CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [466]
Figure 26-19 You’ve got mail!
Worms
Similar to a Trojan, a worm is a complete program that travels from machine to machine, usually through computer networks. Most worms are designed to take advantage of security problems in operating systems and install themselves on vulnerable machines. They can copy themselves over and over again on infected networks and can create so much activity that they overload the network by consuming bandwidth, in worst cases even bringing chunks of the entire Internet to a halt.
You can do several things to protect yourself and your data against these threats. First, make sure you are running up-to-date virus software—especially if you connect to the Internet via an always-on broadband connection. You should also be protected by a firewall, either as part of your network hardware or by means of a software program. (See the sections on antivirus programs and firewalls later in this chapter.)
Because worms most commonly infect systems through security flaws in operating systems, the next defense against them is to make sure you have the latest security patches installed on your version of Windows. A security patch is an addition to the operating system to patch a hole in the operating system code. You can download security patches from the Microsoft Update Web site (Figure 26-20).
Microsoft’s Windows Update tool is handy for Windows users as it provides a simple method to ensure that your version’s security is up to date. The one downside is that not everyone remembers to run Windows Update. Don’t wait until something goes wrong on your computer or you hear on the news that another nasty program is running rampant across the Internet. Run Windows Update weekly (or even better, automatically) as a part of your normal system maintenance. Keeping your patches up to date is called patch management, and it goes a long way toward keeping your system safe.
Figure 26-20 Microsoft Update
Virus Prevention and Recovery
The only way to protect your PC permanently from getting a virus is to disconnect from the Internet and never permit any potentially infected software to touch your precious computer. Because neither scenario is likely these days, you need to use a specialized antivirus program to help stave off the inevitable virus assaults. When you discover infected systems, you need to know how to stop the spread of the virus to other computers and how to fix infected computers.
Antivirus Programs
An antivirus program protects your PC in two ways. It can be both sword and shield, working in an active seek-and-destroy mode and in a passive sentry mode. When ordered to seek and destroy, the program scans the computer’s boot sector and files for viruses and, if it finds any, presents you with the available options for removing or disabling them. Antivirus programs can also operate as virus shields that passively monitor your computer’s activity, checking for viruses only when certain events occur, such as a program executing or a file being downloaded.
Antivirus programs use different techniques to combat different types of viruses. They detect boot sector viruses simply by comparing the drive’s boot sector to a standard boot sector. This works because most boot sectors are basically the same. Some antivirus programs make a backup copy of the boot sector. If they detect a virus, the programs use that backup copy to replace the infected boot sector. Executable viruses are a little more difficult to find because they can be on any file in the drive. To detect executable viruses, the antivirus program uses a library of signatures. A signature is the code pattern of a known virus. The antivirus program compares an executable file to its library of signatures. There have been instances where a perfectly clean