How IT works (or not)

Infections

1) How do you recognise a virus/malware infection?


2) How could it happen despite having AntiVirus software installed?

Answers to question 1:

  • your AntiVirus software kindly informed you about infected files. Nice. Hopefully it offered a few solutions as well e.g. "clean", "quarantine" or "delete" the file(s) in question.
  • the machine runs noticably slower than before
  • there is constant Internet activity
  • you do get a lot of emails from people you never heard of demanding that you stop sending them emails with a virus payload attached


Answers to question 2:

  • there is always a time gap between the point where a virus is released into the wild (=Internet) and the point, at which a cure against ist becomes available. This can be anything between an hour and a few days, during the period the computer is vulnerable.
  • virus definitions are out of date. Happens frequently where people are still connected to the Internet via dial-up connections (=modem or ISDN TA). Some AntiVirus products require the download of very large files to keep the product up-to-date. Since those updates are usually performed quietly in the background, most people are not aware of them and disconnect from the Internet before the download could finish.
  • the AntiVirus product has been disabled by the virus. Unfortunately this scenario becomes more common. You should pay close attention to the icon of your AV software; usuallay there is one in the taskbar next to the clock on the screen (lower richt corner); if that changes the colour or appearance, there might be something wrong, if it disappears completely, you can be almost certain... 

An infection can happen not only by a virus but by other unwanted software, e.g. spyware, malware, rogue (=fake) AntiVirus products and so on. 

Explanations

  • Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in computing.

  • Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.[1] The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
  • Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.
  • Spyware is a type of malware that is installed on computers and that collects information about users without their knowledge. The presence of spyware is typically hidden from the user. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.



Prevention

  • Backup your data regularly. This can protect your data not only from virus attack, but also from hardware failure. A recent backup may be the only way to recover your data after virus attack or hardware failure.
  • Install anti-virus software from well-known and reputable companies. Do not forget to update it regularly. 
  • Scan any new programs or document files that may contain executable code before you run or open them, especially those files you download from the Internet and the attachments in the document files.
  • * Do not open e-mail and its attachments from unknown source. Delete it immediately if suspicious.
  • Do not download and run programs from unknown sites.
  • Do not use pirated software.
  • Apply patches regularly and timely to the operating system, browser, e-mail client, etc. in order to fix security holes.


* this is a somewhat common but misleading recommendation!

Explanation: 

to receive an email with a virus payload you need to be in somebodys addressbook, otherwise you would not be one of the recipients. Although sometimes you can receive an email by a scattergun-attempt, it is rather a rare case.

so there is a good chance, that someone you know has an infection on her/his computer. If you do get an email from that person you will recognise her/him as being known to you

following the advise you would open the email and/or the attachment...

Maintenance

With the decreasing cost of hardware it seems to be difficult to justify the cost for maintenance. But replacement of the physical goods is only one side of the medal. The other side involves to bring the new piece of hardware to that point, where the other PC seized to exist. The main problem for most organisations is the downtime.

Example:

Your PC gives up the ghost Friday 15:30 h
Calling service engineer at 15:45h
Engineer arrives at 16:15h
Initial tests indicate failure of cooling device for the processor
16:30h
This could have caused damage to the processor and/or the system board
Spare parts are not at hand, local shops are out of stock
17:00 order placed for cooler, ETA Monday next around lunchtime
Courier is delayed, part does not arrive before Monday 15:00h
Engineer fits part
PC does not start because of additional damage
More parts need to be ordered
PC finally up and running on Tuesday 14:30h

Estimated time of no operation for this PC: 15 hours or nearly two working days.

Reason for the downtime : a cooling fan worth € 4.75

Due to the absence of a PM-plan the engineer had to apply diagnostic or corrective maintenance, which is performed to correct an already-existing problem.

With PM in operation this scenario could have been avoided. Regular maintenance on PCs would include an internal inspection of the PC so accumulated dust would have been discovered, removed and the proper operation of the fan been tested (to get an idea have a look at the picture).

In addition the service provider for PM usually creates an inventory of hard- and software and takes care of having stock of replacement parts before they become scarce on the market or go out of production altogether. Most customers agree to buy the parts and have them on site, just in case...

BTW: Having somebody on site performing PM is the ideal opportunity to talk to that somebody about backups.