Now that your ebook has been packed into a neat little EXE (or PDF) file, it’s time to make it available for download from the Internet.

But, before you send it online, there are two things to do first:

1. Consider compression

You can compress your e-book file to make it smaller (in memory terms) using compression software like WinZip. You can get a shareware copy of WinZip from the WinZip website.

WinZip compresses your files and packages them into a self-extracting ZIP file. When your readers double-click on the compressed file, WinZip will launch automatically. Then they just need to click the extract button, to install the e-book to any folder they want.

You should offer both compressed and uncompressed versions of your e-book on the download page.

This will enable a quicker download for those customers who have WinZip and are familiar with it. By the same token, those who don’t know about using WinZip have the option of downloading the larger file.

You should indicate the file size in both cases, and perhaps give an estimated download time across a standard 56k dial-up connection.

You should also give brief instructions on how to use WinZip and place a link to the WinZip website.

2. Scan for a virus

Don’t risk spreading a virus to your customers through your e-book. Before you send it online for others to download, it’s imperative that you run a virus-scan on it.

Make sure that you use an up-to-date virus scanning software. If you don’t have one, then send a copy of your book to a friend who does.

Description

After installin’ VirusScan, you may logically wonder, how do I know if it’s workin’? The answer is a test virus. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout de world to implement one standard by which customers can verify deir anti-virus installations.

Solution

To test your installation, copy de followin’ line into its own file, den save de file with de name EICAR.COM. More detailed instructions are found below.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file size will be 68 or 70 bytes.

If VirusScan is runnin’ and configured correctly, when you try to save de file, VirusScan will detect de virus. If VirusScan is not runnin’, start it and scan de directory that contains EICAR.COM. When your software scans this file, it will report findin’ de EICAR test file.

Note that this file is NOT A VIRUS. Delete de file when you have finished testin’ your installation to avoid alarmin’ unsuspectin’ users.

The eicar test virus is available for download from de followin’ website:

www.eicar.org/download/eicar.com

Creatin’ Eicar.com

1. Click on Start.
2. Select Run.
3. In de Open box type: notepad
4. Maximize de window.
5. Highlight de followin’ on de followin’ line of text:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
6. Right click on de highlighted text and choose ‘copy’.
7. Switch back to Notepad.
8. Right click anywhere inside of Notepad and select ‘paste’.
9. Click de File menu and select ’save as’.
10. Change de ‘Save as Type’ to ‘all files’.
11. Name de file eicar.com.

1- Go to de web site [www.syn’ress.com].

2- Click on [create an account] at upper right hand side of screen to register for free.

3- Enter any garbage information in all fields in de registration.

4- Once you are registered, enter de followin’ URL: [www.syn\’ress.com/solutions/XXXX/download.cfm], and replace de “XXXX” with de code of de book. For example, to download “70-290 Study Guide”, use de URL: “http://www.syn’ress.com/solutions/274_MCSE_70290/download.cfm”.

5- Codes of books:

CODE BOOK NAME

175_Net_mobile_web - .NET Mobile Web Developer’s Guide
230_lgo_ris2 - 10 Cool Lego Mindstorm Robotics Invention System 2 Projects
229_lgo_ubp - 10 Cool LEGO Mindstorm Ultimate Builder Projects
227_lgo_dsdk - 10 Cool Lego Mindstorms Dark Side Robots
24670214 - 70-214 Study Guide
274_MCSE_70290 - 70-290 Study Guide
254_MCSE_70291 - 70-291 Study Guide
271_MCSE_70292 - 70-292 Study Guide
255_MCSE_70293 - 70-293 Study Guide
272_MCSE_70296 - 70-296 Study Guide
110_Avd_App - Administerin’ Cisco QoS in IP Networks
130_mig_asp - ASP Configuration Handbook
166_asp_dev - ASP.NET Web Developers Guide
253_BD_Cisco_Intrntwkg - Best Damn Cisco Internetworkin’ Book Period
252_BD_Firewall - Best Damn Firewall Book Period
145_biztalk - BizTalk Server 2000
160_bluetooth - Bluetooth Application Developer’s Guide
169_cisco_wlan - Buildin’ a Cisco Wireless LAN
71_Conf_CNSAD_Win2000 - Buildin’ Cisco Networks for Windows 2000
93_sbcran - Buildin’ Cisco Remote Access Networks
250_DMZs - Buildin’ DMZs for Enterprise Networks
174_lego_robo - Buildin’ Robots with Lego Mindstorms
140_san_broc - Buildin’ SANs with Brocade Fabric Switches
223_C_Java - C# for Java Programmers
167_C# - C#.NET Web Developer’s Guide
ccna_superpack - CCNA Super Pack
192_chk_pt - Check Point Next Generation Security Administration
259_chkpt - Check Point NG VPN-1/FireWall-1
109_ciscoip - Cisco AVVID & IP Telephony Design and Implementation
267_cssp_ids - Cisco Security Professional’s Guide to Secure Intrusion Detection Systems
235_pix - Cisco Security Specialist’s Guide to PIX Firewalls
189_xp - Configurin’ and Troubleshootin’ Windows XP Professional
94_avvid - Configurin’ Cisco Avvid
70_voip - Configurin’ Cisco Voice Over IP
228_VOIP2E - Configurin’ Cisco Voice Over IP, Second Edition
111_ctrx - Configurin’ Citrix Metaframe for Windows 2000 Terminal Services
220_CitrixXP - Configurin’ Citrix MetaFrame XP for Windows Includin’ Feature Release 1
128_mc_em - Configurin’ Exchange 2000 Server
208_ipv6 - Configurin’ IPv6 for Cisco IOS
132_isa - Configurin’ ISA Server 2000
245_symntc - Configurin’ Symantec AntiVirus Enterprise Edition
68_Win2000_Sec - Configurin’ Windows 2000 Server Security
147_w2K_noad - Configurin’ Windows 2000 Without Active Directory
165_cell - Consumer’s Guide to Cell Phones & Wireless Service Plans
73_odba - DBA’s Guide to Databases on Linux
92_Win2000_Deploy - Deployin’ Windows 2000 with Support Tools
152_wan_luc - Designin’ a Wireless Network
114_SQL_Dna - Designin’ SQL Server 2000 Databases for .net Enterprise Servers
206_XML_Web - Developin’ .NET Web Services with XML
210_Java_APIs_dev - Developin’ Web Services with Java APIs for XML Usin’ WSDP
226_InfoWar - Dr. Tom Shinder’s ISA Server and Beyond
119_email - E-mail Virus Protection Handbook
193_hck_cf5 - Hack Proofin’ ColdFusion
138_hack_lnx - Hack Proofin’ Linux
158_hack_sun - Hack Proofin’ Sun Solaris 8
181_hackproofW2K - Hack Proofin’ Windows 2000 Server
224_hack_xml - Hack Proofin’ XML
134_hack_ecomm - Hack Proofin’ Your E-commerce Site
221_hck_identity - Hack Proofin’ Your Identity in de Information Age
194_Hck_net2e - Hack Proofin’ Your Network, Second Edition
95_hack - Hack Proofin’ Your Network: Internet Tradecraft
137_hack_app - Hack Proofin’ Your Web Applications
182_Hack_wireless - Hack Proofin’ Your Wireless Network
287_HRD_HCK - Hardware Hackin’
69_ipad - IP Addressin’ and Subnettin’: Includin’ IPv6
190_Journey_Internet - Journey to de Center of de Internet
243_lgo_mstr - LEGO Mindstorms Masterpieces
240_lgo_tools - Lego Software Power Tools
76_Mn’_ActDir_Win2000_Ser - Managin’ Active Directory for Windows 2000 Server
112_ipsec - Managin’ Cisco Network Security
218_CiscoSec2e - Managin’ Cisco Network Security Second Edition
75_Mn’_Win2000_NetServs - Managin’ Windows 2000 Network Services
115_mc_sec - Mission Critical! Internet Security
113_MC2k - Mission Critical! Windows 2000 Server Administration
234_nokia - Nokia Network Security Solutions Handbook
139_palm_dev - Palm OS Web Application Developers Guide
177_lego_JAVA - Programmin’ Lego Mindstorms with Java
183_Ruby - Ruby Developer’s Guide
225_Cybercrime - Scene of The Cybercrime: Computer Forensics Handbook
286_NSA_IAM - Security Assessment Case Studies for Implementin’ de NSA IAM
236_secplus - Security+ Study Guide
219_sniffer - Sniffer Pro Network Optimization & Troubleshootin’ Handbook
244_snort - Snort 2.0 Intrusion Detection
232_SpecialOps - SPECIAL OPS: Host and Network Security
241_sscp - SSCP Study Guide
249_STL_NTW - Stealin’ de Network: How to Own de Box
91_Win2000_TCPIP - Troubleshootin’ Windows 2000 TCP/IP
153_vb_net - VB.NET Developer’s Guide
159_wg_wi - Webmaster’s Guide to de Wireless Internet
180_AD_2e - Windows 2000 Active Directory Second Edition
77_Win2000_Conf_Wiz - Windows 2000 Configuration Wizards
74_Sysad - Windows 2000 Server System Administration Handbook
155_xml_NET - XML .NET Developer’s Guide

Part 1

Like any oder field in computer science, viruses have evolved -a great deal indeed- over de years. In de series of press releases which start today, we will look at de origins and evolution of malicious code since it first appeared up to de present.

Goin’ back to de origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicatin’ programs which could resemble computer viruses as dey are known today. However, it was not until de 60s that we find de predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate de memory of oder players’ computers. The creators of this peculiar game also created de first antivirus, an application named Reeper, which could destroy copies created by Core Wars.

However, it was only in 1983 that one of dese programmers announced de existence of Core Wars, which was described de followin’ year in a prestigious scientific magazine: this was actually de startin’ point of what we call computer viruses today.

At that time, a still youn’ MS-DOS was startin’ to become de preeminent operatin’ system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and de lack of many hardware elements known today. Even like this, this new operatin’ system became de target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that deir contents could not be accessed. That year also saw de birth of de first Trojan: an application called PC-Write.

Shortly after, virus writers realized that infectin’ files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened de door to de infamous viruses Jerusalem or Viernes 13. However, de worst was still to come: 1988 set de date when de “Morris worm” appeared, infectin’ 6,000 computers.

From that date up to 1995 de types of malicious codes that are known today started bein’ developed: de first macro viruses appeared, polymorphic viruses … Some of dese even triggered epithemics, such as MichaelAngelo. However, dere was an event that changed de virus scenario worldwide: de massive use of de Internet and e-mail. Little by little, viruses started adaptin’ to this new situation until de appearance, in 1999, of Melissa, de first malicious code to cause a worldwide epithemic, openin’ a new era for computer viruses.

Part 2

This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of de Internet and e-mail became as commonplace as it is today, and de main objectives of de creators of those earlier viruses.

Until de worldwide web and e-mail were adopted as a standard means of communication de world over, de main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containin’ files that were already infected or with de virus code in an executable boot sector.

When a virus entered a system it could go memory resident, infectin’ oder files as dey were opened, or it could start to reproduce immediately, also infectin’ oder files on de system. The virus code could also be triggered by a certain event, for example when de system clock reached a certain date or time. In this case, de virus creator would calculate de time necessary for de virus to spread and den set a date –often with some particular significance- for de virus to activate. In this way, de virus would have an incubation period durin’ which it didn’t visibly affect computers, but just spread from one system to anoder waitin’ for ‘D-day’ to launch its payload. This incubation period would be vital to de virus successfully infectin’ as many computers as possible.

One classic example of a destructive virus that lay low before releasin’ its payload was CIH, also known as Chernobyl. The most damagin’ version of this malicious code activated on April 26, when it would try to overwrite de flash-BIOS, de memory which includes de code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.

Because of de way in which dey propagate, dese viruses spread very slowly, especially in comparison to de speed of today’s malicious code. Towards de end of de Eighties, for example, de Friday 13th (or Jerusalem) virus needed a lon’ time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across de Internet.

