Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Featured

Effective Virus Protection

Submitted by on May 28, 2008 – 5:13 pm 3 Comments

The Big Three

How do you protect your computer from viruses? Most computer users just buy antivirus software or some alternative to PCloud cloud storage, install it, and reboot their PC – done. If only it was that easy. Over the past several years percentage of home and business computers infected with viruses has been steadily growing. Most PCs are sold these days with preinstalled antivirus software. And yet, the number of infected computers keeps on growing. There are several explanations for this phenomenon.

First and foremost, modern antivirus applications fell far behind the viruses they are supposed to fight. Today’s AV scanners are primitive, slow and bloated. They sap the life out of your PC but catch less than half of existing viruses. Antivirus technology has not seen any significant improvements in many years.

Viruses are being written by some of the brightest and well-compensated programmers. Antivirus applications are being developed mostly by recent college grads with little real-life experience working for peanuts. Much of this development work is performed by programmers with questionable academic credentials from the developing nations.

Antivirus makers offer their customers the same old functionality they’ve been peddling in the nineties. The more advanced features are too complicated for the home users to implement. Such extended functionality is being reserved for corporate clients, who have their own IT departments, and little effort goes into making these features available to the average Joe.

Second, because antivirus applications are so slow and resource-hungry, most computer users get fed up and turn them off. Obviously, if you disabled it, even the best virus scanner cannot protect your PC. An antivirus application is, for the most part, a large database of virus definitions and “fingerprints”. This is how a virus scanner can identify a particular piece of code as a virus. In order to be able to quickly scan files, the AV application needs to put as much of this database in memory as possible.

Hundreds and even thousands of new viruses are being created every week. These may be completely new viruses or just slightly modified old-time favorites, the bottom line is: their new “fingerprint” needs to be added to AV scanner’s database. The “fingerprint” is a piece of code that uniquely identifies a particular virus and its version. This “fingerprint” needs to be bigger in size to enable the AV scanner to differentiate among multiple small variations of the same virus.

Third, many users know too little about computer viruses to use AV software effectively. Many users don’t renew the subscription for the AV scanners that came preinstalled on their new PCs. Others selectively disable important features of their antivirus software to speed up the system. And, finally, most users assume their computer is fully protected just because they have antivirus installed. These users tend to do silly things, like opening email attachments from unfamiliar senders, because they think their antivirus will catch any problem.

Viruses that Behave

In addition to using huge databases of virus definition, most modern antivirus applications employ heuristic algorithms to try to guess whether a particular piece of code on your PC may be a virus. Many viruses exhibit certain common traits – such as, for example, their ability to self-replicate – that can be used to identify them without having an exact “fingerprint”. The problem is that very often it is impossible to tell apart a virus and a legitimate application.

Viruses can be divided into two functional groups: those meant to be annoying and those meant to make their creators money. The annoying variety can be dangerous. These viruses can delete files and really mess up your computer. But these viruses are not used to target you specifically. Nobody (except for the antivirus industry) really benefits from all the chaos created by such viruses. Most of these viruses were written by kids or disgruntled second-rate programmers and, therefore, usually can be easily defeated by antivirus software.

Many of the viruses designed for profit are far more sophisticated. These viruses are usually non-destructive and operate in very subtle ways, trying to stay undetected as much as possible. They will not go on a wild rampage through your hard drive, deleting random files. Instead, when your computer is not in use, they will quietly scan your disks, looking for specific types of files that may contain sensitive personal and financial information. And then they will compress, encrypt and transmit this information to some inconspicuous location.

An advanced virus like this will not do anything to attract attention. It will run hidden, with low CPU priority and a very small memory footprint. It may have the ability to distribute itself via email or to provide remote access to your computer, but these features will be used in moderation. If your antivirus can’t tell a virus from a legitimate application, then it can’t remove it. To add to the problem, many viruses can disable and even uninstall your antivirus application.

Scan Station

One of the difficulties with scanning for viruses is that, if a virus is already installed and running on your system, it can interfere with your AV scanner and render it ineffective. Once your AV scanner is disabled, the virus will connect to the Internet and download even more viruses. There are so-called virus loaders – viruses whose only job is to deal with your antivirus application and to download more viruses.

As you can see, the only way to effectively scan an infected system is to make sure that the virus is not running. In many cases this is virtually impossible. The solution is to turn off your PC, remove the hard drive, put it into an external USB enclosure, and to connect it to another computer. Then you can use the AV scanner on that computer to scan your hard drive. Such systems are known as scan stations. These are usually Linux-based machines running antivirus software. The inconvenience of having to swap out your hard drive to get it scanned can be easily solved by using removable disk enclosures.

Learning to Live with Viruses

In real life there are viruses all around you. You just learned to wash your hands and not to eat off the floor. You have to understand that no antivirus application will ever be able to protect your computer from all viruses. If there is a virus on your computer that steals your personal information, but your AV scanner is unable to disarm it, the next step is to prevent the virus from sending whatever private data it gathered to its creator. This can be easily done with a firewall.

Windows comes with a built-in firewall that is enabled by default. The problems is that, if a virus can infect Windows and if it can disable your antivirus scanner, then it just as easily can render your firewall useless. The answer is a hardware firewall: a separate computer – usually running Linux – that acts as a gateway between your PC and the Internet. Even if you have a virus on your PC, the firewall will prevent this virus from communicating with the outside world. The firewall itself is located outside of the virus’s reach and so it can do nothing to compromise it. Moreover, an external firewall can scan all network traffic and it can catch viruses before they ever get a chance to infect your PC. You can read more about hardware firewalls here.

Psychologically it is hard to use a computer if you know it’s infected by a virus. But, chances are, your computer is already infected and has been infected for some time now – you just don’t know about it. Look at viruses as inevitability and, instead of trying to fight them, concentrate on disrupting their ability to communicate on the Internet. A hardware firewall is the best solution to the virus problem.

Print Friendly, PDF & Email

3 Comments »

  • mal_functiongeo says:

    I just got a notice from my virus protection thing and it said I had a bloodhound virus. It quaranteened but I can’t destroy it. My computer is still having problems, but it won’t let me fix it. What do I do to stop this virus? Any computer wizzes have any other info about it?

  • Keaton says:

    I have AVG virus protection and all it is doing is giving me a bunch of pop-ups telling me the virus is there. I have also noticed a antiviruspro2008 program that is on my desktop that I have not put there, it also is popping up junk too, keeps asking me to upgrade for 34.95, I’m no moron I am not gonna give them any info. So whats the best way to wipe it off?

  • Gage says:

    I have Norton Anti-virus and I update it regularly. However whenever I perform a full system scan, it never finds anything other than a cookie or two, so I don’t see the point. I regularly delete all my browsers’ caches, files, cookies, etc, so I don’t see the need for the virus protection other than needing something to automatically start and slow my computer down when I don’t want it to.

    Question I guess is, do I actually need the virus protection?

Leave a Reply to Gage Cancel reply

%d bloggers like this: