Lo 2

Misrak TVET College
Training, Teaching and Learning Materials Development

ghh
MISRAK TVET COLLEGE
under
Ethiopian TVET-System
INFOM!TION TEC"NOLO#$
%&''OT %EVICE
Level I
LEARNING GUIDE # 11
&nit o( Competence) 'rotect %o(t*are or %+stem
!pplication
Module Title ) 'rotecting %o(t*are or %+stem
!pplication
L# Code ) ICT IT%, M-. L-/ ,,
TTLM Code ) ICT IT%, TTLM-. -0,,
LO /) Detect and removed destructive
so(t*are
Learning #uide Date) -01/-,. 'age 1 o( /2
First Edition !uthor) ICT, IT 3 Misrak TVET College
Misrak TVET College
INTRODUCTION Learning Guide # 11
This learning guide is developed to provide +ou the necessar+ in(ormation regarding the (ollo*ing
content coverage and topics 3
Computer Viruses
Virus Origin, "istor+ and Evolution
Virus Infection, Removal and Prevention
!nti1virus %o(t*are
This guide *ill also assist +ou to attain the learning outcome stated in the cover page4
%peci(icall+, upon completion o( this Learning #uide, +ou *ill 5e a5le to 3
De(ine and identi(+ common t+pes o( destructie s!"t#are

