Saturday, July 31, 2010

Summary

There are several things you should do to make your system more secure, and keep it performing better.:

Change your file view settings on Windows systems so you will see all file extensions.
Always run anti-virus software and keep the virus definitions updated at least twice per week.
Never connect to the internet unless you are using a personal firewall or are behind an organizational firewall on a private network.
Never open e-mail attachments without being sure of who sent them. Keep the following in mind:
- E-mail addresses can be faked by virus programs.
- New viruses may not be recognized by your anti-virus software.
Patch your operating system regularly. This will reduce your vulnerabilities to worms and hackers. See the Applying the latest patches to your Windows 2000 Operating system to prevent viruses and worms article for more information.
Patch your applications regularly especially Microsoft Office. See the Preventing Viruses in Microsoft Office® Products article for more information.
Perform regular backups of your data.
Make an emergency boot disk to enable you to restore your system in the event of file corruption or a virus that makes it unable to boot.
Avoid installing unneeded applications and always be sure any free programs do not have a hidden purpose.

Making a Boot Disk

Open the Windows backup program on Windows 2000 by selecting Start, then Programs, then Accessories, then System Tools, then Backup. The backup utility will start as shown below.

When the Welcome tab is displayed in the Backup program, click on the "Emergency Repair Disk" button near the bottom. When the "Emergency Repair Diskette" dialog box appears select the checkbox next to "Also backup the registry to the repair diretory..." and click OK. You will need to put a blank floppy into your floppy disk drive.

Once the process is complete, you should label the floppy disk with the current date and the name of the system you are making the disk for.

If you ever get into a situation where your system will not boot, you can use this disk to help you recover your system. This is a somewhat technical process but it begins by pressing the F8 function key while the system is booting which will provide some advanced booting options, one of which will allow you to try to boot using your emergency repair disk. It is usually much easier to recover a system that has an emergency repair disk.

Removing Viruses

Removing viruses can be risky to your operating system and may cause you to need to re-install your operating system. If you do not feel comfortable with the instructions in this section, you should get a computer professional to do the job. For more information read Applying the latest patches to your Windows 2000 Operating system to prevent viruses and worms. It contains information about how to remove viruses along with other useful information.

Virus Removal Procedure

Be sure you have good backups of your data along with an emergency boot disk for your system.
Determine what viruses you have on your system.
1. Install a virus scanning program if you do not have one already installed. Use the product of your choice. It is wise to read product reviews.
2. Be sure your virus definitions are up to date. Connect to the internet and download the latest virus definitions from the company that created your anti-virus software.
3. Configure your virus scanner not to remove any viruses but only detect them. You do not want to remove the virus(es) immediately since some viruses may infect files that your system requires to run. If these files cannot be cleaned by the anti-virus program, they may be deleted or quaranteened. If this happens you may not be able to run your system again.
4. Scan for viruses but do not remove them. Note: Some viruses will stop your virus scanner from operating. If this is the case you will probably need the help of a computer professional. If you have a virus that stops your virus scanner then you will need to either share the drive across a network and scan it from another computer or remove your hard drive and place it into another computer as a second hard drive, then scan your hard drive.
Learn about the viruses you have and how to remove them. - Go to the web site of the organization that created your anti-virus software. Symantec security response site is a good site to find information about specific viruses and they provide virus removal tools.
Remove the viruses.
1. Many viruses have a removal tool which can be used to remove the virus. If there is a removal tool, download it and use it to remove the virus.
2. If there is no removal tool, you will need to follow the manual removal instructions. You may need to manually delete virus files and edit your system registry. The removal instructions will tell you how to do this, but some people may not feel comfortable doing this without the help of a computer professional.
3. If the manual instructions indicate that you should let your virus scanner remove the virus, then remove all viruses that you can with virus removal tools then run the virus scanner with it configured to remove all viruses.

Spam

Spam is unsolited junk e-mail sent to large numbers of e-mail addresses. It is used to promote some product or service and many spam e-mails are pornographic in nature.

