CSCU Module 03 Protecting Systems Using Antiviruses.pdf

8/19/2019 CSCU Module 03 Protecting Systems Using Antiviruses.pdf

1/32

1 Copyright ©

by

EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.

Protecting Systems Using Antiviruses

Simplifying Security.

Module 3


2/32

2 Copyright ©

by

EC-Council


The need for protecting valuable data pushing the demand for antivirus products in

Northern region.

Market for Antivirus Becoming Aggressive in North IT Market

http://www.itvarnews.net

With explosion in the use of networks and also increased use of internet has definitely created a new

conduit for computer viruses to spread at a rapid rate. Earlier viruses used executable files and would

typically be

no

more

than

an

annoyance

by

displaying

harmless

phrases.

The

latest

viruses

are

much

more sophisticated and able to cause extensive and irreparable damage to files. Some viruses are

able to spread themselves to other computers on the Internet or network causing widespread

damage to many systems. Thus to counterattack

these problems and to keep up with the

accompanying rise of malicious web activity a

number of vendors are busy rolling out layers

of updates

of

Antivirus.

We

at

ITPV,

contemplated

in

the

Northern

region

about

how

the

Antivirus

vendors are doing, what is the demand, which segment is booming and whats the future of this

technology.

3

March

2011,

Thursday


3/32

3 Copyright ©

by

EC-Council


Module Objectives

The Most Dangerous Computer

Viruses of All Time

Introduction

to

Antivirus

Software

How Does Antivirus Software

Work?

Antivirus Software 2011

Steps

to

Install

Antivirus

on

Your

Computer

How to Test if Antivirus is

Working?

Choosing the

Best

Antivirus

Software

Configuring McAfee Antivirus

Configuring Kaspersky PURE

Antivirus Security

Checklist


4/32

4 Copyright ©

by

EC-Council


Module Flow

Introduction

to Antivirus

Software

How Does

Antivirus

Software Work?

Steps to

Install

Antivirus

Choosing the

Best Antivirus

Software

Configuring

McAfee

Antivirus

Configuring

Kaspersky

PURE


5/32

5 Copyright ©

by

EC-Council


The Most Dangerous Computer Viruses of

All Time

CIH (1998)

Estimated Damage: 20 to 80 million dollars worldwide,

countless amounts of PC data destroyed. Unleashed

from Taiwan in June of 1998

Melissa (1999)

Estimated Damage: 300 to 600 million dollars

ILOVEYOU (2000)

Estimated Damage: 10 to 15 billion dollars

Code Red (2001)

Estimated Damage: 2 billion and 600 million dollars

(2.6B $)

SQL Slammer (2003)

Estimated Damage:

Because

SQL

Slammer

erupted

on

a

Saturday, the damage was low in dollars and cents.

However, it hit 500,000 servers world wide and actually

shut down South Korea’s online capacity for 12 hours

Blaster (2003)

Estimated Damage: 2 to 10 billion dollars, hundreds of

thousands of infected PCs

Sobig.F (2003)

Estimated Damage: 5 to 10 billion dollars, over 1 million

PCs infected

Bagle (2004)

Estimated Damage: Tens of millions of dollars and

counting

MyDoom (2004)

Estimated Damage: At its peak, slowed global Internet

performance by 10 percent and Web load times by up to

50 percent

Sasser (2004)

Estimated Damage: Tens of millions of dollars

In the past few years, numerous PCs have been infected by computer viruses and there have

been computer viruses that affected the global economic growth drastically

The top 10 most destructive computer viruses of all time according to techweb:


6/32

6 Copyright ©

by

EC-Council


A computer connected to the Internet is always at high risk, and it is always recommended to

install antivirus software on the system

A computer virus can degrade the performance of a computer and can delete the stored

computer data

An antivirus program protects the computer against viruses, worms, spywares, Trojans, etc.

Introduction to Antivirus Software


7/32

7 Copyright ©

by

EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.7

Today in the digital domain, loads of data is

stored on computers and it has become

significant to protect the data

When a PC is connected to the Internet, the

PC has to combat different malicious programs

such as viruses, worms, Trojans, spyware,

adware

Cyber criminals such as attackers and hackers use

these malicious programs as tools to steal

important information such as personal data

stored on the computer

These programs pose a severe threat to the

computer and may destroy its functionality in

different ways

Malicious programs

pave

their

way

into

one’s

PC

through email attachments and spam email,

through USB drives, visiting a fraudulent website,

etc.

Due to

the

invasion

of

malicious

programs

in cyberspace, antivirus programs have

become necessary for computers

If

your

computer

has

a

good

antivirus

program

installed,

then

the

PC

is

protected

and

combat

all

types of malicious programs

Need for Antivirus Program


8/32

8 Copyright ©

by

EC-Council


Module Flow

Introduction

to Antivirus

Software

Steps to

Install

Antivirus

Choosing the

Best Antivirus

Software

Configuring

McAfee

Antivirus

Configuring

Kaspersky

PURE

How Does

Antivirus

Software Work?


