Troubleshooting

Perspective & Computer Infestation

Troubleshooting

Perspective & Computer Infestation

Class, do you know what is

computer infestation?

Computer infestation is an

unwanted program transmitted to a

computer without user’s knowledge.It was designed to damage data and software (does not physically damage

PC hardware)

Three categories (viruses,

worms, Trojan horses), each differing in the

way they spread, what damage they do, and how

they hide

Computer Infestation is like an electronic diseases. It can affect your computer and anything attached to it.

PC SUPPORT TECHNICIAN

• PC support technicians are the "fix-it" people of the IT world. Just as TV repairmen, auto mechanics, plumbers and electricians are needed to maintain the health of your home, PC support technicians are needed to maintain your PC in good working order.

• Obviously, a good PC technician needs to be mechanically inclined.

• Nevertheless, more than that, they need to be proficient communicators.

• Diagnosing and repairing PC problems requires a thorough understanding of the situation, which often needs to be ascertained through conversations with end-users

PC SUPPORT TECHNICIAN

• Depending on the users’ level of knowledge, the response to the support technician's question of "What is wrong with your PC?" can vary widely.

• Experienced users may say, "The network card is Experienced users may say, "The network card is intermittently disconnecting from the network". intermittently disconnecting from the network".

• Less experienced users in the same situation may Less experienced users in the same situation may respond, "I can't get to Yahoo to check my email". respond, "I can't get to Yahoo to check my email".

• Novices may say, "My computer doesn't work." Novices may say, "My computer doesn't work."

• In the last case, the technician must use his interpersonal skills to elicit enough information from the user to give him a basis for formulating an opinion about what is wrong with the PC

PC SUPPORT TECHNICIAN

HELP-DESK TECHNICIAN

• In days of yore (the early 1970's), there were no PCs.

• Computers were large mainframes sold by a handful of major manufacturers.

• Back then, there weren't any help desks either.

• When there was a problem with the computer, the manufacturer was called.

• The engineers who designed the computer had to attempt to solve the problem.

• This took time away from their main task of designing new computers as well as not earning revenue for the computer manufacturer

HELP-DESK TECHNICIAN

• IBM, being a relatively perceptive organization hit upon a wonderful idea.

• They encouraged customers to pre-screen calls to for assistance internally before calling IBM for help.

• The incentive IBM offered was discounts on equipment.

• By calling a central point for help, IBM hoped that the customer would minimize the number of calls for technical support by solving repeat problems internally.

• Thus the concept of the modern help desk was born

HELP-DESK TECHNICIAN

• Screening problems is very different from solving them.

• Eventually, management realized that moving help desks from a reactive role (screening calls for help) to a proactive role (solving problems) should save the company money.

• Therefore, help desks evolved into the problem solving entities that they are today

HELP-DESK TECHNICIAN

HELP-DESK TECHNICIAN

PC SERVICE TECHNICIAN

• Goes to customer site in response to a service call

BENCH TECHNICIAN

• Works in a lab environment. May/may not interact with the PC user and not permanently responsible for this PC.

• A bench technician is a person who maintains, repairs, and fabricates electronic components in a workshop

• In companies that manufacture electronics, bench technicians are responsible for fabricating prototype models.

BENCH TECHNICIAN

• These models are used for testing, further design refinements, and quality checks.

• Ultimately, they will be used to develop plans used in mass production of these components.

• Bench technicians performing this type of work must think not only about how to assemble components, but how to create components for mass production, ideally using existing equipment and technology

ANTIVIRUS SOFTWARE

Designed to discover and remove a virus

Important defense against computer infestations

PERFORMANCE

• Some antivirus software can considerably reduce performance.

• Users may disable the antivirus protection to overcome the performance loss, thus increasing the risk of infection.

• For maximum protection, the antivirus software needs to be enabled all the time — often at the cost of slower performance.

SECURITY

• Antivirus programs can in themselves pose a security risk as they often run at the 'System' level of privileges and may hook the kernel —

• Both of these are necessary for the software to effectively do its job, however exploitation of the antivirus program itself could lead to privilege escalation and create a severe security threat.

SECURITY

• When purchasing antivirus software, the agreement may include a clause that the subscription will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval.

