The Grey Chronicles

2008.June.24

Virus and Infections



According to several sources from personal research: malwares are basically categorized into three: virus, spyware, Trojans. (NB: there are other categories, but these three could well represent all the other malwares).

Virus, usually, an executable file, could be downloaded from Internet, copied through removable media, and has a trigger (clicking on a file, opening explorer) to cause an infection to deliver a payload –cause havoc in your computer– through replication (copying itself).

Spywares (includes adwares, keyloggers, dialers) are mostly scripts [js, vbs], or small executable files [mostly dlls] downloaded while surfing the net; it doesn’t have a trigger, and once it resides on a host (your machine) would try to collect info such as open proxies, email addresses, and send them to the spyware creator for “spying” purposes. Most of these are deployed from rogue sites [password crackers, P2P, etc.]

Trojans [which includes root kits] are similar to spyware but it has a trigger to execute its design actions such as install or exploit a backdoor. It does not replicate like a virus.

There is a tendency that these three counter-mix, thus most users are not aware of the subtle differences between them.

Most of the antivirus applications deal primary with the first category: virus; When spywares became prevalent on the ‘net; several applications came out and SpyBot (with its real-time Tea Timer) and AdAware were the pioneers for this technology; most other resurrections are copy-cats of these two; or literally minor improvements. Then the antivirus manufacturers came with malware suites which purportedly addresses some malwares. It is interesting to note that most users claim that one suite could do this and that, but malware protection is not done with one suite, as most of us found out. Thus, instead of relying on one antivirus or one antispyware application; most of us install several to address these threats [an impending infection]; and if our computers are already infected, finding the right software could be frustrating at times.

Threats are dependent on the anti-malware manufacturer; some consider cookies, MRUs, recent document links are threats, others do not. Thus they are often classified as low. Most anti-virus softwares consider spyware as threats; while anti-spyware applications consider spyware as infection.

Infection, however, are real-time events–meaning they could be running in the background or in the computer memory. Some are very clever indeed that they could replicate and put encrypted copies on various folders. So, infection can either be a virus, spyware or a trojan, depending on the application that finds it.

I recommend that users should install a good real-time anti-virus, an updated anti-spyware, and a a root-kit/trojan remover. These THREE softwares should be constantly updated — online or offline– to protect computer from threats [impending infection] or infection [malware already in computer]. Plus, a regular scan should be automatically scheduled. One last thing, although a real-time scan is recommended; some malware variants are too fastidious that a scan on SAFE MODE is the only way to go. Prior to that, I recommend that before doing a SAFE MODE scan, empty ALL the temporary files, disable System Restore, and empty the recycle bin/s.

And mind your internet surfing behavior: signing-up for something, downloading from rogue sites, viewing hardcore porn are pathways to malware infection!


Notes:

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 LicenseDisclaimer: The posts on this site do not necessarily represent any organization’s positions, strategies or opinions; and unless otherwise expressly stated, are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: