CASE.EDU:    HOME | DIRECTORIES | SEARCH
case western reserve university

INFORMATION SECURITY
 
 

get the poster


QUICK LINKS:

Case Tips for Avoiding Computer Viruses, Worms, & Bots


Computer viruses implant instructions in other programs or storage devices and can attack, scramble, or erase computer data. The danger of computer viruses lies in their ability to replicate themselves and spread from system to system. Few computing systems are immune to infection.

High-risk behaviors

The following activities are among the most common ways of getting computer viruses. Minimizing the frequency of these activities will reduce your risk of getting a computer virus:
  • Freely sharing computer programs and system disks, or downloading files and software through file-sharing applications such as BitTorrent, eDonkey, and KaZaA
  • Clicking links in instant messaging (IM) that you receive out of the blue with only a link or general text; for more information.  There is a relevant worm hitting IM users now, the Opanki Worm.
  • Downloading executable software from public-access bulletin boards or web sites
  • Using your personal disk space (e.g., floppy disks) with public computers or other computers that are used by more than one person
  • Opening email attachments from people you don't know or without first scanning them for viruses; By installing and using Symantec AntiVirus Corporate Edition in Windows, which is free to Case users, you can immediately scan a file, folder, or drive for viruses.  You can also get Symantec AntiVirus for Mac OS or Mac OS X.  Make sure you are running in 'auto protect' mode, and schedule live updates.  An antivirus product needs the most up-to-date virus definitions to maximize effectiveness.
  • Opening any email attachment that ends in .exe, .vbs, or .lnk on a computer running Microsoft Windows.
  • Continually running your Windows computer as an administrator.  If a virus can successfully attack a windows service (such as IE), it will have the privileges of the logged-in user.  If you have two accounts for yourself, one with Administrator privileges (that you use for installing software), and on with only User privileges (that you use for regularly daily use), you can prevent malware and viruses from effectively compromising your computer.
Signs of a virus infection

Note: For a list of resources to help you find information about particular viruses, see the link Where can I find information on computer viruses?

If your computer begins to act strangely, or if it stops being able to do things it has always done in the past, it may be infected with a virus. Symptoms such as longer-than-normal program load times, unpredictable program behavior, inexplicable changes in file sizes, inability to boot, strange graphics appearing on your screen, or unusual sounds may indicate that a virus is on your system. However, it is important to distinguish between virus symptoms and those that come from corrupted system files, which can look very similar. Remain calm and objective, and rule out more standard causes before suspecting a virus.

How to avoid computer viruses

Prevention is a matter of vigilance and avoiding contact with unknown files, web sites, and disks. It is usually the unwary who get computer viruses. Following is a list of some recommendations for safe computing:

  • The most important thing you can do to keep your computer safe is to install virus detection software and keep the virus patterns up to date. Antivirus programs perform two general functions: scanning for and removing viruses in files on disks, and monitoring the operation of your computer for virus-like activity (either known actions of specific viruses or general suspicious activity). Most antivirus packages contain routines that can perform each kind of task.
  • Note: Case Information Technology Services recommends that you run the latest version of Symantec/Norton AntiVirus software (available to Case students, faculty, and staff for free from the Software Center) for your operating system, being sure to upgrade safely and that you update your virus definitions daily and scan your computer weekly. 
  • Keep your operating system current with the latest patches and updates. The writers of viruses and worms often exploit bugs and security holes in operating systems and other computer software. Software manufacturers frequently release patches for such holes. For information on obtaining the latest patches, see the update instructions pages.
  • Back up your files. Viruses are one more very good reason to always back up your files.
  • Note: If you back up a file that is already infected with a virus, you can re-infect your system by restoring files from the backup copies. Check your backup files with virus scanning software before using them.
  • Keep your original application and system disks locked (or write-protected). This will prevent the virus from spreading to your original disks.
  • If you must insert one of your application disks into an unknown computer, lock (write-protect) it first, and unlock your application disk only after verifying that the machine is virus-free.
  • Obtain public-domain software from reputable sources. Check newly downloaded software thoroughly using reputable virus detection software on a locked floppy disk for any signs of infection before you copy it to a hard disk. This can also help protect you from Trojan horse programs.
  • If you use a desktop version of Outlook, minimize use of the preview or reading pane feature. Also see:
  • Where can I find information on computer viruses?

What is a 'bot' or 'botnet'?

The next wave in computer worms are the dreaded 'bots', which are basically programs that have a small payload that attack and compromised unprotected computers, then 'call home' to a central control computer (usually via IRC), which then sends out a specialized program that may eventually permit the 'botherder' to use your computer for online criminal activity.  Often is a computer has been 'botted' is will have so many modifications by the malware (trojans, rootkits, keyloggers), that you may have to rebuild your operating system.  The Symantec AntiVirus that Case provides will protect your computer in many instances.

My Computer has been Quarantined? 
If your computer has been infected, it will probably set off a network monitor and you get quarantined.  This will isolate it from other systems so it doesn't attack other computers in the network.  You will get a call from the Case Help Desk with instructions on how to address the problem.  Once the system problem has been remediated, you can be reconnected to the network.