Careseaseeure Computer user emma ‘Marware ana Acinras Malware and Antivirus Module 03 Simplifying Security Certified Secure Computer User Module 3: Malware and Antivirus Exam 112-12 Modis 03 Eage73 Certed Secure Computes User Conyght ©'>y EE-Deunell ‘ll ghee Reserves Ragrecuaten ie strieny PramaneeCcernisesseeute Computer uzer fram s2242 Iatwace ana activins Security News Source: https://Awww.yahoo.com_ Hackers Exploit ‘Flash’ Vulnerability in Yahoo Ads In case it was not clear yet, Adobe Flash is not safe enough to deliver Internet content. This issue came to the forefront when hackers exploited its security vulnerabilities for malicious purposes. The hackers used Flash to infect Yahoo's ad network with malware which was described as the largest maivertising attacks seen in recent times. The attack, which started in late July 2015, was the latest in a string that have exploited Intemet advertising networks, which are designed to reach millions of people online. it also highlighted growing ansiety over the much-used graphics program (Adobe Flash), which has 3 history of security issues that have irked developers at Silicon Valley companies. The scheme, which Yahoo shut down on eventually, worked like this: A group of hackers bought ads across the Internet giant's sports, news and finance sites. When a computer—in this case, ‘one running Windows—visited a Yahoo site, it downloaded the malware code. From there, the malware hunted for an out-of-date version of Adobe Flash, which it could use to commander the computer—either holding it for ransom until the hackers were paid off or subtly directing its browser to websites that paid the hackers for traffic. Yahoo doesn’t know how many people were affected due to this attack, but they said that the attack didn't tum out to be as bad as it was feared to be. “We take all potential security threats seriously,” a Yahoo spokesperson told the Times in a statement. “With that said, the scale of the attack was grossly misrepresented in initial media reports, and we continue to investigate the issue.” Module Objectives At the end of this module you will be able to: = Understand what Malware is: = Identify the various types of Malware: = Identify the various symptoms of Malware infection "= Understand what an antivirus is and how it works "Understand how to choose the right antivirus software for you and what its limitations are "Configure and use Kaspersky and Avast antivirus software = Test if your antivirus is working Modte 03 Page Certied Secare Computer User Copyright© by EE-Beumell al Rpts Rerarved Rapreeunin Str Ponies.Cartes secure computer User eam az aware wpa scnivirs What is Malware? Malware is short for malicious software. As the name suggests, a malware is created with the intention to damage or take control of a computer, or steal information from it. Malware is a general term used to refer to a variety of hostile or intrusive software. Malware attaches itself to the components of a web page, pop-up advertisements, toolbars, or free applications that users download. Malware sneaks into computers when users click the infected components. Once malware is inside a system, it steals information stored on that computer such as social security numbers, passwords, and bank account details. Examples of recently used malware by hackers are Backotf, Dyreza, BlackEnergy, Crowti, and Crossbrowse. Malware can be compared to the pea in a shell game. A street con running a shell game on the sidewalk lures the mark (or victim) into trying to follow the pea, when actually it’s an exercise:in sleight of hand. Similarly, malware also relies on sleight of hand—how to infect, persist, and communicate without being detected. To understand, control, and successfully counter malware, we need to focus on not just the pea (malware), but on all the moving parts. Types of Malware Malware has come a long way in the past thirty years. Initially malware was thought of as an interesting experiment—what if computer programs could take control of a system? It has progressed from being a tool for jokes between programmers, to become one of the key techniques used by cyber criminals to wreak havoc in the cyber world. The most commonly used malware techniques are as follows = Virus- Computer viruses are just like biological viruses. They spread rapidly, their spreading is accelerated or mitigated by human actions, and more often than not, they are harmful to their host's health. Computer viruses spread to other computers by attaching themselves to various programs, which are then replicated when the program is run. They are often spread by sharing files or software between computers. Just like shaking hands with a person who has a viral infection can infect you, sharing fies, like a picture or @ song, with 