Virus FAQs
Q. What is the difference between a worm and a virus?Q. What is a Trojan?
Q. What is malware?
Q. What are virus definitions?
Q. What is a backdoor?
Q. What is a payload?
Q. What is a script?
Q. What is real-time virus protection?
Q. Can scripts infect my system with a virus, worm, or other undesirable software?
Q. How do worms and viruses get into my machine?
Q. Are there any activities that are more likely to result in my becoming infected than others?
Q. Can my machine become infected if it's turned off?
Q. If I become infected how do I remove the infection?
Q. What kind of anti-virus software should I buy?
Q. How do I get rid of a worm or virus?
Q. How hard is it to install anti-virus software?
Q. Why do machines become infected even if they're running Anti-virus software with current definitions?
Q. How can a virus or worm damage my machine?
Q. Do I need additional or different software to protect myself?
Q. Are there certain times that are more prone to attack than other times?
Q. Can I be notified before an attack?
Q. Can I immunize my system against attacks?
Q. If I have multiple machines do I need to buy software separately for each machine?
Q. I have a special situation that prevents me from patching or running anti-virus on my systems. Are there other alternatives that will protect my systems from viruses and worms?
Q. Do I really need anti-virus software?
Q. I have a small to medium size business. If big businesses can't keep out viruses and worms how can I?
Q. I'm responsible for a large business and can't keep up with the infections in our network. How do I control a virus or worm outbreak within a large network?
Q. I have a file server (a computer setup to allow other systems to share the files on its disks) or a workstation that acts as a file server. If one machine has a virus or worm on it will it pass the infection on to other systems?
Q. What is spyware and how does it affect me?
Q. When should I call someone to help?
Q. What are the most current virus threats?
Q. What is the difference between a worm and a virus?
A. A virus attaches itself to other programs infecting progressively more and more programs. A worm copies itself from place to place but doesn't generally attach itself to other programs although it's name and location may allow it to "blend in" with other programs in such a way that it appears to be legitimate.
Q. What is a Trojan?
A. A Trojan is software that allows someone to control your system from a remote location without your consent or knowledge and generally allows them to watch what you do on your system. It takes its name from the Trojan horse in Greek Mythology, and like the Trojan horse, it often comes into your computer as part of something else. The carrier for a Trojan could be a worm, it could come into your system as part of another software package you download, or it could be installed by someone taking advantage of another Trojan dropped on your system to ensure they retain access even after the original Trojan has been found and removed. Trojans often allow others to see what you enter when you visit a web site or use other software on your system. The person using the Trojan will frequently be able to obtain passwords and personal information, even if you elect not to store this information anywhere on your system.
Q. What is malware?
A. Malware is a generic term that is used to refer to any malicious software such as a virus, worm, or Trojan.
Q. What are virus definitions?
A. Virus definitions tell your anti-virus program how to recognize and remove viruses and worms. It's important to keep these up to date as your anti-virus program cannot recognize viruses, worms, or Trojans that have not been described to it in your virus definition file.
Q. What is a backdoor?
A. A backdoor grants access to your machine by another person without any restrictions on that access. You may or may not notice that your machine has been compromised. A backdoor may take the form of any number of programs that provide access to your machine, or it may be created by reducing or eliminating access controls that would otherwise prevent someone from getting into your machine.
Q. What is a payload?
A. A payload is the action that a worm or virus will take at some point in time once it's been placed on a machine.
Q. What is a script?
A. A script is a small program downloaded to your system as part of a web page. These scripts generally perform simple tasks to make the web page easier to use and more effective.
Q. What is real-time virus protection?
A. Real time virus protection is an option in most anti-virus software that checks all files for viruses as they are written to the system rather than depending on a scan of your computer to catch these worms and viruses whenever a virus scan is run or an infected program is executed.
Q. Can scripts infect my system with a virus, worm, or other undesirable software?
A. This can happen, however, your browser can be setup to contain otherwise harmful code, and your anti-virus software can often be set to block these scripts as well.
