Viruses, Trojans, and Worms…Oh My!

If you have ever been hit by a computer virus, trojan, or worm, then you know how the Wicked Witch of the East felt when the house fell on her. It can be an emotional, expensive, and frustrating experience. I hope that you learn something from this article that helps you avoid these pests. You warn your patients that if they don’t brush and floss daily, they will have problems. Why not apply this to your computer network as well?


I will cover a few different areas that you should be looking at when implementing a program to protect your network. There are many different products available that you can use as part of your program. Due to the large number, I can’t discuss each one in detail. I will cover what the program should include but leave it up to you and your computer network company to decide which products are right for you.

Let’s start off by explaining what each of the pests are and what they do.

SOME DEFINITIONS
A virus is a software program that is written to change the way your computer operates and to use the computer it infects to spread the virus around the Internet. A virus will run if a user executes the program; it won’t run on its own. The most common way that a virus spreads today is through e-mail attachments.


A worm is also a software program, but the way it spreads is different from a virus. A worm does not attach itself to another program (like a virus e-mail attachment); it spreads on its own. The worm uses the computer it infects to attack other computers. The Blaster worm that started spreading this past August is an example of a worm. It attacked computers that were not patched to fix a problem with certain versions of Windows. (More on that later.)

A trojan is a program that appears to be harmless, like a screensaver or game, but is really a malicious program that will damage your computer, frustrate you, and may even try to steal data from your PC. These programs can hide in the background and run without you being aware they are there. 

Now you have an interesting topic to discuss to break the awkward silence at your next cocktail party. You know the difference between the pests, but how do you stop them from getting into your computer?

HOW TO PROTECT YOUR DATA
Most antivirus programs will detect worms as well as viruses. They also will detect some trojans, but you should use additional software to protect against trojans.


A quick look at my antivirus program definition file tells me that it is protecting my PC from 65,417 different viruses. (That number will increase by the time you read this.) This file is continuously updated by the software’s vendor, but I need to download these updates to keep the software on my PC up to date. If you purchased your PC more than a year ago and the antivirus software came installed on it, then you will probably need to renew its subscription. Have you been getting those annoying messages popping up on your screen that your antivirus software is out of date? Do you click no each time it asks you if you want to update? If you answered yes, then you could be in trouble. If you try to update but you get a message that your subscription has expired and the vendor wants $20 from you to renew it for one year, then you are also at risk. I know it’s not my money, but spend the $20 and renew the subscription for one year. You need to keep your antivirus software updated so it can protect your PC from the latest viruses. I have seen PCs that had not been updated in 2 years because people would click no each time the message popped up because they were in the middle of doing something. 

Do you have a network of PCs? Now we are talking more than $20, right? How much do you think it will cost to remove a virus from every PC on your network? I guarantee it will be a lot more than $20 per PC. The cost of lost productivity and paying someone to remove the virus are only 2 costs associated with a virus. You think to yourself, “I am computer savvy. I can remove the virus on my own.” How much is your time worth? But there is good news if you have a network of PCs. Many antivirus programs have a version that allows for the management of the antivirus software on each PC from a central location. This means that your server can manage the antivirus software on the workstations. 

Here’s how it works and why it’s good news. You install the software on the server, then install the software on each PC from the server. You can now sit at the server and configure each workstation to the settings you want. These settings include how often to scan the PC, how often to check for updates, and many other settings. You also can lock the settings on the workstations so the person using the PC can’t change them. The server is now the central location for updates. The server is configured to go out to the vendor’s Web site and download any updates for the program. The server then distributes these updates to the workstations in the background. The user cannot click no to the updates. I have clients who have their server check for updates every 3 hours because they had it set to once a day but missed the update that day due to timing and got hit with a new virus. They have a T1 or DSL Internet connection, so they are always connected and bandwidth is not an issue.

These server-managed versions may still require that you renew the subscription once a year, so please make sure you renew it. You can usually see the virus definition file date or your subscription expiration date on the first screen that appears when you open the program.

A dial-up connection creates its own issues. It can take a long time to download the updates, and many people get frustrated and cancel the update or never let it get started. But, they have no problem waiting for that e-mail from their friend, which just happens to have a virus attachment to download. It looks like it might be really funny, and they can’t wait to open it. If you have a dial-up connection, configure it to check for updates during lunch and automatically disconnect when it is finished downloading.

One item you should check to make sure you are protected is to verify that the software is configured to “auto-protect” (or whatever your software calls it) so that the software is always running in the background. This setting is usually the default when you install the software, but some tech support people have been known to disable this because it will slow down some programs. The newer versions allow you to change the setting so it won’t scan the directory where this program is located but will still protect the rest of the PC. The software should be configured to scan every e-mail that you send and receive. A scan of the PC should be scheduled for once a week or at least once a month. 

Now that your antivirus software is running and staying up to date, we turn our attention to those pesky trojans. One way that a trojan gets installed on your PC is when you click on the okay button in a pop-up ad and say yes to install the software. The pop-up ad probably told you that your PC was exposed to the world and it would help you protect it or something to that effect. Isn’t the Internet great? There are some really nice people out there who are watching out for your best interest and offering you free software to protect you from the bad people. Sorry to tell you this, but that software program probably exposes your information to the Internet, and more specifically, to the person who wrote the software. There are many trojans that will try to steal user names, passwords, credit card information, and other sensitive data from your PC and send it to the author of the trojan or to other anonymous people. Trojans can also keep track of where you go on the Internet and send this information along to a Web site.

So, if it hides in the background, how do you know if your PC has been infected by a trojan? One way you will know is if you start seeing pop-up ads on the screen even if no one is using the PC or you start getting pop-up ads that advertise a product similar to the one that is on the Web site you are viewing. The best way is to buy adware/spyware removal software. This software will scan your PC and will get rid of most of these trojans, but be careful when running these tools because you may delete a file that is valid and part of a program. Use a program that allows you the option of quarantining the files. This moves the files into a hidden area until you are sure you want to delete them. Clean out the quarantine area once a month. These removal tools are becoming a critical part of any computer network. There are server-managed versions similar to antivirus versions that allow you to manage the software on a network from a central location. They also use a subscription-based program for the updates. You should scan the workstations at least once a week to make sure they are not compromised. 

Microsoft is constantly releasing updates to its software. Some of these updates fix security holes that have been discovered in the field. There are numerous ways to stay current on these up­dates, including a manual update from each PC as well as an automatic update from each PC. Please be aware that these updates will make changes to the operating system and they could cause problems with your PC. But, if you don’t run the update, you could be exposed to other problems. If it sounds like I am waffling on this one, it’s because I am. I want you to understand fully what these updates are and the risks associated with installing them. Most of the time, they install without a problem. The old cyber-adage applies here: downloader beware. 

The server programs that can centrally manage up­dates have their own issues as well. These updates usually require a reboot after installation. This reboot can cause problems if there are files open on the PC that are not saved or if the PC is processing something. I know that some people use these programs to download and install the updates, but they still go to each PC and reboot it locally. One idea is to run the updates once or twice a month during a slow period and have your computer services company on site while the updates are installing. 

Microsoft also releases service packs for its software programs. These service packs include the updates released since the previous service pack and other updates and enhancements to the software program. The service packs tend to be released once a year or so. If you are staying current on the updates, you still need to install the service packs. But, there is no need to be the first one on the block to have the service packs installed. I prefer to wait before installing new service packs. This gives other people a chance to install and test the new service pack and hopefully to work out any problems with the new software. You probably don’t like to hear a tech support person say, “We have never run into that before.” 

One issue with trying to hold off on service pack installations is that they will show up as part of the updates if you run Windows Update. You will have to click on the remove button each time not to install the software. Service packs are a major upgrade to the PC software, and the installation should be planned with the expectation that some PCs will experience problems after the installation.

CONCLUSION
I am sure that some of you are saying to yourself, “Why do I need to go through all this hassle? We have had our PCs for 2 years and never once have we updated them, and nothing has happened.” I hope that you have not had a car accident or been sick in the last 2 years as well. If that is the case, cancel your health insurance and your auto insurance. You are on a roll and you may want to play the lottery. I know this is a bit over the top, but I want to make sure that you take some basic precautions to protect your business data. If you don’t think PCs are important to your practice, then turn them off and unplug them. This will give you an opportunity to see how your practice will run if they are hit with a virus, trojan, or worm that takes them all down.


Mr. Walsh is the owner of NDM Networks in Marlborough, Mass. NDM Networks provides computer and networking services to dental practices and small businesses in Massachusetts and Rhode Island. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it or at (508) 624-9898.

 



Hide comment form

Smileys

:confused::cool::cry::laugh::lol::normal::blush::rolleyes::sad::shocked::sick::sleeping::smile::surprised::tongue::unsure::whistle::wink:

1000 Characters left

Antispam Refresh image Case sensitive