6) How can I avoid infection? (Computer virus)
Description
This article is from the Computer viruses FAQ, by David Harley D.Harley@icrf.icnet.uk, George Wenzel gwenzel@telusplanet.net and Bruce Burrell bpb@umich.edu with numerous contributions by others.
6) How can I avoid infection? (Computer virus)
There is no way to guarantee that you will avoid infection. However,
the potential damage can be minimized by taking the following
precautions:
* make sure you have a clean boot disk - test with whatever (up-to-date!)
antivirus software you can get hold of and make sure it is (and stays)
write-protected. Boot from it and make a couple of copies.
* use reputable, up-to-date and properly-installed anti-virus
software regularly. (See below) If you use a shareware package
for which payment and/or registration is required, do it. Not only
does it encourage the writer and make you feel virtuous, it means
you can legitimately ask for technical support in a crisis.
* do some reading (see below). If you're a home user, you may well
get an infection sooner or later. If you're a business user, it'll
be sooner. Either way you'll benefit from a little background.
If you're a business user you (or your enterprise) need a policy.
* don't rely *solely* on newsgroups like this to get you out of
trouble: it may be a while before you get a response (especially
from a moderated group like comp.virus), and the first response
you act upon may not offer the most appropriate advice for your
particular problem.
* if you use a shareware/freeware package, make sure you have hard
copy of the documentation *before* your system falls apart!
* always run a memory-resident scanner to monitor disk access and
executable files before they're run.
* if you run Windows, a reputable anti-virus package which includes
DOS *and* Windows components is likely to offer better protection
than a DOS only package. If you run Windows 95, you need a proper
Win95 32-bit package for full protection.
* make sure your home system is protected, as well as your work PC.
* check all new systems and all floppy disks when they're brought
in (from *any* source) with a good virus-scanning program.
* acquire software from reputable sources: 2nd-hand software is
frequently unchecked and sometimes infected. Bear in mind that
shrinkwrapped software isn't necessarily unused. In any case,
reputable firms have shipped viruses unknowingly.
* once formatted, keep floppies write-disabled except when you need
to write a file to them: then write-disable them again.
* make sure your data is backed up regularly and that the procedures
for restoring archived data *work* properly.
* scan pre-formatted diskettes before use.
* Get to know all the components of the package you're using and
consider which bits to use and how best to use them. Different
packages have different strengths: diversifying and mixing and
matching can, if carefully and properly done, be a good antivirus
strategy, especially in a corporate environment
* if your PC can be prevented with a CMOS setting from booting with a
disk in drive A, do it (and re-enable floppy booting temporarily when
you need to clean-boot).
CMOS settings
- - -------------
Some CMOSes come with special anti-virus settings. These are normally
vague about what they do but typically they write-protect your hard
disk's boot sector and partition sector (MBR). This can be some use
against boot sector viruses but may false alarm when you upgrade your
operating system.
One sensible setting to make (if your CMOS allows) is to adjust the
boot sequence of your PC. Changing the default boot-up drive order
from A: C: to C: will mean that the PC will attempt to boot from drive
C: even if a floppy disk has been left in drive A:. This way boot
sector virus infection can often be avoided. Remember, however, to set
your CMOS back temporarily if you ever *do* want to boot clean from
floppy (for example, when running a cryptographical checksummer
after a cold boot).
SCSI controllers have their own BIOS. On some systems, this will
override the boot sequence set in CMOS. It's always a good idea
to check with a (known clean) bootable floppy after you've
disabled floppy booting that it really is disabled. I don't think
it's necessary to use the Rosenthal Simulator to do this, thank
you, Doren.
Continue to:
My Books
