Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
Windows 7

Security Essentials - Blocking Viruses and Worms with an Antivirus Program

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/17/2011 11:31:59 AM
A virus is a computer program that replicates by attaching itself to another object. Viruses can infect program files, documents (in the form of macro viruses), or low-level disk and file-system structures such as the boot sector and partition table. Viruses can run when an infected program file runs; they can also reside in memory and infect files as the user opens, saves, or creates the files. A worm is a standalone program that replicates by copying itself from one computer to another, usually over a network or through e-mail attachments. The distinction between viruses and worms can be blurry and for practical purposes is unimportant.

Historically, the most common source of widespread computer virus outbreaks is the class of hostile software that replicates by sending itself to other potential victims as an attachment to an e-mail message. The accompanying message often uses "social engineering" techniques designed to lure inattentive or gullible users into opening the infected attachment. For example, some viruses arrive as attachments that mimic delivery failure reports from an e-mail server administrator. The attachment, in .zip format, ostensibly includes details of the failed message but actually contains the virus payload.

Inside Out: Beware of .zip files attached to e-mail messages

These days, most mail servers reject all incoming messages with executable files attached; even if the server doesn't stop such messages, modern e-mail clients make it difficult or impossible to run executable attachments. That simple measure completely stops most viruses written before 2003.

To work around the blockade, attachment-based viruses now typically send their payloads using the standard .zip format for compressed files. If the user opens the attachment, the contents of the compressed file appear—in Windows Explorer or in the third-party utility assigned to handle .zip files. Double-clicking the executable file within the compressed archive sets the virus in motion. Virus writers use a variety of tricks with .zip files. In some cases, they include a bogus extension in the file name and then append a large number of spaces before the real file name extension so that the actual file type doesn't appear in the window that displays archived files. Some viruses even encrypt the .zip attachment and include the password as part of the message. That allows the infected attachment to slip past some virus scanners. Most real-time scanners will detect a virus in a .zip file, either when it arrives or when the user tries to extract the file. The moral? Be wary of all attachments, even when they appear to be innocent.

Although viruses that spread through e-mail attachments have been to blame for the majority of attacks in recent years, some security experts believe that other modes of transmission represent a far greater threat and will become more prevalent in the future. By their nature, attachments (as well as files transferred with an instant messenger program, a more recent attack vector) require some cooperation from an unwitting or distracted user; that requirement dramatically limits their potential to spread unchecked. As a result, authors of hostile software are always on the lookout for techniques they can use to spread infections automatically.

The Conficker worm, which made headlines in 2009, provides an example: one of its propagation methods relies on AutoPlay, the feature that displays a menu of options when you insert a removable drive, such as a USB flash drive. On unprotected computers it displays an option to "open folder to view files" when a victim inserts an infected USB flash drive in the computer and AutoPlay runs. When clicked, that option actually executes the worm, which then attempts to spread to other computers. Windows 7 doesn't have the vulnerability that Conficker exploits in earlier (unpatched) Windows versions—but it also closes the AutoPlay vulnerability, as AutoRun (the feature that placed the bogus option in the AutoPlay dialog box) is disabled on removable drives.

Another popular mechanism is the use of scripts—written in languages such as JavaScript, JScript, or Microsoft Visual Basic Scripting Edition (often abbreviated as VBScript or VBS)—that automatically take actions on the intended victim's computer when he or she visits a webpage or views an HTML-formatted e-mail message. Protected Mode in Internet Explorer is one defense against this type of intrusion.

Yet another increasingly common mode of transmission uses e-mail to send a link to a compromised website. If the intended victim clicks the link, she's taken to a page that attempts to install hostile code automatically or prompts the visitor to download a seemingly harmless file. The file is typically disguised as something innocuous, such as a codec required to view a salacious file.

You can review "top ten" lists of current threats and detections, along with links to details about each one, at the Microsoft Malware Protection Center, w7io.com/1518.

Viruses and worms are not necessarily, by their very nature, dangerous. Most are, however—why else would a programmer need to resort to such sneaky techniques?—and you don't want them on your computer. Besides replicating itself, a virus can be programmed to do just about anything that the current user account is allowed to do, such as erase files, make registry changes, and send information over the internet. An important layer in a basic PC protection strategy, therefore, is to use up-to-date antivirus software. Windows does not include any antivirus software, but it's readily available from Microsoft and many other vendors.

1. Finding an Antivirus Program

Plenty of good antivirus programs are available. You can start your search at the Windows 7 Security Software Providers page, w7io.com/1510, which provides links to publishers of Windows 7–compatible security software, including antivirus programs. (If you haven't yet installed antivirus software, you'll find a link to this page in Action Center. Next to Virus Protection, click Find A Program Online.)

This Windows 7 Security Software Providers page provides no independent evaluation. Besides the usual review sites managed by computer magazines, you should look to ICSA Labs, which tests antivirus programs and certifies those that meet its criteria for effectiveness. You can find lists of certified programs at w7io.com/1511. Another independent tester is Austria-based AV-Comparatives.org (w7io.com/1512).