2 virus infected computer can infect your computer as well. Viruses can be used to harm host computers and networks, steal confidential information, and create botnets (collection of compromised computers). Some viruses have the ability to hide inside encrypted files, making it difficult to detect the virus. Encrypted files are those files which only can be accessed with the correct password. ‘Trojan- A Trojan is a destructive program that parades itself as a harmless application. Malicious users can remotely access computer systems using a Trojan. Once attackers have access to these systems, they steal important data (login details, financial information, passwords, electronic money, photos, and videos), inject more malware, monitor user activity, or even modify files. ‘There was one instance, where a Trojan introduced viruses into computers by claiming it could get rid of viruses present in the computer. "Worm A Worm is the most commonly used type of malware. It’s a program which enters an operating system with the intention of spreading malicious code. It also harms Modste02 Fage 73 Certied Scare Computer User Copyright ©:by EE-Gemnell ‘Al gmt: Resarves Regrecuion eStreny PrMaRes.Cernisessecute Computer User fram 2242 anwar the computer by consuming excessive bandwidth, deleting files, or by sending documents through email. Some of the commonly used worms by hackers are Storm Worm, Nimda, and Morris Worm. Worms are often confused with viruses—worms have the ability to self-replicate while viruses rely on human activity to spread. " Spyware- This malware spies on user activity without their knawledge. Users enter their personal information on retail websites in the form of shipping address and credit card details. Using spyware these details are extracted and exploited. ‘Additionally, spyware also modifies browser security settings to make it more vulnerable. Spyware is usually bundled along with the free applications which are downloaded from the Internet. It spreads by exploiting software vulnerabilities. = Ransomware- Ransomware is a malware which prevents users from accessing their computer systems. After finding its way into a system, it encrypts all the files on it and holds the password which can decrypt it, ransom. Ransomware is similar to kidnapping a person—the person would only be released when ransom has been paid, and here the data is only retrieved when the ransom was paid. Just like in kidnapping, paying the ransom doesn't guarantee the safety of the data. Ransomware may be downloaded by users by logging on to compromised or malicious websites. It also is delivered in the form of an attachment in emails. Crowti is one of the prime examples of ransomware. = Rootkit- Rootkit is malicious software designed to remotely access or control a computer without alerting the users or the security programs. Once the roatkit is installed, malicious parties remotely access the files, modify security settings, steal crucial information, or control the computer and use it to attack other computers. Rootkit prevention, detection, and removal is difficult due to its stealthy operation. Hence rootkit detection is only done manually through regular scans and monitoring. Users can protect their computers from rootkit by frequently updating software, applications, operating systems, and virus definitions (used to update the antivirus software on a system), avoiding suspicious downloads, and carrying out scans to check for malware Symptoms of Malware Infection Cyber criminals constantly look for exploitable loopholes and vulnerabilities in computer systems using malware. Software updates have patches which protect against these malwares. These updates are important to install as malware keep evolving making it imperative for the software installed on your system to evolve as well through these updates. Despite the security layers and software updates, sometimes malware manage to sneak into a computer system. Thus, it is important to know about the symptoms of malware infection: = Slow System- Malware is known to slow down a computer system. Slowdown of a system usually occurs due to lack of Random Access Memory (RAM) memory, lack of space on hard drive, or usage of @ resource-heavy program. If it's neither of the aforementioned causes, then it's likely to be a malware infection. Modte 03 Fage7E Certified Secure Computer User Copyright © oy -Seumell ‘RightsReserved Raproeurion ie Stricy Pronined.™ Pop Ups- Unwanted pop ups which appear on systems or browsers are a sign of a spyware infection. Pop ups are not only annoying, but also are dangerous. Clicking on ‘these pop ups opens the door for other malware to enter the system. ™ Unexpected System Crashes- If a system is regularly crashing or is displaying the infamous Blue Screen of Death (BSODJ, then something is definitely wrong with that computer. A BSOD is the worst type of error a computer experiences and is usually caused by faulty hardware. The crash is either due to a technical issue caused by incompatibility or it is a malware. If a malware does exist, it’s detected by running a system scan on the computer using antivirus software. "Excessive and Suspicious Hard Drive Activity: If the hard disk continues to have excessive activity, even when the computer is not being used and there's no program running or downloading, it usually is a malware infecting the system. = Antivirus Disabling- Most of the malware programs are designed to disable antivirus present in a system. If neither rebooting the system, nor troubleshooting the security application works, then most likely the computer is infected with malware. "New Browser Home Page or Toolbar- If users notice a naw homepage and a toolbar in ‘their browser, this is due to malware present on their computer. This malware gets downloaded on the system when users dlick an online link or a pop up. This type of malware can also be detected when a website is redirected to a different address. ™ Peculiar Program Activity- if programs on a computer start opening and dosing ‘automaticaly, or if strange windows start popping up during the booting process—it isa sign of malware being present in the system. This type of malware can only be removed by formatting the entire system. = Random Network Activity- if the router displays high network activity by blinking constantly, despite the user not accessing high amount of data, it generally indicates presence of some form of malware in the system. "Blacklisted IP address: If users receive an email stating that their IP addresses are blacklisted, itis a confirmation of malware presence in the system and that it has Been compromised. Antivirus ‘What is Antivirus? ‘Viruses were the ‘rage’ during the 90s, which was when the term “Antivirus” became common. Today, viruses are the minority in malware. Despite the aforementioned fact, the term “Antivirus’ stuck on. The various antivirus software present taday not only provide security against viruses, but other types of malware as well. Antivirus is a software application that detects and eradicates malware from a computer system, These software applications have an auto update feature which allows them to Modute 08 Page 77 ered Secare Computer User Copyright ©:>y EE-Gemmell all RgttsRararvas Raproeumion Str Proninees.download profiles of new malware, thus keeping them up to date. Some popular antivirus software are McAfee, Norton, AVG, and Avast. The myth that antivirus software is only for irresponsible users is a dangerous one to spread. In ‘today’s era of rampant cybercrime, even the most secure computer user is vulnerable. Zero-day exploits (vulnerabilities in systems and applications that malicious users find first) have become aa serious consideration. Hence, even if users are extremely careful while using their computers, they may get still infected with malware by simply visiting a website, Apart from local antivirus software, users can also avail the services of free online antivirus programs to check for any anomalies in a file or @ URL. Services like hrtp://www.virustotal.com are available for free and provide 2 good alternative in the absence of other antivirus softwere. ‘How does Antivirus work? An antivirus softwere is an essential part of a multi-layered security strategy to protect a computer from malware. Antivirus software employs the following techniques to keep ‘computers secure: = Scanning- Antivirus software scans all files in memory and on the hard disk for code snippets (small blocks of reusable code that can be inserted in a code file) which uniquely identify a file as virus. This is the most common virus detection method. There are two types of scanning—aon access and on demand. In an on-access scan, the files are scanned when they are loaded onto the memary. On the other hand, in an on-demand scan; the main memory, hard disk, and disk memory are scanned as and when the user wishes to. The main advantage of scanning is detection of uninstalled viruses. This is helpful especially in detecting email worms, which can spread rapidly if not stopped. ‘Antivirus software is also efficient in detecting those viruses for which they have the signatures. "Integrity Checking- It's the process of comparing current state of stored programs to a previously recorded state which is known to be free of malware. This detects the change in systems, if any. A program detected with a change in this exercise is deemed to be a malware. it’s like comparing test results of a student—one before coaching and one after. Integrity checking is a detection technique and not a prevention technique, i.e. it cannot prevent a malware from being installed, but it can detect a malware present in the system. Integrity Checking is the only way to ascertain whether a virus has damaged any file. The major problem with integrity checking is that not enough companies offer comprehensive integrity checking software. Most anti-virus suites that do affer it don't protect enough files. ‘Should an infected file be Cleaned, Quarantined, or Deleted? ‘Quarantine is an antivirus software function which isolates files suspected of being infected ‘with malware. These files are isolated to prevent them from further corrupting other files in the system. Files put in quarantine are no longer capable of infecting their host system. It's similar to quarantining an individual who has contracted something contagious and possibly dangerous. ‘Mocute 03 Page 72 Certea secure Computer User Copyrent © oy #6-Oamnell “AI Rights Reserved Reproduction Sect Prohiotee‘certfes sure Computer Urer eam 12-2 Mahece ond Aotivine ‘When an antivirus program comes across an infected file, three actions can be taken—dlean, quarantine, or delete. ff the user selects the wrong option, the results could be disastrous. Rule of thumb in this situation is ta begin with the safest option and then proceed to less safe ‘options progressively. Always start with ‘clean’ option; if antivirus software reports that the file cannot be cleaned, it should then be quarantined. The file should only be deleted if it’s recommended by the antivirus scanner. However, if the malware is @ worm or Trojan, it must bbe either quarantined or deleted. ‘Choosing the Right Antivirus software ‘Choosing the correct antivirus software is easier said than done. There are numerous factors which have to be taken into account while choosing the correct antivirus software. With the security of the user's data, digital identity, and financial transactions at stake, it’s worthwhile investing some time in assessing each antivirus product. The basis for choosing the best antivirus software is as follows: = Compatibitity- For antivirus software to be effective, it must be compatible with other programs on a system. lf there is @ conflict between the antivirus and other software, it leaves computers vulnerable to-attacks. = Usability: Ease of use of antivirus software is an important deciding factor. If the software is tao complicated for users, it is a good idea to go for something that they can understand and use easily. ™ Comprehensive Protection- Antivirus software must deliver round the clock protection for all computer domains, types of files, and network elements that could be subject to attack by malware. The software should be able to detect malware and also protect entry points to computers. = Quality of Protection- Antivirus solutions need to function in @ volatile environment which is regularly changing—with new computer viruses, worms, and Trojans that can be much more nefarious than previously known ones. ‘Quality of protection depends on the following ‘© Effectiveness of malware detection processes 0 Frequency and regularity of updates ‘0 Ability to remove infections from computer systems ‘0 Efficiency in delivering computer protection—without significant impact on computers’ performance ‘Limitations of Antivirus Software ‘Computers today are an integral part of human lifestyle. Unfortunately, malware is also a part, although unwanted, of this lifestyle. As "UK Cheap Broadband” magazine advises, even if you don't download anything from the Internet, don't think you're safe from malware. The cutting edge viruses of today are designed in such a way that they are able to travel from one oguse 03 Page 78 Centitiea secure Computer User Copyign © 2y H-Gamnell {All Rghts Reserved Reprocuion Stray Prohistee.cartes secure computer user fam 42242 Malware end dvr computer to another across the Intemet. Hence, having antivirus software is a must. Limitations of antivirus software also must be known befare selecting ane: * Limited Detection Techniques- There are multiple techniques to detect malware, but unfortunately antivirus programs usually do not employ all of them. Many antivirus software use scanning as the most common methad of detecting malware. This could prove to be a huge drawback because @ scanner may give a false alarm. This can be avoided by regularly updating the database of antivirus programs. Good antivirus software uses a combination of all available techniques and supplements them with -verifiers. A verifier program gives an in-depth analysis of any detected malicious code in order to ascertain if itisa malware. ™ Doesn't Fully Protect- Having fully equipped antivirus software with various detection ‘techniques may not be enough to protect