First line of defense...
Anti-Virus Software (free for DU students & employees)
How to tell if it's real...
And, when it is...
What is a virus?
A computer virus is a program written to enter your computer system surreptitiously and "infect" it by installing or modifying files or establishing itself in memory. Some viruses are benign and won't harm your system, while others are destructive and can damage or destroy your data.
Viruses can spread via any of the methods used to get information into your computer: network connections, shared folders, e-mail, and shared media such as flash memory, CDs, and diskettes. Once they are established on your computer, viruses work at transferring themselves to other computers. The process is not unlike the one used by viruses that affect us humans.
Sometimes people differentiate viruses by the methods they use to spread. Worms are viruses that self-replicate and spread via e-mail or networks. Trojans are seemingly legitimate computer programs that have been intentionally designed to disrupt your computing activity or use your computer for something you did not intend.
What other types of programs can harm my computer?
With improvements in communications between computers, the number of viruses, worms and Trojans and the speed with with they spread have increased dramatically. Flaws in operating systems like Windows or peer-to-peer file sharing programs and other widely distributed network software may open "backdoors" to your computer that can be exploited later. Some people constantly look for a backdoor or entry way into your computer so they can run malicious code, infect your system, or use your computer for their own personal benefit.
Some popular peer-to-peer programs are: Acquisition, Aimster, Ares, Audiogalaxy, BearShare, BitTorrent (and other BitTorrent clients), Blubster, Direct Connect, eDonkey2000, Freewire, Gnotella, Gnucleus, Grokster, GTK-Gnutella, iMesh, Kazaa, LimeWire, LordofSearch, Mactella, Morpheus, NeoNapster, OneMX, Overnet, Phex, Piolet, Qtella, Shareaza, SoulSeek, SwapNut, TrustyFiles, Warez P2P, WinMX, and XoLoX. Some of these are, no doubt, safer than others. All of them make your computer more accessible from the Internet. Less restricted access from the Internet almost always translates into a higher risk of being victimized.
Backdoors created by spyware may also be vulnerable to viruses. Spyware provides (or purports to provide) some kind of service in exchange for monitoring and reporting your activities. At a minimum, spyware is likely to degrade the performance of your computer and increase traffic on your network connection. It may also result in annoying pop-up advertisements while you surf the Web. In the worst cases, computers become so clogged with spyware that they are no longer usable.
How can I protect my computer from viruses?
Install an antivirus program and keep it updated. Information Technology has purchased a volume license for antivirus software and made it available for download by students, staff and faculty.
Keeping antivirus programs updated is imperative. Because new viruses are released every day, there's always some risk that your computer will be infected by a virus that your antivirus program does not "know" about. Unless a rapidly-spreading virus is released, you should be reasonably safe if you update your antivirus program weekly.
What do antivirus programs do?
Antivirus programs scan disk and memory looking for telltale signs of viruses called signatures. Some antivirus programs also look for spyware and system vulnerabilities. There are two basic kinds of scans:
- Real-time scans scan files as you use them or as they are loaded on to your computer.
- Complete scans scan your entire computer at a time its unlikely to be busy doing other things. They are thorough and may take an hour or more. Complete scans should be scheduled at least once a week. In addition to a regularly scheduled scan, it is a good practice to schedule or manually initiate complete scans right after you download the latest updates.
How do I know if my computer is infected by a virus?
In a perfect world, your antivirus software will warn you of an infection. However, that may not happen if you have not been downloading updates or if your antivirus software stops functioning for some reason. (For example, some viruses attack antivirus software).
There's no single symptom for virus infections. Some viruses inform you themselves by displaying messages like, "Ha, ha, you're infected by whatever." Others just usurp system and network resources to do things like send e-mail messages or propagate themselves over the network. Still others delete or corrupt critical files. If your computer starts performing differently for no apparent reason, it may be infected by a virus.
In some cases, Information Security is able to detect a virus on your computer by tracing malicious network traffic or e-mail back to your network connection. One way we use to inform you of the problem is to block your computer's access to the Internet and display a Security Warning Page whenever you attempt to access an off-campus web site.
My computer may be infected with a virus. What should I do about it?
Local expertise and assistance on cleaning up viruses is available at the the IT Help Desk.
If you elect to clean up the infection yourself, the general procedure to follow is:
- Update your antivirus software.
- Disconnect your computer from the network to prevent it from transmitting the virus over the network while it is still infected.
- Use your antivirus software to do a complete scan of all your internal disk drives and any external media such as flash memory or diskettes that you used since your computer became infected.
- Note the types of viruses that the antivirus software finds and, if possible, have it clean, quarantine or remove any infected files.
- Check the web site for the manufacturer of your antivirus software to see if you need to do anything else to remove the viruses found on your computer and prevent them from infecting it again. Some of these web sites are listed below:
- The Reference Code from the Security Warning Page.
- Your name.
- The last four digits of your DU Id.
- Your @du.edu e-mail address.
- A statement of what you have done to remove the virus from your computer.
If you would like a "second option" about your computer's infection or would like to try an alternative approach to its treatment, you might try Trend Micro's free scanning engine available at http://housecall.trendmicro.com/. (Although this is a valuable and useful tool, it does not provide real-time scanning and is, therefore, not a viable substitute for a full antivirus package. It also has the disadvantage that your computer must stay connected to the Internet during the scan.)
I received an e-mail warning about a dangerous new virus. What should I do?
Virus hoaxes sometimes spread as rapidly as viruses. Some hoaxes that have been around for years keep recirculating. Do not forward an e-mail warning about a new virus until you have verified that it is not a hoax. There are several good places to check:
- http://www.sophos.com/virusinfo/hoaxes/ and http://www.symantec.com/avcenter/hoax.html focus on virus hoaxes.
- http://hoaxbusters.org/ covers virus hoaxes and other hoaxes you're likely to stumble across on the Internet. It even lists some "true legends" that sound like they may be hoaxes but are not.
My Computer is clean. Why do I keep getting e-mail saying it is infected by a virus?
This e-mail is likely to have been generated by a combination of three things: a virus that spreads by e-mail, inappropriate options in antivirus software, and well-meaning, but naive system administrators who activate these options. Here's what happens:
- A virus that infects someone's computer scans address books and cached web pages for e-mail addresses and happens to find your address. It then attempts to propagate itself by sending e-mail to other the addresses with your address as the return address.
- Antivirus software at a recipient's site has an "return-to-sender" option that can be used to notify people who send virus-infected messages. If this option is activated, the antivirus software sends warnings to return addresses on messages that contain virus infections. Sometimes this software even "returns" original messages without removing the virus!
- Naive system administrators, thinking that people who have infected computers should be notified of the problem, turn on the "return-to-sender" option.
The problem is that "returned" messages go to forged return addresses, not to people responsible for the infected computers.
What else can I do to protect my computer from viruses?
Your first and best line of defense against any type of computer virus is a good, up-to-date antivirus program. Set up the program to do real-time scans, update virus signatures at least weekly, and do complete scans of your computer after signature updates.
Other important things you can do to protect yourself include:
- Keep software up to date. Because viruses often propagate by exploiting flaws in operating systems or commonly used programs, keep your computer's operating system and other software updated. Whenever possible configure your computer to download and install critical updates automatically. Otherwise, check for software updates regularly.
- Avoid installing spyware and other software that may open backdoors that could be exploited.
- Only use e-mail services that scan messages for viruses. (DU does.)
- Deal with e-mail carefully. Viruses are often propagated via e-mail attachments. Avoid opening attachments unless you are reasonably sure the e-mail is legitimate.