Do You Need an antivirus program?

Some computer experts—computer security experts, even—proudly point out that they don't use antivirus software. Why not? Some question its efficacy, particularly at blocking zero-day exploits for which virus definitions have not been created. (A zero-day exploit is one that exploits a security vulnerability on the same day that the vulnerability becomes widely known among security researchers.) Others point to the fact that, like every additional running program, an antivirus program adds another level of complexity and another potential attack surface for malicious software. Indeed, at one time or another, virtually every major antivirus program has been found to have some vulnerability to remote exploits. Finally, what puts some folks over the edge is the performance hit imposed by antivirus programs that constantly work in the background to examine each file as it's read from disk; the slowdown is usually small, but measurable.

How is it possible to maintain a virus-free computer without the assistance of an antivirus program? Remember that antivirus protection is just one of many security layers in a well-protected computer network. To have any hope of surviving unscathed without that layer, several other forms of protection must be in place. The network's internet gateway should provide filtering that prevents viruses from entering through a web browser or instant messenger connection; this capability is typically available only in commercial-grade firewall appliances or in a separate gateway computer that's configured for this purpose.

The e-mail server should also have virus-blocking capability. (Many ISPs and web-based mail services block all mail that contains a known virus.) In theory, those network-level layers should prevent any malware from reaching your computer, but the computer itself must be properly secured in other ways: all patches up to date, firewall enabled, User Account Control enabled, and a standard account set up for each user. The most important protective layer—and the one that is most easily overlooked—is user education and self control. Everyone who uses the computer must have the discipline to read and evaluate security warnings when they're presented and to allow the installation only of software that is known to be safe. (Although a user with a standard account is incapable of installing or running a program that wipes out the entire computer, he can still inflict enough damage on his own corner of the computer to cause considerable inconvenience.) Countless successful virus attacks worldwide have proven that most users do not have adequate awareness of safe computing methods. Indeed, our standard advice for most users is don't even think of connecting to the internet without antivirus software! Only people who really know what they're doing, and who remain vigilant, should consider joining those anti-antivirus experts.


Microsoft's entry in the consumer antivirus arena is Microsoft Security Essentials (w7io.com/1513). Microsoft Security Essentials is based on the antivirus feature of Microsoft Forefront Client Security, a business-oriented program for protection against viruses and spyware. Microsoft Security Essentials is available to Windows users at no charge.

2. Using an Antivirus Program

Installing an antivirus program is a good first step. But you're not done yet! The initial setup enables the antivirus scanning engine—the code that checks files for possible viruses. The most important part of the package is the database of virus definitions (sometimes called the signature file). After installing an antivirus package on a new computer, update it to the latest definitions immediately. Then configure the program to enable these features:

  • Install updates to program files and virus definitions using the program developer's recommended schedule, at least daily.

  • Scan each file that you access in any way. This feature is typically called real-time scanning, virus monitoring, or something similar. Don't confuse this type of scanning with scheduled scans, which periodically scan the files stored on your computer to find infected files.

  • Scan e-mail attachments and block access to infected files.

3. Scanning for Viruses—Without an Antivirus Program

On the second Tuesday of each month, as part of its normal security releases, Microsoft releases an updated version of a utility called the Malicious Software Removal Tool (MSRT). This utility is not designed to block new viruses from entering a computer; rather, its function is to clean up systems that have been infected with well-known and widespread viruses and other forms of malware. The MSRT is delivered by Windows Update, and on most computers, this tool runs silently and then deletes itself; it alerts you if it finds any infections, and lets you know if they were successfully removed.

If you prefer to scan one or more systems manually, you can download the current executable version of the MSRT from w7io.com/1514. Because this utility is updated at least monthly, we do not recommend that you save this file. For details about this tool, read Microsoft Knowledge Base article 890830 (w7io.com/1515).

As an alternative to the MSRT, free web-based virus scanning services are available from several antivirus vendors. The Windows Live safety scanner can be run from w7io.com/1516.


Periodic scanning by the MSRT or an online tool does not provide continuous protection against virus infections. For that, you need to install and run an antivirus program.

Other -----------------
- Blocking Intruders with Windows Firewall (part 2) - Allowing Connections Through the Firewall
- Blocking Intruders with Windows Firewall (part 1)
- Monitoring Your Computer's Security
- Recording and Watching TV
- Using Windows Live Web Services
- Using Windows Live Programs (part 3) - Using Windows Live Photo Gallery
- Using Windows Live Programs (part 2) - Using Windows Live Mail
- Using Windows Live Programs (part 1) - Obtaining a Windows Live ID & Using Windows Live Messenger
- Using Speech Recognition and Voice Commands
- Reading, Writing, and Editing with Pen and Touch Tools (part 1) - Using Gestures in Windows 7
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Windows Vista
Windows 7
Windows Azure
Windows Server