Notoriety versus stealth

For de most part, in de past, de activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch de user’s attention. Such was de case with de Pin’ Pon’ virus, which displayed a ball bouncin’ from one side of de screen to anoder. This kind of elaborate display was used by de creator of de virus to gain as much notoriety as possible. Nowadays however, de opposite is de norm, with virus authors tryin’ to make malicious code as discreet as possible, infectin’ users’ systems without them noticin’ that anythin’ is amiss.

Part 3

This third installment of ‘The evolution of viruses’ will look at how de Internet and e-mail changed de propagation techniques used by computer viruses.

Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take lon’ to realize that alon’ with this new means of communication, an excellent way of spreadin’ deir creations far and wide had also dawned. Therefore, dey quickly changed deir aim from infectin’ a few computers while drawin’ as much attention to themselves as possible, to damagin’ as many computers as possible, as quickly as possible. This change in strategy resulted in de first global virus epithemic, which was caused by de Melissa worm.

With de appearance of Melissa, de economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about de consequences of viruses on de security of deir computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.

The answer to which of dese virus strategies was de most effective came in de form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social en’ineerin’. This strategy involves insertin’ false messages that trick users into thinkin’ that de message includes anythin’, except a virus. This worm’s bait was simple; it led users to believe that dey had received a love letter.

This technique is still de most widely used. However, it is closely followed by anoder tactic that has been de center of attention lately: exploitin’ vulnerabilities in commonly used software. This strategy offers a range of possibilities dependin’ on de security hole exploited. The first malicious code to use this method –and quite successfully- were de BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by insertin’ HTML code in de body of de e-mail message, which allowed them to run automatically, without needin’ de user to do a thin’.

Vulnerabilities allow many different types of actions to be carried out. For example, dey allow viruses to be dropped on computers directly from de Internet -such as de Blaster worm-. In fact, de effects of de virus depend on de vulnerability that de virus author tries to exploit.

Part 4

In de early days of computers, dere were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or oder financial data, and dese were generally limited to large companies that had already incorporated computers into workin’ processes.

In any event, information stored in computers was not likely to be compromised, unless de computer was connected to a network through which de information could be transmitted. Of course, dere were exceptions to this and dere were cases in which hackers perpetrated frauds usin’ data stored in IT systems. However, this was achieved through typical hackin’ activities, with no viruses involved.

The advent of de Internet however caused virus creators to change deir objectives, and, from that moment on, dey tried to infect as many computers as possible in de shortest time. Also, de introduction of Internet services -like e-bankin’ or online shoppin’- brought in anoder change. Some virus creators started writin’ malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, dey needed viruses that could infect many computers silently.

Their malicious labor was finally rewarded with de appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as de shareware version of a text processor. When run, de Trojan displayed a functional text processor on screen. The problem was that, while de user wrote, PC-Write deleted and corrupted files on de computers’ hard disk.

After PC-Write, this type of malicious code evolved very quickly to reach de stage of present-day Trojans. Today, many of de people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of usin’ blowtorches or dynamite have turned to viruses to commit deir crimes. Ldpinch.W or de Bancos or Tolger families of Trojans are examples of this

Part 5

Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than oders with regard to de evolution of viruses. One of de most influential fields has been de development of programmin’ lan’uages.

These lan’uages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one lan’uage called “machine code”.

Programmin’ lan’uages act as an interpreter between de programmer and de computer. Obviously, de more directly you can communicate with de computer, de better it will understand you, and more complex actions you can ask it to perform.

Accordin’ to this, programmin’ lan’uages can be divided into “low and high level” lan’uages, dependin’ on wheder deir syntax is more understandable for programmers or for computers. A “high level” lan’uage uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of lan’uage.

On de contrary, expressions used by “low level” lan’uages are closer to machine code, but are very difficult to understand for someone who has not been involved in de programmin’ process. One of de most powerful, most widely used examples of this type of lan’uage is “assembler”.

In order to explain de use of programmin’ lan’uages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have de power of modern 64-bit processors, and this of course, has had an impact on de programmin’ lan’uages used.