Spam Prevention

Unfortunately there are not very many good ways of preventing spam other than keeping your e-mail address secret. It should be kept at a level of security somewhere between your phone number and your social security number. You should be careful about who you give your email address to. Many companies will sell your email address to spam lists, thus making it available to spammers.

I currently use three email accounts as follows.

The first account is the one I give to personal acquaintances.
The second account I give to companies that have a privacy policy that I am fairly certain won't sell my e-mail address.
The third account, I give to companies that I believe I cannot trust to sell my information. I don't worry if these companies can contact me.

I expect to change the third account pretty often, but hopefully the first two will last several years without much spam. The third account may be through a free internet email account service such as hotmail or yahoo.

Managing Spam

Besides keeping your e-mail address secret, the next best spam relief are programs that help you manage spam. Spam can be filtered at the mail server with some programs or they can be a program that plugs into your e-mail client program such as Outlook or Outlook Express. Basically these types of programs filter spam based on several characteristics such as:

The subject line
The address of the sender
Some programs scan the message content and consider length or wording.

Unfortunately none of these scanning methods are 100% accurate although some claim to achieve success rates into the upper 90 percentile. What most of these programs do is to create folders for "friendly" mail or "unfriendly" mail. The friendly mail is put into one folder, unfriendly mail is put into a second folder and there may be a third folder for unknown mail. Unfriendly mail is automatically deleted after some period of time. The capabilities and handling of the mail will vary from program to program. Some that I have considered using include:

Qurb
I Hate Spam
Spam Assassin

There are various opinions about what works when fighting spam. For more information and articles about how to fight spam you can find links to articles at Computer Technical Tutorials Spam .

Spam for Webmasters

If you are a webmaster, spammers will send spam to your domain by sending it to general possible accounts such as administration@yourdomain.com. One way to prevent this is to configure your account with your hosting provider not to respond to undeliverable emails and just automatically delete them. This is called a "::blackhole" setting. The only problem with this is that spammers will still use your bandwidth that you pay for to send you their junk, even though your server deletes them. As spam gets more excessive, it may increase bandwidth costs for webmasters thus discouraging some sites from operating.

Why Spam Should be Illegal

When you connect to the internet, you are paying for a specific service for your use. This service costs a specific amount of money and provides a certan connection speed to the internet. This connection speed indicates your bandwidth. The greater the connection speed, the higher the bandwidth. The higher speed connections cost more money. At this poiint you have paid for the privilege of surfing the internet with your web browser, sending and receiving e-mail, and other activities. The speed at which you can do this is limited by your bandwidth and how fast you can click pages or send or receive e-mail. Consider the Following diagram:

Each person has a connection to the internet. If the person on the right chooses to use their connection to send e-mail or junk e-mail (spam), that is their choice. They are paying for their connection and they are willing to use it in that manner.

If the person on the left does not want to receive spam, but wants to read personal e-mail and surf the internet, they are willing to receive only personal e-mail. If someone is sending them a lot of spam, they will need to wait for the junk e-mail to be delivered before they can read much of their personal e-mail. They are an unwilling participant regarding the unsolicited e-mail they are receiving. Not only is their connection being used by someone else, but it will take them additional time to sort the mix of e-mail out to get to the mail they want to read. If the receiver had willingly stated that they were interested in receiving the advertisements, it would be another matter.

Of course the sender of the spam is not using all the spam receiver's internet connection, but the spam receiver does not get the opportunity to use their connection in the way they fully intended even though they were the one paying for it. This is the same as stealing even though the effective amount may be small. Imagine, how rich you could be if you could only steal a fraction of a cent per day or week from everyone who uses the internet. That's why spam should be illegal.

Someone may argue that spam is the same as junk mail sent through the postal service so why would it be stealing. This is not true since the sender of mail through the postal service pays for the cost of both pickup and delivery. On the internet, the sender pays for the cost of pickup and the receiver pays for the cost of delivery.

The Real and Permanent Solution to Spam and Viruses

Unfortunately a permanent and good solution will take years to implement. A new mail protocol (method of sending e-mail) must be developed by the internet community and then e-mail servers must be modified to handle that protocol. The changing of the e-mail servers will take the most time.