computers from malware. Microsoft Security recommends putting up an Internet firewall a5 well to provide an additional layer of security. Hardware like routers are used to reinforce firewalls, especially if users have a small network of computers. * Slows Down PC or Network- Installing and running antivirus software uses a lot of RAM as well as take up a lot of space on the hard disk which tends to slow the computer down. This also applies to the protection of servers and networks from malware. * Conflicts There are two types of conflicts which arise while using antivirus. First, antivirus software must be compatible with other programs on a system. If conflicts exist between the antivirus software and other programs, it leaves computers winerable to attacks. Second, since antivirus software does not provide protection against all malware, users may be tempted to install more than one antivirus program. This will actually cause more harm than good because the programs might conflict with each other and end up making the system vulnerable ta attacks. Kaspersky PURE 3.0 Kaspersky PURE 3.0 is an antivirus software which ensures protection of computers against all kinds of threats, secures data from loss and unauthorized usage, and protects children cand teenagers from threats related to computer and Internet usage. Kaspersky PURE 3.0 Standard Installation Installation process starts automatically after the CD is inserted into the CD-ROM drive. If the software has been purchased online, then the link to installation file is sent to the users’ email, which has to be launched manually * After installation window opens, read the End User License Agreement and click Install. After clicking install, Windows Firewall will be disabled, because Kaspersky PURE 3.0 includes a full-fledged Firewall Mosse 03 Fags £0 ‘emitieg secure Computer Use Copyign © oy -Bomell AllRights Reserved Reprocucion 2 Strict Prohiotee.Cis haed oe Iestling he appicalon ———— Fig. 3.1 Kaspersky nstoliatian Step} "After installation is complete, users must tick check box for Run Kaspersky PURE 3.0. The application will then automatically start after a system reboot: Thank yout ‘Thank you for your choice of Kaspersky Lab ~ fen Kaspersny PURE 3.0 Fig. 3.2 Kaspersky mstallation Step W Merde 08 Page 82 cered Secure Computer User Copyright© Dy H-Beanell ‘Fgh Reserves Reprecucton Stic Protascere cure Comper et pam une ator ana ave ‘Activating Kaspersky PURE 3.0 ™ When the application launches, Setup window will prompt users to activate the application. internet connection is required to activate the product "Activate the tial version which is applicable only for a fixed period of time. Note- When the trial version expires, itcannot be reactivated ape gansanenet ‘Select activation method ts Wee CIC Fig. 3.3 Activating kaspersky step | The Setup Wizard informs users once activation is complete Fig. 34 Kaspersky installation Step f! (Mode 03 Page 22 Certied Secure Computer User Copyright © by R-beunell “A Fgyts Receves Repremucon Série Promote‘certian Secure Computer User eam 22 ‘Matare ane eviras Computer Protection in Kaspersky PURE 3.0 Computer Protection is a comprehensive protection tool present in Kaspersky PURE 3.0. This too! protects all data stored on a computer, against malware. It also blocks spam and adware on websites. This tool protects computer from network attacks, and provides secure Internet. It also protects systems against unknown threats. This tool is accessible via the main application window of Kaspersky PURE 3.0. KASPERSKY Fig. 35 Computer protection in Kaspersky How to Start a Scan Task in Kaspersky PURE ‘Scanning a computer system for malware and vulnerabilities is one af the most important tasks of antivirus software. Kaspersky PURE 3.0 has three types of specialty scans: "Full Scan- A detailed scan of entire system. It scans the following ites by default— system memory, system backup, email databases, hard drives, removable storage media, and network drives "Critical Areas Scan- It scans entire operating system after startup * Custom Scan- This allows scanning of any object on present.on a computer To perform a scan task, use the following steps: * Open Kaspersky PURE 3.0 = Incenter of application window, click on Scan 2 Click Full Scan, if a full scan is to be carried out © inorder to scan-critical areas, click on Critical Areas link 2 Glick Custom Scan if a custom scan is to be run. Tick the objects for which users want ‘wo runa custom scan and click OK Moise 03 Page 83 Certtied Secure Coonputr Use Copyright © >y EE Leamell “ul nigrts Reserved Ragrecucton Sty Promina‘cerns sure Computer Urer eam sn (Malece one Aen ret KASPER)KYS Fig. 3.5 Starting a Sean Task in Kespersky ‘Configuring Parental Control in Kaspersky PURE 3.0 Parental