• For example, McAfee requires one to unsubscribe at least 60 days before the expiration of the present subscription.

• Norton Antivirus also renews subscriptions automatically by default.

ROGUE SECURITY APPLICATIONS

• Some antivirus programs are actually spyware masquerading as antivirus software.

• It is best to double-check that the antivirus software which is being downloaded is actually a real antivirus program.

FALSE POSITIVES

• If an antivirus program is configured to immediately delete or quarantine infected files (or does this by default), false positives in essential files can render the operating system or some applications unusable.

SYSTEM RELATED ISSUES

• Running multiple antivirus programs concurrently can harm performance and create conflicts.

• It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.

What ‘s wrong?What ‘s wrong?

Huh, My whole internal system is damaged by

virus

Huh, My whole internal system is damaged by

virus

Do you have a

backup?

Do you have a

backup?

Don’t think so. But I have an

antivirus install within the

system

Don’t think so. But I have an

antivirus install within the

system

Don’t worry. Just scan your hard disk using

Antivirus

Don’t worry. Just scan your hard disk using

Antivirus

Is that so? Thank you Mr

Officer!

Is that so? Thank you Mr

Officer!

UNDERSTANDING COMPUTER INFESTATIONS• Virus

Most common computer infestation

Has an incubation period Is contagious (replicates itself

by attaching itself to other programs)

Is destructive

continued

UNDERSTANDING COMPUTER INFESTATIONS• The term "virus" is also commonly but erroneously used to refer to

other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability.

• A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive

UNDERSTANDING COMPUTER INFESTATIONS• Trojan horse

Does not need a host program to work Substitutes itself for a legitimate program Unable to replicate

TROJAN HORSE

• The Trojan Horse is a tale from the Trojan War, as told in Virgil's Latin epic poem The Aeneid and by Quintus of Smyrna. The events in this story from the Bronze Age took place after Homer's Iliad, and before his Odyssey. It was the stratagem that allowed the Greeks finally to enter the city of Troy and end the conflict.

• In one version, after a fruitless 10-year siege, the Greeks constructed a huge wooden horse, and hid a select force of 30 men inside.

• The Greeks pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy.

• That night the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greek army entered and destroyed the city of Troy, decisively ending the war.

TROJAN HORSE PAYLOAD

TROJAN HORSE

• Since Trojan horses have a variety of forms, there is no single method to delete them.

• The simplest responses involve clearing the temporary internet files file and deleting it manually.

• Normally, antivirus software is able to detect and remove the Trojan automatically

UNDERSTANDING COMPUTER INFESTATIONS• Worm

Overloads a network as it replicates itself Does not need a host program

• A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.

• This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program.

• Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer

EXAMPLE OF WORM

• Christma Worm A student at a university in Germany created a worm in the REXX language.

He released his worm in December 1987 on a network of IBM mainframe computers in Europe. The worm displayed an image of a conifer tree on the user's monitor, while it searched two files on the user's account to collect e-mail addresses, then automatically sent itself to all of those addresses

• Morris Worm On 2 November 1988, Robert Tappan Morris, then a first-year graduate

student in computer science at Cornell University, released his worm that effectively shut down the Internet for several days.

The Morris Worm succeeded in infecting approximately 3000 computers, which was about 5% of the Internet at that time

Morris was the first person to be arrested, tried, and convicted for writing and releasing a malicious computer program. He was found guilty on 22 Jan 1990 and appealed, but the U.S. Court of Appeals upheld the trial court's decision

ILOVEYOU WORM

• The ILOVEYOU worm was first reported in Hong Kong on 4 May 2000 and spread westward on that day

• The ILOVEYOU worm arrived at the victim's computer in the form of e-mail with the ILOVEYOU subject line and an attachment. The e-mail itself was innocuous, but when the user clicked on the attachment to read the alleged love letter, LOVE-LETTER-FOR-YOU.TXT.VBS, the attachment was a Visual Basic program that performed a horrible sequence of bad things: deletion of files from victim's hard disk password theft worm propagates (send email)

WHERE V

IRUS H

IDE

WHERE VIRUSES HIDE

• Boot sector virusesHide in a boot sector programReplace boot program with a modified, infected version of boot command utilities, often causing boot and data retrieval problems

• File virusesHide in an executable (.exe or .com) programCan spread whenever the program is accessed

continued

WHERE VIRUSES HIDE

• Macro virusesHide in a word-processing document that contains a macroMost common viruses spread by e-mail

• Multipartite virusesCombination of a boot sector virus and a file virus

A multipartite virus is a computer virus that infects multiple different targets.