%elect and install irus $r!tecti!n compati5le *ith the !$erating s%ste& in use
Descri5e advanced s+stems o( protection in order to understand (urther options
Install S!"t#are u$dates on a regular 5asis
Con(igure so(t*are securit+ settings to prevent destructive so(t*are (rom in(ecting computer
un and6or schedule virus protection so(t*are on a regular 5asis
eport detected destructive so(t*are to appropriate person and remove the destructive
so(t*are
Learning Actiities
,4 ead the speci(ic o57ectives o( this Learning #uide4
/4 ead the in(ormation *ritten in the 8In(ormation %heets ,9 in pages :1.4
:4 !ccomplish the 8%el(1check9 in page 04
.4 I( +ou earned a satis(actor+ evaluation proceed to 8In(ormation %heet /94 "o*ever, i( +our rating
is unsatis(actor+, see +our teacher (or (urther instructions or go 5ack to Learning !ct4 ;,4
04 ead the in(ormation *ritten in the 8In(ormation %heets /9 in pages <1=4
<4 !ccomplish the 8%el(1check9 in page ,-4
>4 I( +ou earned a satis(actor+ evaluation proceed to 8In(ormation %heet :94 "o*ever, i( +our rating
is unsatis(actor+, see +our teacher (or (urther instructions or go 5ack to Learning !ct4 ;/4
24 ead the in(ormation *ritten in the 8In(ormation %heets :9 in pages ,,1,/4
=4 !ccomplish the 8%el(1check9 in page ,:4
,-4 I( +ou earned a satis(actor+ evaluation proceed to 8In(ormation %heet .94 "o*ever, i( +our
rating is unsatis(actor+, see +our teacher (or (urther instructions or go 5ack to Learning !ct4 ;:4
,,4 ead the in(ormation *ritten in the 8in(ormation %heet .9 in pages ,.1/.4
,/4 !ccomplish the 8%el(1check9 in page /04
,:4 I( +ou earned a satis(actor+ evaluation proceed to 8Operation %heet9 on pages /<1/>4 "o*ever,
i( +our rating is unsatis(actor+, see +our teacher (or (urther instructions or go 5ack to Learning
!ctivit+ ; .4
,.4 I( +ou earned a satis(actor+ evaluation proceed to 8Lap Test9 on page /24 "o*ever, i( +our
rating is unsatis(actor+, see +our teacher (or (urther instructions or go 5ack to Learning !ctivit+
Operation %heet4
,04 Do the 8L!' test9 ?i( +ou are read+@ and sho* +our output to +our teacher4 $our teacher *ill
evaluate +our output either satis(actor+ or unsatis(actor+4 I( unsatis(actor+, +our teacher shall
advice +ou on additional *ork4 Aut i( satis(actor+ +ou can proceed to Learning #uide ,/4
$our teacher *ill evaluate +our output either satis(actor+ or unsatis(actor+4 I( unsatis(actor+,
+our teacher shall advice +ou on additional *ork4 Aut i( satis(actor+ +ou can proceed to the
neBt topic4
Learning #uide Date) -01/-,. 'age ' o( /2
Misrak TVET College
In"!r&ati!n Sheet 1 Computer Viruses
(hat is a Virus)
De"initi!n
! computer virus is a small so(t*are program that is speci(icall+ designed to spread
5et*een computers and hinder 5asic computer (unctions4
Viruses are commonl+ spread through email attachments or instant messages, so
itCs never a good idea to open an attachment (rom a sender that +ou are not (amiliar *ith4
The+ can also 5e inadvertentl+ do*nloaded through the Internet, as part o( a (ile or
program that might have come (rom a Duestiona5le *e5site4
Computer viruses can cause serious damage to a computer s+stem4 The+ can slo*
do*n the computerCs overall per(ormance and lead to a loss o( data that could range (rom
one single (ile to +our entire hard drive4 These viruses have kept pace *ith ne* computer
technolog+, evolving rapidl+ and increasing in compleBit+E ho*ever, there are still man+
eas+ and o(ten (ree *a+s to eliminate these destructive programs, *hile keeping ne* ones
(rom invading4
"ere are the di((erent kinds o( viruses)
Virus 1 Can replicate and spread to other computers4 !lso attacks other program
(!r& 1 ! special t+pe o( virus that can replicate and spread, 5ut generall+ doesnCt
attack other programs
Tr!*an 1 DoesnCt replicate, 5ut can spread4 DoesnCt attack other programs4 &suall+
7ust a *a+ o( recording and reporting *hat +ou do on +our 'C
Viruses are split into di((erent categories, depending on *hat the+ do4 "ere are a
(e* categories o( viruses)
+!!t Sect!r Virus
The Aoot %ector o( a 'C is a part o( +our computer that gets accessed (irst
*hen +ou turn it on4 It tells Findo*s *hat to do and *hat to load4 ItCs like a
GThings To DoG list4 The Aoot %ector is also kno*n as the Master Aoot ecord4 !
5oot sector virus is designed to attack this, causing +our 'C to re(use to start at allH
,i-e Virus
! (ile virus, as its name suggests, attacks (iles on +our computer4 !lso
attacks entire programs, though4
Learning #uide Date) -01/-,. 'age . o( /2
Misrak TVET College
Macr! Virus
These t+pes o( virus are *ritten speci(icall+ to in(ect Microso(t O((ice
documents ?Ford, EBcel 'o*er'oint, etc4@ ! Ford document can contain a Macro
Virus4 $ou usuall+ need to open a document in an Microso(t O((ice application 5e(ore
the virus can do an+ harm4
Mu-ti$artite Virus
! multipartite virus is designed to in(ect 5oth the 5oot sector and (iles on
+our computer
/!-%&!r$hic Virus
This t+pe o( virus alter their o*n code *hen the+ in(ect another computer4
The+ do this to tr+ and avoid detection 5+ anti1virus programs4
Misrak TVET College
Se-"1Chec2 1 (ritten Test
Name:____________________ Date:_________________
Instructi!n3 !ns*er all the Duestions listed 5elo*, i( +ou have some di((icult+ doing this sel(
check, (eel (ree to ask +our teacher (or clari(ications4
,4 It is a small so(t*are program that is speci(icall+ designed to spread 5et*een computers and
hinder 5asic computer (unctions4
/4 Fhat are three ?:@ di((erent kinds o( viruses
:4 This virus doesnCt replicate, 5ut can spread4
.4 It can replicate and spread to other computers4 !lso attacks other program
04 ! special t+pe o( virus that can replicate and spread, 5ut generall+ doesnCt attack other
'rograms
<4 Fhat are the (ive ?0@ categories o( a virusI
>4 This virus attacks (iles on +our computer4
24 These viruses are *ritten speci(icall+ to in(ect Microso(t O((ice documents ?Ford, EBcel
'o*er'oint, etc4@
=4 This virus alters their o*n code *hen the+ in(ect another computer4
,-4 This is designed to in(ect 5oth the 5oot sector and (iles on +our computer4
