Members-only Printer-friendly version
Download the complete PDF guide
with all our Network+ TechNotes
Viruses and Malware
Malware is a piece of software that can damage or alter data and programs on a system without permission and notice of the user. The goal of malware varies from gaining unauthorized access to simply disabling a system. Malware is typically delivered through email, but also IRC channels and websites are common sources of malicious code.
The most common type of malicious code is a virus. It can infect systems by attaching itself to files and programs. Just like its biological counterpart, it ne eds a host to infect and survive. A virus is usually a program that needs to be executed by a user before it can do any damage. For example, a virus attached to an email message is usually only harmful when a user opens (executes) the attachment. The result of a virus infection varies a lot depending on the type of virus. This includes deleted files, corrupted Windows registry, missing boot sector or master boot record, and other more or less harmless events. Viruses are also used to create a backdoor for other malicious code such as key loggers and Trojans.
Decent anti-virus software should be us ed both pro-active and re-active to prevent damage by viruses. Since viruses are spread primarily through email, it is important to establish the first line of defense at the corporate email server. That will help prevent viruses from reaching the clients, the place where they are most likely executed and distributed. Corporate antivirus software suites can provide protection against viruses and other malware on clients and servers. An antivirus solution is not complete unless it is implemented in all systems in a network.
Modern client-side anti-virus software can also actively scan data as it is received through a network connection, in addition to scanning and cleaning viruses on disk after detection hence, after infection. There are many anti-virus products available, which usually provide the best results if they are used in combination with a competitive product. Anti-virus products use virus definitions, also known as signatures, to identify viruses. It is imperative that these virus definitions/signatures are up to date. Most antivirus programs allow scheduled automatic updates over the Internet. Besides updating the virus definitions, the detection software itself is frequently improved and needs to be up to date at all time as well.