Malware and computer viruses
Malware is program code, either self-contained or inserted into piece of legitimate software (a.k.a., a "Trojan horse"), that is specifically designed to perform malicious tasks developed by its programmer. These tasks could include:
- The exposure of personal or otherwise sensitive information,
- The exposure of your computer activity - this type of malware is usually referred to as "spyware" and "adware",
- Holding your data for ransom by encrypting your disk drive and mapped network shares, and demanding payment for the key that can decrypt it. This type of malware is referred to as "ransomware",
- The destruction or modification of your data and potentially your system,
- The issuance of email SPAM to large numbers of recipients,
- The configuring of your computer to attack other systems,
- The creation of "back door" accounts that allow the malicious individual to use your system at will in the future, etc.
The computer virus form of malware was so named because, like its biological counterparts, the malicious code is carried within an otherwise legitimate carrier (i.e., an application program) and has the ability to replicate itself into other programs to which your computer has access.
How does a computer get a virus or malware infection?
Computer viruses and most other forms of malware are activated when someone executes a program or opens a document, spreadsheet, etc., that contains the malicious code. The most common ways this can occur include when a computer user:
- Opens an infected executable program or document that was attached to an e-mail message,
- Clicks a link on a web site that downloads a program or document that contains malicious program code, and executes it.
- Clicks any place on an unsolicited web popup. Even the "X" in the upper corner, seemingly there to close the popup, could unleash malware.
- Inserts a DVD, USB or other storage device that is set up to automatically execute malicious code into his or her computer.
Malware does not always start its malicious activity immediately upon a link or attachment being clicked. Instead, it can lie dormant until a specific time of day or a certain event occurs.
How do anti-virus/anti-malware products protect computers?
In a nutshell, anti-virus/anti-malware products find viruses by scanning the program code of each program executed or document opened for known virus/malware code snippets, called “signatures”. These signatures are stored in a file used by the anti-virus/anti-malware software and should be updated regularly, usually daily. Because there is a time lag between a new virus hitting the Internet and the anti-virus/anti-malware software being updated to "know" its signature (called the "day zero" problem), the level of protection that is provided by anti-virus/anti-malware software is good, but not perfect.
To help fill the gaps in anti-virus/anti-malware protection, be discerning about the web sites you visit, be wary of email attachments, and log into your computer with a user-level account rather than an administrator-level account to limit what an activated virus or piece of malware can do. See the web page entitled "Administrator vs. user accounts" for more information.
When are programs screened for viruses and other malware?
Virtually all anti-virus/anti-malware products provide you with the following options for screening programs on your system:
- Each program and document may be scanned every time it is executed while it is being loaded into the computer's memory.
- Periodically, you can have your anti-virus/anti-malware software scan every program and other executable file on your hard drive either on demand or at a scheduled time.
- All programs on removable media, e.g., DVDs, USB devices, can be scanned when media is inserted.
Note that these are options and must be activated through the product's configuration settings. Most products turn these methods on by default, but it is important to check the product's configuration settings regularly to ensure they are still active. Some forms of malicious code can turn these options off.
What happens when a virus or piece of malware is detected?
When anti-virus/anti-malware software detects malicious code within a program, it can take any of the following actions based upon how your system is configured:
- Delete the program or document,
- Try to extract the malicious code from the program or document,
- Quarantine the program or document (keep it in a folder for later analysis),
- Leave the program or document alone.
In all cases the event is logged.
Anti-virus/anti-malware software at UHCL
All University-owned computers Windows devices have anti-virus/anti-malware software installed as part of their system images and are configured centrally by group policy. The software is managed and supported by UCT personnel.
The anti-virus/anti-malware software is configured to:
- Receive signature updates daily
- Run all three screening methods described above.
How can you protect your personally-owned computer against viruses and other malware?
Make sure that you have anti-virus/anti-malware software installed on your system and have activated all three screening methods listed above. For Windows computers you have at home, Windows Defender is a good, free anti-virus/anti-malware product.
If you use an anti-virus/anti-malware product that is purchased on an annual subscription basis, you MUST pay a subscription fee when due, or you will not receive any further signature file updates. If that occurs, your anti-virus/anti-malware software rapidly will become ineffective since it will not be able to detect any of the new viruses and pieces of malware that are created daily.
As mentioned earlier, be discerning about the web sites that you visit and the e-mail attachments and links you receive, and log in with user-level privileges when performing day-to-day tasks where possible.