,,4 It is design to attack 5oot sector, causing +our 'C to re(use to start at all4
Misrak TVET College
$ou must a5le to get ,.points to 5e competent other*ise +ouJll take another test
In"!r&ati!n Sheet ' Virus Origin, History and Evolution
Virus Origins
Computer viruses are called iruses 5ecause the+ share some o( the traits
o( 5iological viruses4 ! computer virus passes (rom computer to computer like a 5iological
virus passes (rom person to person4
&nlike a cell, a virus has no *a+ to reproduce 5+ itsel(4 Instead, a 5iological virus
must in7ect its DN! into a cell4 The viral DN! then uses the cellCs eBisting machiner+ to
reproduce itsel(4 In some cases, the cell (ills *ith ne* viral particles until it 5ursts,
releasing the virus4 In other cases, the ne* virus particles 5ud o(( the cell one at a time,
and the cell remains alive4
! computer virus shares some o( these traits4 ! computer virus must $igg%5ac2 on
top o( some other program or document in order to launch4 Once it is running, it can
in(ect other programs or documents4 O5viousl+, the analog+ 5et*een computer and
5iological viruses stretches things a 5it, 5ut there are enough similarities that the name
sticks4
/e!$-e #rite c!&$uter iruses4 ! person has to *rite the code, test it to make
sure it spreads properl+ and then release it4 ! person also designs the virusCs attack
phase, *hether itCs a sill+ message or the destruction o( a hard disk4
(h% d! the% d! it)
There are at -east three reas!ns4
The (irst is the sa&e $s%ch!-!g% that dries anda-s and ars!nists4 Fh+
*ould someone *ant to 5reak a *indo* on someoneCs car, paint signs on
5uildings or 5urn do*n a 5eauti(ul (orestI For some people, that seems to 5e
a thrill4 I( that sort o( person kno*s computer programming, then he or she
ma+ (unnel energ+ into the creation o( destructive viruses4
The second reason has to do *ith the thri-- !" #atching things 5-!# u$4
%ome people have a (ascination *ith things like eBplosions and car *recks4
Fhen +ou *ere gro*ing up, there might have 5een a kid in +our
neigh5orhood *ho learned ho* to make gunpo*der4 !nd that kid pro5a5l+
5uilt 5igger and 5igger 5om5s until he either got 5ored or did some serious
damage to himsel(4 Creating a virus is a little like that 11 it creates a 5om5
inside a computer, and the more computers that get in(ected the more G(unG
the eBplosion4
Misrak TVET College
The third reason involves 5ragging rights7 !r the thri-- !" d!ing it4 %ort o(
like Mount Everest 11 the mountain is there, so someone is compelled to
clim5 it4 I( +ou are a certain t+pe o( programmer *ho sees a securit+ hole
that could 5e eBploited, +ou might simpl+ 5e compelled to eBploit the hole
+oursel( 5e(ore someone else 5eats +ou to it4
O( course, most virus creators seem to miss the point that the+ cause rea-
da&age to real people *ith their creations4 Destro+ing ever+thing on a personCs hard disk
is real damage4 Forcing a large compan+ to *aste thousands o( hours cleaning up a(ter a
virus is real damage4 Even a sill+ message is real damage 5ecause someone has to *aste
time getting rid o( it4 For this reason, the legal s+stem is getting much harsher in
punishing the people *ho create viruses4
Virus 8ist!r%
Traditional computer viruses *ere (irst *idel+ seen in the late ,=2-s, and the+
came a5out 5ecause o( several (actors4
The (irst (actor *as the s$read !" $ers!na- c!&$uters ?/Cs@4 'rior to the ,=2-s,
home computers *ere nearl+ non1eBistent or the+ *ere to+s4 eal computers *ere rare,
and the+ *ere locked a*a+ (or use 5+ GeBperts4G During the ,=2-s, real computers started
to spread to 5usinesses and homes 5ecause o( the popularit+ o( the IAM 'C ?released in
,=2/@ and the !pple Macintosh ?released in ,=2.@4 A+ the late ,=2-s, 'Cs *ere
*idespread in 5usinesses, homes and college campuses4
The second (actor *as the use !" c!&$uter 5u--etin 5!ards4 'eople could dial up
a 5ulletin 5oard *ith a modem and do*nload programs o( all t+pes4 #ames *ere
eBtremel+ popular, and so *ere simple *ord processors, spreadsheets and other
productivit+ so(t*are4 Aulletin 5oards led to the precursor o( the virus kno*n as
the Tr!*an h!rse4 ! Tro7an horse is a program *ith a cool1sounding name and
description4 %o +ou do*nload it4 Fhen +ou run the program, ho*ever, it does something
uncool like erasing +our disk4 $ou think +ou are getting a neat game, 5ut it *ipes out +our
s+stem4 Tro7an horses onl+ hit a small num5er o( people 5ecause the+ are Duickl+
discovered, the in(ected programs are removed and *ord o( the danger spreads among
users4
,-!$$% dis2s #ere "act!rs in the s$read !" c!&$uter iruses9
Learning #uide Date) -01/-,. 'age : o( /2
Misrak TVET College
The third (actor that -ed t! the creati!n !" iruses #as the "-!$$% dis24 In the
,=2-s, programs *ere small, and +ou could (it the entire operating s+stem, a (e*
programs and some documents onto a (lopp+ disk or t*o4 Man+ computers did not have
hard disks, so *hen +ou turned on +our machine it *ould load the operating s+stem and
ever+thing else (rom the (lopp+ disk4 Virus authors took advantage o( this to create the
(irst sel(1replicating programs4
Earl+ viruses *ere pieces o( code attached to a common program like a popular game or a
popular *ord processor4 ! person might do*nload an in(ected game (rom a 5ulletin 5oard
and run it4 ! virus like this is a small piece o( code em5edded in a larger, legitimate
program4 Fhen the user runs the legitimate program, the virus loads itsel( into memor+
and looks around to see i( it can (ind an+ other programs on the disk4 I( it can (ind one, it
modi(ies the program to add the virusCs code into the program4 Then the virus launches
the Greal program4G The user reall+ has no *a+ to kno* that the virus ever ran4
&n(ortunatel+, the virus has no* reproduced itsel(, so t*o programs are in(ected4 The neBt
time the user launches either o( those programs, the+ in(ect other programs, and the
c+cle continues4
I( one o( the in(ected programs is given to another person on a (lopp+ disk, or i( it is
uploaded to a 5ulletin 5oard, then other programs get in(ected4 This is ho* the virus
spreads4
The spreading part is the in"ecti!n phase o( the virus4 Viruses *ouldnCt 5e so