9/32

9 Copyright ©

by

EC-Council


How Does Antivirus Software Work?

Most of the commercial antivirus software uses two techniques:

Uses virus dictionary to look for known viruses while examining files

Detects suspicious behavior from any computer program

Virus DictionaryApproach

While examining the files the

antivirus software refers to

the dictionary of known

viruses identified by the

author of antivirus software

If a bit of code in the file matches with that of any

virus in the dictionary, then

the antivirus software can

either delete the file, repair

the file by removing the virus,

or quarantine it

The antivirus software

monitors the behavior of all

the programs instead of

identifying the known viruses

Whenever a program with

suspicious behavior is found

the software alerts the user

and asks what to do

Suspicious BehaviorApproach

Antivirus software will try to

emulate the beginning of

each new executable code

that is being executed before

transferring control to the

executable

If the program seems to be a

virus or using self ‐modifying

code then it immediately

examines the other

executable programs

Other Ways to DetectViruses


10/32

10 Copyright ©

by

EC-Council


Antivirus Software 2011

http://www.mcafee.com http://www.symantec.com http://www.avast.com http://www.kaspersky.com http://www.vipreantivirus.com

http://free.avg.com http://www.comodo.com http://www.bitdefender.com http://www.pctools.com http://www.eccouncil.org


11/32

11 Copyright ©

by

EC-Council


Module Flow

Introduction

to Antivirus

Software

Steps to

Install

Antivirus

Choosing the

Best Antivirus

Software

Configuring

McAfee

Antivirus

Configuring

Kaspersky

PURE

How Does

Antivirus

Software Work?


12/32

12Copyright

©

by

EC-Council


Choosing the Best Antivirus Software

When purchasing an antivirus software, look for

the various features and how they can best serve

your needs

The most important things to be considered are:

Antivirus Scanning

Antivirus Detection Accuracy

Check for antivirus software that scans and detects

viruses accurately and detects the majority of threats

Scanning Speed

Check

whether

the

antivirus

software

can

perform

the

task quickly and efficiently

Resource Utilization

Ensure that the antivirus software uses minimal

system resources and does not affect system

performance when performing a scan


13/32

13Copyright

©

by

EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

Hacker Blocking

This feature prevents other users from gaining

unauthorized access and steal important data such as

passwords and other confidential information

Bidirectional Firewall

Check whether the antivirus software is equipped

with

a

software

firewall

or

not

to

scan

the

both

incoming and outgoing traffic

Technical Support

Look for good technical support so

that issues are solved easily

Parental Controls

Check for

the

parental

control

feature

in

the antivirus program that helps children

browse the Internet safely

Easy Installation (and Easy to Use)

The anti virus software should be user friendly

and easy‐to‐use

On Demand

and

Scheduled

Scanning

This options lets you schedule a scan according to user

specified time. User schedule the scan daily, weekly or

monthly

Automatic Updates

This feature keeps the user abreast

of the

latest

online

threats

without

the user having to visit the vendor’s

website to stay up to date

Spyware Detection &

Prevention

Check for antispyware

components to

keep

spyware

at

bay

Email Scanning

E‐mail Protection can monitor POP

and SMTP ports and ensures that

your computer doesn't contain a

threat to

your

computer

Choosing the Best Antivirus Software


14/32

14Copyright

©

by


Module Flow

Introduction

to Antivirus

Software

Steps to

Install

Antivirus

Choosing the

Best Antivirus

Software

Configuring

McAfee

Antivirus

Configuring

Kaspersky

PURE

How Does

Antivirus

Software Work?


15/32

15Copyright

©

by


1

2

3

4

5

Review all the settings and click next until installation is finished

Once the installation process is finished, restart your computer

Download the antivirus and launch the installation of

antivirus by double clicking the setup file

Most of the antiviruses follow a wizard‐driven installation process

and necessary components are installed in the system by default

Steps to Install Antivirus on Your

Computer

Agree to the legal agreement that might appear, click "I agree", and

then click

"Next"

to

continue


16/32

16Copyright

©

by


How to Test if Antivirus is Working?

Step‐by‐step procedure to test the antivirus program

1. Open a notepad and copy the following code onto it, and save the notepad.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR‐STANDARD‐ANTIVIRUS‐TEST‐FILE!$H+H*

2. Rename the file from New Text Document.TXT to myfile.com

3. Run the

antivirus

scan

on

this

myfile.com file

4. If the antivirus is functioning properly, it generates a warning and immediately deletes the file

Note: Most antivirus will display a warning message in step 1


17/32

17Copyright

©

by EC-Council


Module Flow

Introduction

to Antivirus

Software

Steps to

Install

Antivirus

Choosing the

Best Antivirus

Software

Configuring

McAfee

Antivirus

Configuring

Kaspersky

PURE

How Does

Antivirus

Software Work?


