700 likes | 872 Views
Troubleshooting Perspective & Computer Infestation. Class, do you know what is computer infestation?. Computer infestation is an unwanted program transmitted to a computer without user’s knowledge. It was designed to damage data and software (does not physically damage PC hardware).
E N D
Computer infestation is an unwanted program transmitted to a computer without user’s knowledge. It was designed to damage data and software (does not physically damage PC hardware)
Three categories (viruses, worms, Trojan horses), each differing in the way they spread, what damage they do, and how they hide
Computer Infestation is like an electronic diseases. It can affect your computer and anything attached to it.
How to cure disease? Get the help from “computer doctor”
PC Support Technician • PC support technicians are the "fix-it" people of the IT world. Just as TV repairmen, auto mechanics, plumbers and electricians are needed to maintain the health of your home, PC support technicians are needed to maintain your PC in good working order. • Obviously, a good PC technician needs to be mechanically inclined. • Nevertheless, more than that, they need to be proficient communicators. • Diagnosing and repairing PC problems requires a thorough understanding of the situation, which often needs to be ascertained through conversations with end-users
PC Support Technician • Depending on the users’ level of knowledge, the response to the support technician's question of "What is wrong with your PC?" can vary widely. • Experienced users may say, "The network card is intermittently disconnecting from the network". • Less experienced users in the same situation may respond, "I can't get to Yahoo to check my email". • Novices may say, "My computer doesn't work." • In the last case, the technician must use his interpersonal skills to elicit enough information from the user to give him a basis for formulating an opinion about what is wrong with the PC
Help-Desk Technician • In days of yore (the early 1970's), there were no PCs. • Computers were large mainframes sold by a handful of major manufacturers. • Back then, there weren't any help desks either. • When there was a problem with the computer, the manufacturer was called. • The engineers who designed the computer had to attempt to solve the problem. • This took time away from their main task of designing new computers as well as not earning revenue for the computer manufacturer
Help-Desk Technician • IBM, being a relatively perceptive organization hit upon a wonderful idea. • They encouraged customers to pre-screen calls to for assistance internally before calling IBM for help. • The incentive IBM offered was discounts on equipment. • By calling a central point for help, IBM hoped that the customer would minimize the number of calls for technical support by solving repeat problems internally. • Thus the concept of the modern help desk was born
Help-Desk Technician • Screening problems is very different from solving them. • Eventually, management realized that moving help desks from a reactive role (screening calls for help) to a proactive role (solving problems) should save the company money. • Therefore, help desks evolved into the problem solving entities that they are today
PC service technician • Goes to customer site in response to a service call
Bench technician • Works in a lab environment. May/may not interact with the PC user and not permanently responsible for this PC. • A bench technician is a person who maintains, repairs, and fabricates electronic components in a workshop • In companies that manufacture electronics, bench technicians are responsible for fabricating prototype models.
Bench technician • These models are used for testing, further design refinements, and quality checks. • Ultimately, they will be used to develop plans used in mass production of these components. • Bench technicians performing this type of work must think not only about how to assemble components, but how to create components for mass production, ideally using existing equipment and technology
Antivirus software • Designed to discover and remove a virus • Important defense against computer infestations
Performance • Some antivirus software can considerably reduce performance. • Users may disable the antivirus protection to overcome the performance loss, thus increasing the risk of infection. • For maximum protection, the antivirus software needs to be enabled all the time — often at the cost of slower performance.
Security • Antivirus programs can in themselves pose a security risk as they often run at the 'System' level of privileges and may hook the kernel — • Both of these are necessary for the software to effectively do its job, however exploitation of the antivirus program itself could lead to privilege escalation and create a severe security threat.
Security • When purchasing antivirus software, the agreement may include a clause that the subscription will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval. • For example, McAfee requires one to unsubscribe at least 60 days before the expiration of the present subscription. • Norton Antivirus also renews subscriptions automatically by default.
Rogue security applications • Some antivirus programs are actually spyware masquerading as antivirus software. • It is best to double-check that the antivirus software which is being downloaded is actually a real antivirus program.