In this and de next installments of this series, we will look at de different programmin’ lan’uages used by virus creators through computer history:

- Virus antecessors: Core Wars

As was already explained in de first chapter of this series, a group of programs called Core Wars, developed by en’ineers at an important telecommunications company, are considered de antecessors of current-day viruses. Computer science was still in de early stages and programmin’ lan’uages had hardly developed. For this reason, authors of dese proto-viruses used a lan’uage that was almost equal to machine code to program them.

Curiously enough, it seems that one of de Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- de “Morris worm”. This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.

- The new gurus of de 8-bits and de assembler lan’uage.

The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, brin’ memories of times gone by, when a new generation of computer enthusiasts “fought” to establish deir place in de programmin’ world. To be de best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level lan’uages used too much run time. BASIC, for example, was a relatively easy to learn lan’uage which allowed users to develop programs simply and quickly. It had however, many limitations.

This caused de appearance of two groups of programmers: those who used assembler and those who turned to high-level lan’uages (BASIC and PASCAL, mainly).

Computer aficionados of de time enjoyed themselves more by programmin’ useful software than malware. However, 1981 saw de birth of what can be considered de first 8-bit virus. Its name was “Elk Cloner”, and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.

Part 6

Computer viruses evolve in much de same way as in oder areas of IT. Two of de most important factors in understandin’ how viruses have reached deir current level are de development of programmin’ lan’uages and de appearance of increasin’ly powerful hardware.

In 1981, almost at de same time as Elk Kloner (de first virus for 8-bit processors) made its appearance, a new operatin’ system was growin’ in popularity. Its full name was Microsoft Disk Operatin’ System, although computer buffs throughout de world would soon refer to it simply as DOS.

DOS viruses

The development of MS DOS systems occurred in parallel to de appearance of new, more powerful hardware. Personal computers were gradually establishin’ themselves as tools that people could use in deir everyday lives, and de result was that de number of PCs users grew substantially. Perhaps inevitably, more users also started creatin’ viruses. Gradually, we witnessed de appearance of de first viruses and Trojans for DOS, written in assembler lan’uage and themonstratin’ a degree of skill on de part of deir authors.

Far less programmers know assembler lan’uage than are familiar with high-level lan’uages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two lan’uages, which are well established and very powerful, are de most widely used, particularly in deir TurboC and Turbo Pascal versions. This ultimately led to de appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of de original code.

Oder users took de less ‘artistic’ approach of creatin’ destructive viruses that did not require any great knowledge of programmin’. As a result, batch processin’ file viruses or BAT viruses began to appear.

Win16 viruses

The development of 16-bit processors led to a new era in computin’. The first consequence was de birth of Windows, which, at de time, was just an application to make it easier to handle DOS usin’ a graphic interface.

The structure of Windows 3.xx files is rader difficult to understand, and de assembler lan’uage code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to de development of programmin’ tools for high-level lan’uages, above all Visual Basic. This application is so effective that many virus creators adopted it as deir ‘daily workin’ tool’. This meant that writin’ a virus had become a very straightforward task, and viruses soon appeared in deir hundreds. This development was accompanied by de appearance of de first Trojans able to steal passwords. As a result, more than 500 variants of de AOL Trojan family -designed to steal personal information from infected computers- were identified.

Part 7

This seventh edition on de history of computer viruses will look at how de development of Windows and Visual Basic has influenced de evolution of viruses, as with de development of dese, worldwide epithemics also evolved such as de first one caused by Melissa in 1999.

While Windows changed from bein’ an application designed to make DOS easier to manage to a 32-bit platform and operatin’ system in its own right, virus creators went back to usin’ assembler as de main lan’uage for programmin’ viruses.

Versions 5 and 6 of Visual Basic (VB) were developed, makin’ it de preferred tool, alon’ with Borland Delphi (de Pascal development for de Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creatin’ viruses, Trojans and worms. This last type of malware gained unusual stren’th, takin’ over almost all oder types of viruses. Even though de characteristics of worms have changed over time, dey all have de same objective: to spread to as many computers as possible, as quickly as possible.

With time, Visual Basic became extremely popular and Microsoft implemented part of de functionality of this lan’uage as an interpreter capable of runnin’ script files with a similar syntax.