For a complete cleanup, all parts of the virus must be removed.

Because of the multiple vectors for the spread of infection, these viruses could spread faster than a boot or file infector alone

THE DAMAGE AN INFESTATION CAN CAUSE

Ranges from very minor to major Is called the payload Can be accomplished in a variety of ways

THE DAMAGE AN INFESTATION CAN CAUSE

THE DAMAGE AN INFESTATION CAN CAUSE

HOW INFESTATIONS SPREAD

continued

HOW INFESTATIONS SPREAD

HOW A VIRUS REPLICATES

VIRUS HOAXES

• A letter or e-mail warning about an nonexistent virus. Overloads network traffic

• A computer virus hoax is a false email message warning the recipient of a virus that is going around.

• The message usually serves as a chain e-mail that tells the recipient to forward it to everyone they know.

• Most hoaxes are easily identified by the fact that they say the virus will do nearly impossible things, like blow up the recipient's computer and set it on fire.

• They often claim to be from reputable organizations such as Microsoft and IBM, but include emotive language and encouragement to forward the message which would not come from an official source.

EXAMPLE OF VIRUS HOAX

PROTECTING AGAINST COMPUTER INFESTATIONSRegularly make backupsUse virus scan softwareUse wisdom when managing programs

EXAMPLES OF VIRUS SYMPTOMS

• A program takes longer than normal to load

• Less memory than usual is available• Noticeable reduction in disk space• Executable files have changed size• Files constantly become corrupted• Unusual error messages occur regularly

WHAT TO DO WHEN YOU SUSPECT A VIRUS INFESTATION• Run a virus scan program to detect

and delete the virus• Use latest upgrade of your AV software

PROTECTING AGAINST VIRUSES

ANTIVIRUS SOFTWARE FEATURES TO LOOK FOR• Ability to download new software

upgrades from the Internet• Ability to automatically execute at startup• Ability to detect macros in a word-

processing document as it is loaded by the word processor

• Ability to automatically monitor files being downloaded from the Internet

USING ANTIVIRUS SOFTWARE

Can be configured to scan memory and boot sector of hard drive for viruses each time PC is booted

Consider scheduling AV software to run at same time every day

Can be set to run continuously in the background and scan all programs that are executed

Can cause problems with other software, especially during installations

MCAFEE VIRUS SCAN SOFTWARE

MCAFEE VIRUS SCAN SOFTWARE

PLANNING FOR DISASTER RECOVERY

• Prepare for a disaster before it occurs• Know how to recover lost data• Know when the backup was made and

what you must do to recover information since the last backup (recordkeeping)

• Verify that your recovery plan will work by practicing it before a disaster occurs

SPYWARE

• Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge.

• The presence of spyware is typically hidden from the user, and can be difficult to detect.

• Typically, spyware is secretly installed on the user's personal computer.

• Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users

SPYWARE & ADWARE

• The term adware frequently refers to any software which displays advertisements, whether or not the user has consented

• Most adware is spyware in a different sense than "advertising-supported software": it displays advertisements related to what it finds from spying on users

• Unlike viruses and worms, spyware does not usually self-replicate.

• Like many recent viruses, however, spyware—by design—exploits infected computers for commercial gain

COMMON SPYWARE IN DIGITAL AGE

EXAMPLES

• These common spyware programs illustrate the diversity of behaviours found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators: CoolWebSearch, a group of programs, takes advantage of Internet

Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites

HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements

REMEDIES AND PREVENTION

• As the spyware threat has worsened, a number of techniques have emerged to counteract it.

• These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.

Anti-spyware programs Security practices

Many system operators install a web browser other than IE, such as Opera, Google Chrome or Mozilla Firefox. Though no browser is completely safe, Internet Explorer is at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ActiveX