 Baffled by technology? You needn't beHow to spot unwanted spam
Widget wizardry - essential information on your desktop
Convert old vinyl records into digital format
How to get subtitles on digital television
High Definition TV - do we really need to be HD ready?
Book your doctor via the TV
The iPhone - behind the hype
Share and edit photos online
Listen to the radio on the internet Share videos using YouTube
Making phonecalls using Skype
Quality PCs at a bargain price
Jargon: Translated into plain English
The best digital recorders
Which Sat-Nav?
Should you get an iPod?
Taking perfect digital pictures
Safe trading on eBay
More from SagaGetting the best deal: How to cut the cost of living
'Geriatric1927': The unlikely web superstar
Celebrities, columnists, public figures, real lives
Make your money work for you
Gardening: Great ideas for green fingers
Relationships: is no-strings love the answer?
|
|
How to stop web viruses
Anti-virus software is an invaluable safeguard and is how companies fight back against computer hackers. But how do AV companies combat new viruses, asks Anthony Dhanendran
Virus writers used to be stereotypical nerds – teenage boys in bedrooms, avenging what they saw as grievances against the world. Nowadays, the threat is more sinister – often, viruses are designed to steal information such as passwords or bank details, or to tie up a company’s computer system and blackmail them. Many of these new viruses are bankrolled by criminal gangs. Fortunately for the rest of us, anti-virus companies are also getting better at what they do, with plenty of money being invested in new research.
We visited the research labs of two anti-virus companies, F-Secure and Symantec, to see how that money is spent and to ask whether the fight against viruses is being won or lost.
To catch a virus
New viruses are caught in several ways. The researchers, who work shifts to provide 24-hour cover, set up ‘honeytrap’ computers, which are open to the internet without any form of protection, and effectively invite intrusion. They also handle virus protection directly for the networks of several large corporations – when one of these gets attacked, the companies can instantly take a sample of the virus. Finally, samples come in from interested users around the world, or from ordinary people’s computers, which report in when they see a new virus.
When a virus arrives, it’s assigned to a researcher. They investigate it to see whether it’s a new threat. Generally, new viruses are variants of ones that already exist, which means they’re relatively easy to identify and defuse.
The researcher will examine the code of the virus – each anti-virus company has its own set of tools to examine files. Some of these are publicly available, while others are private to the company. In general, they allow the researcher to look inside a program file (all viruses exist on a computer as program files, in some way) and see what it intends to tell the computer to do.
The tools also allow him or her to see what files are dropped on to the PC, what changes are made to the Registry, and what other settings are adjusted when the program is run. All of these things help researchers figure out how harmful the virus is and how quickly it might spread across the internet.
Fighting back
Once a researcher figures out how the virus affects the computer, he or she can then devise an antidote – a piece of software that will remove those files and change the settings back to their original values. Many viruses use tricks to hide from the computer, so it’s hard to see what they are up to, but anti-virus tools can usually see through these. The researcher also has to write a ‘signature’ for the virus – a unique way to identify it, so that anybody running the anti-virus program will be protected when the program sees the virus’ signature.
Once the antidote and signature have been written, it’s a case of sending it to the quality assurance department for testing. These people make sure that the new signature is unique to that virus, and that the antidote won’t cause any problems on people’s computers. The package then gets added to the company’s next update – the next time a consumer’s anti-virus program checks in for an update, the new one will be downloaded, and the PC in question will be protected. Most anti-virus programs update themselves several times a day. It’s important to make sure the program’s list of virus signatures is up to date, so that new viruses can be picked up.
Windows, the operating system that most of us use, is the most targeted by virus-writers. That’s partly because it’s easier to get into and poke holes in, compared with operating systems such as Linux or MacOS. But the main reason it’s popular with virus writers is because it’s used by the vast majority of users. If a virus writer wants to get the most ‘hits’, he or she will want to attack the most computers, and that usually means writing a Windows virus.
That said, one emerging trend is viruses for mobile computers such as smartphones. Most of these new mobile viruses are written for the Symbian series of smartphones such as the Nokia N70. Both the companies we visited have secure shielded metal cages for testing these phones, which prevent other signals from getting in or out, so they can’t infect anything else. In future, mobile computers might be the next virus battleground.
Wasting viruses, not your money
The labs run by security companies are staffed by dedicated researchers, who can get the better of a new virus in a matter of hours. But if they’re so good at it, why do so many of us still get infected by viruses? Many people don’t have any computer security at all, and that lowers security for everyone. If one person allows a virus to get through, it can cause havoc for all. Generally, the answer to getting fewer viruses is as simple as making sure your anti-virus program is fully working and up to date, along with the firewall and other security programs.
This article was created: 11 September 2007.
This article was last edited: 11 September 2007.
 Email  Back to top
|