Q. How do worms and viruses get into my machine?
A. Viruses and worms can infect your machine in a number of different ways. Some of the more common ways that viruses and worms can spread are as follows:
- Sharing infected files - In this instance an infected file is passed from one machine to another in some fashion, and the recipient opens the file. Once opened, the infected file infects other files on the new machine. These files in turn may be passed to other machines infecting them as well.
- Open file sharing - Here files are shared in a common location that is accessible by anyone. A worm looks through the network for files or a directory shared in this way and infects files that it finds there. When another machine accesses the infected files, it becomes infected as well.
- By opening an infected e-mail - Some viruses or worms arrive in the form of an infected e-mail. Their methods for doing this and getting you to open their attachments or them vary. Because of this, if you get an e-mail from someone you don't know, it's generally a good idea not to open it. Even if you do know the person, it's a good idea to verify that any attachments that were included were sent are legitimate.
Q. Are there any activities that are more likely to result in my becoming infected than others?
A. Infections can come from anywhere, but generally speaking, file sharing without anti-virus protection, visiting sites pointed to in questionable e-mails, installing software from web sites that request you to download software that you're not familiar with, or visiting websites that generate a large number of pop-up's that you can't seem to control carry a higher risk of infection.
Q. Can my machine become infected if it's turned off?
A. If your machine hasn't already been infected it can't become infected while it's turned off. If your system is already infected however, turning your machine off and then back on again may activate a worm or virus depending on how the infecting agent operates.
Q. If I become infected how do I remove the infection?
A. In many cases your anti-virus software will be able to handle most of this for you and no further action will be required. There are some things that your anti-virus software cannot handle, however. If your virus definitions are out of date your anti-virus software cannot protect you from viruses that were discovered after the date that your virus definitions were released. Some viruses and worms attempt, and in some cases succeed, in disabling your anti-virus software. If an attacker takes advantage of a Trojan dropped on your machine before your anti-virus software is able to remove it, they may be able to install a backdoor on your system that your anti-virus software cannot detect. Anti-virus software may also remove a virus or worm, but if your systems are not patched, they may become re-infected. If you have several systems they may infect each other making it difficult to control the spread of the attacking worm or virus. In this instance, it is generally advisable to engage someone like System Sweep that has the experience necessary to control an outbreak in your network and who can advise you of your options for removing the problem and preventing it from coming back.
Q. What kind of anti-virus software should I buy?
A. It depends on the level of protection that you need and want. For anti-virus protection alone, most vendors will be able to provide adequate protection. Viruses and worms aren't the only problems that you can experience on the internet, though, and several of the anti-virus vendors now provide considerably more than just anti-virus software. They can provide software that can reduce your risk by
- Monitoring, blocking, and reporting attempts to attack or access your system
- Restricting the ability of any program to send personal information
- Controlling the websites that can be visited based on the age of the person using the computer or other factors
- Limiting which machines are able to access your system to those you grant access to
- Controlling scripts that run on your system
Many of these features have defaults that work for many situations. Careful consideration should be given to the features you need before making a choice. If desired, System Sweep can help with your decision by helping you determine your risks, advising you of your options, and assisting with the installation and configuration of any software you may select.
Q. How do I get rid of a worm or virus?
A. If you're not familiar with how a particular worm or virus operates, you'll generally have to wait for your anti-virus vendor to update their virus definitions before you'll be able to remove the problem. Often, it's possible to prevent your machine from becoming infected just by keeping the patches on your machine up to date and/or using a properly configured firewall or router.
Q. How hard is it to install anti-virus software?
A. Most vendors use a very user friendly installation process that provides default configurations appropriate to most systems and situations. They also allow more experienced customers to configure their own software, customizing it for their needs.
If you have more than 3 or 4 systems to protect, you may want to consider other options that are available that allow you to download your definitions from the vendor to a single machine and distribute those definitions from that machine to others in your network. These options also allow you to monitor the machines on your network to determine which machines have current definitions, which do not, and allow you to manage your anti-virus efforts from a single system or location. These capabilities can be invaluable when fighting an infection that's inside your network. Unless you have experience setting up and using these additional tools, it's best to contact someone such as System Sweep to make this installation for you and show you how to use it.
