US-CERT Cyber Security Tip ST04-005 -- Understanding Anti-Virus Software

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   			Cyber Security Tip ST04-005
		     Understanding Anti-Virus Software

   Anti-virus software can identify and block many viruses before they
   can infect your computer. Once you install anti-virus software, it is
   important to keep it up to date.

What does anti-virus software do?

   Although  details may vary between packages, anti-virus software scans
   files or your computer's memory for certain patterns that may indicate
   an  infection.  The patterns it looks for are based on the signatures,
   or  definitions,  of  known  viruses.  Virus  authors  are continually
   releasing  new  and  updated viruses, so it is important that you have
   the latest definitions installed on your computer.

   Once  you  have  installed an anti-virus package, you should scan your
   entire computer periodically.
     * Automatic  scans  - Depending what software you choose, you may be
       able  to  configure  it  to  automatically  scan specific files or
       directories  and  prompt  you at set intervals to perform complete
       scans.
     * Manual  scans  - It is also a good idea to manually scan files you
       receive from an outside source before opening them. This includes

     * saving and scanning email attachments or web downloads rather than
       selecting the option to open them directly from the source
     * scanning media, including CDs and DVDs, for viruses before opening
       any of the files

What happens if the software finds a virus?

   Each  package  has its own method of response when it locates a virus,
   and  the response may differ according to whether the software locates
   the virus during an automatic or a manual scan. Sometimes the software
   will  produce  a dialog box alerting you that it has found a virus and
   asking  whether you want it to "clean" the file (to remove the virus).
   In  other  cases, the software may attempt to remove the virus without
   asking  you  first. When you select an anti-virus package, familiarize
   yourself with its features so you know what to expect.

Which software should you use?

   There  are  many vendors who produce anti-virus software, and deciding
   which one to choose can be confusing. All anti-virus software performs
   the  same function, so your decision may be driven by recommendations,
   particular  features,  availability,  or  price.  See  the  references
   section for a link to a list of some anti-virus vendors.

   Installing  any  anti-virus  software, regardless of which package you
   choose,  increases  your  level  of protection. Be careful, though, of
   email  messages  claiming  to include anti-virus software. Some recent
   viruses  arrive  as  an  email  supposedly  from  your ISP's technical
   support  department,  containing  an  attachment  that  claims  to  be
   anti-virus  software.  However,  the  attachment  itself  is in fact a
   virus,  so  you could become infected by opening it (see Using Caution
   with Email Attachments for more information).

How do you get the current virus information?

   This process may differ depending what product you choose, so find out
   what  your  anti-virus  software  requires.  Many  anti-virus packages
   include  an option to automatically receive updated virus definitions.
   Because new information is added frequently, it is a good idea to take
   advantage  of  this  option. Resist believing email chain letters that
   claim  that  a  well-known anti-virus vendor has recently detected the
   "worst virus in history" that will destroy your computer's hard drive.
   These  emails  are  usually  hoaxes  (see Identifying Hoaxes and Urban
   Legends  for  more  information).  You  can  confirm virus information
   through  your  anti-virus vendor or through resources offered by other
   anti-virus  vendors.  See the references section for a link to some of
   these resources.

   While  installing  anti-virus  software is one of the easiest and most
   effective  ways  to  protect  your  computer,  it has its limitations.
   Because  it  relies on signatures, anti-virus software can only detect
   viruses  that  have  signatures  installed  on your computer, so it is
   important  to  keep  these  signatures  up  to date. You will still be
   susceptible  to  viruses  that circulate before the anti-virus vendors
   add  their signatures, so continue to take other safety precautions as
   well.

References

     * CERT    Coordination    Center    Computer   Virus   Resources   -
       <http://www.cert.org/other_sources/viruses.html#VI>
     * Computer  Security  Division:  Computer  Security  Resource Center
       (CSRC) Virus Information - <http://csrc.nist.gov/virus/>
     _________________________________________________________________

   Both  the National Cyber Security Alliance and US-CERT have identified
   this topic as one of the top tips for home users.
     _________________________________________________________________

   Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________

   Produced 2004 by US-CERT, a government organization.

   Note: This tip was previously published and is being re-distributed 
   to increase awareness. 
  
   Terms of use
 
   <http://www.us-cert.gov/legal.html>
  
   This document can also be found at

   <http://www.us-cert.gov/cas/tips/ST04-005.html>
 

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRfgsR+xOF3G+ig+rAQL16QgAjQSnCeCotRQfAY/QtMMZIRPitlgTGbVW
1f4dhOSozdvFiy2jN+OgpODMYDskIwwSatWK4gwqc4qCFncl/8CnHoZklbQZuIpZ
K9YqQ55kYPIXs/8d/LBARbG0uK1LrmWYo+JsngqFTRHM9JlQXjFJ4/Zt0hgShI/c
25FkID2+GJFcDqcTBqhLTvb1bA1LbG+xa0dyFebQPX7pJuVok3OlY2WEGHtsNs1l
MdnQbRY0K/+zf61Z1wBT2iqfduv4M0BDXvHPJq88DmBEfJ07hNMUN1f74KqmcDoV
xrfT92tcqp/FxoCI9YGo8Oq21JkF6awg6nCrsQXXuK4B0el+jY6x6w==
=749y
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux