Protecting your computer from malware

Malware

Viruses and spyware are some examples of malware (malicious software) that can cause a great deal of damage if they invade your computer. the damage is caused both to the owner of the infected computer and other users, so it is very important to protect your computer against malware.

Viruses

Viruses are malware that spread from one computer to the next by attaching to a file. The virus can damage hardware, software or files. Some viruses are merely annoying, but others can cause real damage; they can delete files that are important for the computer to function, for example. You can affect how viruses spread, because viruses do not spread without human assistance. The simplest way to prevent viruses from spreading – and your own computer from being infected – is to always scan any files you receive or send for viruses.

Worms are malware that spread on their own and send perfect copies of themselves over the web. This means that a computer that has been infected with a worm will try to infect other computers on the web, by resending itself every time the computer is turned on. Worms usually spread very rapidly, since they can send themselves to all the addresses in the address book in your e-mail program, for example. Worms can also block the entire web traffic of an organisation as it advances like a chain reaction.

Trojans or Trojan horses are computer programs that are spread along with other programs that seem useful. Users are tempted to open the program containing a Trojan with their own computers so that the feature hidden in the program can infect the computer. When this is done, crackers can find infected computers with their own programs and take over the control of an infected computer with the aid of the Trojan. Then they can, e.g.:

  • copy and destroy files
  • read passwords, e-mail and banking information that has been stored on the computer
  • send junk mail in the name of the victim
  • spy on the user
  • load more Trojans or viruses to the computer

Viruses often spread through e-mail; the virus is activated when you open an attachment (usually by double-clicking on the attachment icon). Some viruses spread through programs that can be downloaded from the Internet or from storage media that have been used in infected computers. Protect your computer with an anti-virus program!

Spyware

The purpose of spyware is to spy on you and what you do. The spyware can observe which files you edit on your computer, for example, or which web pages you visit. The program then sends this information to an address specified in the spyware. The information is then used for marketing or sending junk mail.

It is not always easy to detect spyware on your computer. However, there are some characteristics that indicate the presence of spyware, including:

  • Slowness: the computer, web connection or e.g. browser is much slower than usual.
  • Advertising: various advertisements, pop-up windows, etc start to appear on-screen.

The best way to prevent spyware is to take action. Here are a few important things you can do to prevent spyware from invading your computer:

  1. update your operating system regularly
  2. install a firewall and anti-virus program on your computer
  3. be careful when opening e-mail attachments
  4. do not install illegally copied programs or files on your computer

One day, a platonic friend of Raymond’s, Gunilla Parmesan, told him that every now and then, obscene adverts would appear on her computer screen. When Raymond started to clear up the problem, Gunilla told him she had used a P2P program to cunningly and illegally download the music of the Finnish-Swedish band Pent. It turned out that a spyware application had been downloaded along with the program. It took a long and hard cleaning procedure to rid the computer of the spyware, including removing the P2P program.

The anti-virus programs offered by UH can also identify spyware. However, not all anti-virus programs have this feature. There are programs designed specifically for removing spyware (such as SpyBot), but they cannot replace actual antivirus and firewall programs – or the use of common sense!

Protection against malware

You yourself are the best prevention against spyware, because you are the one who decides what to install on your computer and what you do with it. Common sense is the most important thing, and to be aware of the ways in which malware can access your computer. Follow the directions below to prevent spyware from invading your computer.

  • Beware of program files in your e-mail: whenever you receive an e-mail attachment, make sure that it is not a disguised program file! The message that is sent with malware is often written in a way that is meant to tempt you to open the attachment. Files like this are often named something else than what they actually contain, e.g. a picture for you, a flight ticket or instructions on how to cash a large sum of money, but in reality are something completely different. You can identify malicious program files in Windows by looking at the file extension: dangerous file types include EXE, COM, BAT, CMD, SCR and PIF. The example in the image below contains malware: the attached file has two extensions, and the latter, i.e. the real file extension, is a dangerous SCR.Due to virus risks several mail servers do not let certain dangerous file types through at all. The senders of malware can get around this by packing the files, which also changes their file extensions. The following example shows a picture of a malware disguised as a prize announcement that is spread through e-mail.
  • Disable the use of HTML in your e-mail program: malicious program code can also be written into a normal e-mail message body. In such cases the message is usually sent as HTML. When you open the message or view it in the preview window, the program executes the program code in the message. It is better to use a TXT type preview feature in your e-mail program (read more about this subject).
  • Do not browse suspicious-looking web pages or click on every link or advertisement on a web page: malware can also be hidden on a web page, so that merely visiting the page may bring the malware to your computer. A web page can also contain a link to malware; when you click on the link, a file with the malware is downloaded to your computer. If you wish, you can make the information-security settings for your browser stricter (read more on e.g. the support pages of the Firefox browser).
  • Make sure that the program installation discs and files that you use come from reliable software manufacturers: malware may also come with an install disc for a program. A typical example is an pirate program file containing malware downloaded from a P2P-network. When you open the file, some malware is installed on your program. It can also be hidden in an illegal copy of a film or program brought from abroad; when you insert the disc in your computer, the malware is installed, too. Be careful and buy your programs from reliable sources!
  • Also have your wits about you when using your phone!