violentl+ despised i( all the+ did *as replicate themselves4 Most viruses also have a
destructie attac2 phase *here the+ do damage4 %ome sort o( trigger *ill activate the
attack phase, and the virus *ill then do something 11 an+thing (rom printing a sill+
message on the screen to erasing all o( +our data4 The trigger might 5e a speci(ic date,
the num5er o( times the virus has 5een replicated or something similar4
Virus E!-uti!n
Other Threats
Viruses and *orms get a lot o( pu5licit+, 5ut the+ arenCt the onl+ threats to +our
computerCs health4 Ma-#are is 7ust another name (or so(t*are that has an evil intent4
"ere are some common t+pes o( mal*are and *hat the+ might do to +our in(ected
computer)
Ad#are puts ads up on +our screen4
S$%#are collects personal in(ormation a5out +ou, like +our pass*ords or other
in(ormation +ou t+pe into +our computer4
8i*ac2ers turn +our machine into a Kom5ie computer4
Dia-ers (orce +our computer to make phone calls4 For eBample, one might call toll
=--1num5ers and run up +our phone 5ill, *hile 5oosting revenue (or the o*ners o(
the =--1num5ers4
!s virus creators 5ecame more sophisticated, the+ learned ne* tricks4 One
important trick *as the a5ilit+ to load viruses into memor+ so the+ could keep running in
the 5ackground as long as the computer remained on4 This gave viruses a much more
Learning #uide Date) -01/-,. 'age ; o( /2
Misrak TVET College
e((ective *a+ to replicate themselves4 !nother trick *as the a5ilit+ to in(ect the 5!!t
sect!r on (lopp+ disks and hard disks4 The 5oot sector is a small program that is the (irst
part o( the operating s+stem that the computer loads4 It contains a tin+ program that tells
the computer ho* to load the rest o( the operating s+stem4 A+ putting its code in the 5oot
sector, a virus can guarantee it is e<ecuted4 It can load itsel( into memor+ immediatel+
and run *henever the computer is on4 Aoot sector viruses can in(ect the 5oot sector o(
an+ (lopp+ disk inserted in the machine, and on college campuses, *here lots o( people
share machines, the+ could spread like *ild(ire4
In general, neither eBecuta5le nor 5oot sector viruses are ver+ threatening an+
longer4 The (irst reason (or the decline has 5een the huge siKe o( toda+Cs programs4 Nearl+
ever+ program +ou 5u+ toda+ comes on a compact disc4 Compact discs ?CDs@ cannot 5e
modi(ied, and that makes viral in(ection o( a CD unlikel+, unless the manu(acturer permits
a virus to 5e 5urned onto the CD during production4 The programs are so 5ig that the onl+
eas+ *a+ to move them around is to 5u+ the CD4 'eople certainl+ canCt carr+ applications
around on (lopp+ disks like the+ did in the ,=2-s, *hen (loppies (ull o( programs *ere
traded like 5ase5all cards4 Aoot sector viruses have also declined 5ecause operating
s+stems no* protect the 5oot sector4
In(ection (rom 5oot sector viruses and eBecuta5le viruses is still possi5le4 Even so,
it is a lot harder, and these viruses donCt spread nearl+ as Duickl+ as the+ once did4 Call it
Gshrinking ha5itat,G i( +ou *ant to use a 5iological analog+4 The environment o( (lopp+
disks, small programs and *eak operating s+stems made these viruses possi5le in the
,=2-s, 5ut that environmental niche has 5een largel+ eliminated 5+ huge eBecuta5les,
unchangea5le CDs and 5etter operating s+stem sa(eguards4
E1&ai- Viruses
Virus authors adapted to the changing computing environment 5+ creating the e1
&ai- irus4 For eBample, the Me-issa irus in March ,=== *as spectacular4 Melissa
spread in Microso(t Ford documents sent via e1mail, and it *orked like this)
%omeone created the virus as a Ford document and uploaded it to an Internet
ne*sgroup4 !n+one *ho do*nloaded the document and opened it *ould trigger the virus4
The virus *ould then send the document ?and there(ore itsel(@ in an e1mail message to
the (irst 0- people in the personCs address 5ook4 The e1mail message contained a (riendl+
note that included the personCs name, so the recipient *ould open the document, thinking
it *as harmless4 The virus *ould then create 0- ne* messages (rom the recipientCs
machine4 !t that rate, the Melissa virus Duickl+ 5ecame the (astest1spreading virus
an+one had seen at the time4 !s mentioned earlier, it (orced a num5er o( large companies
to shut do*n their e1mail s+stems4
Learning #uide Date) -01/-,. 'age = o( /2
Misrak TVET College
Se-"1Chec2 ' (ritten Test
Name)LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL Date)LLLLLLLLLLLLLLLLL
Instructi!n3 !ns*er all the Duestions listed 5elo*, i( +ou have some di((icult+ doing this sel(
,4 Computer viruses are called iruses 5ecause the+ share some o( the traits o( *hatI
/4 ! computer virus must LLLLLLL on top o( some other program or document in order to launch
:4 #ive the three ?:@ reasons *h+ people create a virusI
.4 Fhat most virus creators seem to miss *hen the+ create a virusI
04 Traditional computer viruses *ere (irst *idel+ seen in the late LLLLLL4
<4 The three ?:@ (actors leading to the creation o( computer viruses
>4 Fhat do +ou call the spreading part o( the virusI
24 Fhat phase *here the virus created damage to the computer
=4 Fhat is another name (or so(t*are that has an evil intentI
,-4 This mal*are turn +our machine into a Kom5ie computer4
,,4 This Mal*are collects personal in(ormation a5out +ou, like +our pass*ords or other
in(ormation +ou t+pe into +our computer4
,/4 This mal*are puts ads up on +our screen4
,:4 This mal*are (orce +our computer to make phone calls4
,.4 Melissa Virus is an eBample o( *hat virusI
$ou must a5le to get ,.points to 5e competent other*ise +ouJll take another test
Learning #uide Date) -01/-,. 'age 1> o( /2
Misrak TVET College
In"!r&ati!n Sheet . Virus Infection, Removal and revention
8!# d! Viruses get !n &% c!&$uter)
The most common *a+ that a virus gets on +our computer is 5+ an e&ai-
attachment4 I( +ou open the attachment, and +our anti1virus program doesnCt detect it,
then that is enough to in(ect +our computer4 %ome people go so (ar as NOT opening
attachments at all, 5ut simpl+ deleting the entire message as soon as it comes in4 Fhile