I believe all e-mail should be digitally signed by the sender in order to be delivered. This way the sender cannot be faked and everyone must take responsibility for their own e-mails. However to get this to work right someone must find a way to keep viruses from being able to digitally sign your e-mails for you automatically. A bug in your e-mail client may allow a virus to digitally sign your e-mails causing this type of solution to be ineffective, however, in this case, there would be no doubt as to who has the virus.

Some Proposed Solutions that Won't Work

Paying for each e-mail sent - This solution will not work because it forces people to pay for services that they have already paid for. Additionally it will not prevent spammers from using poorly configured servers to send spam illegally. It will most likely force victims (those who get viruses and administrators who have spammers illegally relay mail through their mail servers) to pay for the additional e-mail. On the brighter side, it may force more administrators to lock their systems down better and force computer users to be more careful about getting viruses. If this were done, I would think it would make the most sense to allow a limited amount of email to be send on a monthly basis for free.
Reverse address to name lookup - Some ISP's want to use a check that looks at the address the mail came from and determine the name of the server. If the name does not match the name advertised by the sending mail server, then the e-mail is assumed to be spam and dropped with no notification to the sender. Not only does this violate the rules (protocol) governing the internet for sending e-mail, it will cut down or eliminate the ability for web based programs to automatically notifify users at some websites about events. For instance forum sites will notify when someone has posted an answer to a question. If the user's ISP uses reverse lookup, the user may never see the email from the forum website where they asked a question.

E-mail Viruses

Viruses that spread through e-mail have a common method of spreading. This page will discuss how common e-mail viruses currently spread.

The Virus Lifecycle

Viruses begin their life when someone releases them on the internet. They begin to spread. At this early stage of their lifecycle, no one is aware of their presence. As the virus becomes more widely spread, someone will recognize an abnormal problem with their system and investigate. Eventually a computer expert will conclude that a virus exists and notify companies that write anti virus software. The companies will research the virus and come out with an update to their database of viruses that includes information about the new virus and has information about how to recognize it. They may also release a tool that can be used to automatically remove that virus from computer systems.

Therefore the cycle is:

Release - The virus is released.
Recognition - Someone recognizes the virus.
Virus recognition database update - Antivirus programs will now recognize the virus.
Antiivirus update and removal tools

The time between step one and step three above can be significant. During this time you are vulnerable to getting the virus because your anti-virus software will not recognize it as a virus. This is why you should be careful about the e-mail attachments that you open, even if you are actively running anti-virus software.

How Viruses Work

When a victim of a virus double clicks on an infected attachment, the virus will run.
The virus will modify the victim's system so it will always be active when the system is turned on.
The virus will scan the victim's address book in their e-mail client program such as Outlook or Outlook Express.
In the past, viruses would then mail themselves to addresses found in the victim's address book. But today many viruses choose random recipients and senders from the victim's address book. This means that although the e-mail is sent from the victim's machine, the e-mail sender address is faked to appear as though someone else in the victim's address book sent the message.

What to Do

Always run anti-virus software and be sure it gets updated at least twice per week.
If you get a virus in an e-mail attachment and you are sure it is a virus, delete the e-mail message.
If you get an attachment from someone you know, consider whether there is enough personal information in the e-mail which a virus program would not know. If you are not sure your acquaintance sent the e-mail call them and be sure before opening the attachment. Do not count on your anti-virus software being able to stop you from getting infected if you open the e-mail attachment. Remember, viruses are not recognized right away by your anti-virus software and you could get a new unrecognized virus before your virus definition updates are released.
If you get an e-mail saying a message you sent was undeliverable and you did not send the message, consider whether your system is behaving abnormally. You probably do not have a virus, but if you are not sure, use your anti-virus software to perform a system scan for viruses and remove any viruses found using the procedure in the section about "Removing Viruses", then delete the e-mail.
If you get an e-mail saying a message you sent contained a virus, consider whether your system is behaving abnormally. You probably do not have a virus, but if you are not sure, use your anti-virus software to perform a system scan for viruses and remove any viruses found using the procedure in the section about "Removing Viruses", then delete the e-mail.

Example

Below is shown an e-mail from a virus as an example of how a virus writer will try to fool computer users.

