail spoofing and creating a fake website with the same content as the real website and an address similar to the real website. To deceive victims or e-mail recipients into revealing financial or other personal information, such as credit card number information, username and password, national identification card number. or other personal information

How can computer viruses threaten the system?

Usually, computer viruses can threaten a system for three main reasons:

1) A file that has a computer virus embedded is being executed.

As for the cause of computer users executing files that are already embedded with computer viruses, causing the system to be threatened by computer viruses, this is a well-known cause. In addition to being embedded in users' files, which is a form of early computer viruses, modern computer viruses often use a psychological principle called social engineering to trick users into opening files that are. Viruses, for example, come in the form of greeting card programs or screen saver programs, or in files received from people known to the user. which the user may receive via e-mail disguised as being from someone the user knows Or viruses may be hidden in the form of links in e-mails or websites. that tricks users into clicking to run etc.

2) Systems that do not use an Anti-Virus program or that use an Anti-Virus program but do not update the virus database

For another main cause of the system being threatened by a computer virus is that the system does not use an Anti-Virus program or has used an Anti-Virus program but has not updated the virus database to be up to date. Most Anti-Virus software can protect against known computer virus threats that are stored in the Virus Definition Database. This database must be kept up to date. Always so that the program knows and can fight new computer viruses. Some of you may have wrong beliefs. That if Anti-virus software is installed on the system then computer viruses will not be able to threaten the system. In fact, even if the system has such software installed, But if the virus database is not updated regularly or Anti-virus software is not used to thoroughly check that the system is free of computer viruses on a regular basis, Computer viruses can also threaten the system. Moreover, even if the Anti-virus software is properly installed and used in all respects, But the system may still be at risk of being compromised if the system is vulnerable. (Vulnerbilities) which will be discussed in the next section

3) The operating system or software running on the system is vulnerable. (Vulnerbilities) and the system is connected to the network

As for the reasons for the system's vulnerabilities, it is still not fully understood and realized. In fact Operating systems and the software running on them often have vulnerabilities. Often new vulnerabilities are discovered. of the system continuously Continuously, vulnerabilities (vulnerbilities) have a meaning similar to bugs of the system. In general, vulnerabilities mean The system has channels for attackers to take over. control work Bring a computer virus to run or do something on the system. If you are using the Microsoft Windows operating system, you can check what vulnerabilities your system has by running Windows Update or browsing http://windowsupdate.microsoft.com/You may discover that your system has many serious vulnerabilities. These vulnerabilities are a way for computer viruses or malicious actors to enter your system through the network. The fact that the system has vulnerabilities is the cause of what can be called an incident. "Suddenly It's infected with a virus. In addition, using the operating system or software in certain ways can cause vulnerabilities, such as having programs automatically open and read e-mails and attached files. Allowing other people to install files on the system (Full-Right File Sharing), etc.

Fixing a system infected with a computer virus

Remediating a system that is compromised by a computer virus varies depending on the virus that is threatening the system. Therefore, first you must know what virus has entered your system. Most systems that are threatened by computer viruses are systems that do not use an Anti-virus program or that use an Anti-virus program but do not update the virus database. Therefore, to know what viruses are in the system You can choose to use the following methods

• Take another computer that has Anti-virus software installed and has updated the virus database and verified that the system is free of computer viruses. Come in and help check if your system is being threatened by a virus. (For details on how to check for viruses using other computers by connecting the two computers over a network, (or Cross cable connection) can consult with experts such as ThaiCERT etc.)
• Use the web-based computer virus detection system (free) such as at http://housecall.trendmicro.com /housecall/ or http://www.pandasoftware.com/products/activescan/ etc. The weakness of this method is that the verification may not be done very quickly due to network delays. Additionally, these systems may not work on your system that has third-party anti-virus software installed. and more than that Some viruses make your system unable to use the network at all.

Some of you may wonder why you don't use the method of installing Anti-virus software and/or updating the virus database. and run the said program To check for viruses on your system The weak point of this method is when your system is threatened by a virus. Viruses may block or disrupt the system, making it impossible for you to install or run the software. Or it may cause the Anti-virus software to crash or become defective.

