CHAPTER 17 ANTIVIRUS SOFTWARE

	Introduction:
	The antivirus software is like a guard that identifies and destroys viruses on your system before the virus can cause any serious damage to your system such as deleting important files or formatting your system. Antivirus software can also protect your system from harmful programs such as Trojans and worms.
17.1 Types of Computer Viruses
	Computer virus is a program written that can attach itself to a file when the infected file is opened, infects other files on the system, and also spreads to other systems with the help of infected files. Viruses damage the system by deleting files on the system, increasing the file sizes, or automatically formatting the system
	17.1.1 Boot Viruses
	The boot sector virus copies the virus code in the boot sector of the disk, this ensures that the virus is always executed and loaded in the memory when the system starts. Once the virus is loaded in the memory it infects other files. In addition, it also infects the floppy disks that are inserted in the drive and spreads itself to other systems. For example, the virus Tequila infects all the EXE files on the system and also infects the Master Boot Record of the hard disk.
	17.1.2 Polymorphic Viruses
	A person can keep on changing the way he looks to disguise himself this makes it difficult to trace a person. Similarly, polymorphic viruses are coded in such a way that they infect a system and change their signature before infecting the next system. As a result, the antivirus software finds it difficult to identify this virus, as it looks different after every infection. For example, the virus Hare copies the virus code in the boot sector of the hard disk and infects floppy disks inserted in the system, it also changes the viruses signature frequently to prevent Antivirus software from detecting it.
	17.1.3 Macro Viruses
	Macros are blocks of code written to automate frequently performed tasks and embedded in a program file such as a Word document or an Excel worksheet. When a macro having the virus code is executed, it infects the files on the system. For example, the Love Bug virus erases files on the infected system and emails a copy of the macro virus to contacts from the users address book.
	17.1.4 Worms
	Worms are programs that replicate and spread to other systems. A worm resides in the system memory and spreads without attaching itself to a file. They may cause damage to the system such as deleting files from the system and may also slow down the system. For example, the worm Melissa attaches itself to an email and sends the email to all the contacts specified in the users address book, it also clogs email servers.
	17.1.5 Trojans
	A Trojan is a program file that claims to do something but it actually does something that is not required. For example, a Trojan may pose as a computer game but when it is executed it may also delete files from your system or email the passwords stored on your system to the Trojan writers email address. Trojans also allow remote users and hackers to gain unauthorized access to your system. The Trojan Subseven allows a hacker to take control of the mouse, eject the CD-ROM drive, and delete/download/upload files from the system. The Trojan.Treb supplies hackers with the infected system information and the systems IP address.
17.2 Installing Antivirus Software
	You must install an antivirus software such as Panda Antivirus, Norton AntiVirus, or PC-cillin on the system to protect it from viruses. You must check the reliability and the features offered by an antivirus software before installing it on the system
	17.2.1 Norton AntiVirus 2004
	You can install Norton AntiVirus 2004 software from the CD to protect the system from viruses, worms, and Trojans. You can also download a shareware copy of the software from the company website or from a download site such as www.download.com.
	Best practices
	1. Check if your system has the necessary requirements specified in the software System Requirements. 2. Uninstall any previous version of Norton AntiVirus, or any other antivirus software already installed on the system. Restart the system after uninstalling the software. 3. Open Regedit. Browse to HKEY _ Local Machine _ Software. Delete the entry Symantec. 4. Close all open files and programs before installing the software.
	Hands on exercise
	To install Norton AntiVirus 2004 : 1. Insert the Norton AntiVirus 2004 CD in the CD drive. 2. Browse the CD and locate the software setup file such as NAV.exe on the CD. 3. Run the setup file. A dialog box appears prompting to run a preinstall scan. 4. Click Yes to start the Pre-Install Scan. The Symantec Pre-Install Scanner dialog box is displayed.
	- Symantec Pre-Install Scanner Dialog Box
	The Symantec Pre-Install Scanner dialog box scans files on the system. The scan prompts you to delete the files that are infected with viruses. 5. View the scan report displayed in the notepad file after the completion of the pre-installation scan. 6. Close the notepad window to continue the installation. The Norton AntiVirus 2004 Setup wizard screen is displayed.
	2 Norton AntiVirus 2004 Setup Wizard
	The wizard requests information from the user required to install the software on the system. The wizard screen displays the following buttons: _ Back -Returns to the previous wizard screen _ Next - Displays the next wizard screen __ Cancel -- Stops the installation 7. ClickNext.- The License Agreement screen is displayed. The wizard screen displays the terms and conditions for using the product. 8. Select theI accept the License Agreementoption and click Next. The Select the destination folder screen is displayed.
