Advertisment

Prevent a Virus from Attacking

author-image
PCQ Bureau
New Update

Despite anti-virus software being widely used, viruses do creep in and cause havoc. The reason behind this is simple–viruses are born first, vaccines for them are created later. So once someone creates a virus that starts spreading, anti-virus companies get hold of its code and quickly try to come out with a vaccine for it. Unfortunately there’s no way to reverse this process, which makes it difficult to keep your PC safe from being infected. This, however, doesn’t mean that having anti-virus software installed is useless; it does keep your machine safe from existing viruses, provided you update it regularly. But, to be safer, you need to take some more preventive measures, and be more sensitive towards virus activities. Here, we’ll look at some of those measures.

Advertisment

The first thing to understand is what a virus really is and how it spreads. A computer virus is like any piece of code, which when executed, carries out a particular task. However, the code here is created with malicious intent. So, being an application program, a virus will command system resources and program associations, will have a file structure and extension, etc.

Sometimes it may be embedded in seemingly harmless code and execute upon the execution of the ‘host’ or ‘carrier’ application. Then there are the Trojans, which are programs that pretend to do one thing, while they’re actually doing something else (usually malicious) without the user’s knowledge. Both viruses and Trojans need a carrier to act. On the other hand, another type of program, called worms, is independent of a host application. It replicates itself and uses existing communication channels between computers to spread itself. The most common communication is e-mail.

Now that we’ve understood what a virus, Trojan, and worm are, let’s look at the steps you can take to guard your PCs against them.

Advertisment

Block scripts



Malicious worms rely on scripts for their execution. Scripts are used to execute background tasks. Hence, if scripts are disabled from running on their own, the worms will not propagate. This is easily achieved by removing the Scripting host in MS Windows. To remove it, go to Control Panel > Add/Remove Programs > Windows Setup. Uncheck the ‘Windows Scripting Host’ box and click ‘Ok’. This, however, may also affect some of your other regular programs that may need scripts for execution. So a better method is to use software, which block scripts, or prompts the user if a script tries to run. Script Defender from AnalogX is one such software. It intercepts any request to execute the common scripting types like VBS JS and can even be configured to intercept new script extensions if required. It will hence prevent any e-mail attachments with a script from running.

Use browser-based applications and controls



Using Web-programming elements, it is possible to make standalone applications, which are as powerful as standard applications on a PC. This is the concept of HTA (HTML Application), which will have an HTML interface and run in a browser. These applications can even read from and write data on the hard disk. Internet Explorer security settings can be tweaked to prevent such applications from running. You can disable active scripting and ActiveX controls from downloading and executing. It is good practice to set all unsigned ActiveX controls to ‘Prompt’ mode whereby the user is prompted if such an ActiveX control tries

to run.

Open suspicious attachments in Notepad



Many worms come with a double extension such as .doc.vbs, but the attachment may only show one. So here is what you should do with e-mail attachments that seem suspicious. Never click on them. Instead do a right-click and save to disk. Now right click the attachment again, and select properties. This will tell you the file type. Open your Web browser, go to a search engine like Google, and type in the full name of the attachment, including the extension. If it’s a known virus, which your anti-virus software has not been able to catch, your search results will give you plenty of links on it. You can then read about it, and also find a way to get rid of it. For more adventurous users, or those interested in knowing more about virus codes, hold down the ‘Shift’ key and right-click on the file. Select ‘Open with’ and in the dialogue box, select Notepad. The attachment will open in a notepad and you’ll see a lot of gibberish, with some text that might make sense. Understanding this will take a bit of practice for a novice. But beware! Never double-click the suspected

application.

Advertisment

Use personal firewalls



Firewalls are a great way of restricting access to your system. These are software applications that monitor the network/Internet activity. They can act in two ways: preventive and post infection. Good firewall software like Zone Alarm comes with its own e-mail quarantine. Apart from some regular suspected file extensions, a user can configure more extensions to be automatically stripped from e-mail and put into quarantine. Look for these settings in your firewall.



Firewalls also do indirect post-infection monitoring in case a malicious BackDoor Trojans is sitting on your hard disk. These Trojans try to use your Internet connection to connect to their server under the control of its ‘master’. Personal firewalls would prompt you of such connection attempts. This is possible because the software monitors all the ports on your PC.

Use file extension-based filters



As the name suggests, you can allow or disallow applications from executing by blocking specific file extensions or by changing file associations. This method depends on your awareness of possible viruses.

Subscribe to an anti-virus newsletter



Accepted that we are already bombarded with newsletters and promotionals everyday. But a good and reliable anti-virus newsletter goes a long way in keeping you informed about the latest viruses. If nothing else, it will remind you to update those virus definitions!

Ashish Sharma

Advertisment