From: staff@yourorganization.org [mailto:staff@yourorganization.org] Sent: Wednesday, March 03, 2004 4:41 AM To: usertofool@yourorganization.org Subject: Important notify about your e-mail account.  Dear user of e-mail server "Yourorganization.org",  Our antivirus software has detected a large  ammount of viruses outgoing from your email account, you may use our free anti-virus tool to  clean  up your computer software.  For further  details see the attach.  For security reasons attached file  is password protected. The password is "22352".  Cheers,    The Yourorganization.org  team                   http://www.yourorganization.org

Of course there is an attachment. In this case the virus sent a zipped file (.zip) and instructed the user how to open it. It was encrypted in a zipped file so the anti-virus scanner could not detect it!

E-mail

The Internet Email System

The email system that is currently used on the internet was not designed to curb the abuses presented by viruses and SPAM as they are occurring today. The email system today allows:

Anyone can set the "From" field in the email to any value they want. This means that you can send an email message and make it look like the President of the United States sent the message. There are ways to tell that this is not the case, but on the surface it will appear like the President of the United States sent the message. This is called faking the sending address.
If an email cannot be delivered, the email standard provides for the sender to receive a notification indicating that the message could not be delivered. Some email servers are also set up to notify the sender when a virus is found in an email they sent.

There are several things that the email system in use today does not provide for:

The system does not provide for positive identification of the sender.
There is no method to prevent a sender from sending unwanted emails.

Email Problems

Given the above conditions, several problems can occur.

If the sending address of the email is faked, any messages indicating the message could not be delivered will go to the person who appears to have sent the email rather than the person who actually sent it. This can cause people to receive non deliverable notifications for emails that they did not send which can be very confusing.
If a virus sends an email with a faked sender address, a mail server may detect the virus in the message and send a reply to the faked address notifying someone that they sent an email with a virus in it when in fact they did not. This can cause confusion and waste administrators time since users may call administrators and want their systems checked for viruses when they are not acutally infected with a virus. This is why administrators of mail servers should turn off notifications to addresses that appear to have sent a virus.
Someone can fake the sender of an email and send embarrassing or annoying messages and possibly jeopardize the reputation of the party they are sending the email as. They can make it appear as though a reputable party is sending smut on the internet. I do not know if there are any laws against this, but there should be. This would be called fraud along with some possible other charges such as libel and slander. There are ways to tell that the sender did not actually send the email but this could still unjustly hurt someone's reputation.
Recipients of virus or SPAM emails are unwilling recipients. These emails tie up their time and computer resources. When someone pays for a connection to the internet, and this connection is used to send them unwanted emails, this is the same as a denial of service attack and is essentially stealing. Everyone who connects to the internet has the right to use their connection haw they want and not how someone else wants. I will talk more about this in the section about SPAM.

Updating Your Windows System

Windows 95 - If your operating system is Windows 95, you should update it to Windows 98, 2000, or XP because Windows 95 is no longer supported by Microsoft.
Windows 98/Me - Use the web site at http://windowsupdate.microsoft.com to get your updates. It is said on the NTBugtraq email group that this is not always reliable however. Also you should update your Internet Explorer browser to version 6 or above by using the site at http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/download.asp
Windows 2000 - Download and install Windows 2000 Service Pack 3 at http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/default.asp Service Pack 4 is now out but still has some unresolved questions that administrators are dealing with but it can be downloaded at http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp Update your Internet Explorer browser to version 6 or above by using the site at http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/download.asp Review the critical updates athttp://www.microsoft.com/windows2000/downloads/critical/default.asp and install them. Windows 2000 Also has an autoupdate utility which can be configured from the control panel. It is said on the NTBugtraq email group that this is not always reliable however.
Windows XP Home - You can find out about updates at http://www.microsoft.com/windowsxp/pro/downloads/
Windows XP Professional - You can find out about updates at http://www.microsoft.com/windowsxp/pro/downloads/

Why do I need a firewall

It would seem that if you keep your anti-virus definitions update with your virus protection program and you keep your system patched with the latest updates you would not need a personal firewall. Viruses would be immediately caught by your antivirus program, and your vulnerabilities would not exist since you always patch them immediately. This does not work for the following reasons:

Viruses begin to spread before they are identified. The only way they are identified is when someone discovers their computer is behaving incorrectly and then they realize they have a virus. Then the virus updates are posted to anti-virus vendor websites such as Symantec. Therefore the virus can spread to you before it is identified and your system may be compromised and other unwanted items such as hacker backdoors may be placed on your system before the virus is removed. A firewall can also help prevent additional item from being placed on your system if you should get an unknown virus.
Firewalls typically block most of the routes that viruses, trojans, worms, and hackers will try to use to gain access to your computer. A computer with a firewall is thereby much better protected than one without.
It is likely that some vulnerabilies may not be patched before the attack occurs.
Vulnerabilities like viruses must also be discovered. If a hacker discovers the vulnerability or someone writes a virus program to use an undiscovered vulnerability, a firewall may still be able to prevent the attack.

Even with all these measures there is no guarantee that your system cannot be compromised by a virus, worm, or hacker, but it is very likely that you will have much less trouble. Remember there is no guarantee that your hard drive will not break tomorrow so you should also back up your data to another computer, tape, or CD periodically when possible.

Firewall Recommendations

There are many personal firewalls that should work well, but it may be worth reading personal firewall reviews to find the best one when you are choosing one. Go to http://www.google.com and type "personal firewall reviews" to find sites that provide these reviews. I use Norton Personal firewall from Symantec, but zonealarm personal firewall is free for individuals and non profit organizations. It is available athttp://www.zonelabs.com Please do not violate license laws when using this product. Since antivirus software is also an essential requirement to have a reasonably secure computer a nice convenient package is Norton's Internet security package from Symantec which can be found in many stores. It comes with both antivirus software and a personal firewall. The commercial version of ZoneAlarm's personal firewall also is very well recommended.

Configure your firewall before connecting to the internet. Most users should at this point read their documentation or run the provided firewall tutorial. You may get alerts while configuring or in one case I got an alert indicating that a specific program wanted to act as a server on the internet. Before answering the question I used another computer and went to http://www.google.com and looked up the name of the program the alert had specified. At this point I realized the computer had a virus. If you are told by the alert that a program wants to act as a server the likely answer to this question should be no, but it is best to look up the program name on Google to be sure. Also keep in mind any actions you may be taking which may prompt a program to access the internet to determine whather an action you took caused the internet access request to occur.

Solutions

These are basic and simple security requirements which must be followed in order to have a computer be anything close to secure.

Every computer that connects to the internet in any form MUST have a personal firewall or be behind a corporate firewall. The type of connection is not important. A personal firewall is required for dial in connections, cable modem, DSL, ISDN, T1 and others. The ONLY exception is when there is some type of firewall already existing between the computer and the internet. Get a personal firewall and configure it according to the maker's instructions.
Every computer must have virus protection and updates to the virus list database should be done at least twice a week. A full virus scan should be done at least once per week.

If you do not at least take the two measures listed above then you should not connect your computer to the internet. In the past I believed that I could just keep my system updated with security updates and did not need a personal firewall. This was a perfect formula for getting trojans, viruses, and backdoors and I ended up with four of them and had to reformat my hard drive and re-install my system.

There are also other security recommendations but the two above requirements are critical to all systems. The other security practice that should be done includes:

Updating your systems with security updates and service patches when they are considered stable, but this can be a technical decision. See the below paragraph about updating your system.

It is best to read a e-mail discussion group postings to determine the state of current patches and vulnerabilities. Microsoft and other vendors issue postings about security patches and vulnerabilities when they come out. One of the best mail listings to subscribe to for learning about Windows vulnerabilities and patches is at http://www.ntbugtraq.com

A couple of additional practices related to your computer which may be lifesavers are:

Back up your data - This should be done regularly to one or more of another computer, a writeable CD ROM drive, a zip drive, or tape drive. Remember if you should lose your data, everything you have done since your last backup will be lost. If you should find it necessary to re-install your system in the event of a security breach you will be glad you have done this. Also I have seen several hard drives fail and cause complete loss of data to users.
Create an emergency boot floppy for your operating system - You should learn how to do this for the operating system you are using. Instructions in this area are beyond the scope of this document.