	Select the destination folder Screen
	The above wizard screen enables you to specify the folder location where the software files must be installed. It displays theDestination Foldertext box to specify the entire folder path, and a Browsebutton to browse the folder for installing the software. _ The wizard prompts for the product activation key before this screen, if the software is a registered copy. This does not appear for the shareware copy of the software. 9. Type the path and name of the destination folder in the text box and clickNext.The Ready to install/configure the application screen is displayed.
	Ready to install/configure the application Screen
	The above wizard screen displays the installation folder paths. 10. ClickNextto start the installation. The wizard displays the Readme screen after completing the installation.
	Readme Screen
	The above wizard screen displays information about the installed software. 11. ClickNextto display the installation success screen.
	Installation Success Screen
	The above wizard screen displays a message confirming the successful installation of the software, information for users installing the software from a CD, and information for Instant Messenger users. 12. ClickFinish to complete the installation. The post installation wizard welcome screen appears.
	Post Installation Wizard Welcome Screen
	The Post Installation Wizard enables you to configure additional settings before using the Norton AntiVirus 2004 software. 13. ClickNext.The Online wizard screen appears.
	Online Wizard Screen
	The above wizard screen displays option buttons that enables you to select if you want to install the software on a trial basis, purchase the product, or enter the product key to register the product. 14. Select the required option button and click Next. The Tasks wizard screen is displayed.
	Tasks Wizard Screen
	The above wizard screen displays checkboxes that enables you to select the tasks that the software must automatically perform after installation. 15. Select the tasks that must be performed and click Next.The Summary wizard screen is displayed.
	Summary Screen
	The above wizard screen displays the configuration details selected using the wizard. 16. Click Finish to complete the installation. 17. Restart the system.
17.3 Working with the Antivirus Software
	Norton AntiVirus 2004 software protects and scans your system for viruses, worms, and Trojans. It also scans the web pages displayed in the browser for harmful code that can damage the system, clean viruses in incoming and outgoing emails. It also removes spyware software that slows down the system by tracking your system usage and leaking out important information such as passwords. The Norton AntiVirus window enables you to access and configure the different features of the software.
	Hands on exercise
	1. Select Start _ Programs _ Norton AntiVirus _ Norton AntiVirus 2004. The Norton AntiVirus window appears.
	Norton Antivirus 2004 Window
	The window displays panes that have options to access and configure the different features. You must click the option from the window that you want to access. The window displays the following: _ LiveUpdate - Displays the LiveUpdate window to update Norton AntiVirus _Options - Displays the Options window to configure Norton AntiVirus _ Help & Support - Displays a drop down menu with different help options _ Norton Antivirus - Lists the different options available: _ Status : Displays the status and a quick way to access the frequently used Norton AntiVirus features _ Scan for Viruses :Displays the different scanning options _ Reports : Displays the scan summaries and virus information
	17.3.1 Configuring
	You can configure Norton AntiVirus 2004 according to your preferences. This enables you to set the level of protection that the system must be protected with. A higher level of protection increase the system security but may impose restrictions on your activity such as some sites may not display components like animation files that the software suspects could be a virus. It may also disable spyware without which some software may not run. _ It is advisable to set options at the recommended level. To configure Norton AntiVirus, open Norton AntiVirus and click Options. The Norton AntiVirus Options window appears.
	Norton AntiVirus Options Window
	The Norton AntiVirus Options window displays the different options and a button in the left pane and the settings for the option in the right pane. The left pane displays the following: _ System - Specifies options for scanning the system _ Internet - Specifies options for scanning emails and messenger activity _ Other - Specifies the different threats that must be identified on the system _ Default All - Resets all the options to the default levels set by Norton To change the settings, you must select the required option from the left pane, and clickOK after changing the settings displayed in the right pane.
	17.3.2 Using LiveUpdate
	LiveUpdate connects to the Norton web server, downloads and updates the files required by Norton AntiVirus to identify and delete the latest viruses. _ You can also download the definitions file from http://securityresponse.symantec.com and run the file on the system not connected to the Internet.
	Hands on exercise
	To update Norton AntiVirus using LiveUpdate: 1. Open Norton AntiVirus and click LiveUpdate.The LiveUpdate window appears.