this approach *ill greatl+ reduce +our chances o( 5ecoming in(ected, it ma+ o((end those
relatives o( +ours *ho have 7ust sent +ou the latest pictures o( little Mohnn+H
$ou can also get viruses 5+ d!#n-!ading $r!gra&s "r!& the internet4 That
great piece o( (ree*are +ou spotted (rom an o5scure site ma+ not 5e so great a(ter all4 It
could *ell 5e in(ecting +our 'C as the main program is installing4
I( +our 'C is running an+ version o( Findo*s, and it hasnCt got all the latest patches
and updates, then +our computer *ill 5e attacked a (e* minutes a(ter going on the
internetH ?Non Findo*s users can go into smug modeH@
No*ada+s, the+ utiliKed the use o( re&!a5-e st!rage deices to spread viruses4
The most common is the use o( (lash drive4 %ince remova5le drives like (lash drive,
CD6DVDs have the aut!run (unctionalit+, a simple command that ena5les the eBecuta5le
(ile to run automaticall+, the+ eBploited and altered it so it *ill automaticall+ run the virus
?normall+ *ith 4eBe, 45at, 4v5s (ormat@ *hen +ou insert +our (lash drive or CD6DVDs4
Virus in"ected S%&$t!&s
Common s+mptoms o( a virus1in(ected computer include
unusuall+ slo* running speeds
(ailure to respond to user input
s+stem crashes and constant s+stem restarts that are triggered
automaticall+4
Individual applications also might stop *orking correctl+,
disk drives might 5ecome inaccessi5le,
unusual error messages ma+ pop up on the screen,
menus and dialog 5oBes can 5ecome distorted and peripherals like printers
might stop responding4
$ou canCt access +our disk drives Other s+mptoms to look out (or are strange
error messages, documents not printing correctl+, and distorted menus and
dialogue 5oBes4 Tr+ not to panic i( +our computer is eBhi5iting one or t*o
items on the list4
Misrak TVET College
Neep in mind that these t+pes o( hard*are and so(t*are pro5lems are not
al*a+s caused 5+ viruses, 5ut in(ection is certainl+ a strong possi5ilit+ that is *orth
investigating4
Re&!a-
The (irst step in removing computer viruses is insta--ing an% u$dates that
are availa5le (or +our operating s+stemE modern operating s+stems *ill
automaticall+ look (or updates i( the+ are connected to the Internet4 I( +ou do not
alread+ hae anti1irus s!"t#are on +our computer, su5scri5e to a service and
use the so(t*are to do a complete scan o( +our computer4 %ince ne* computer
viruses are constantl+ 5eing created, set +our anti1virus program to automaticall+
check (or updates regularl+4
/reenti!n
In order to prevent (uture computer in(ections)
use an Internet "ire#a--,
check (or operating s+stem and anti1virus program updates,
scan +our computer regularl+ and eBercise caution *hen handling email and
Internet (iles4
! "ire#a-- is a program or piece o( hard*are that helps screen out viruses,
*orms and hackers *hich are attempting to interact *ith +our computer via the
Internet4 On modern computers, (ire*alls come pre1installed and are turned on 5+
de(ault, so +ou pro5a5l+ alread+ have one running in the 5ackground4 Fhen
opening email attachments, donCt assume the+ are sa(e 7ust 5ecause the+ come
(rom a (riend or relia5le sourceE the sender ma+ have unkno*ingl+ (or*arded an
attachment that contains a virus4
Learning #uide Date) -01/-,. 'age 1' o( /2
Misrak TVET College
Se-"1Chec2 . (ritten Test
Instructi!n3 !ns*er all the Duestions listed 5elo*, i( +ou have some di((icult+ doing this sel(1
,4 Fhat is the most common *a+ that a virus can get to +our computerI
/4 $ou can also get virus 5+ *hatI
:4 No*ada+s *hat do the viruses utiliKe (or them to spreadI
.4 Fhat is a simple command that ena5les the eBecuta5le (ile to run automaticall+I
04 #ive at least (ive?0@ Common s+mptoms o( a virus1in(ected computer
<4 Fhat is the (irst step in removing a virus to +ou computerI
>4 Fhat is another step +ou must do to in removing a virus to +our computerI
24 It is a program or piece o( hard*are that helps screen out viruses, *orms and hackers *hich
are attempting to interact *ith +our computer via the Internet4
=4 Fhat are the : *a+s to prevent +our computer to get in(ected *ith virusI
$ou must a5le to get ,/points to 5e competent other*ise +ouJll take another test
Learning #uide Date) -01/-,. 'age 1. o( /2
Misrak TVET College
In"!r&ati!n Sheet 0 !nti-virus Soft"are
Antiirus s!"t#are
Antiirus or anti1irus s!"t#are is used to prevent, detect, and remove
mal*are, including 5ut not limited to computer viruses, computer *orm, tro7an horses,
sp+*are and ad*are4 This page talks a5out the so(t*are used (or the prevention and
removal o( such threats, rather than computer securit+ implemented 5+ so(t*are
methods4
! variet+ o( strategies are t+picall+ emplo+ed4 Signature15ased detecti!n
involves searching (or kno*n patterns o( data *ithin eBecuta5le code4 "o*ever, it is
possi5le (or a computer to 5e in(ected *ith ne* mal*are (or *hich no signature is +et
kno*n4
To counter such so1called Kero1da+ threats, heuristics can 5e used4 One t+pe o(
heuristic approach, generic signatures, can identi(+ ne* viruses or variants o( eBisting
viruses 5+ looking (or kno*n malicious code, or slight variations o( such code, in (iles4
%ome antivirus so(t*are can also predict *hat a (ile *ill do 5+ running it in a sand5oB and
anal+King *hat it does to see i( it per(orms an+ malicious actions4
No matter ho* use(ul antivirus so(t*are can 5e, it can sometimes have dra*5acks4
!ntivirus so(t*are can i&$air a computerCs per(ormance4 IneBperienced users ma+ also
have trou5le understanding the prompts and decisions that antivirus so(t*are presents
them *ith4 !n incorrect decision ma+ lead to a securit+ 5reach4 I( the antivirus so(t*are
emplo+s heuristic detection, success depends on achieving the right 5alance 5et*een (alse
positives and (alse negatives4 ,a-se $!sities can 5e as destructive as "a-se negaties4
,a-se $!sities are *rong detection 5+ an anti1virus *here legitimate (iles *ere
mistakenl+ identi(ied as viruses *hile ,a-se negaties are *rong detection 5+ an anti1
virus *here legitimate viruses *ere not detected as viruses4
Finall+, antivirus so(t*are generall+ runs at the highl+ trusted kernel level o(
the operating s+stem, creating a potential avenue o( attack4