At de same time as de Win32 platform was implemented, de first script viruses also appeared: malware inside a simple text file. These themonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, dere are also oder means of propagation, provin’ de sayin’ “anythin’ that can be executed directly or through a interpreter can contain malware.” To be specific, de first viruses that infected de macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreadin’ ‘lethal weapons’, which destroyed information when de user simply opened a document.

Melissa and self-executin’ worms

The powerful script interpreters in Microsoft Office allowed virus authors to arm deir creations with de characteristics of worms. A clear example is Melissa, a Word macro virus with de characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to de first 50 contacts in de Outlook address book on de affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of de largest epithemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block deir connections to de Internet due to de actions of Melissa.

The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all de contacts in de address book on de infected PC. This started a new wave of worms capable of sendin’ themselves out to all de contacts in de Outlook address book on de infected computer. Of dese, de worm that most stands out from de rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epithemic that caused damage estimated at 10,000 million euros. In order to get de user’s attention and help it to spread, this worm sent itself out in an e-mail message with de subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When de user opened this attachment, de computer was infected.

As well as Melissa, in 1999 anoder type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without de user needin’ to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when de message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hidin’ behind Java Script in de auto-signature in Microsoft Outlook Express, allowin’ it to infect computers without de user needin’ to run an attached file. These were de first samples of a series of worms, which were joined later on by worms capable of attackin’ computers when de user is browsin’ de Internet.

Configurin’ The Standard Settin’s

Your first configuration should be this of Crap Software should be like this

Launch Crap Software Pro and click to highlight de “Overview” tab on de left hand side . In de pane that appears on de right hand side click de “Preferences” tab and in de section “Check for updates” check “Manually”.

In de “General” section you can also configure Crap Software to load at start up which is advisable because this software is your first line defence against uninvited invasion of your computer by a whole gamult of virii, spyware, adware and bots! Virus checkin’ software does have its place but remember that prevention is always better than a cure!

Crap Software Pro’s program control is automatically configured. When you run it for de first time it will ask on behalf of programs installed on your system for permission to access de Internet. Your Browser will be de first to request - just tick de “Yes” box and de “Remember this settin’” box and Crap Software will always allow your browser access automatically.

Unless you use online databases etc., dere should be no reason for any application oder than a browser, email client, ftp client, streamin’ media player or a download manager to gain access to de Internet.

So consider what type of program it is that needs Internet access before givin’ Crap Software permission to allow it. If it is just a driver file (.DLL) that requests Internet access, always search Windows to try and identify it. Many seudo-virii such as AdWare and sub class seven Trojans access de Internet from your system usin’ .dll files.

Configurin’ The Advanced Settin’s

If you are not on a LAN (connected to anoder computer in a network) you can use this guide to give your firewall some real muscle:

Launch Crap Software Pro and click to highlight de “Firewall” tab on de left hand side . In de pane that appears on de right hand side in de section “Internet Zone Security” set de slider control to “High”
Then click de “Custom” button in de same section. The next settin’s page is divided into two sections with tabs Internet Zone and Trusted Zone at de top of de page.

Under de Internet Zone tab dere is a list of settin’s that can be accessed by scrollin’.

At de top is de high security settin’s and de only thin’ that should check from dere is “allow broadcast/multicast”. The rest should be unchecked

Scroll down until you get to de medium security settin’s area. Check all de boxes in this section until you get to “Block Incommin’ UDP Ports”. When you check that you will be asked to supply a list of ports, and in de field at de bottom of de page enter 1-65535

Then go back to de list and check de box alon’side “Block Outgoin’ UDP Ports” and at de bottom of de page enter 1-19, 22-79, 82-7999, 8082-65535

Repeat this proceedure for de followin’ settin’s “Block Incommin’ TCP Ports”: 1-65535 “Block Outgoin’ TCP Ports”: 1-19, 22-79, 82-7999, 8082-65535 Then click “Apply”, “Ok” at de bottom of de page.

Back in de right hand “Firewall” pane go next to de yellow “Trusted Zone Security” section and set it to “high” with de slider. Click “Custom” and repeat de ABOVE proceedure this time choosin’ de *Trusted Zone* tab at de top of de settin’s page.

