Viruses, spyware, and adware

The virus is a type of malicious software which is designed to do two things firstly to propagate copies of its software the computers in whatever way can and secondly to eventually cause problems resource computer spyware is different in software which typically doesn't propagate is designed to extract information from its host computer for marketing purposes at worries like spyware with designed for advertising for example in the pop-up screen at one spyware called cops potentially unwanted programs in the often introduced inadvertently during the installation of other programs viruses and pubs can be detected and removed by anti-virus software antivirus software checks all files coming into the system from USB mail or websites to see if they match any of its virus SIGNATURES as they do not typically be removed or quarantine antivirus programs, only about 95% effective in detecting viruses" viruses and pubs are being created all the time and antivirus software needs to be updated regularly so that new signatures can be added businesses will often download new signatures every four hours so that a home using my only checked once a week consequently a new virus or pub can get onto a system if it arrives before its signature is in the systems antivirus database to catch these exceptions antivirus software can scan the hard disk to look for viruses and pubs that have been written to disk this is typically done weekly after the signature update

Using Windows Defender

Let's take a look at how Windows deals with the problem of viruses are the Windows operating system is designed to make it easy to software to execute and unfortunately this provides a great opportunity from malicious software to find a way in the remaining antivirus products available for Windows including on Windows 8 Microsoft products Windows defender if you're using an earlier Microsoft operating system is also a version of Windows defender available called Microsoft Security essentials or MSA which you can download from the Microsoft Mr Windows defender by right clicking on the start button selecting Control Panel Windows defender defender presents for timesheets with the hometown providing a summary of the protection currently in place and the option to scan for viruses we can see the real-time protection is on the antivirus signatures are up-to-date the help button on the drop-down control next to it linked to the relevant part of the Microsoft website so you don't need to spend time looking at ways was look at the update here we see the date when the various components of MSA will last updated if the software and signature files have been updated for a while we might want to click on the back button and the programme will check Microsoft website for updates and download any that are available that they can take quite a while in any case would pretty much up-to-date so we don't need to do that right now

Setting up real-time protection

Before we look any further at the Defender interface,…let's see how it reacts to detecting a virus under normal operating conditions.…The European Institute for Computer Antivirus Research,…provides a non viral string of code that is detected by all antivirus software.…There's a check that the antivirus is working.…I've typed the string into Notepad.…Let's save it as virustest.com.…Here we can see Microsoft Defender has detected the malware and…has taken action to remove it.

Scanning with Windows Defender

Announcing real-time detection inaction lets see how we can scan for any viruses THE might of passport and into our system on the right of the screen we have the option to do a quick scan which checks the common places where viruses might hide a full-scale of every file on the hard drive or custom scan which we can configure. Take quite a long time and are usually left to run when the computers of being useful quick scans augured everyday option this will take a while Mr was scanned by selecting custom scan progressing scan can select the drivers and directors to Taiwan scan to expand the C drive and it removed out of camp we consider that's already been selected press okay and the scan will start now is finished click on the history tab to look at defenders logs at debut just the files that have been quarantined as the files that have been allowed into the system for all events there is one entry shown here when I tried to save the notepad contents onto disk defender real-time protection detected that it was a severe virus called DOS icon test file removed it created this log entry nothing additional detected during the custom scan we ran which is good to remove all button will clear all entries from history immediately although we don't need to do this manually as we can set of defender to automatically remove history entries will look at that setting sure if we select this entry another button called allow item appears it might seem strange to allow malware into our system is sometimes it's necessary for instance we might want to load virus code into computer to do can analyse it when we do Windows defender will remove it INTO quarantine as it has done to this for if we really sure detected threat isn't an infection we can allow it the allow item button will move out of quarantine and back onto the hard drive of course this action should be taken with extreme care announcing real-time detection inaction lets see how we can scan for any viruses or perhaps the might of passport and into our system on the right of the screen we have the option to do a quick scan which checks the common places where viruses might hide a full-scale of every file on the hard drive or custom scan which we can configure. Take quite a long time and usually left to run when the computers of being useful quick scans augured everyday option this will take a while Mr was scanned by selecting custom scan progressing scan I dislike the drives and directors to Taiwan scan so expand the C drive and it removed out of camp we consider that's already been selected press okay and the scan will start now is finished click on the history tab to look at defenders logs at debut just the files that have been quarantined to the files that have been allowed into the system for all events there's one entry shown here when I tried to save the notepad contents onto disk defender real-time protection detected that it was a severe virus called DOS icon test file removed it created this log entry nothing additional detected during the custom scan we ran which is good to remove all button will clear all entries from history immediately although we don't need to do this manually as we can set of defender to automatically remove history entries will look at that setting sure if we select this entry another button called allow item appears it might seem strange to allow malware into our system is sometimes it's necessary for instance we might want to load virus code into computer to do can analyse it when we do Windows defender will remove it INTO quarantine as it has done to this for if we really sure detected threat isn't an infection we can allow it the allow item button will move a fire out of quarantine and back onto the hard drive of course this action should be taken with extreme care