Q. Why do machines become infected even if they're running Anti-virus software with current definitions?
A. Anti-Virus software cannot protect you from a virus or worm until definitions have been created for it. Between the time a virus or worm is discovered and the time your anti-virus vendor can produce the required definition and you download those definitions to your system, your Anti-virus software may not be able to recognize the problem. The time to produce definitions is generally very short, usually within 24 hours of the time a new virus or worm is discovered, but that's plenty of time for a virus or worm to spread. Your anti-virus software also cannot protect drives it's been configured to ignore, or if it has been disabled for any reason.
Q. How can a virus or worm damage my machine?
A. Viruses and worms carry a variety of payloads. Some viruses and worms carry no real payload and do no serious damage other than replicating themselves. Others may damage your machine by deleting files, removing or altering data from files, encrypting your data to prevent you from accessing it, installing a Trojan on your system, cause undesirable e-mail to be sent from your system to persons in your address book, or damage your system in such a way as to prevent it from booting.
Q. Do I need additional or different software to protect myself?
A. If your anti-virus software hasn't been updated in the last year or two, you should probably consider updating it. If your anti-virus software is old enough that you can no longer get new definitions for it, you should replace it as soon as possible. There are also situations related to privacy and unauthorized access to your system that anti-virus software cannot handle. Several of the anti-virus vendors now provide considerably more than just anti-virus software to address these situations. They can provide software that can reduce your risk by
- Monitoring, blocking, and reporting attempts to attack or access your system
- Restricting the ability of any program to send personal information
- Controlling the websites that can be visited based on the age of the person using the computer or other factors
- Limiting which machines are able to access your system to those you grant access to
- Controlling scripts that run on your system
These features have default settings that work for many situations; however, these settings may not always fit your specific needs. Careful consideration should be given to the features you need before making a choice. If desired, System Sweep can facilitate your decision by helping you determine your risks, advising you of your options, and assisting with the installation and configuration of any software you may select.
Q. Are there certain times that are more prone to attack than other times?
A. It depends on the way that your company operates. Attacks can and do take place at any time; however, there are some factors that can influence when an attack affects you. The primary factor has to do with your shift schedule. Companies that run 24 x 7 can be attacked at any time but also have the potential to react more quickly to an attack because their systems are also available to be patched and have their virus definitions updated remotely. Companies that shutdown for weekends, holidays, or at night will experience more infections when employees begin to arrive for work and turn on their machines because machines that have not been patched or have not had their virus definitions updated are all exposed to attack and infection at roughly the same time.
Q. Can I be notified before an attack?
A. Yes, but only within limits. There are generally indicators that are present well before an attack occurs. These indicators are monitored by System Sweep and while we cannot predict exactly what form the attack will take, we can generally determine what vulnerabilities will be used, whether or not a patch is available that will enable you to avoid the risk, and when the level of risk becomes high enough that an attack appears to be likely. We can also determine likely methods of attack. If this is a service that you desire please contact System Sweep at 972-429-1869, and we'll be happy to discuss the benefits and limitations of this service.
Q. Can I immunize my system against attacks?
A. Although there is no such thing as complete immunity from all possible threats, there is a lot that can be done to protect your system against attacks. The biggest thing that can be done is to keep the patches for your particular system up to date. Your risk can be further reduced by blocking unneeded network traffic from entering or leaving your local network. Both routers and firewalls provide this capability. Routers are often the least expensive and least complex of these two solutions, but don't provide all the protection that a firewall provides. Firewalls provide greater protection and more flexibility but generally at a higher cost. Personal firewalls that install on each individual PC can also be a good option, but generally need to be configured so that machines on your network can communicate with each other while blocking communication from outside sources.
The network traffic that you need to allow on your network and the level of protection that best fits your needs may vary from company to company. If you are uncertain how to determine what types of traffic to permit on your network, or you need help to decide what devices or software you need to protect your networks, System Sweep can evaluate your systems and network and assist in selection and installation of software and hardware to meet your particular needs.