Misrak TVET College

!n eBample o( (ree antivirus so(t*are) C-a&T2 .9>;9
Most o( the computer viruses *ritten in the earl+ and &id 1=;>s *ere limited to
se-"1re$r!ducti!n and had n! speci(ic da&age routine 5uilt into the code4 That
changed *hen more and more programmers 5ecame acDuainted *ith virus programming
and created viruses that manipulated or even destro+ed data on in(ected computers4
There are competing claims (or the innovator o( the (irst antivirus product4 'ossi5l+
the (irst pu5licl+ documented removal o( a computer virus in the *ild *as per(ormed 5+
+ernd ,i< in 1=;:4
,red C!hen, *ho pu5lished one o( the (irst academic papers on computer viruses
in ,=2., 5egan to develop strategies (or antivirus so(t*are in ,=22 that *ere picked up
and continued 5+ later antivirus so(t*are developers4
!lso in ,=22 a mailing list named VIRUS1L *as started on
the AITNET6E!N net*ork *here ne* viruses and the possi5ilities o( detecting and
eliminating viruses *ere discussed4 %ome mem5ers o( this mailing list like Mohn
Mc!(ee or Eugene Naspersk+ later (ounded so(t*are companies that developed and sold
commercial antivirus so(t*are4
Ae(ore internet connectivit+ *as *idespread, viruses *ere t+picall+ spread 5+
in(ected "-!$$% dis2s4 !ntivirus so(t*are came into use, 5ut *as updated relativel+
in(reDuentl+4 During this time, virus checkers essentiall+ had to check eBecuta5le (iles and
the 5oot sectors o( (lopp+ disks and hard disks4 "o*ever, as internet usage 5ecame
common, viruses 5egan to spread online4
Misrak TVET College
Over the +ears it has 5ecome necessar+ (or antivirus so(t*are to chec2 an
increasing ariet% !" "i-es, rather than 7ust eBecuta5les, (or several reas!ns)
'o*er(ul macros used in *ord processor applications, such as Microso(t
Ford, presented a risk4 Virus #riters c!u-d use the &acr!s t! #rite
iruses e&5edded #ithin d!cu&ents9 This meant that computers could
no* also 5e at risk (rom in(ection 5+ opening documents *ith hidden
attached macros4
Later e&ai- $r!gra&s, in particular Micr!s!"t?s Out-!!2
E<$ress and Out-!!27 #ere u-nera5-e t! iruses e&5edded in the
e&ai- 5!d% itse-"4 ! userCs computer could 5e in(ected 5+ 7ust opening or
previe*ing a message4
!s al*a+s1on 5road5and connections 5ecame the norm, and more and more viruses
*ere released, it 5ecame essential to update virus checkers more and more (reDuentl+4
Even then, a ne* Kero1da+ virus could 5ecome *idespread 5e(ore antivirus companies
released an update to protect against it4
Ma-#are5%tes? Anti1Ma-#are ersi!n 1906 1 a proprietar+ (ree*are antimal*are
product
There are seera- &eth!ds #hich antiirus s!"t#are can use t! identi"% &a-#are9
Signature 5ased detecti!n is the most common method4 To identi(+ viruses and
other mal*are, antivirus so(t*are c!&$ares the c!ntents !" a "i-e t!
a dicti!nar% !" irus signatures4 Aecause viruses can em5ed themselves in
eBisting (iles, the entire (ile is searched, not 7ust as a *hole, 5ut also in pieces4
Misrak TVET College
8euristic15ased detecti!n, like malicious activit+ detection, can 5e used to
identi(+ unkno*n viruses4
,i-e e&u-ati!n is another heuristic approach4 File emulation involves eBecuting a
program in a virtual environment and logging *hat actions the program per(orms4
Depending on the actions logged, the antivirus so(t*are can determine i( the
program is malicious or not and then carr+ out the appropriate disin(ection actions4
Signature15ased detecti!n
Traditionall+, antivirus so(t*are heavil+ relied upon signatures to identi(+ mal*are4
This can 5e ver+ e((ective, 5ut cannot de(end against mal*are unless samples have
alread+ 5een o5tained and signatures created4 Aecause o( this, signature15ased
approaches are n!t e""ectie against ne#, unkno*n viruses4
!s ne* viruses are 5eing created each da+, the signature15ased detection approach
re@uires "re@uent u$dates o( the virus signature dictionar+4 To assist the antivirus
so(t*are companies, the so(t*are ma+ allo* the user to upload ne* viruses or variants to
the compan+, allo*ing the virus to 5e anal+Ked and the signature added t! the
dicti!nar%4
!lthough the signature15ased approach can e((ectivel+ contain virus out5reaks,
virus authors have tried to sta+ a step ahead o( such so(t*are 5+ *riting
A!-ig!&!r$hicA7 A$!-%&!r$hicA and, more recentl+, A&eta&!r$hicA iruses, *hich
encr%$t parts o( the&se-es or other*ise modi(+ themselves as a &eth!d !" disguise,
s! as t! n!t &atch irus signatures in the dicti!nar%4
8euristics
%ome more sophisticated antivirus so(t*are uses heuristic anal+sis to identi(+ ne*
mal*are or variants o( kno*n mal*are4
Man+ iruses start as a sing-e in"ecti!n and through either mutation or
re(inements 5+ other attackers, can gr!# into doKens o( slightl+ di((erent strains, called
ariants4 #eneric detection re(ers to the detection and removal o( multiple threats using
a single virus de(inition4
For eBample, the Vund! tr!*an has several (amil+ mem5ers, depending on the
antivirus vendorCs classi(ication4 %+mantec classi(ies mem5ers o( the Vundo (amil+ into
t*o distinct categories, Tro7an4Vundo and Tro7an4Vundo4A4
Fhile it ma+ 5e advantageous to identi(+ a speci(ic virus, it can 5e Duicker to detect
a virus (amil+ through a generic signature or through an ineBact match to an eBisting
Learning #uide Date) -01/-,. 'age 1: o( /2
Misrak TVET College
signature4 Virus researchers (ind common areas that all viruses in a (amil+ share uniDuel+
and can thus create a single generic signature4 These signatures o(ten contain non1
contiguous code, using *ildcard characters *here di((erences lie4 These *ildcards allo*
the scanner to detect viruses even i( the+ are padded *ith eBtra, meaningless code4 !
detection that uses this method is said to 5e Gheuristic detection4G
R!!t2it detecti!n
!nti1virus so(t*are can also scan (or rootkitsE a r!!t2it irus is a t+pe
o( mal*are that is designed to gain administrative1level control over a computer s+stem
*ithout 5eing detected4 ootkits can change ho* the operating s+stem (unctions and in
some cases can tamper *ith the anti1virus program and render it ine((ective4 ootkits are
also di((icult to remove, in some cases reDuiring a complete re1installation o( the operating
s+stem4
Une<$ected rene#a- c!sts
%ome commercial antivirus so(t*are end1user license agreements include a clause
that the su5scription *ill 5e automaticall+ rene*ed, and the purchaserCs credit card
automaticall+ 5illed, at the rene*al time *ithout eBplicit approval4 For
eBample, Mc!(ee reDuires users to unsu5scri5e at least <- da+s 5e(ore the eBpiration o(
the present su5scription *hile AitDe(ender sends noti(ications to unsu5scri5e :- da+s
5e(ore the rene*al4 Norton !ntivirus also rene*s su5scriptions automaticall+ 5+ de(ault4
R!gue securit% a$$-icati!ns
%ome apparent antivirus programs are actuall+ mal*are masDuerading as
legitimate so(t*are, such as FinFiBer and M% !ntivirus4
/r!5-e&s caused 5% "a-se $!sities
! G(alse positiveG is *hen antivirus so(t*are identi(ies a non1malicious (ile as a
virus4 Fhen this happens, it can cause serious pro5lems4 For eBample, i( an antivirus
program is con(igured to immediatel+ delete or Duarantine in(ected (iles, a (alse positive in
an essential (ile can render the operating s+stem or some applications unusa5le4 In Ma+
/-->, a (ault+ virus signature issued 5+ %+mantec mistakenl+ removed essential operating
s+stem (iles, leaving thousands o( 'Cs una5le to 5oot4 !lso in Ma+ /-->, the eBecuta5le
(ile reDuired 5+ 'egasus Mail *as (alsel+ detected 5+ Norton !ntiVirus as 5eing a Tro7an
and it *as automaticall+ removed, preventing 'egasus Mail (rom running4 Norton anti1
virus had (alsel+ identi(ied three releases o( 'egasus Mail as mal*are, and *ould delete
the 'egasus Mail installer (ile *hen that happened4 In response to this 'egasus Mail
stated)
Learning #uide Date) -01/-,. 'age 1; o( /2
Misrak TVET College
8On the 5asis that Norton6%+mantec has done this (or ever+ one o( the last three
releases o( 'egasus Mail, *e can onl+ condemn this product as too (la*ed to use,
and recommend in the strongest terms that our users cease using it in (avor o(
alternative, less 5ugg+ anti1virus packages49
In !pril /-,-, Mc!(ee Virus%can detected sch!st9e<e, a normal Findo*s 5inar+,
as a virus on machines running Findo*s O' *ith %ervice 'ack :, causing a re5oot loop
and loss o( all net*ork access4
In Decem5er /-,-, a (ault+ update on the !V# anti1virus suite damaged <.15it
versions o( Findo*s >, rendering it una5le to 5oot, due to an endless 5oot loop created4
Fhen Microso(t Findo*s 5ecomes damaged 5+ (ault+ anti1virus products, (iBing the
damage to Microso(t Findo*s incurs technical support costs and 5usinesses can 5e (orced
to close *hilst remedial action is undertaken4

