Software Computer Care
Protecting Your Computer Against Malware
Common Malware Types
Trojan horses, worms, and viruses are commonly confused but are also the most common types of malware infections. Knowing the differences between each of these will help you be better able to protect your computer from these threats.
Viruses are the most common kind of malware which is why, more often than not, we include all malware under the umbrella term of “virus.” The transmission of a virus always depends on human action although the exact method differs between the types of viruses. A human action might be clicking on an infected link or downloading an infected file. In order to expedite infection, it is common to disguise a virus as a different kind of file. The example I use here involves a fictitious virus named picture.png.exe. What people will do is they hide the .exe so that you think that this picture that you found is just a picture, not a virus. Then, once it’s downloaded onto your system, the virus is unleashed. This technique of hiding of the actual type of file is used quite frequently, especially in email attachments. Once in your system, viruses try to avoid detection by your operating system. They each try and hide using different ways, and as we can see by the growth of viruses, they are extraordinarily successful. The number of viruses grew by about 7 million between 2009 and 2011. As of October 6, 2009 there were 4,775,245 viruses and risks, and as of March 1, 2011 there were 11,019,843. The rate of virus creation has not slowed down since 2011, so it is becoming exceedingly important to run a regular virus scan. As of June 26, 2013, the virus count had reached 23,246,246.
Viruses differ in their execution. Each is undesirable in its own way, but the range and kind of harm that they do varies. Bootsector viruses are almost obsolete; they died along with the floppy disk. Rootkits aren’t technically viruses, but it can conceal a virus, so it is good to be wary of them nevertheless. Rootkits can aid in the stealing of computer passwords and personal information in addition to sending out email spam. Time bombs are viruses that hide until a certain day or event comes to pass. Polymorphic viruses are very difficult to detect because it changes its virus signature each time it replicates into a new file. Macro viruses infect programs such as MS Excel or MS Word by using their programming to corrupt those documents. Memory resident viruses stay in the computer’s memory even after the program that they were using is closed. Stealth viruses do their best to hide from the OS in addition to the standard changing of files and other important values. Program viruses do just what you would think they would do: they infect a program, making it so that your computer’s functionality is compromised.
Trojan horses are unpleasant because, just as the Greeks used the Trojan horse as a disguise to get into Troy, the malware version of a Trojan horse appears to be useful so that you will unwittingly install them on your computer. The computer version of a Trojan horse allows a hacker to gain remote access to a computer allowing them to delete files, steal important data, among other things.
Worms are an interesting subclass of viruses because they act in a different way. They mainly cause harm to the network instead of altering files on the target computer, although some of them do. Additionally, they do not need human action to spread and are, in fact, self-replicating. Because they replicate so quickly and transmit themselves through the network they can significantly slow down Web servers.
Blended threats are the worst kind of malware that you can get. Basically take anything bad you can think of from viruses, worms, and Trojan horses and then throw them into one nasty piece of malware. They use server and internet vulnerabilities to spread and replicate on computers. Usually, blended threats cause harm to a computer or a network, can propagate using multiple methods, not just one like typical malware, and can alter multiple areas of your computer at a time. Because of this, some of the most costly viruses were ones that were blended threats. A blended threat uses multiple modes of transport and might damage the computer in a variety of ways instead of just one. Code Red and Nimda are examples of blended threats that cost companies millions in damage.
The easiest way to get a nasty bit of malware installed on your computer is by clicking on a shady link or file. The simplest way to avoid this is to be aware of phishing scams and other such issues. Make sure that you don’t blindly download email attachments and also double check the source. Doing these steps will make it a lot easier to keep your computer malware free.
Getting Rid of Fragmented Files
Fragmented files can pose quite a problem for the efficiency of your computer. Unfortunately, they are almost unavoidable because of how your computer utilizes the available space. Let’s use this picture here as an example. We have five files of equal size A through E. It doesn’t matter the exact size or type. We decide that B has become almost useless to us, so we delete it. Now, we have some extra space for another file. So, we find that we have to save file F, which is slightly smaller than the free space left by B. Later, we add a file G that perfectly fits between F and C. Then, when we edit F and make it bigger, where can that file go? It is in a space that is perfectly sized just for it. What happens is that the part of the file that can’t fit in the original space just goes to where there is free space. This is a fragmented file. When there are a lot of fragments it can take a really long time for a computer to gather up all of those fragments to open an entire file.