When you know what type of virus the system is infected with, Procure a program for eliminating computer viruses (Fix Tool) to use to eliminate viruses on your system. You can download these Fix Tool programs for free from various websites such as http://securityresponse .symantec.com/avcenter/tools.list.html or http://www.pandasoftware.com/download/utilities/ etc. You may need to run your operating system in Safe Mode (consult an expert) in order for these Fix Tool programs to work with maximum accuracy.
When all viruses on your system are eliminated. Check whether your operating system has any critical vulnerabilities or not. If so, fix them. which is checked and corrected You can usually do this by browsing to http://windowsupdate.microsoft.com/ When the operating system vulnerabilities are fixed, Please install an Anti-virus program and/or update the virus database to the most up-to-date date. and run the said program to check your system in detail once again to make sure it is free of computer viruses.

In summary Rough steps To fix a system infected with a computer virus is

1. Check what virus the system is infected with. By using a program to check for viruses, which may be done by relying on another computer to be connected to help check. or rely on a web-based computer virus scanning engine (Web-based virus scan engine)
2. Download Program for fixing detected viruses to eliminate viruses
3. Fixing operating system vulnerabilities
4. Update Anti-virus program's virus database and then use the program to check for viruses on the system again

Computer virus protection

You should follow the following recommendations to prevent your system from being attacked by computer viruses. (The first 2 things to do are the most necessary.)

1. Install the Anti-virus program on your system and
   • Always update the program's virus database (choose to use the program's automatic database update feature over the network). If any)
   • Run the program to check for viruses. Every time before opening a file from a disc or various storage media
   • Run the program to thoroughly check for viruses on your computer. regularly, such as 1 time per week
     Note: If you do not want to lose money to buy anti-virus software, at least you should procure the Anti-Virus software to install and use. Examples of the free software include Avast Anti-Virus Free Home-EDITITION (& LT; a HREF = & quot; http: //www.avast.com/" & gt; http: //www.avast.com/ & lt;/li & gt; & LT; Li & GT; Check and fill the loophole regularly. You can do it by browse to & lt; a href = & quot; http: //windowsupdate.microsoft.com/" & gt; http: //windowsupdate.microsoft.com/ & LT; Li & GT; Customize the program that is not to be read by the e-mail, such as Microsoft Outlook, automatically opened the attached file to the Attachment (Attachment) & lt;/li & gt; & LT; Li & GT; Microsoft Internet Explorer's Security Zone to be a high security by customizes the Internet Option of the Internet Explorer & LT;/Li & GT; & lt; li & gt; should not allow Microsoft Office to run Macro & LT;/Li & GT; & lt; li & gt; Enable the Firewall system at Built-in on the MS Windows XP & LT;/Li & GT; & lt; li & gt; Refrain from using features to share files via the network If there is no need & lt;/li & gt;
   & lt;/li & gt; & lt; li & gt; Be careful when reading E-mail And opening files from various data recording media
   & lt; li & gt; Avoid reading the E-mail and the file attached to E-mail. Until knowing the source & lt;/li & gt; & lt; li & gt; Avoid reading the e-mail that has an incentive message, such as a good password. & lt; li & gt; Check for viruses on the data recording media Every time before calling the file on that media. & LT;/Li & GT; & lt; li & gt; should not open a file with strange surnames such as .pif, including files with stacked extensions such as .jpg.exe, .gif.scr, .txt.exe etc. & lt;/li & gt; & lt; li & gt; Do not use the media to record data That does not know the source And avoiding the media recording with other people and other systems. & LT;/Li & GT; & lt; li & gt; Hold the motto that & amp; quot; Do not use a random sheet Not sure. Don't open. & Amp; quot; & lt;/li & gt;
   & lt;/li & gt; & lt; li & gt; Always be important in the system This is not a prevention of computer viruses, but it is a practice that you should do. Because there is no system that is 100 % safe. One good day. Your computer system may cause crash and cannot be recovered. Which may have a variety of reasons such as equipment or media recording damage Or the system may be virus that no one knows before, threatening serious Etc. & LT;/Li & GT; & lt;/ol & gt;