False positives • If an antivirus program is configured to immediately delete or quarantine infected files (or does this by default), false positives in essential files can render the operating system or some applications unusable.
System related issues • Running multiple antivirus programs concurrently can harm performance and create conflicts. • It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.
What ‘s wrong? Huh, My whole internal system is damaged by virus
Do you have a backup? Don’t think so. But I have an antivirus install within the system
Don’t worry. Just scan your hard disk using Antivirus Is that so? Thank you Mr Officer!
Can we solve our Problem using AV s/w?
Understanding Computer Infestations • Virus • Most common computer infestation • Has an incubation period • Is contagious (replicates itself by attaching itself to other programs) • Is destructive continued
Understanding Computer Infestations • The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. • A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive
Understanding Computer Infestations • Trojan horse • Does not need a host program to work • Substitutes itself for a legitimate program • Unable to replicate
Trojan horse • The Trojan Horse is a tale from the Trojan War, as told in Virgil's Latin epic poem The Aeneid and by Quintus of Smyrna. The events in this story from the Bronze Age took place after Homer's Iliad, and before his Odyssey. It was the stratagem that allowed the Greeks finally to enter the city of Troy and end the conflict. • In one version, after a fruitless 10-year siege, the Greeks constructed a huge wooden horse, and hid a select force of 30 men inside. • The Greeks pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy. • That night the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greek army entered and destroyed the city of Troy, decisively ending the war.
Trojan horse • Since Trojan horses have a variety of forms, there is no single method to delete them. • The simplest responses involve clearing the temporary internet files file and deleting it manually. • Normally, antivirus software is able to detect and remove the Trojan automatically
Understanding Computer Infestations • Worm • Overloads a network as it replicates itself • Does not need a host program • A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. • This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. • Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer
Example of worm • Christma Worm • A student at a university in Germany created a worm in the REXX language. He released his worm in December 1987 on a network of IBM mainframe computers in Europe. The worm displayed an image of a conifer tree on the user's monitor, while it searched two files on the user's account to collect e-mail addresses, then automatically sent itself to all of those addresses • Morris Worm • On 2 November 1988, Robert Tappan Morris, then a first-year graduate student in computer science at Cornell University, released his worm that effectively shut down the Internet for several days. • The Morris Worm succeeded in infecting approximately 3000 computers, which was about 5% of the Internet at that time • Morris was the first person to be arrested, tried, and convicted for writing and releasing a malicious computer program. He was found guilty on 22 Jan 1990 and appealed, but the U.S. Court of Appeals upheld the trial court's decision
ILOVEYOU Worm • The ILOVEYOU worm was first reported in Hong Kong on 4 May 2000 and spread westward on that day • The ILOVEYOU worm arrived at the victim's computer in the form of e-mail with the ILOVEYOU subject line and an attachment. The e-mail itself was innocuous, but when the user clicked on the attachment to read the alleged love letter, LOVE-LETTER-FOR-YOU.TXT.VBS, the attachment was a Visual Basic program that performed a horrible sequence of bad things: • deletion of files from victim's hard disk • password theft • worm propagates (send email)
Where Viruses Hide • Boot sector viruses • Hide in a boot sector program • Replace boot program with a modified, infected version of boot command utilities, often causing boot and data retrieval problems • File viruses • Hide in an executable (.exe or .com) program • Can spread whenever the program is accessed continued
Where Viruses Hide • Macro viruses • Hide in a word-processing document that contains a macro • Most common viruses spread by e-mail • Multipartite viruses • Combination of a boot sector virus and a file virus • A multipartite virus is a computer virus that infects multiple different targets. • For a complete cleanup, all parts of the virus must be removed. • Because of the multiple vectors for the spread of infection, these viruses could spread faster than a boot or file infector alone
The Damage an Infestation Can Cause • Ranges from very minor to major • Is called the payload • Can be accomplished in a variety of ways
How Infestations Spread continued