Recently, I tried to help someone who had some serious computer problems with his daughter’s computer. The computer would not boot into Windows no matter what we did, and booting from a floppy indicated that some critical system files were missing. Attempts to manually replace the necessary files were futile, as the computer still would not boot. The hard drive appeared to be physically sound, and there were no other apparent hardware deficiencies. The owner of the computer had all proper security measures in place, including one of the top-rated antivirus utilities which performed periodic updates, a reputable firewall, and anti-spyware software.
As I studied his predicament, it appeared more likely that the culprit was a virus that had somehow infected his computer, and done the damage. After significant work by a computer technician at a local repair shop, the offending virus was finally identified and removed. The virus was so destructive to the files on the hard drive that it was difficult or impossible to recover much of the data from the hard drive, and the technician had no option but to restore the computer to its factory original configuration, necessitating the reinstallation of all of the programs that had been on it, along with the loss of all stored data. Sadly, there were no backups to restore the lost data. If this had been a business computer so infected, under similar circumstances the financial losses may have been catastrophic.
The concern was expressed about how a computer with proper protections in place could become so infected by a virus. The answer is simple, and the solution difficult. Anti-virus software updates, which had been done frequently on this computer, are reactive, in the context that the antivirus software publisher has to discover a virus, analyze it, identify its digital signature, develop a killer or repair utility for it, and then distribute the file to its subscribers. This practice is universal among all antivirus companies, and can take hours or days from the introduction of a new virus until the time that protections are in place. During this time, it is likely that the computer will have little defense against this malware. The lag time between discovery of a new virus and the installation of the update leaves the computer vulnerable to attack. It is not uncommon to have dozens of new viruses, Trojans, worms, variants, and other forms of malware show up daily. Updating antivirus software is like reading the newspaper; this morning’s paper has yesterday’s news, while this morning’s antivirus update is yesterday’s malware. It is quite possible that this virus slipped onto the computer during that period of vulnerability, predicating the damage.
There are tactics that can be easily accomplished which would minimize the chance of such damage. Obviously the simplest approach would be to manually update the antivirus software, and do a full scan of the hard drive. While this is a proper task to accomplish frequently, it is not foolproof, as it is possible that the newly installed update may not include all of the latest virus signatures, and it is also possible that the antivirus publisher has not yet encountered a particular virus, enabling it to develop a defensive strategy for the new viruses. With the speed of the internet, it has been demonstrated on several occasions that a new virus can literally infect millions of computers within minutes of its release, which is sadly far faster than antivirus companies can cope with the onslaught. It should also be noted that many of the newer viruses and Trojans disable the scan engine in antivirus (and firewall) software, rendering them inert, despite the fact that they appear to update and function properly; a computer so infected has no protection, and is totally vulnerable to attack. An online scan detecting such viruses may be an indication that the antivirus software must be reinstalled and updated after disinfection.
While still not perfect, another tactic is to perform one of the several free online antivirus scans available from a variety of sources. These scans do not interfere with the software already installed, and can provide a good check on computer security. Some of the companies also include an integrated anti-spyware scan with their services. Since all of the antivirus companies utilize different databases, it would be a sound practice to do a free online scan from a company other than the brand of antivirus software installed on the computer. As a rule, the online scans utilize the latest signature files available, as they are constantly updated. If these scans refuse to load, and the security settings and browser are compatible with the listed requirements, it may be symptomatic of an infection that is trying to protect itself from removal by blocking the access and function of these online services.
My perennial favorite for an online scan is Trendmicro’s Housecall available at housecall.antivirus.com (may appear as housecall.trendmicro.com). This service, which requires Internet Explorer, was recently updated to include scans for spyware, and other security problems, selectable at the user’s option. To use Housecall, simple connect to the site, and follow the onscreen prompts. Select your host country from the list presented; this is the only personal information collected, and is used to compile Trendmicro’s real-time virus infection map and statistics. Trendmicro will download a small utility to the computer, and allow the user to select the drives to be scanned. Once scanned, any malware identified will be shown, along with the opportunity to remove it. If an item cannot be automatically removed, clicking on the virus name will open a window where manual removal instructions are typically displayed.
Another leading free online scan is Panda’s Active Scan at www.pandasoftware.com/activescan. This scan is comprehensive and reliable, but requires that the user register before use, which will lead to follow-up marketing emails from Panda.
Bitdefender, www.bitdefender.com/scan8/ie.html, is another popular free online scan service that has a loyal following, and is well regarded by many.
One of the most popular European free online scanners is from the renowned security company F-Secure, requires Internet Explorer with ActiveX enabled, and is available at support.f-secure.com/enu/home/ols.shtml.
McAfee, one of the retail market leaders in antivirus and security software, has a free downloadable utility Stinger, which will fit on a floppy, and can be used to scan a computer for the most prevalent viruses. Stinger can be downloaded from vil.nai.com/vil/stinger. Stinger is not a comprehensive online scan using thousands of virus signatures, but a free-standing scanner which will only detect and kill about 50 viruses, worms and their variants, but this group represents most of the common infections. Stinger would be an exceptionally fine choice if none of the online scans are successful, as it can be run from a floppy, rather than online. If necessary, Stinger can be downloaded on one computer, and run on another.
An online scan from a reliable resource is a necessary adjunct to other security measures, and should be performed on all computers periodically.
For more information on the Tulsa Computer Society click here