Control module in Kaspersky PURE 3.0 enables users to apply restrictions on usage of ‘computer and Internet. This module helps in safeguarding children and teenagers from adverse influences white using computer and Internet, for example by preventing them spending long periods of time on ‘computers and by limiting access to websites intended for adults. Parental Control helps users control the following: "Usage of computer = Launching of various programs Time restriction regarding usage of the Internet "Limiting access to websites intended for adults "File downloads from the Internet depending on their category "Sending of personal data Parental Account in Kaspersky PURE 3.0 is configured by performing the following steps: "Click on Parental Control in main application window ecu 03 Page ot Ceniieasecue Computer Uee Copyrent ©0y-Oamell AM NgpesRecred Regracadiont tay ProAbie hehe Wi me ew | Wemmene een | soars Fig, 37 Configuring Parental Contralin Kaspersty Step | ™ Create 3 password to access Parental Control settings so that it cannot be modified by someone else Administrator Password eee entomna Carl we ornare cane sseers area ee ertpeopsiatouneaon 9 wtatuee ‘umm passa seeennee Gore | “an Fig. 3.8 Configuring Parental Control in Kaspershy Step i! oe 0 ages cries secure compute eer Copy © 2y 8 Oat Ai gts Roened Reproacion Sty Prone.= Inthe Computer Users window, click Select control level button in the User section A | Farnial Control Sains ed a] ae Beate ‘Fig. 3.9 Configuring Porental Contrel in Kaspersky Step fll "In Level of control for User window, select any ane of the given levels and proceed to dick OK (9 beef iawolf wast user Level of eontrol for user user Data calectoa Chit peo seinteroetkoes Game Teenager protle ln etd rel ‘Fig. 3.10 Configuring Parental Controlin Kaspersky Step 1V ecu 03 Page 25 cenifensecure compute ner Copyrigt © 2 H-Oamell AM NgpesRecred Regracadiont tay ProCcersfeasecure Computer rer eam sens (Maare and Aetna * Inthe Computer Users window, click on the Settings and reports tab in the User section ‘to access the parental control settings | j o | z Computer Users Fig. 3.11 Configuring Parental Control in kaspersky Step V In the Settings tab, check Enable control for users. Users. can configure the following actions © Computer usage © Programs usage 2. Internet usage Web Browsing depending on websites contents 2. File downloads from the internet 2 Instant messaging via social networks like Facebook and Twitter Private data transfer ‘Mogule 03 Page e7 \Certitied Secure Computer Weer Copyrient © 27 BE-Oaunell Ugh: Reserved Resrecucicn Stil Profitcerisessecure Computer set cram e242 Hepa corne pee a User acoure Sninge ah Ea Fig. 3.12 Configuring Parental Contral in Kaspersky Step Vi Avast Antivirus This software provides fully functional malware detection, home network security and browser Geanup. It has a series of integrated system protection such as malware detection, firewall, ‘email protection, Internet monitoring, and instant messaging monitoring. ‘Steps to install Avast Antivirus "Once Avast Setup wizard appears, select license category and setup mode ™ Select Regular Installation for faster installation with default options. Select Custom installation to select location of program files, and choose program components and languages Gpoorenemensse aa ee = Welcome to Avast cer === Fig. 3.23 installing avast Antivirus Step 1 Modige 03 Paget Cried Scare Computer ee Copy © y B-Ball 4 Pggts Recarved Ragrecucic Sy Ponio.~ Please Don't Skip This — Read It Carefully hay Sten rir ns ak eine ey oer ee asi Ri a ‘Fig. 3.446 stalling Avast antivirus Step tt = Once installation is complete, the software will automatically launch. pvest FREE ANTMRUS Setup. oo” installing the product I) ott Fe Tt _ Protect your Ancratd 108, rom jour phen and for tee Fig. 2.15 installing Avast Antivirus Step Ut Merde 08 Page 8 cered Secure Computer User Copyright© Dy H-Beanell ‘ght: Reserved Rasrecucion Sty Proninkec‘ceniessecure Computer usar (Malece ond Aotivie ‘How to Register Avast Antivirus Right-click on the orange ball in the system tray and select Registration Information fromthe menu ‘pen Ast unr neta Silretgamig mete pa Show it pope wesage Fig. 3.16 Registering Avast Antivirus "Inthe Subscription screen, click Register Now to open the registration window = Enter the required data and dick Register "Now, the Subscription page will display as Registered How to Run a Seanon Avast Antivirus "Goto Scanand dick on Scan for viruses Fig. 3.17 To run a scan.on Avast Antivirus Step I ‘oc 03 Page so Cente secure Computer User Copyrient © oy f-Oamnell {A Fights Reserved Reprocuction i Stic ProioteeCcemiseasecure Computer set cami atware ana Acivruc = Ontthe Scan window, select a type af scan from the drop-down menu and click Start Efpvoan FREE ANTIVIRUS _ Scan Fig, 3.18 To run @scon an Avast Antivirus Step U = After scanning is complete, the result appears with a notification fevose PREEANTIRUS SIT x Scan ita sense You can also scan your PC for pértormance issues! Fig. 3.19 To run @ sean an Avast Antivirus Step it Moeste 03 Page! Ceriied Secure Computer Usee Copyright © by EE-temnell ‘pres Reserved Rapronucin is Seren ronistas.cerdéeaserure compute User cram saz Matwace ond Sete ‘How to Test if Antivirus is working? Sometimes even after downloading and installing the antivirus software, it does not run. This happens due to compatibility issues with other programs. The following test determines if the installed antivirus is working and should be run as a practice after installing antivirus software. EICAR Test— The EICAR file is @ harmless virus test file that all antivirus software recognize. This file is easily created using 3 program such as Notepad. Ta create an EICAR test file, copy and paste the following line into a blank Notepad file: X50 |P¥«@AP[4\PZXS4(P*]7CC)7]SEICAR-STANDARD-ANTIVIRUS-TEST-FILEISH+H® This file should be saved as EICAR.COM. If users’ antivirus software is active, the simple act of saving the file will trigger an alert from antivirus software. Antivirus Security checklist This checklist will help users keep track of important tasks to be carried out for maintaining security of computers. = Install up to date antivirus software = Configure: the antivirus software: to check all mediums (DVD-ROMs, email, pen drives, external hard drives, websites, and downloaded files) for malware = Install firewall software on all computers and workstations, and at every point where a computer system is connected to other networks, including the Internet * Configure firewall software to protect information on all computers = Allow antivirus software to automatically scan users’ computers at least once a week "Create procedures for automatically updating antivirus software "Create procedures for handling computer viruses and other infections when they are discovered ocuge 03 Pages? Cente secure Computer ser Copyrgnt © by EE-Daunell {All Rghts Reserved Reproduction Sty Probst.\ceisen secure Computer User fram 12242 ‘Matwace ana Acivirus Module Summary Malware is malicious software or code that damages or disables, takes control of, or steals information from a computer system ‘Types of Malware: 2. Virus Trojan Worm Spyware Ransomware Rootkit ‘Antivirus is a software application that detects and eradicates malware from a computer system Examples of antivirus software— McAfee, Norton, AVG, and Avira Techniques used by antivirus software to keep computers secure—Scanning and Integrity Checking ‘Quarantine is an antivirus software function which isolates files suspected of being infected with malware oo o oo Basis for choosing the best antivirus software—Reliability, Usability, Comprehensive protection, and Quality of protection Limitations of antivirus software—Limited detection techniques, does not fully protect, slows down PC or network, and conflicts Kaspersky PURE 3.0 is an antivirus software which ensures protection of computers against all kinds of threats, secures data from loss and unauthorized usage, and protects children and teenagers from thrests related to computer and Internet usage ‘Computer Protection is a comprehensive protection tool present in Kaspersky PURE 3.0 ‘This tool protects all the data stored on a computer against malware. It also blocks spam and adware on websites ‘The Parental Control module in Kaspersky PURE 3.0 enables the user to apply restrictions on the usage of the computer and Internet ‘Avast Antivirus provides fully functional malware detection, home network security and browser cleanup. it has a series of integrated system protection such as malware detection, firewall, email protection, Internet monitoring, and instant messaging monitoring Medte08 Page Certed Secure Computer User Copyright© by EE-Beumell ‘Rights Reserves Raprocucin Strict Panne.Cartteasecure Computer rer eam saz Mare and Antivir Discussion Questions 1. Ifa person suspects his or her computer is infected with malware, which indicators can confirm that thisis the case? 2. Emma won a laptop at her college science fair. The laptop does not have antivirus software installed on ft. Emma has to purchase one. What factors should Emma keep in mind before purchasing the software? 3. Gloria suspects that her laptop is infected with malware. Upon scanning the system Using antivirus software, no malware is detected, Despite this, her laptop continues to display symptoms of malware infection. What may be the reason for this? Moose 03 Fagess Cente secure Computer ser Copyrgnt © by EE-Daunell {All Rghts Reserved Reproduction Sty Probst.