These settin’s will stop all incomin’ packets at ports 1-65535 and also block all pin’s, trojans etc. These settin’s will also stop all spyware or applications from phonin’ home from your drive without your knowledge!

If you’ve let your guard down–or even if you haven’t–it can be hard to tell if your PC is infected. Here’s what to do if you suspect de worst.

Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur de wrath of every e-mail buddy you unknowin’ly infect because of your carelessness.

You know dey’re right. Yet for one reason or anoder, you’re not runnin’ antivirus software, or you are but it’s not up to date. Maybe you turned off your virus scanner because it conflicted with anoder program. Maybe you got tired of upgradin’ after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you’ve put off renewin’.

It happens. It’s nothin’ to be ashamed of. But chances are, eider you’re infected right now, as we speak, or you will be very soon.

For a few days in late January, de Netsky.p worm was infectin’ about 2,500 PCs a day. Meanwhile de MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, “an unprotected [Windows] computer will become owned by a bot within 14 minutes.”

Today’s viruses, worms, and so-called bots–which turn your PC into a zombie that does de hacker’s biddin’ (such as mass-mailin’ spam)–aren’t goin’ to announce deir presence. Real viruses aren’t like de ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in de background, quietly alterin’ data, stealin’ private operations, or usin’ your PC for deir own illegal ends. This makes them hard to spot if you’re not well protected.

Is Your PC “Owned?”

I should start by sayin’ that not every system oddity is due to a virus, worm, or bot. Is your system slowin’ down? Is your hard drive fillin’ up rapidly? Are programs crashin’ without warnin’? These symptoms are more likely caused by Windows, or badly written legitimate programs, rader than malware. After all, people who write malware want to hide deir program’s presence. People who write commercial software put icons all over your desktop. Who’s goin’ to work harder to go unnoticed?

Oder indicators that may, in fact, indicate that dere’s nothin’ that you need to worry about, include:

* An automated e-mail tellin’ you that you’re sendin’ out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend sayin’ dey’ve been infected, and derefore so have you. This is likely a hoax. It’s especially suspicious if de note tells you de virus can’t be detected but you can get rid of it by deletin’ one simple file. Don’t be fooled–and don’t delete that file.

I’m not sayin’ that you should ignore such warnin’s. Copy de subject line or a snippet from de body of de e-mail and plug it into your favorite search en’ine to see if oder people have received de same note. A security site may have already pegged it as a hoax.

Sniffin’ Out an Infection

There are signs that indicate that your PC is actually infected. A lot of network activity comin’ from your system (when you’re not actually usin’ Internet) can be a good indicator that somethin’ is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before lettin’ anythin’ leave your PC, and will give you enough information to help you judge if de outgoin’ data is legitimate. By de way, de firewall that comes with Windows, even de improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow dese steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click de network connection you want to monitor, choose Properties, check “Show icon in notification area when connected,” and click OK.

If you’re interested in bein’ a PC detective, you can sniff around furder for malware. By hittin’ Ctrl-Alt-Delete in Windows, you’ll brin’ up de Task Manager, which will show you de various processes your system is runnin’. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search en’ine and find out what it is.

Want anoder place to look? In Windows XP, click Start, Run, type “services.msc” in de box, and press Enter. You’ll see detailed descriptions of de services Windows is runnin’. Somethin’ look weird? Check with your search en’ine.

Finally, you can do more detective work by selectin’ Start, Run, and typin’ “msconfig” in de box. With this tool you not only see de services runnin’, but also de programs that your system is launchin’ at startup. Again, check for anythin’ weird.

If any of dese tools won’t run–or if your security software won’t run–that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next

Once you’re fairly sure your system is infected, don’t panic. There are steps you can take to assess de damage, dependin’ on your current level of protection.