	LiveUpdate Window
	The LiveUpdate window enables you to view the list of files available for download and configure LiveUpdate. 2. Click Next.LiveUpdate connects to the Norton web server and displays a list of updates available.
	Displaying Updates Available
	The window displays the list and the size of updates available for download. You must check the updates you want to download and install and clear the ones you do not want to install. 3. Click Next.LiveUpdate downloads and installs the updates from the Internet. The summary of updates installed appears.
	Displaying Summary of Installed Updated
	4. Click Finishto close the LiveUpdate window.
	17.3.3 Scanning Drives
	Scanning checks the system for virus infected files. Norton AntiVirus 2004 enables you to select the drives, folders, or files that you want to scan.
	Best practice
	1. Update the software using LiveUpdate before scanning. 2. Close all running programs before scanning.
	Best practice
	1. Update the software using LiveUpdate before scanning. 2. Close all running programs before scanning.
	7.1.1 Advanced Technology Attachment
	The ATA transfers data between the hard disk and the system using
	Hands on exercise
	To scan drives: 1. Open Norton AntiVirus and click Scan for Viruses from the left side of the Norton Antivirus window. The Scan for Viruses pane appears. The Scan for Viruses pane displays different panes for scanning the system. The options available are: _ Task - Specifies the location to scan _ Scan my computer : Scans all the drives and folders from My Computer. _ Scan all removable drives : Scans the removable media in drives such as floppy disk drive and CD drive _ Scan all floppy disks : Scans the media in the floppy disk drives _ Scan drives : Displays a dialog box to select the drives to scan __ Scan folders : Displays a dialog box to select the folders to scan _ Scan files : Displays a dialog box to select the files to scan _ Action - Enables you to start a scan and access the Norton AntiVirus Scan Wizard to customized scan _ Scan : Starts the scan selected in the Task pane _ New : Creates a customized scan to scan selected files and folders _ Edit : Modifies the customized scan _ Delete : Removes a customized scan _ Schedule Task - Create a task schedule to scan the system _ Schedule : Enables you to specify a schedule to scan the system 2. Select the required scan from the Task pane such as Scan my computer. 3. Click Scan from the Actions pane. The Norton AntiVirus scan starts displaying the status of the scan and the files scanned.
	Scanning Files
	4. Click Finished to complete the scan.
17.4 Preventing Virus Attacks
	Viruses are dangerous software that can cause great damage to your system. The antivirus software can protect your system from virus, however at times they may not detect the new viruses. The best way to protect your system from viruses is to prevent viruses from getting into your system, as the virus mostly causes damage only after you run the virus infected file on your system.
	Best practice
	1. Install an AntiVirus software. 2. Configure the antivirus software to provide adequate protection by increasing the level of protection. 3. Regularly update the AntiVirus software. 4. Scan floppy disks and emails messages before opening them. 5. Be careful before executing files that you receive by email with the extension .exe, .com, or .vbs on the system, as they can be infected with viruses. 6. Open email attachment files only if you are expecting the attached file, or the sender is known and has confirmed sending the file.. 7. Inform the sender of an email of you suspect that someone has sent you a virus. 8. Store a fake contact in your system address book such as hfueosjh@jhfidci.com. So that you will get the bounced email if your system is infected and a worm or virus tries to send out emails using your account. 9. Try to avoid downloading and installing software from the Internet. If you have to download files, download them from trusted sources. 10. Install only registered copies of software on the system. 11. Visit the antivirus websites and refer to news websites to know the latest viruses affecting systems. 12. Download and run virus removal tools for the latest viruses available on trusted antivirus websites, such as www.norton.com. 13. Disconnect an infected system from the network, and then scan it. In addition, to prevent the Boot Sector Viruses, you can use a write-protected floppy disk as the virus cannot copy itself to a write-protected disk. To protect your system from macro viruses, disable the execution of macros on your system.
	Hands on exercise
	To disable macros in Word: 1. Select Start _ Programs _ Microsoft Word to open Word. 2. Select Tools _ Macro _ Security. The Security dialog box appears. The Security dialog box enables you to set the options for executing macros. This dialog box displays the following tabs: _ Security Level -Sets the security level for executing unsigned macros that are not from the trusted sources _ High : Does not executes unsigned macros _ Medium : Prompts the user for executing or disabling unsigned macros _ Low :Executes unsigned macros _ Trusted Sources - Lists the trusted sources for executing macros 3. Select the Highoption from the Security Level tab. 4. Click OK.