Prevention of Virus Infection
The only way to prevent the
infection of a virus is not to receive executable code from an infected source.
This philosophy used to be easy to follow because it was easy to tell if a file
was executable or not. For example, on PCs, a .exe extension was a clear sign
that the file was executable. However, as we have noted, today's files are more
complex, and a seemingly nonexecutable file may have some executable code
buried deep within it. For example, a word processor may have commands within
the document file; as we noted earlier, these commands, called macros, make it
easy for the user to do complex or repetitive things. But they are really
executable code embedded in the context of the document. Similarly, spreadsheets,
presentation slides, other office- or business-related files, and even media
files can contain code or scripts that can be executed in various waysand
thereby harbor viruses. And, as we have seen, the applications that run or use
these files may try to be helpful by automatically invoking the executable
code, whether you want it run or not! Against the principles of good security,
e-mail handlers can be set to automatically open (without performing access
control) attachments or embedded code for the recipient, so your e-mail message
can have animated bears dancing across the top.
Another approach virus
writers have used is a little-known feature in the Microsoft file design.
Although a file with a .doc extension is expected to be a Word document, in
fact, the true document type is hidden in a field at the start of the file.
This convenience ostensibly helps a user who inadvertently names a Word
document with a .ppt (Power-Point) or any other extension. In some cases, the
operating system will try to open the associated application but, if that
fails, the system will switch to the application of the hidden file type. So,
the virus writer creates an executable file, names it with an inappropriate
extension, and sends it to the victim, describing it is as a picture or a
necessary code add-in or something else desirable. The unwitting recipient
opens the file and, without intending to, executes the malicious code.
More recently, executable
code has been hidden in files containing large data sets, such as pictures or
read-only documents. These bits of viral code are not easily detected by virus
scanners and certainly not by the human eye. For example, a file containing a
photograph may be highly granular; if every sixteenth bit is part of a command
string that can be executed, then the virus is very difficult to detect.
Because you cannot always know which sources
are infected, you should assume that any outside source is infected.
Fortunately, you know when you are receiving code from an outside source;
unfortunately, it is not feasible to cut off all contact with the outside
world.
In their interesting paper
comparing computer virus transmission with human disease transmission, Kephart
et al. [KEP93] observe that individuals'
efforts to keep their computers free from viruses lead to communities that are
generally free from viruses because members of the community have little
(electronic) contact with the outside world. In this case, transmission is
contained not because of limited contact but because of limited contact outside
the community. Governments, for military or diplomatic secrets, often run
disconnected network communities. The trick seems to be in choosing one's
community prudently. However, as use of the Internet and the World Wide Web
increases, such separation is almost impossible to maintain.
Nevertheless, there are
several techniques for building a reasonably safe community for electronic
contact, including the following:
Use only commercial software
acquired from reliable, well-established vendors. There is always a chance that
you might receive a virus from a large manufacturer with a name everyone would
recognize. However, such enterprises have significant reputations that could be
seriously damaged by even one bad incident, so they go to some degree of
trouble to keep their products virus-free and to patch any problem-causing code
right away. Similarly, software distribution companies will be careful about
products they handle.
Test all new software on an
isolated computer. If you must use software from a questionable source, test
the software first on a computer that is not connected to a network and
contains no sensitive or important data. Run the software and look for
unexpected behavior, even simple behavior such as unexplained figures on the
screen. Test the computer with a copy of an up-to-date virus scanner created
before the suspect program is run. Only if the program passes these tests
should you install it on a less isolated machine.
Open attachments only when
you know them to be safe. What constitutes "safe" is up to you, as
you have probably already learned in this chapter. Certainly, an attachment
from an unknown source is of questionable safety. You might also distrust an
attachment from a known source but with a peculiar message.
Make a recoverable system
image and store it safely. If your system does become infected, this clean
version will let you reboot securely because it overwrites the corrupted system
files with clean copies. For this reason, you must keep the image
write-protected during reboot. Prepare this image now, before infection; after
infection it is too late. For safety, prepare an extra copy of the safe boot
image.
Make and retain backup copies
of executable system files. This way, in the event of a virus infection, you
can remove infected files and reinstall from the clean backup copies (stored in
a secure, offline location, of course). Also make and retain backups of
important data files that might contain infectable code; such files include
word-processor documents, spreadsheets, slide presentations, pictures, sound
files, and databases. Keep these backups on inexpensive media, such as CDs or
DVDs so that you can keep old backups for a long time. In case you find an
infection, you want to be able to start from a clean backupthat is, one taken
before the infection.
Use virus detectors (often
called virus scanners) regularly and update them daily. Many of the available
virus detectors can both detect and eliminate infection from viruses. Several
scanners are better than one because one may detect the viruses that others
miss. Because scanners search for virus signatures, they are constantly being
revised as new viruses are discovered. New virus signature files or new
versions of scanners are distributed frequently; often, you can request
automatic downloads from the vendor's web site. Keep your detector's signature
file up to date.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.