CSI: UW Episode 1

Who Killed My Computer?

You may notice one day that your computer is sluggish, not responding to commands. Your browser homepage has changed, your search page has changed, or you are no longer able to connect to the Internet. What’s going on?

What your machine might have

Your machine may have a virus. A virus is a computer program file that can attach to disks or computer files and replicate itself without your knowledge or permission. A virus might run when the file it infected runs, or it might sit in your computer’s memory and infect files as your computer works with them. Viruses can be intentionally destructive, or they may just be annoying. One example of a virus is the Melissa virus, released in 1999. This virus spread around the globe in under 24 hours, clogged e-mail systems, and inserted quotes from the Simpsons TV show into documents.

Your machine may have a worm. A worm is a sub-class of a virus, and it is more common today than a virus. It can replicate without your help, like an e-mail address book attack. Worms do not infect other computer files on your machine. Worms are usually spread through e-mail. One example of a worm is the Anna worm, released in 2001. An e-mail with an attachment of a picture of tennis player, Anna Kournikova, was sent out, but the attachment was really a worm. When the attachment was opened, the worm sent one copy of the worm to each e-mail address in Outlook’s address book. This worm was relatively benign.

Your machine may have a Trojan horse. This is a program that seems to be good, but is really harmful, and does something you do not expect. It can erase your computer data, corrupt your files, spread other viruses and worms, spy on your keystrokes, or install a backdoor on your system. Trojan horses are usually spread through e-mail, and contained in an attachment. One example of a Trojan horse is the Amanda Trojan, which is contained in an executable attachment. Once the attachment is run, the Trojan tries to connect to a specific Internet address and gives a hacker remote control access over the infected machine. The main goal of this Trojan is to steal personal confidential information.

Your machine may be full of spyware. A spyware program collects information about you without your consent, such as your bank account numbers, passwords, etc. Almost all of these programs are bad. A particularly bad type of spyware is the toolbar program Hotbar. This program allows you to apply skins to program windows, menus, mail, and other applications. After you install it, it records all the Internet activities of all users on the installed computer and adds the information to its database. The program periodically sends the information in the database “home.” Even if you remove Hotbar, it leaves pieces that allow it to reinstall itself if they are not removed manually.

How to avoid getting infected

There are several things you can to do stop or slow the infection and spread of viruses, worms, Trojan horses, and spyware.

Do not downlad or open anything if you don’t know what it is.
If you receive an unexpected attachment from someone you know, check with them to see if they really sent you something.
Never click on a link in an e-mail. Open a browser and type the site’s link instead. Make this a habit even when receiving information from people or organizations you know and trust.
Use at least a moderate security level, if not higher, for your browser settings.
Only install programs that you trust. This should not include free music and file sharing programs. The programs themselves may contain spyware, and the files you may download with them could be rife with viruses.
Keep your operating system and programs up to date with patches. Check to see if your operating system can automatically scan for new updates and install them for you on a regular basis. If you’re using Windows, use Microsoft’s Windows Update site (http://update.microsoft.com). Microsoft Office Updates are available from Microsoft’s OfficeOnline download page (http://office.microsoft.com) (choose “Check for Updates”).
Install some antivirus software, and keep it up to date. Antivirus software will protect you against known viruses. It should be updated at least once a day, if possible. There are several free options (such as Microsoft's Security Essentials and AVG) available to students for their personal computers.
Install spyware (malware) removal tools and keep them updated.
Use a personal firewall. A firewall creates a barrier between your computer and the outside world, allowing good data to reach your machine, and keeping bad data away. It will also ensure that unauthorized users cannot gain access to your machine while you are on the Internet. A firewall will not prevent viruses and Trojans, but it will prevent those on your machine from accessing the Internet.
Disconnect from the Internet when you are not using it. This will lessen the chances of someone accessing your computer.
Create an account on your computer that does not have administrator privileges and work from that account

What to do if you are infected

Run your antivirus software. Make sure virus definitions are up to date. If you are having trouble removing a particular virus, look it up on the web and get instructions for getting it off your machine.
Patch your operating system and other programs, if necessary, with the latest security updates to help prevent more infections.
Run two or more spyware removal programs to clean up the spyware on your machine. Good choices include Microsoft Anti-spyware Beta and Spybot Search & Destroy.
If nothing seems to fix your machine, take it in to a computer shop and let them try and repair the damage.

Episode 2: Lock & Key

Episodes:

Other Information: