Welcome to Security / Virus / Spyware

Welcome to the Security/Virus/Spyware forum.
By DoctorDoom,Our knowledgeable members !!, markp62, Lonny Jones,
(last edited 7/06/2004)

All security related issues will be covered here, from firewalls, viruses, spyware/adware to hoaxes.

For the newcomers to computing (which I believe will be the majority of our visitors and members), there are some absolute musts if one is to keep one's computer free of unwelcome intruders and hostile digital lifeforms.

Point 1: NEVER click on an attachment to an e-mail, even if it's from your mom, unless you have an up-to-date antivirus program and have scanned the file. Even then, be suspicious if it arrives from an unknown person. This is how the large majority of viruses and worms are spread. There are some file types that are fairly safe to open, such as graphics files (BMP, GIF, JPG, PNG, etcetera) and text files (TXT), but even then there's a possibility of danger if your computer is not set up to view all file extensions
(the three letters after the dot in a file name, for example, FILENAME.EXE). Some viruses will arrive with an added extension that the user can't see. For example, the "Love Letter" worm used an attachment called "LOVE-LETTER-FOR-YOU.TXT.vbs ", but many computers never showed the ".vbs" extension. This page describes the issue in greater detail and explains how to set your computer to display all extensions.
Exploitation of Hidden File Extensions

Here's a list of the "executable" extensions that can be used to infect a computer with a virus or worm.
File Extensions With Executable Code

Note: this warning also applies to files sent by ICQ, etcetera.

Point 2: If there's an anti-virus program on the computer, make sure it's running and keep the virus "definitions" up to date. An AV program is valueless if it's shut off, and it's of little use if the latest definitions file is a year old. Check the list below for AV programs.

Point 3: It's highly recommended that the computer have a good "firewall" installed to block hack attacks from "script kiddies" and hacker wannabes whose empty lives revolve around invading other people's computers and causing mischief or damage. This is critically important for any reader who's connected to the Web by a high-speed "broadband" connection such as DSL or Cable, because they make juicy targets for trouble-makers.

Point 4: It's good advice to check regularly for security updates for one's browser(s) and e-mail programs.

[hr][/hr]
Below are a number of links to various sites related to viruses, firewalls and computer security. This
list is by no means exhaustive, and it will be amended and expanded as required.

--- Antivirus programs ---​

Norton Antivirus
Symantec Security Response
NAV Win9x/Me Definition Downloads
Symantec Virus Database

McAfee
McAfee.com - Antivirus
McAfee DAT Updates
McAfee Virus Information Library

Frisk Software International
F-Prot Anti-Virus
F-Prot for DOS


Trend Micro
Trend Micro
PC-Cillin Antivirus

Datentechnik GMBH (Free for personal use)
AntiVir Personal Edition

Grisoft
AVG Anti-Virus 7.0
AVG Free Edition

ALWIL
avast 4 Professional
avast 4 Home Free

Command Software
Command AV Anti-Virus

SalD Ltd
Dr. Web Antivirus

Computer Associates International
eTrust EZ Antivirus
InoculateIT definitions
Computer Associates offers a free one year subscription for all Microsoft users for EZTrust Armor, it's an antivirus and firewall utility.
eTrust EZ Armor Security Suite

Kapersky Lab Int'l
Kapersky Antivirus (AVP)
AVP Updates

MKS
MKS_VIR Antivirus

Norman
Norman Virus Control

Panda
Panda Antivirus

Sophos
Sophos Antivirus

Free online Scans
Trend AntiVirus:
Command AntiVirus:
Symantec:

Be familiar with how your anti virus program reacts
and more important be preparedTest your av program


[hr][/hr]

--- Firewalls & Intrusion ---​

Home PC Firewall Guide
Personal Firewall Comparison 11/4/2000

Zonelabs
ZoneAlarm
They also provide a free version

Internet Security Systems
BlackICE PC Protection

Norton
Norton Personal Firewall

McAfee
McAfee Personal Firewall

Tiny Software
Tiny Personal Firewall

Sygate
Sygate Personal Firewall Pro
Sygate free for personal/home

Kerio Personal Firewall
For home users, Kerio Personal Firewall 4 is available in two flavors - the full edition and the limited free edition.
Kerio Personal Firewall

Agnitum
Outpost PRO and FREE

Omniquad Firewall Free and Pro
Omniquad Firewall Free and Pro

[hr][/hr]

--- Anti Trojan tools ---​

Reviews and recommends
http://www.wilders.org/anti_trojans.htm
http://www.anti-trojan-software-reviews.com/

TrojanHunter
Has a fully functonal trial
TrojanHunter

Trojan Defense Suite 3 (TDS3)
Has a fully functional trail
Trojan Defense Suite 3

a² personal & a² free
a²--

swatit
swatit
Has several builds one of which if free

ewido security suite
Free ewido security suite for XP & win2000:

Free online Trojan Scanner from windowsecurity.com

[hr][/hr]

--- Adware/Spyware/Slyware ---​

List of Known Spyware

Lavasoft's Ad-Aware free,plus,pro

SpybotS&D(Free/contributeware)

pestpatrol

SpywareInfo Browser Hijacking

What is spyware?

How to surf the Internet more safely with Internet Explorer:

How on earth did I get infected with all that spyware in the first place? (by TonyKlein)

Recommended Minimal Security Settings:

Various articles spywareinfo

Stay away from fake and useless spyware removers, some even include adware/spyware

 

[hr][/hr]

--- Computer Security ---​

Wilders.org (covers all facets of security)

Gibson Research Corporation

HackerWhacker security test

The Encyclopedia of Computer Security

Insecure.Org

Help Net Security

Security Focus Online



[hr][/hr]

--- Hoaxes & Urban Legends ---​

If you receive one of those e-mail "warnings" about a virus that will destroy your computer, or a plaintive request to help little Mary Lou Blotznik get an appendix transplant, check with these sites for information on them. 99.999% of them are bogus, and all those multiple forwards accumulate valid e-mail addresses for spammers.

VMyths - Virus Myths

HOAXBUSTERS Home Page

SARC Virus Hoaxes

HoaxKill

Urban Legends Reference Pages

 

Be familiar with how your anti virus program reacts

Everyone should be familiar with how their Anti-virus program reacts when it finds a virus as well as test to see whether it properly detects one. Here's a safe way to do both. I encourage everyone that hasn't done this to try it.

There are four test files you can download from the following link. Read the warnings! To download, right click each file and select 'Save Target As.'

http://www.eicar.org/anti_virus_test_file.htm

Some AV programs, specifically those with real-time monitoring, may immediately identify the files as real viruses and might try to prevent the download. Temporarily disabling the real-time monitoring may be necessary.

Other AV programs may overreact after finding the test files and you might have a hard time deleting them. To avoid problems, it would be best to make a folder on the root of your drive and save the files to that folder. For example, C:\AVtest so if there is trouble, you can run a command prompt or drop to DOS to delete it. Some people have had considerable trouble with the eicar.com file so you might want to skip that one.

You should have a right-click option to scan the files with your AV program. Open the folder and right click>scan on each file. Select all, right click on any file, then select scan. Right click and scan the folder itself, too.

Then open the AV program and do a custom scan of just that folder and see what happens. Might just as well go ahead and do a full system scan if you haven't yet this week! As always, make sure your virus definitions are up to date.

Should anyone have problems deleting the folder/files after testing, another option is to install Move-on-Boot. You will now have a handy new right- click option, 'delete file on the next boot,' for use on files that don't want to allow deletion. Right click on each file and select the new option, then reboot. You should now have an empty folder you can delete normally.

Should your AV program quarantine the folder and deny access, you should be able to delete it from within the program's options.

You can always post here for help, too; preferably in a new thread.
(written by our great forum member's)