S%ste& and inter!$era5i-it% re-ated issues
Running &u-ti$-e antiirus $r!gra&s c!ncurrent-% can degrade
$er"!r&ance and create c!n"-icts4 "o*ever, using a concept called multi1scanning,
several companies ?including # Data and Microso(t@ have created applications *hich can
run &u-ti$-e engines c!ncurrent-%4
It is s!&eti&es necessar% t! te&$!rari-% disa5-e irus $r!tecti!n #hen
insta--ing &a*!r u$dates such as Findo*s %ervice 'acks or updating graphics card
drivers4 !ctive antivirus protection ma+ partiall+ or completel+ prevent the installation o(
a ma7or update4
! &in!rit% !" s!"t#are $r!gra&s are n!t c!&$ati5-e #ith anti1irus
s!"t#are4 For eBample, the TrueCr+pt trou5leshooting page reports that anti1virus
programs can con(lict *ith TrueCr+pt and cause it to mal(unction4
E""ectieness
%tudies in Decem5er /--> sho*ed that the e((ectiveness o( antivirus so(t*are had
decreased in the previous +ear, particularl+ against unkno*n or Kero da+ attacks4 The
computer magaKine cCt (ound that detection rates (or these threats had dropped (rom .-1
0-P in /--< to /-1:-P in /-->4 !t that time, the onl+ eBception *as
the NOD:/ antivirus, *hich managed a detection rate o( <2 percent4
Learning #uide Date) -01/-,. 'age 1= o( /2
Misrak TVET College
The pro5lem is magni(ied 5+ the changing intent o( virus authors4 %ome +ears ago
it *as o5vious *hen a virus in(ection *as present4 The viruses o( the da+, *ritten 5+
amateurs, eBhi5ited destructive 5ehavior or pop1ups4 M!dern iruses are o(ten #ritten
5+ $r!"essi!na-s, (inanced 5+ criminal organiKations4
Independent testing on all the ma7or virus scanners consistentl+ sho*s that none
provide ,--P virus detection4 The 5est ones provided as high as ==4<P detection, *hile
the lo*est provided onl+ 2,42P in tests conducted in Fe5ruar+ /-,-4 !ll virus scanners
produce (alse positive results as *ell, identi(+ing 5enign (iles as mal*are4
!lthough methodologies ma+ di((er, some nota5le independent Dualit+ testing
agencies include !V1Comparatives, IC%! La5s, Fest Coast La5s, VA,-- and other
mem5ers o( the !nti1Mal*are Testing %tandards OrganiKation4
Ne# iruses
!nti1virus programs are not al*a+s e((ective against ne* viruses, even those that
use non1signature15ased methods that should detect ne* viruses4 The reason (or this is
that the irus designers test their ne# iruses !n the &a*!r anti1irus
a$$-icati!ns to make sure that the+ are not detected 5e(ore releasing them into the *ild4
%ome ne* viruses, particularl+ ransom*are, use pol+morphic code to avoid
detection 5+ virus scanners4 Merome %egura, a securit+ anal+st *ith 'aretoLogic,
eBplained)
8ItCs something that the+ miss a lot o( the time 5ecause this t+pe o( Qransom*are
virusR comes (rom sites that use a pol+morphism, *hich means the+ 5asicall+
randomiKe the (ile the+ send +ou and it gets 5+ *ell1kno*n antivirus products ver+
easil+4 ICve seen people (irsthand getting in(ected, having all the pop1ups and +et
the+ have antivirus so(t*are running and itCs not detecting an+thing4 It actuall+ can
5e prett+ hard to get rid o(, as *ell, and +ouCre never reall+ sure i( itCs reall+ gone4
Fhen *e see something like that usuall+ *e advise to reinstall the operating s+stem
or reinstall 5ackups49
! proo( o( concept virus has used the Gra$hics /r!cessing Unit BG/UC to avoid
detection (rom anti1virus so(t*are4 The potential success o( this involves 5+passing
the C'& in order to make it much harder (or securit+ researchers to anal+Ke the inner
*orkings o( such mal*are4
R!!t2its
Detecting rootkits is a ma7or challenge (or anti1virus programs4 ootkits have (ull
administrative access to the computer and are invisi5le to users and hidden (rom the list
Learning #uide Date) -01/-,. 'age '> o( /2
Misrak TVET College
o( running processes in the task manager4 R!!t2its can &!di"% the inner #!r2ings !"
the !$erating s%ste& and ta&$er #ith antiirus $r!gra&s9
Da&aged "i-es
Files *hich have 5een damaged 5+ computer viruses are n!r&a--% da&aged
5e%!nd rec!er%4 !nti1virus so(t*are removes the virus code (rom the (ile during
disin(ection, 5ut this does not al*a+s restore the (ile to its undamaged state4 In such
circumstances, damaged (iles can onl+ 5e restored (rom eBisting 5ackupsE installed
so(t*are that is damaged reDuires re1installation4
,ir&#are issues
!ctive anti1virus so(t*are can inter(ere *ith a (irm*are update process4 !n+
#ritea5-e "ir&#are in the computer can 5e in(ected 5+ malicious code4 This is a ma7or
concern, as an in(ected AIO% could reDuire the actual AIO% chip to 5e replaced to ensure
the malicious code is completel+ removed4 !nti1virus so(t*are is not e((ective at protecting
(irm*are and the mother5oard AIO% (rom in(ection4
! command1line virus scanner, C-a& AV >9=49', running a virus signature
de(inition update, scanning a (ile and identi(+ing a Tro7an
Installed antivirus so(t*are running on an individual computer is onl+ one method
o( guarding against viruses4 Other methods are also used, including cloud15ased antivirus,
(ire*alls and on1line scanners4
C-!ud antiirus
Learning #uide Date) -01/-,. 'age '1 o( /2
Misrak TVET College
Cloud antivirus is a technolog+ that uses light*eight agent so(t*are on the
protected computer, *hile o((loading the ma7orit+ o( data anal+sis to the providerCs
in(rastructure4
One approach to implementing cloud antivirus involves scanning suspicious (iles
using multiple antivirus engines4 This approach *as proposed 5+ an earl+ implementation
o( the cloud antivirus concept called Cloud!V4 C-!udAV #as designed t! send
$r!gra&s !r d!cu&ents t! a net#!r2 c-!ud #here &u-ti$-e antiirus and
5ehai!ra- detecti!n $r!gra&s are used si&u-tane!us-% in !rder t! i&$r!e
detecti!n rates9 'arallel scanning o( (iles using potentiall+ incompati5le antivirus
scanners is achieved 5+ spa*ning a virtual machine per detection engine and there(ore
eliminating an+ possi5le issues4 Cloud!V can also per(orm Gretr!s$ectie detecti!n,G
*here5+ the cloud detection engine rescans all (iles in its (ile access histor+ *hen a ne*
threat is identi(ied thus improving ne* threat detection speed4 Finall+, Cloud!V is a
solution (or e((ective virus scanning on devices that lack the computing po*er to per(orm
the scans themselves4
Net#!r2 "ire#a--
Net*ork (ire*alls prevent unkno*n programs and processes (rom accessing the
s+stem4 "o*ever, the+ are not antivirus s+stems and make no attempt to identi(+ or
remove an+thing4 The+ ma+ protect against in(ection (rom outside the protected computer
or net*ork, and limit the activit+ o( an+ malicious so(t*are *hich is present 5+ 5locking
incoming or outgoing reDuests on certain TC'6I' ports4 ! (ire*all is designed to deal *ith
5roader s+stem threats that come (rom net*ork connections into the s+stem and is not an
alternative to a virus protection s+stem4
On-ine scanning
%ome antivirus vendors maintain *e5sites *ith (ree online scanning capa5ilit+ o(
the entire computer, critical areas onl+, local disks, (olders or (iles4 /eri!dic !n-ine
scanning is a g!!d idea (or those that run antivirus applications on their computers
5ecause those applications are (reDuentl+ slo* to catch threats4 One !" the "irst things