It is a good idea to keep file extensions (read more about them) in view always, since malware that is spread through e-mail attachments relies on people not seeing the difference between the real extension and a fake one! Dangerous extensions are usually masked with two different extensions to fool the user into thinking the message is safe. Keeping the file extensions  in view and keeping an eye on them will diminish the risk of opening an attachment containing malware.

Using anti-virus software

Anti-virus software will protect your computer against viruses, worms, Trojans and many other kinds of malware that can be transmitted by diskettes, CDs, DVDs, USB sticks, and your Internet connection. Most anti-virus software work according to the same principle; whenever you connect to the Internet, the program will update its virus list.

Virus lists are maintained by the manufacturers of the software, listing known viruses and malware. As long as the virus list of your anti-virus program is up to date, your computer is fairly well protected against threats. However, since new viruses are created all the time, even the best anti-virus programs may not find the latest ones. Having an anti-virus program and updating its virus list are only a couple of measures with which you can improve your safety – they do not diminish your need to be careful.

Anti-virus programs have so-called run-time virus control checking your computer’s file system actively all the time. When it finds a virus, the program will warn you with a pop-up window, where you can select to remove the virus from the file – or even to delete the whole file. Be careful when you respond to the anti-virus program.

Scanning files for viruses

It is best to save files that you get through e-mail or download from the web onto the hard drive before opening them, so that you can let your anti-virus program scan them for threats. With most programs, you can start a virus scan by clicking on the file with the secondary mouse button and selecting the command Scan for viruses or similar – depending on which program you are using – in the menu that opens on-screen. Some anti-virus programs scan attachments automatically when you open it from the e-mail program, but if you are not sure about how your anti-virus program works, do not risk it, but always scan attachments etc as described above.

What to do when infected with a virus

If a file has been infected, the anti-virus program will usually inform you and tell whether it has been able to erase the virus automatically. However, sometimes the anti-virus program leaves it up to you to decide what to do about the infected file. If the file is not important, simply delete the whole file. If it is an important file, try to disinfect it. The disinfection does not always work, or the file may be damaged in the process, so keep in mind the importance of back up copies! The image below shows a warning from an anti-virus program; the program has discovered and deleted a test virus called EICAR.

There are two anti-virus servers at the University of Helsinki. Their purpose is to scan all incoming mail for viruses before sending it on to your mail inbox. In addition, the workstations are individually protected by anti-virus programs.

Updating the virus list

Most anti-virus programs update their virus lists automatically. However, you may sometimes need to update it manually, e.g. if you want to make sure that you have the latest version of the virus list. Most anti-virus programs have a feature called something like Update now for updating the virus list.

Scanning your whole file system for viruses

Earlier, we described the run-time virus scan that will protect your computer from viruses. In some situations, you may want to run a complete virus scan of the storage units on your computer (such as the hard drives and USB memory sticks). Some examples of such situations:

  • Scanning the computer after installing a new anti-virus program: upload the newest virus list directly after installing the program and scan all hard drives and other storage media connected to your computer.
  • Discovering a virus: after removing a virus that was discovered during run time, it is best to make sure that all copies of the virus have been removed from the file system.
  • Suspicion of a virus: if you suspect that there is a virus in your computer, download the latest virus list and scan your whole computer for viruses. If necessary, check the web site of the manufacturer of your anti-virus program whether a new virus has been discovered that has not yet been added to the virus list.

With the program F-Secure Anti-Virus Client Security, you can run a complete scan in the following way:

  1. Click on the hard drive or directory you want to scan with the secondary mouse button.
  2. Select Scan folders for viruses in the pop-up menu that appears on-screen.
  3. After giving the command above, the scan will start. If the computer is slow or contains a large number of files, the scan may take a long time – up to several hours. When the scan is complete you will usually receive a message about its result.

Where do I get an anti-virus program?

You can buy an anti-virus program from software stores or e.g. through your Internet service provider (ISP). Free programs can also be found on the Internet. Good free programs include e.g. AVG and Avast!.

F-Secure offers students at the University of Helsinki the SAFE software at a student-friendly price.Instructions for purchase and installation can be found at the Helpdesk info site.