18/32

18Copyright

©

by EC-Council



On the Main Security Center Console click

Real‐time Scanning select Scan your PC

After selecting the Scan your PC option Select

any one of the available three scan types (Run a

quick scan, Run a full scan, or Run a custom scan)


19/32

19Copyright

©

by EC-Council


On the Main Security Center Console click

Real‐time Scanning select Schedule Scan

Settings and decide how often you want to

scan click Apply

After selecting the Schedule Scan Settings option

Real‐time Scanning Settings select the file types,

attachments, and locations that you want the antivirus

to automatically scan and protect the computer from

threats click Apply



20/32

20Copyright

©

by EC-Council


Module Flow

Introduction

to Antivirus

Software

Choosing the

Best Antivirus

Software

Configuring

McAfee

Antivirus

Configuring

Kaspersky

PURE

How Does

Antivirus

Software Work?

Steps to

Install

Antivirus


21/32

21Copyright

©

by EC-Council


After successfully installing Kaspersky PURE, follow the

steps to configure Kaspersky PURE

Step 1: Activate the application

For Kaspersky PURE to

be

fully

functional,

it

needs

to

be

activated

You can:

Activate Commercial License with the purchased activation

code

Activate

Trial

Version for

the

trial

period

of 30 days

and

get

acquainted with the possibilities of the program

Activate Later, if you select activate later, the stage

of Kaspersky PURE activation will be skipped. The application

will be installed on your computer, but you will be able to

update the application only once after its installation.

To continue the activation process, click Next

After the license is activated, click Next to proceed with the

configuration



22/32

22Copyright

©

by EC-Council


Step 2: System analysis

The Installation Wizard analyzes the

system information and creates rules

for trusted applications that are

included in the Windows operating

system. Wait

until

the

process

is

completed.



23/32

23 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

Step 3: Completing installation

When the installation is complete,

Kaspersky PURE Configuration Wizard will

prompt with a message The installation is

complete:

Make sure the box Start Kaspersky

PURE is checked if you want to run the

application immediately after

the Configuration Wizard is closed

Clear the box Start Kaspersky PURE if

you want to run the program later

In order to close the Configuration

Wizard, click the Finish button



24/32


After configuring the Kaspersky PURE antivirus, launch the application and the

program is ready for use

Configuring Kaspersky PURE: Backup

and Restore


25/32


To configure Backup, click Backup and Restore

In Backup and Restore, click Create a backup task


and Restore


26/32


Select the location of the files and

click Next select the desired

drive to store the backup files

click Next

Specify a password to protect your data from unauthorized access and

click Next


and Restore


27/32


Configure storing different

versions of files and click

Next click

Finish


and Restore


28/32


Configuring Kaspersky PURE:

Computer ProtectionComputer Protection components protect your computer against various threats, scan all system

objects for viruses and vulnerabilities, and regularly update Kaspersky PURE antivirus databases and

program modules


29/32

29 Copyright © by EC-CouncilAll

Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

Configuring Kaspersky PURE: Parental

ControlTo protect children and teenagers from threats related to computer and Internet usage, you should configure Parental

Control settings for all users

If you have no enabled password protection when installing the application at the first startup of Parental Control, it is

recommended that you set a password to protect against unauthorized modification of the Control settings

Now, you can enable Parental Control and impose restrictions on computer and Internet usage, and on instant messaging

for all

accounts

on

the

computer


30/32


Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

Kaspersky PURE: Administrative

Tools

Using the Administrative tools, a user

can configure the operating system and

eliminate system vulnerabilities to

provide reliable

data

protection

A user can:

1. Tune browser settings

2. Search for problems related to malware

activity using the Microsoft Windows

Settings Troubleshooting

option

3. Permanently delete data

4. Delete some unused data

5. Create a Rescue Disk to clean the

system after a virus attack

6. Erase user activity to protect the

privacy


31/32


Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

Module Summary

An antivirus program protects a computer against viruses, worms, spywares, and Trojans

A computer connected to the Internet is always at high risk and it is recommended to have

antivirus software

installed

on

the

system

Most of the commercial antivirus software uses two techniques:

Uses virus dictionary to look for known viruses while examining files

Detects suspicious behavior from any computer program

In the

virus

dictionary

approach,

while

examining

the

files,

the

antivirus

software

refers

to

the dictionary of known viruses identified by the software author

Whenever a program with suspicious behavior is found, the antivirus software alerts the

user and asks what to do


32/32


Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

Antivirus Security Checklist

Update antivirus software to get maximum efficiency

Always visit the vendor’s web site to download the patches

Do not use multiple antivirus programs on your computer

simultaneously

Always perform link and email scanning

Enable firewall

Enable real‐time scanning

Always schedule

scanning

Documents

CSCU Module 03 Protecting Systems Using Antiviruses.pdf