Securing Your System

There are several measures which you can take to secure your system. The first and most important is to become informed about how your system works and what the threats are. Reading this guide and acting on the tips contained here is a good start.

Personal firewall - If you are not behind a corporate firewall, purchase and install a personal firewall on your computer. This will help protect your system from many vulnerabilities that some worms will try to exploit.
Updates - Perform system updates often. You can go to the Windows Update site to download updates for your system. Another way to get updates if your system is running Windows 2000 or Windows XP is to configure your system to download automatic updates. This can be done by opening your control panel (Click on "Start", then select "Settings", and click on "Control Panel". To configure updates double click the "Automatic Updates" icon and choose one of three configurations.
Use anti-virus software with regular updates. Be sure to run anti-virus software and download updates at least twice per week. There are many brands of anti-virus software which may be purchased at your local computer, office supply store, or on the internet. I will not be recommending any name brands in this tutorial.
Be aware of how viruses spread and don't open attachments unless you are SURE they are legitimate. Call the sender if necessary to be sure they sent the email. Be sure your system settings are set so you can recognize potential virus files that may have multiple extensions such as filename.txt.exe. If the extension ends in .exe, .com, or .bat don't double click on it or run it unless you are SURE it is from a legitimate source.
Avoid installing bad applications. As mentioned in the section about application programs, some computer programs may come with spyware or adware. Avoiding these can be important in both securing your system and keeping your system performance from being degraded. Keep in mind that adware programs may download and install other programs from the internet. A personal firewall is one defense against this happening because it will normally notify you when a program accesses the internet.
Configure your system so you will see all file extensions as described on the page called "Windows File View Settings".

To help you protect your computer, it is helpful to understand how you get viruses, worms, trojans, and other bad software. First I would like to provide some terms which will speed this process.

Attack - An attempt to gain unauthorized control of someone's computer.
Vulnerability - Typically, a software bug or misconfiguration which affects the operation of an operating system or other program run on a computer allowing it to be more easily accessed. Hackers, worms, viruses, and trojans use vulnerabilities to gain access to computer systems without the user's knowledge.
Virus - Malicious software that spreads by attaching itself to files or creating files that may be executed in some way. Usually it is sent to users as an email attachment. It may require a computer software vulnerability to spread depending on the type of program it uses to spread.
Worm - Spreads without the user taking any action and usually exploits a bug (or vulnerability) in an operating system or some other program that may be running on a computer. This requires a computer software vulnerability to spread.
Trojan - A program which is usually given away for free which has a hidden purpose. It may be some type of file such as a video that user's may be interested in. The user would normally install and run this program although the installation would be so simple the user would be unaware of it. This program may or may not use a vulnerability to spread.
Hacker (for this discussion) - A person who deliberately attempts to manually break into other systems and use them without the knowledge of the owner. Usually hackers exploit computer software vulnerabilities on the victim's computer, however once they have control of a system it is not possible to be sure they are denied access again without reformatting the hard drive and re-installing the operating system.
Spyware - Spyware is not as serious a security concern as viruses, trojans,worms, and even hacker attacks, but many free programs contain spyware such as the current popular freezip program. Spyware is mainly a privacy concern than a security concern. Spyware does not take control of a computer system, but sends information to the spying entity about how the computer system is being used such as what web sites are being visited. The biggest concern with spyware or any other potentially malicious software is that it may download other code and install it on the user's system. Additionally it may hide itself from the user to prevent it from being removed.
Firewall - Firewalls in simple terms are used to limit remote access to specific parts of the operating system or programs running on the system. They may block incomming attempts to connect to an application or exploit a vulnerability. Firewalls remove many of the possible methods of breaking into a computer without permission. It will help prevent hackers, viruses, worms, and trojans. It may also block spyware from contacting the spying entity.
Backdoor - A program which allows an unauthorized user to have access to a victim's computer.

