|
Computer Virus, Spyware, and
Annoyances FAQ
This set of frequently asked
questions (FAQ) answers questions about computer viruses, spyware, adware, and other dangerous and annoying characteristics
of modern computing. These answers are predominately aimed
at home and small business users with single computers or a small
to medium sized network.
Please note that this is a
rapidly changing field and there are sometimes no definitive definitions
and answers for some of the questions asked. This FAQ is
our best attempt to provide an overview of the subject, but it
is not a substitute for asking an expert.
1. What is a computer
virus?
2. What are the
types of viruses?
3.
What is a Trojan Horse?
4. What is a worm?
5.
What is spyware?
6. What is adware?
7.
Are the "pop-up" ads I get when I visit web sites the result of
an adware application running on my machine?
8.
How are viruses. worms, etc. spread?
9.
What can I do to protect my computer from all of this?
10.
Where can I get information about a specific virus or hoax?
If you have any other questions, please
contact us.
1. What is a computer
virus?
A computer virus is a program
that infects a computer's disk drive, files, and/or programs.
A virus also replicates itself in order to infect more computers.
Many viruses simply replicate and infect and do not do any damage
to the infecte4d machines. Others can create significant
amounts of damage by changing files, erasing programs (or entire
disks), or by using the infected computer to attack other computers.
(Click
here to return to top of page.)
2. What are the types
of viruses?
Common types of viruses include
the following.
Macro - In
a macro virus the virus is contained in a "macro" or "script"
that is part of a document such as a word processor file or a
spreadsheet. For example, both Microsoft Word and Microsoft
Excel support macros that are, in effect, attached to a document.
Macros are small programs that perform some particular task and
are very useful. Macro viruses are spread by sharing
document infected files. After your computer is infected
with a macro virus, subsequent documents you create or open may
also be infected with the virus. Macro viruses are a frequent
source of virus infections.
Boot Sector -
The boot sector is a special area on a hard drive or
diskette that is used to start the operating system. Boot
sector viruses infect this area so that they can 1) be replicated
through the sharing of disks. and 2) executed when the disk is
accessed. Note that boot sector viruses can be spread even
if a diskette, foe example, is not a bootable diskette.
Program or Executable
- These are viruses that are spread by sharing
program files. Programs files (like the exe and dll files
associated with most applications) and not shared as often as
documents, and this cuts down on the number of these types of
viruses.
Hoaxes -
These are not actually virus programs. They are email
messages that warn about a supposed new virus. These
false warning messages usually encourage the recipient to send
the warring to everyone they know know. Even though these
hoax warnings are sent by well-meaning people and carry no real
virus software, they are a real problem since they can cause large
amounts of Internet traffic and unnecessary calls to tech support
personnel.
Email - These are similar
in appearance to hoaxes, except they carry instructions for deleting
a virus or fixing a problem created by the virus and the proposed
solution actually deletes needed files or does other damage to
your computer. The theory is that you get this warning form
someone you trust (perhaps the same well-meaning friend that sends
out the hoaxes), you check and find the supposedly dangerous file
on your machine, you decide to "fix" your computer by following
the instructions, and you delete a needed file.
(Click
here to return to top of page.)
3. What is a Trojan
Horse?
A Trojan Horse is a virus
hidden in what appears to be a regular program. They
differ from the program or executable viruses described above
because they do not try to replicate themselves. The program
in which the Trojan Horse code resides may perform an actual function
and the user may not realize that their computer has been compromised.
(Click
here to return to top of page.)
4. What is a worm?
A worm is a virus that copies
itself throughout a computer's disk and memory. The difference
between a regular virus and a worm is that worms exist as separate
programs - they do not "hitch-hike" on other files or programs.
Worms can take advantage of automatic file sending and receiving
features found on many computers and can spread itself automatically
over a network from one computer to another. Worms can replicate
themselves to the point that they use up the computers resources
and eventually bring the system down.
(Click
here to return to top of page.)
5. What is
spyware?
Spyware is a piece of software
that monitors a computer's activity with the intent of finding
out about the user and their usage habits. Spyware is often
used to Often used to log a user's Internet Web surfing habits.
This information is then sent (mostly without the users knowledge
or permission) to a collection site that can make decisions about
ads to show the user, create a marketing profile for the user,
sell the information about the user, etc.
Spyware is often built into
free downloads from the Web and the user may be giving permission
for its use on a machine. The notice of the download and
the the permission is embedded in the license agreement that users
often accept without reading.
There is currently a significant
amount of spyware around and it is safe to say that it is installed
and operating on very many computers.
(Click
here to return to top of page.)
6. What is
adware?
Adware is similar to spyware
in that it runs (often without your explicit knowledge or permission)
on your computer. Adware is used to occasionally display
ads on your machine based on web sites you have visited or your
interests as indicated by your browsing habits. (Adware
and spyware are similar enough that there are debates regarding
the proper designation for many of the applications.)
return
to top of page
7. Are the
"pop-up" ads I get when I visit web sites the result of an adware
application running on my machine?
Maybe. Some sites use
adware applications and others simply pop-up the ads (either in
the current browser window or in a new window) anytime you visit.
We consider pop-ups to be in a catgory by themselves because they
do not require any "helper" code (like adware) to run on your
machine and because they seem to be everywhere. Unfortunately.
most of the programs that stop adware do not stop pop-ups.
(Click
here to return to top of page.)
8. How are
viruses, worm, etc. spread?
A common mechaniSMfor spreading
a virus is e-mail. The virus is not in the e-mail message
itself, but is in an attachment. The attachment may be a
program or may be a document infected with a macro virus.
Another common method is by
obtaining a file (either a program or document) off a floppy or
CD or by downloading from the Internet. Notice that some
spyware and adware programs are downloaded when you download other
programs that you want (and that you may be agreeing to this in
the "fine print" of the End User License Agreement.)
Some viruses spread without
user help. They use system file transfer mechanisms or e-mail
programs to replicate themselves.
(Click
here to return to top of page.)
9. What can
I do to protect my computer from all of this?
Unfortunately, there is no
simple answer. There is no single solution that protects
against all threats.
The following table provides
an over view of some of the actions you can take and the products
we suggest you consider.
|
Threat
|
Suggested Actions
|
Tools
|
|
Macro Virus
|
Always run anti-virus software.
If you get a virus that is not detected by your anti-virus
software, note the name and go to an anti-virus web site
to find the remedy. Web sites to check include:
Symantec
or
McAfee
or
AVG
|
Norton Anti-Virus 2003
(for single computers)
or
Norton Anti-Virus 2003
Pro (for single computers)
or
Symantec Anti-Virus
for networked computers)
|
|
Boot Sector Virus
|
Always run anti-virus software.
If you get a virus that is not detected by your anti-virus
software, note the name and go to an anti-virus web site
to find the remedy. Web sites to check include:
Symantec
or
McAfee
|
Norton Anti-Virus
(for single computers)
or
Symantec Anti-Virus
for networked computers)
or
Grisoft AVG (A free and very fast solution)
|
|
Program or Executable Virus
|
Always run anti-virus software.
If you get a virus that is not detected by your anti-virus
software, note the name and go to an anti-virus web site
to find the remedy. Web sites to check include:
Symantec
or
McAfee
|
Norton Anti-Virus 2003
(for single computers)
or
Norton Anti-Virus 2003
Pro (for single computers)
or
Symantec Anti-Virus
for networked computers)
Grisoft AVG (A free and very fast solution)
|
|
Hoaxes
|
Check with a web site that lists hoaxes and/or check with
an expert to make sure a received warning is about an actual
threat before forwarding the warning.
|
Web sites to check:
Symantec
or
McAfee
or
Sophos
|
|
Email Virus
|
Check with a web site that lists viruses and hoaxes and/or
check with an expert to make sure a received warning is
about an actual threat. Do not make any changes to
your computer until you have definite confirmation regarding
the threat.
|
Web sites to check:
Symantec
or
McAfee
|
|
Trojan Horse
|
Always run anti-virus software with Trojan Horse capability.
If you get a virus that is not detected by your anti-virus
software, note the name and go to an anti-virus web site
to find the remedy. Web sites to check include:
Symantec
or
McAfee
|
Norton Anti-Virus 2003
(for single computers)
or
Norton Anti-Virus 2003
Pro (for single computers)
or
Symantec Anti-Virus
for networked computers)
|
|
Worm
|
Always run anti-virus software with worm capability.*
If you get a virus that is not detected by your anti-virus
software, note the name and go to an anti-virus web site
to find the remedy. Web sites to check include:
Symantec
or
McAfee
|
Norton Anti-Virus 2003
(for single computers)
or
Norton Anti-Virus 2003
Pro (for single computers)
or
Symantec Anti-Virus
for networked computers)
|
|
Spyware
|
Run Spyware detection and removal software
|
SpyBot - Search and
Destroy
|
|
Adware
|
Run Adware detection software.
Many free versions (like Ad-aware) can be run to find and
remove adware that has been installed on your machine.
To prevent the installation of adware in the first place
you need to use a more robust solution.)
|
To detect and remove previously installed adware:
Ad-aware
To detect, remove, and prevent new infections:
Ad-aware Plus (or
Pro)
|
|
Pop-up Ads
|
Run software that detects and refuses to display pop-up
ads.
|
ZoneAlarm
Google Toolbar
Yahoo Toolbar
|
|
Spam
|
Rum a spam filter.
There are filters built into some of the e-mail client programs,
but they are sometimes hard to setup and are limited in
their accuracy.
If you are looking for a spam filter, consider one with
"whitelist" capability. A white list is a list of
addresses you want to let through even though the spam filter
might think it is spam. This cuts down on the number
of "false positives" and helps you rely on the results of
your filter.
|
Cloudmark SpamNet
|
|
Other threats and solutions
|
There are numerous other threats to your system, especially
when you are online. Network Address Translation in
your router and a firewall are two of the other tools that
can provide protection. Note that both of these can
b e difficult to properly setup and use. We recommend
you get expert help if you are not an experienced user of
these tools.
|
Personal Firewall:
ZoneAlarm
|
(Click
here to return to top of page.)
9. Where can
I get information about a specific virus or hoax?
The
Symantec Security
Response web site provides information on currently active
threats as well as an "encyclopedia" where you can look up virus
and hoax information.
(Click
here to return to top of page.)
|