Modifying antivirus settings in Windows Defender

The final time the defender provides its settings but selected the first item allows attractive a real-time protection and scan all files coming into the computer real-time protection continually monitors the registering file system to make sure malware is being introduced on the changes are not being made to applications that automatically start on the computer builds up services drivers and Windows add-ons it also checks the dangerous changes to system configuration settings Internet Explorer configuration settings and application registration while the performance of all the computers was affected by running real-time scanning this isn't a problem these days and this option should always be set the next three items allows to exclude files and locations file types of processors from being scanned the written reasons for excluding items to speed up scanning all to fix the problem but says an example how we exclude files and locations with that on the browse button and then select a subdirectory or volume to exclude or select the perfect logs subdirectory and an browser game and select system volume information, out of the unsafe changes is important that we confident malware can't execute from anything we exclude to exclusions tend to be the exception of the advanced item we can simply provide six checkboxes by default archive files are not scanned as any malware will be detected as soon as it's extracted however we can turn on scanning of all files within archives only hard drives are scan buildings at up scanning to include any mounted removable drives a system restore point to be taken prior to taking action on a detected item by default the history information is not visible to users on the computer but this can be changed within set how long would keep quarantine items before they removed which saves having to manually remove the final collectors and certain files which raises alert to Microsoft for them to determine whether their malicious the next item in the left-hand panel menu is maps this allows us to set the amount of information will send back to Microsoft if we get a virus alert can decline to send any information on joining the match programme wickets and basic malware related information which was a more detailed information about the infection including more details about the files on our system only this is basic finally the administrator item is used to activate the defender replication okay that's it for settings

Scheduling a scan with Windows Defender

Microsoft defender doesn't provide scheduling we can schedule a scan using the window scheduling system) on the start button select Control Panel in the administrative tools and task schedule of the task schedule in the left-hand panel with an expanded to schedule a library Microsoft windows and work our way down to find Windows defender within greater task to schedule this method of the general settings will call this task weekly scan we can run whether the user is logged on or not open with the highest privileges we need to select the correct system runs and wickets like the figures tab and click on new is the largest configuration is scan on a daily or weekly basis providers start date in the start time if we select weekly with also select the data rate remember that a file scan is a second line of defence against real-time protection not detecting the virus and so selecting specific data scan weekly is normally adequate however you can select daily to scan every day if you need additional floor it was like the actions tab impress new looking out of the program to run this uses the command line defender programme must take a slight diversion of May command window and navigate to the program files Microsoft Security client folder the demand executable we want to run is called MP command ran.exe that run the short scan of the temp directory using the command MP command run on a scan on a standard type III minus file/20 the scan types are worn for a quick scan through for a full scan and three for custom scan as defined by the file setting in this case/temp there are many options we can set on MP command run for instance the signature update option will check the signature updates

Using Windows Defender offline

There's one other variant of Windows Defender that I'd like to mention.…Windows Defender Offline, or WDO, available for…download from the Microsoft website.…WDO is a bootable version of Windows Defender, which can be downloaded onto and…used from a USB stick or…CD to scan a system without having to load its operating system.…This is very useful for finding rootkits, which are sophisticated enough to hide…themselves from a standard Windows Defender scan.…

WDO looks and…operates exactly like Windows Defender but has a limited configuration.…It offers just offline help, and…the Settings tab is limited to excluding files and file types.…Nevertheless, it's a great solution for removing difficult viruses

Exploring antivirus on Linux

While the use of antivirus for Microsoft users is pretty much mandatory,…most Linux users don't bother about antivirus.…This is because a Linux user account typically doesn't have the level of…privileges that a Windows user account does.…And that means, malware is much less able to compromise a Linux workstation.…Added to which, there's traditionally not been a great deal of Linux malware around.…Linux attack campaigns, such as Darkleech and…Windigo, indicate this may not continue to be the case.…

And antivirus software, such as ClamAV, should be used on Linux-based file and…mail service.

#practicalsecurity #ITSecurity