Worms and Prevention

Since worms spread by taking advantage of vulnerabilities in operating systems or application programs (remember from earlier discussion, vulnerabilities are software errors that allow some kind of unauthorized access when they are used or exploited). You do not need to do anthing special to get a worm except to connect to the internet or an infected network with a system that has vulnerabilities. There are several good defenses against worms.

What is a Firewall?

A firewall is a device that limits access to your system from the outside. A firewall may be a software program running on your computer or it may be a piece of hardware outside your computer. The firewall screens any attempts to access your system and only allows access that you decide to allow. In this way many vulnerabilities that could be used to gain unauthorized access to your system are eliminated.

Worm Prevention

There are three defenses against worms. They are as follows:

A personal firewall should be run on any system that is not behind a corporate firewall. This should be done on any computer that connects to the internet even if the connection it uses is a slow dial up connection.
Patching your system with updates to fix the vulnerabilities. Patching is the act of downloading updates to the vulnerable operating system or application and applying the update to the program.
Continually running anti-virus software which may detect worms. This is not the best defense against worms however because sometimes the worm can infect the system before the anti-virus software can detect it.

Security

Viruses and Worms

In general terms a virus is a program that runs on a system against the owner's or user's wishes and knowledge. Viruses have one or more methods they use to spread. Most commonly they will attach a file to an e-mail message and attempt to trick victims into running the attachment.

Virus Damage

In most cases, viruses can do any amount of damage the creator intends them to do. They can send your data to a third party and then delete your data from your computer. They can also ruin your system and render it unusable without a re-installation of the operating system. Most have not done this much damage in the past, but could easily do this in the future. Usually the virus will install files on your system then will change your system so the virus is run every time you start your system. It will then attempt to replicate itself by sending itself to other potential victims.

The normal effect a virus will have on your system is that over time your system will run slower. Also when you are using the internet your connection may seem to run slower. Eventually you may have trouble running programs on your system, your system may freeze, and in the worst case you may not be able to get it to boot up when you turn your computer on.

How Viruses or Worms Spread

Most commonly viruses today use e-mail to spread however they have used one or more of the following methods to spread in the past.

Some viruses will load themselves onto any part of a writable removable drive as possible and spread from computer to computer as people use the removable drive.
A worm is a program similar to a virus that will exploit a vulnerability in an operating system or application that a computer user is running. The best defense against a worm is to have either a personal firewall on your system or be behind a corporate firewall. Another good defense is to update your system regularly. All you need to do to get a worm is to connect an unpatched computer to the internet or infected network when your computer does not have firewall protection.
Most viruses will spread themselves using e-mail attachments. They may tell the user that they neet to open the attachment to get the rest of the information that is being sent to them. Many times the virus may claim it is an administrator and the user needs to either read the data or install a program on their system. Viruses have even claimed to be Microsoft sending a system patch as an attachment to the e-mail. Microsoft would never send a system patch through e-mail.

File Backups

File backups are very important to protect your data. Is your hard drive fails or your operating system malfunctions, you could loose all your data. If you do regular backups, you will drastically reduce the data loss that could occur.

Using the Network for Backups

Backing up your data is very important. If you are operating on a corporate or organizational network and have disk drives shared from a file server it is likely that files stored there are backed up every night. If possible you should store your files on this server.

Since Windows operating systems use the "My Documents" folder as the location to store your files by default it will be helpful to set up your system so the "My Documents" folder points to one of your network drives. If running a Windows 2000 or Windows XP system, you can right click on the "My Documents" folder ether on your desktop or displayed from the Start menu and select properties. A dialog box similar to the one shown below will appear.

Click on the "Move" button. A dialog box similar to the one below will appear.

Expand the "My Computer" object by clicking on the + next to it. Then select the appropriate network drive that is best to put your documents in.

How to Backup Data if You do not have a network

If you do not have a network and only have a single computer you should periodically back up your data. You should purchase or own one of the following:

A read/write CD ROM or DVD drive
A Zip drive
A tape drive - Usually these are more expensive.