that &a-ici!us s!"t#are d!es in an attac2 is disa5-e an% e<isting antiirus
s!"t#are and sometimes the onl+ *a+ to kno* o( an attack is 5+ turning to an online
resource that isnCt alread+ installed on the in(ected computer4
S$ecia-ist t!!-s
Learning #uide Date) -01/-,. 'age '' o( /2
Misrak TVET College
&sing rkhunter to scan (or r!!t2its on an&5untu LinuB computer4
Virus removal tools are availa5le to help remove stu55orn in(ections or certain
t+pes o( in(ection4 EBamples include Trend MicroCs ootkit Auster, and rkhunter (or the
detection o( rootkits, !viraCs !ntiVir emoval Tool, 'CTools Threat emoval
Tool, and !V#Cs !nti1Virus Free /-,,4
! rescue dis2 that is 5!!ta5-e, such as a CD !r US+ st!rage deice, can 5e
used to run antivirus so(t*are outside o( the installed operating s+stem, in order to
remove in(ections *hile the+ are dormant4 A 5!!ta5-e antiirus dis2 can 5e use"u-
#hen7 "!r e<a&$-e7 the insta--ed !$erating s%ste& is n! -!nger 5!!ta5-e !r has
&a-#are that is resisting a-- atte&$ts t! 5e re&!ed 5% the insta--ed antiirus
s!"t#are9
E<a&$-es o( some o( these 5!!ta5-e dis2s include the Aira AntiVir Rescue
S%ste&7 /CT!!-s A-ternate O$erating S%ste& Scanner7 and AVG Rescue CD4 The
!V# escue CD so(t*are can also 5e installed onto a &%A storage device, that is 5oota5le
on ne*er computers4
! surve+ 5+ %+mantec in /--= (ound that a third o( small to medium siKed 5usiness
did not use antivirus protection at that time, *hereas more than 2-P o( home users had
some kind o( antivirus installed4
Se-"1Chec2 0 (ritten Test
Instructi!n3 !ns*er all the Duestions listed 5elo*, i( +ou have some di((icult+ doing this sel(1
,4 It is used to prevent, detect, and remove mal*are, including 5ut not limited to computer
viruses, computer *orm, tro7an horses, sp+*are and ad*are4
/4 This virus detection strateg+ compares the contents o( a (ile to a dictionar+ o( virus signatures
:4 This virus detection strateg+ can identi(+ ne* viruses or variants o( eBisting viruses 5+ looking
(or kno*n malicious code4
.4 The dra*5acks o( antivirus so(t*are it that it can LLLLLLLLL a computerCs per(ormance4
Learning #uide Date) -01/-,. 'age '. o( /2
Misrak TVET College
04 Fhich is more destructive False Negative or False 'ositiveI
<4 Fhat do +ou call a *rong detection o( a virus that has not 5een detected as a threatI
>4 Fhat do +ou call a *rong detection *here a legitimate (ile *as mistakenl+ detected as a virusI
24 Most Viruses *ritten in mid ,=2-s *ere limited to *hatI
=4 The (irst pu5licl+ documented removal o( a computer virus in the *ild *as per(ormed 5+ *homI
,-4 Ae(ore internet connectivit+ *as *idespread, viruses *ere t+picall+ spread 5+ in(ected *hatI
,,4 #ive at least t*o ?/@ reasons *h+ it has 5ecome necessar+ (or antivirus so(t*are to check an
increasing variet+ o( (iles, rather than 7ust eBecuta5les4
,/4 Fhat is another heuristic virus detection approachI
,:4 %ignature15ased detection is not e((ective *ith *hat virusI
,.4 Fhat are the : kinds o( viruses *hich encr%$t parts o( the&se-es or other*ise modi(+
themselves as a &eth!d !" disguise)
,04 It is a t+pe o( mal*are that is designed to gain administrative1level control over a computer
s+stem *ithout 5eing detected4
,<4 Normall+, modern viruses *ere created 5+ *homI
,>4 It is a technolog+ that uses light*eight agent so(t*are on the protected computer4
,24 Cloud!V per(ormed this *here5+ the cloud detection engine rescans all (iles in its (ile access
a4 histor+ *hen a ne* threat is identi(ied thus improving ne* threat detection speed4
,=4 It prevent unkno*n programs and processes (rom accessing the s+stem4
/-4 #ive three?:@ eBamples o( 5oota5le disks4
$ou must a5le to get /-points to 5e competent other*ise +ouJll take another test
O$erati!n Sheet 1 rotecting your computer from Viruses
You can protect yourself against viruses with a few simple steps:
If you are truly worried aout traditional !as opposed to e"mail# viruses, you should e
running a more secure operating system li$e %NI&' You never hear aout viruses on
these operating systems ecause the security features $eep viruses !and unwanted
human visitors# away from your hard dis$'
If you are using an unsecured operating system, then uying virus protection
software is a nice safeguard'
If you simply avoid programs from un#no"n sources !li$e the Internet#, and
instead stic$ with commercial software purchased on (Ds, you eliminate almost all of
the ris$ from traditional viruses'
Misrak TVET College
You should ma$e sure that $acro Virus rotection is enaled in all )icrosoft
applications, and you should N*V*R run macros in a document unless you $now
what they do' +here is seldom a good reason to add macros to a document, so
avoiding all macros is a great policy'
You should never dou%le-clic# on an e-mail attachment that contains an
e&ecuta%le' ,ttachments that come in as -ord files !'D.(#, spreadsheets !'&/0#,
images !'1I2#, etc', are data files and they can do no damage !noting the macro virus
prolem in -ord and *3cel documents mentioned aove#' 4owever, some viruses
can now come in through '5P1 graphic file attachments' , file with an e3tension li$e
*&*, (.) or V60 is an e3ecutale, and an e3ecutale can do any sort of damage it
wants' .nce you run it, you have given it permission to do anything on your machine'
+he only defense is never to run e3ecutales that arrive via e"mail'
.pen the .ptions dialog from the
+ools menu in )icrosoft -ord and ma$e
sure that )acro Virus Protection is
enaled' Newer versions of -ord allow
you to customi7e the level of macro
protection you use'
Setting Aut!&atic U$dates in %!ur c!&$uter
!sk the trainer (or the cop+ o( the video on ho* to set !utomatic &pdates4
Turn the "ire#a-- !n
!sk the trainer (or the cop+ o( the video on ho* to turn on the (ire*all4
Setting Internet Lee- !" Securit%
!sk the trainer (or the cop+ o( the video on ho* to set Internet Level %ecurit+4
Setting Macr! Lee- !" Securit%
!sk the trainer (or the cop+ o( the video on ho* to set Macro Level %ecurit+4
Misrak TVET College
La$ Test /ractica- De&!nstrati!n
Name) LLLLLLLLLLLLLLLLLLLLLLLL Date) LLLLLLLLLLLLLLLL
Time started) LLLLLLLLLLLLLLLLLLL Time (inished) LLLLLLLLLLLLLLLL
Instructi!ns3 $ou are reDuired to per(orm the (ollo*ing individuall+ *ith the presence o(
+our teacher4
,4 %et the internet (ire*all on
/4 %et the automatic updates on
:4 Ena5le Macro Virus 'rotection on M% Ford, M% EBcel and M% !ccess
Misrak TVET College
.4 Install an+ %o(t*are !ntivirus
04 Install Deep(reeKe ?optional@
$our teacher *ill evaluate +our output either satis(actor+ or unsatis(actor+4 I(
unsatis(actor+, +our teacher shall advice +ou on additional *ork4 Aut i( satis(actor+,
+ou can proceed to the neBt topic4
Learning #uide Date) -01/-,. 'age ': o( /2
Misrak TVET College
Learning #uide Date) -01/-,. 'age '; o( /2

Lo 2

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Lo 2

Transféré par

Droits d'auteur :

Formats disponibles

Misrak TVET College

Training, Teaching and Learning Materials Development

De(ine and identi(+ common t+pes o( destructie s!"t#are

Vous aimerez peut-être aussi