Monday, June 13, 2011

Firewalls–First Layer of Defense

A firewall is a wall or barrier that is designed to block malicious or unauthorized access while allowing legitimate traffic though a network. Firewalls can be either software or an actual dedicated hardware device. Dedicated hardware firewalls tend to be more robust and are often used in businesses, but for most home computer users a software firewall will suffice.  Also many home routers will have some form of a firewall built in.  Most modern operating systems include a firewall, including Windows XP, Vista, and 7. Windows XP’s firewall is slightly lackluster, but should be sufficient.

A firewall is more for protection against hacking or malicious access than protection against viruses.  For this reason, just because you have a firewall, do not expect it to protect you against a virus.  In the security world, layered protection is the best protection method and a firewall is usually the first layer at the entrance of a network or a computer.

One of the keys to a firewall is minimizing the number of holes (doors or windows) in the wall.  A hole in a computer firewall can be an open port such as FTP port 21.  You will not be able to close every port in your firewall (if you did you would be better off just pulling the cable on the back your computer – which actually might not be a bad idea now days!), but be sure not have services selected that you will not be using!  In the screenshot below you can see a number of services that Windows has turned off (blocked).

windows-firewall-rules-allow-a-program

If you have Windows XP, Vista, and 7 you should be all set for a firewall, and of course many security suites also come with a firewall.  One thing that you will probably see no matter what firewall program you use is a request to allow a program through a firewall.  What should do when you see this?  That depends greatly on what you are doing, if you just opened a program such as an instant messaging application for the first time (or the instant messaging application updated itself) then the the firewall popup most likely has to be for the instant messaging application; of course, try to verify that is the case be looking at the details given in the popup.  Hopefully the popup will list the program name as well as the location it is running from.

Now of course with all that being said about a firewall, one of the single most important items with a firewall is to make sure it is ON!  Sometimes you may be required to temporarily disable a firewall if that is the case make sure you enable the firewall when done!  If you are using the Windows firewall, it should notify you if it is off.

Windows-7-Firewall

Saturday, June 4, 2011

Do You Need to Reinstall Windows to Remove a Virus?

I have seen this on more than few websites that have how to’s on removing viruses.  They claim that in order to completely remove a virus you need to format the hard disk and reinstall Windows.  Technically speaking this is true; but only if you want to remove every stinking file, code, and modification that the virus place on your system.  If you are that paranoid about the virus leftovers; then I first suggest if you have a full system backup that you use that before you go and wipe your system out.

In most cases though you do not need to reformat your hard drive or reinstall Windows.  A few left over registry entries or an unimportant file or two are not going to hurt your system.  This is very similar to uninstalling a legitimate program, the uninstaller never gets everything there is usually always something left somewhere, even if is just a shortcut or a registry entry.

Now of course there is one exception to this and that is the rootkit.  If you read my last post you know that a rootkit is one of the absolute worse types of viruses for being able to hide itself.  In my years of removing viruses I have only had one case of a rootkit that required reformatting the the hard drive to be removed.  This was from a client who’s computer had been hacked and was being used for malicious attacks against other computers.

Friday, June 3, 2011

Types of Viruses

There are several different types of viruses, which are generally divided by what they do or how they get into your system.  On most of my other posts, I simply use the term virus to refer any type; though, by definition a virus is an infection that can spread from one computer to another, and this is not necessarily true of all virus types.  Some virus require additional help to be installed on a system and once on a system do not necessarily replicate themselves to other systems on the network.

Common virus types include:

  • Trojan Horses – if you know what the real Trojan horse was, then you can probably guess what a Trojan virus does.  A Trojan masquerades itself as a useful program or is a payload (addition) to a real program.  Once on the system, the Trojan will allow a hacker remote access to a system.  A Trojan can also be part of a botnet.
  • Worm – a worm is a virus that replicates itself through a computer network and by itself does not do anything to the infected computer.  The only real damage the worm does is the resources it takes up replicating itself.  A worm may also include a payload that performs other unwanted functions.  A recent worm that got a lot of attention was Conflicker.
  • Spyware – you can probably guess what this type of virus does?  Spyware attempts to record various actions performed on a computer.  For example typing the password to your bank account (key logger), taking screenshots, ect.!  Of course spyware tries to maintain a low profile and remain hidden on your system.
  • Adware – like spyware you can probably guess what this type of virus does; adware displays advertising on your system.  These ads are usually displayed in a internet browser popup, without your permission of course and usually advertises questionable products or services!
  • Scareware – I have already mentioned this type of virus a few times on this blog and in fact have several blog post devoted entirely to this virus type.  Probably the most common scareware type is the fake anti-virus program.  Scareware is designed to play on a person’s fears, especially when it comes to viruses.
  • Rootkit – this is probably one of the absolute worst type of viruses.  Rootkits are capable of hiding not only from the user, but also from the operating system.  For example a rootkit .exe may be located in C:\Windows, but according the Windows operating system the file will not exist even though it is actually there.  Rootkits are often used for hacking purposes and gaining information or control over a system.
  • Malware – not really a virus type but more of a general term to describe all types of viruses and includes all the above mentioned virus types.  By definition malware is programmed code or scripts that are designed to destroy, steal, and gain or deny access to a computer system,.