Q. If I have multiple machines, do I need to buy software separately for each machine?
A. It depends on your license agreements. Generally speaking most security software packages that must be run on individual systems require a license for each system. There are generally options available from each vendor that allow licenses to be purchased in blocks at a lower rate than is available by purchasing licenses individually. Other options may also be available from your software vendor.
Q. I have a special situation that prevents me from patching or running anti-virus on my systems. Are there other alternatives that will protect my systems from viruses and worms?
A. Yes. Quite often lab or development environments need this type of solution as they need to match their environment to their customers. There are devices that sit on your network between your systems and the rest of the network. While these devices do not provide the same protection that other solutions provide, they do prevent most known viruses from passing through a network to your machine. If you would like assistance in designing, evaluating, and selecting this type of solution for your environment, contact us at 972-429-1869.
Q. Do I really need anti-virus software?
A. In a word, yes. While anti-virus software does not address many issues, it remains one of the most important elements in an overall solution to protect yourself against worms and viruses.
Q. I have a small to medium size business. If big businesses can't keep out viruses and worms how can I?
A. Actually the size of a large businesses works against it when fighting a virus or worm outbreak. It's always easier to control an outbreak when there are only a few machines to protect than it is to track and clean up thousands of systems. With proper planning and practices you'll be able to avoid most infections altogether. If you need assistance in preparing and implementing such a plan, System Sweep can help you identify your risks, create a plan to address those risks, and implement that plan once it meets your approval.
Q. I'm responsible for a large business and can't keep up with the infections in our network. How do I control a virus or worm outbreak within a large network?
A. Different techniques are required to assemble and manage a team to control a virus or worm outbreak in a large environment. To make that team effective considerable prior planning is required to ensure each member of the team knows what to expect, who to report to, and where they can get information for unusual situations. The plan needs to include provisions for coordinating activities between groups, prioritizing activities, and gathering and reporting progress information (metrics) to various levels of management until the outbreak has been contained. Should you need additional expertise in creating and implementing your plan, System Sweep can provide consulting services to help develop that plan and build your team. We will also stay with your team throughout the course of an incident to provide additional support and conduct a post mortem after the incident to determine where changes and fine tuning to the plan are necessary.
Q. I have a file server (a computer setup to allow other systems to share the files on its disks) or a workstation that acts as a file server. If one machine has a virus or worm on it will it pass the infection on to other systems?
A. Yes. If the server or workstation isn't protected properly, one system using the server can infect other machines by placing infected files on the server that are later picked up by other machines. Fortunately, this situation is easy to address in most instances by ensuring anti-virus software designed for servers is present on the system, the systems virus definitions are up to date, and real time protection is enabled.
Q. What is spyware and how does it affect me?
A. Spyware generally falls into one of two groups. Marketing Spyware tracks your internet activity, sending the information to market research firms, and may cause promotional popups to appear on your systems at unexpected times. This spyware is often installed without you realizing it when you download software or visit some websites. This spyware can accumulate on your computer without your knowledge causing it to start and run more and more slowly. Malicious spyware focuses on collecting passwords and other private information. In some cases it can act like a Trojan, performing many if not all the functions a Trojan performs. Most recently spyware has been linked to identity theft. A major spyware company has recently been caught gathering identity related information and forwarding it to an open web server. Spyware should be treated just as seriously as viruses.
Both commercial and free products are available that can help you control or eliminate spyware. Spyware removal can speed up your computer and protect your privacy, but care must be taken in using spyware removal tools as some software may stop functioning if the spyware is removed. In cases where you need additional assistance or feel uncomfortable in determining if spyware removal will affect your system adversely, System Sweep can help determine where you're at risk allowing you to retain needed low risk items while eliminating the high risk ones.
Q. When should I call someone to help?
A. Whenever you don't feel comfortable dealing with a problem, or you're not sure how to deal with a problem, you should seek expert assistance. System Sweep can help with almost any issue over the phone or through a personal visit to your business or home.
Q. What are the most current virus threats?
A.
Top Viruses
Virus Advisories
Disclaimer: The contents of this document are intended to be used for informational purposes only. While System Sweep Inc. attempts to provide current and correct information, we cannot guarantee that any information contained herein is appropriate for or can be applied to you or your situation.