Defragmentation rearranges the files so that they become contiguous. It also optimizes disk usage because it is more efficient to have files placed at the edge of the disk. If you look at the picture, you can see the red as the fragmented files. With defragmentation you’ll rearrange the files so that the rearranged files will be put on the outside of the disk which makes it easier for the computer to access the files. The benefits of defragmentation include speeding up file opening time and it also helps keep your HDD fully functional.
You can use this guide to help you defragment your disk.
Even though Windows might tell you that your computer does not need defragmentation, it could still benefit from running the process. You can schedule this task for whenever time you want, but make sure that the time you scheduled it for is a time that your computer will be on. Keeping up on schedule means that your computer won’t slow down as much, allowing you to be more efficient and less frustrated.
You can work while your computer is defragmenting, although that might slow down the process. If you want to optimize the benefits of defragmentation, you should keep on running the defragmenter tool until the time it takes to defragment the disk is significantly decreased, potentially until it only takes a couple of minutes.
CHKDSK and Hard Drive Errors
Along with defragmentation, CHKDSK is also a good way to make sure that your hard drive is running properly. CHKDSK works in three stages. First, it will verify your files. Then, it will verify your indexes. Finally, it will conclude by verifying your security descriptors. By going through these stages, CHKDSK identifies and fixes the errors on your disk and displays a status report. It also prevents any data corruption from snowballing. For example, let’s say that you have a slight problem on your disk and you just let it chill there because you’re busy. Now, couple of months down the line your computer is slowly dying. And this can result all because you didn’t take care of a small problem while it was still small and fixable. This means that it is usually a really smart idea to run CHKDSK, especially if you go to shady sites a lot.
Stage 1: The end goal for stage 1 is to know what space is free and what space is in use. It does this by creating two different bitmaps that compare what files are in use and which volumes are in use. The comparison between these gives the computer an accurate idea of the free space. The bitmaps that CHKDSK generates are then compared with the NTFS record and if there are discrepancies they are reported. This can happen when there is a corrupted file that needs to be deleted.
Stage 2: Stage 2’s goal is to make sure that each directory is referenced properly. So once Stage 2 is completed, you can be sure that there will be no orphaned files, that is, every single file will be referenced somewhere. It also checks to make sure that the files that are recorded as existing actually exist. It will reorganize directory discrepancies.
Stage 3: At the end of Stage 3, your computer will have made sure that security descriptors are well formed and internally consistent. Security descriptors basically say who has permission to access that file and who owns it. It does not check that the owners exist or if the permissions are appropriate.
You have a couple of options for running CHKDSK and maintaining your hard disk properly. You can either use the command prompt which gives you a lot of options, or you can use the built-in Windows utility.
Parameters can be used if you are running chkdsk in the command prompt. They each have a different function, so you are allowed to use multiple parameters. You’ll have to have administrator privileges.
There are a variety of parameters that you can use in order to change what you want the chkdsk utility to do. For those parameters that fix disk errors, you won’t be able to run chkdsk while the computer is running. Instead, you’ll have to turn off your computer. In fact, it’s actually a smarter idea to run chkdsk using one of these parameters because running chkdsk on your local disk while your computer is on can’t actually fix anything and might give you false information in the status report.
Syntax: chkdsk [volume]: /[switch] /[switch] ... /[switch]
|Summary of CHKDSK Parameters|
|Parameter Name||Description||Requires Reboot?|
|none specified||This can run chkdsk while your computer is running, but it is unable to fix any errors and may show erroneous errors due to files being open.||No|
|/?||Displays help in the command prompt||No|
|/f||Fixes error on the volume. This parameter specifies that system files must be accessed, so you’ll have to reboot your computer.||Yes|
|/r||This is the “repair” parameter. Windows tries to locate all bad sectors and recover readable information. There is one problem, however; Windows will delete any unreadable information without necessarily informing you. So be careful. This parameter also requires a locked drive.||Yes|
|/v||If you use the /v switch, it will give you different results for NTFS and FAT filesystems. Your C: drive is NTFS. For NTFS filesystems, this parameter prints out cleanup messages. For FAT systems, this prints out every single file scanned.||Sometimes. Depends on other parameters specified.|
|/i||/i is considered abbreviated because it does not scan all of the index entries.||No|
|/c||/c skips the checking of cycles within the folder structure.||No|
There are many other parameters that you can use, all of which, including descriptions, are on the Microsoft website.
