Eskimo North


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows Viruses




     Our servers are really being hammered hard by Windows systems infected
with viruses.

     Please, if you have a Windows machine, make sure that your machine is up
to date with any Microsoft updates, that you have a anti-virus and anti-spyware
program, and that you keep those programs databases up to date and run them
frequently, preferably daily, at least weekly.

     Make sure that applications you use are up to date, especially those that
extend web functionality such as Quicktime, Flash, Shockwave, Adobe's PDF
viewer (by whatever name it exists on your system), and Java.

     In the case of Java there is a bit of a Gotcha.  When Sun kicks out new
versions and your machine installs them, it doesn't automatically remove the
old versions and the vulnerabilities that may be present, and worms and viruses
know how to abuse this and invoke them even though newer versions may exist.

     Thus when a Java upgrade becomes available, the best way to update is to
go into the control panel, use the add/remove software to remove all versions
of Java that presently exist on your machine, then go to java.sun.com and
download and install the most recent version.

     For anti-spyware and anti-viral programs, I use Super Anti-Spyware to look
for Spyware though it's not so much that I care about being tracked as it is
about code running on my machine that I don't want there; so I usually set this
to ignore tracking cookies, but if you're more concerned about privacy then you
may not want to.  It does speed up the scan and improve the signal to noise
ratio if you ignore them.

     I use both AVS and Avast for anti-virus.  Everyone tells you not to run
more than one but I've yet to find an anti-viral that catches them all and I've
found these two can be made to play nice if you tell them to ignore each other.
Many anti-viral programs will tend to see another anti-viral as a virus because
in order to detect a virus, anti-virals have certain signatures they use to
recognize a virus.  Another anti-viral program that uses the same viral
signature will see the signature database as a virus.  If you tell Avast to
ignore AVS and AVS to ignore Avast then they get along.

     I've had bad experiences with some of the big-name more mainstream
anti-viral programs removing parts of my Windows installation leaving my system
unbootable so I avoid them but your milage may vary.

     If you are running Windows XP, Microsoft just released about half a dozen
security updates.  Please be sure to install all security updates and some,
like the most recent, will require a reboot afterwards.

     Clues that your machine may be infected with a virus include things like
bounced e-mail that you didn't send, hard drive lights flashing when you aren't
doing anything, slow, sluggish, or erratic operation under normal
circumstances.

     If you are technically proficient, I suggest bringing up the task manager
and looking for unfamiliar processes.  Google search anything you don't
recognize, most viruses will attempt to disguise themselves as legitimate
programs but things like the existance of more than one copy of something there
should only be one of, or the wrong extension or directory can reveal their
sinsister nature.

     Also take a look at the performance monitor within the tax manager, is
something actively eating a lot of CPU when you aren't?  If so what?

     There are programs that you can get that audit your registery and find
problems with it and these often will reveal the presence of malware as well.

     The load from viruses trying to mail copies of themselves to other victims
is reaching a point where it's negatively impacting response, so you're help in
reducing this problem by making sure your machines are clean is much
appreciated.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.