You should be aware of where you store your files and you should also know where your mail files are stored by your mail program such as Outlook or Outlook Express. If you right click on your inbox folder in Outlook Express you can find the location where your mail is stored. On my system it is stored in the folder at: C:\Documents and Settings\Username\Local Settings\Application Data\Identities\{B718C535-6548-4E1D-A5D2-7D1B41CFEB2E}\Microsoft\Outlook Express\ where username is the name I login with. If you are using Outlook, it is normally stored in a file of type .pst and on my system it is in the folder C:\Documents and Settings\Username\Local Settings\Application Data\Microsoft\Outlook\ where Username is the name I login with.

Setting up a Backup Job

To open the Windows backup program on Windows 2000, select Start, then Programs, then Accessories, then System Tools, then Backup. You must be a backup operator or administrator on your system to create a backup job. The backup utility will start as shown below.

Immediate Backup

If you want to do an immediate backup, click on the Backup tab and select the files that you want to backup. On my system I selected the folders C:\Documents and Settings\Username\Local Settings\Application Data\Identities\, C:\Documents and Settings\Username\Local Settings\Application Data\Microsoft\Outlook\, and other areas where I store my data such as "My Computer". Also be sure to check the box next to "System State" which may save you a lot of grief if you have trouble with your system.

Click on the "Start backup" button and on the dialog box that appears select either "Append..." or "Replace..." data on the media, then select "Start Backup".

Schedule a Backup

To schedule a backup, click on the "Schedule Backups" tab. The Backup program will show a calendar as shown below.

Click the "Add Job" button. A backup wizard will start. Click "Next". A "What to backup" dialog box as shown below will appear.

Select "Backup selected files, drives, or network data" and click "Next". On the next box select the items you want to backup by first clicking the + next to "My Computer" to expand it as shown below.

Select the items in the same way as discussed under the header called "Immediate Backup" above and click Next. The dialog box will change and allow you to select the name and location of the file the backup will be stored in. Click "Next" and a dialog box will ask the type of backup you want to perform. A normal backup will be sufficient so select it unless you have another preference and click "Next". You can read more about the backup types at the Windows NT File Backup Page.

After clicking next, select "Verify data after backup" and click "Next". Select whether to Append or replace data if the file already exixst at the specified location and click "Next". Accept or specify the backup label and click "Next". The below dialog box will appear.

Click on the "Set Schedule button and the dialog box below will appear.

Select your preferred backup times and how often you want to do this backup such as weekly. Click OK and the backup schedule dialog box will disappear. Enter the name of your backup job and click next on the "When to back up" dialog box. Click "Finish" to complete the process. Backups should run when you have scheduled them.

If you want to delete a backup job that you have scheduled, click on the "Schedule Jobs" tab and click on the job shown on the calendar. A dialog box with the job name will pop up. You can click on the "Delete" button next to the Job name to delete the Job.

View Settings

The Default Windows Setting is Dangerous

Windows systems come with default file view settings. The default is to "Hide file extensions for known file types". This setting can be used to decieve a computer user into believing that a file is safe to open when it is not. Files containing viruses can be sent to a computer with the name "document.txt.exe" which is a file that the computer will run. The file will appear to the computer user as "document.txt" making the user believe that it is safe to open, but if the user clicks on it the file will be run and be able to infect the computer.

Changing the View Settings

This section will tell you hw to change your settings so you will always see file extensions. It will also tell you how to beable to see file details.

Open "My Computer" by clicking on the "My Computer" icon on your desktop. Click on the menu item "View" and select "Details" from the drop down menu. This will change the current settings for the folder or location you are in, but the change is not permanent yet.

To change the file view settings, if you are using Windows 2000 or XP click on the menu item "Tools" and "Folder options" selection. If you are using Windows 98, click on "View", and "Folder options". A dialog box similar to the one below should appear.

Click on the view tab and the dialog box will change as shown below:

Click on the button in the Folder Views area that says "Like current folder" and answer yes when asked if you want to change all folders to match the current folder. Change the rest of the settings to match the dialog box as shown below:

The first three selections are display settings which make it more convenient to navigate through files and folders. Be sure and uncheck the checkbox next to "Hide file extensions for known file types". If you are using Windows 2000 or Windows XP, this should be done for every user that logs in since each unique user that uses the machine will get their own desktop and user profile.