Notice when Starting up Your Computer
Sometimes, when you start up your computer, you will see that Windows wants to check your disks for errors. While you can ignore this message and proceed to startup without running the disk check, you should really let it run because if Windows says there’s a problem, you run for the risk for the problem snowballing.
Freeing Up Disk Space to Increase Efficiency
It is a good idea to uninstall software that you really don’t use (unless you need it for your schoolwork of course!). However, let’s say that you download a program and then a couple of months later you realize that you only used it twice. It would be a good idea to get rid of that program because it will free up valuable disk space which will in turn help speed up your computer. You can find the utility for removing programs in the control panel. If you can’t easily find the icon, you can search in the search bar in the upper right hand corner.
There is a very useful guide here for how to do this.
You can also remove old files to help keep a lot of free space for your computer. If you want to keep all of your old files on an external hard drive, feel free, but there’s no need to keep them clogging up your computer’s hard disk. Just send them to the Recycling Bin or the Trash (remembering to empty it!).
If you need more information on how to use CCleaner, please follow this link.
CCleaner is a free registry cleaner. To explain that in better terms, this means that it gets rid of unnecessary references to programs that no longer exist or registries that no longer serve a purpose, other than cluttering up your disk. It is important to use CCleaner to get rid of unnecessary registry values because doing it manually means that there is a high risk for deleting an important registry key that is needed for startup. Additionally, registry cleaner programs have been criticized for being malware, but we know that CCleaner is not, so please do not download a lot of registry cleaner programs, when CCleaner would suffice.
You can back up your files with Google Backup and Sync (external link) or manually with an external USB or hard drive.
Backing up is one of the smartest things you can do for yourself. There is nothing like that horrible plummeting feeling when you realize that you just lost a huge project that you had just finished at about 3 am the night before it’s due. This is a problem because some teachers won’t accept computer problems as an excuse for late work. For example, my sophomore year, I had to give a presentation from memory because my computer wouldn’t start and I hadn’t backed it up. This was awful. So learn from my mistakes and back your stuff up.
You need to back up. This is non-negotiable. As a part of software computer maintenance, you absolutely need to make sure that you back up on a schedule. It’s not good enough to back up files when you get a virus. You may have transferred corrupted files onto your spiffy external hard drive, destroying all of the files that you thought you had saved.
Remember that automatic methods, while convenient, run the risk of backfiring on you. In ITS, we have seen people who thought that they had backed up their computer and then proceeded to lose all of their data when they realized that their automatic program had backfired. Therefore, drag and drop is a much more effective way to protect your data.
As a bonus, if you ever need to get a reimage, keeping up to date with backing up reduces the stress of a reimage thousandfold.
Turn Off Computer
Turning off your computer is actually really important. We recommend that you turn off your computer at least once a week. Just as a friendly reminder, turning off your computer is not the same as hibernate or standby. System files can only be edited during start up and shut down, so as your computer remains on, memory fragments begin to build up. Because your computer can’t get rid of these memory fragments while running, gradually your computer will have less and less free memory available, thus increasing the risk of it crashing.
Installing updates is one of the most important things you can do to keep your computer running smoothly. Not only does it provide important security updates to keep your computer malware-free but it also provides needed software updates that help keep your computer running as smoothly as possible.
It’s fairly easy to update your computer. Like we mentioned before you can always check for updates; as a general rule of thumb Windows issues updates the second Tuesday of a month. Just use Windows Update to check for updates. When you get your computer, ITS will have it set up so that your computer will download updates automatically and then gives you the option of when you want to install them. This is good because it means that you won’t have to make sure that your computer is on for a scheduled time. However, just because you can deny an installation doesn’t mean that you should. Yes, it’s really obnoxious having to close all your programs just to restart your computer to install an update. But you don’t want to procrastinate on installing updates because your computer could just stop working or be really slow 5 months later when you have 65 important updates that you didn’t install.