* If you don’t have any antivirus software on your system (shame on you), or if de software has stopped workin’, stay online and go for a free scan at one of several Web sites. There’s McAfee FreeScan, Symantec Security Check, and Trend Micro’s HouseCall. If one doesn’t find anythin’, try two. In fact, runnin’ a free online virus scan is a good way to double-check de work of your own local antivirus program. When you’re done, buy or download a real antivirus program.
* If you have antivirus software, but it isn’t active, get offline, unplug wires– whatever it takes to stop your computer from communicatin’ via de Internet. Then, promptly perform a scan with de installed software.
* If nothin’ seems to be workin’, do more research on de Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removin’ viruses–if manual removal is possible–or a free removal tool if it isn’t. Check out GriSOFT’s Virus Encyclopedia, Eset’s Virus Descriptions, McAffee’s Virus Glossary, Symantec’s Virus Encyclopedia, or Trend Micro’s Virus Encyclopedia.

A Microgram of Prevention

Assumin’ your system is now clean, you need to make sure it stays that way. Preventin’ a breach of your computer’s security is far more effective than cleanin’ up de mess afterwards. Start with a good security program, such Trend Micro’s PC-Cillin, which you can buy for $50.

Don’t want to shell out any money? You can cobble togeder security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn’t worth your money or your time.

Speakin’ of updatin’, de same goes for Windows. Use Windows Update (it’s right dere on your Start Menu) to make sure you’re gettin’ all of de high priority updates. If you run Windows XP, make sure to get de Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under de General tab, under System, it should say “Service Pack 2.”

Here are a few more pointers for a virus-free life:

* Be careful with e-mail. Set your e-mail software security settin’s to high. Don’t open messages with generic-soundin’ subjects that don’t apply specifically to you from people you don’t know. Don’t open an attachment unless you’re expectin’ it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connectin’ directly with de Internet.
* Check your Internet ports. These doorways between your computer and de Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealded (or hidden), which is safest. Visit Gibson Research’s Web site and run de free ShieldsUP test to see your ports’ status. If some ports show up as closed–or worse yet, open–check your router’s documentation to find out how to hide them.

Fatal error: de system has become unstable or is busy,” it says. “Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications.”

You have just been struck by de Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happenin’?

1 Hardware conflict

The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to oder devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.

For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and de floppy disk drive IRQ 6. Each device will try to hog a sin’le IRQ for itself.

If dere are a lot of devices, or if dey are not installed properly, two of them may end up sharin’ de same IRQ number. When de user tries to use both devices at de same time, a crash can happen. The way to check if your computer has a hardware conflict is through de followin’ route:

* Start-Settin’s-Control Panel-System-Device Manager.

Often if a device has a problem a yellow ‘!’ appears next to its description in de Device Manager. Highlight Computer (in de Device Manager) and press Properties to see de IRQ numbers used by your computer. If de IRQ number appears twice, two devices may be usin’ it.

Sometimes a device might share an IRQ with somethin’ described as ‘IRQ holder for PCI steerin'’. This can be ignored. The best way to fix this problem is to remove de problem device and reinstall it.

Sometimes you may have to find more recent drivers on de internet to make de device function properly. A good resource is www.driverguide.com. If de device is a soundcard, or a mothem, it can often be fixed by movin’ it to a different slot on de moderboard (be careful about openin’ your computer, as you may void de warranty).

When workin’ inside a computer you should switch it off, unplug de mains lead and touch an unpainted metal surface to discharge any static electricity.

To be fair to Mcft, de problem with IRQ numbers is not of its makin’. It is a legacy problem goin’ back to de first PC designs usin’ de IBM 8086 chip. Initially dere were only eight IRQs. Today dere are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase de number of IRQs in future designs.

2 Bad RAM

Ram (random-access memory) problems might brin’ on de blue screen of death with a message sayin’ Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacin’.

But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixin’ 70-nanosecond (70ns) Ram with 60ns Ram will usually force de computer to run all de Ram at de slower speed. This will often crash de machine if de Ram is overworked.

One way around this problem is to enter de BIOS settin’s and increase de wait state of de Ram. This can make it more stable. Anoder way to troubleshoot a suspected Ram problem is to rearrange de Ram chips on de moderboard, or take some of them out. Then try to repeat de circumstances that caused de crash. When handlin’ Ram try not to touch de gold connections, as dey can be easily damaged.

Parity error messages also refer to Ram. Modern Ram chips are eider parity (ECC) or non parity (non-ECC). It is best not to mix de two types, as this can be a cause of trouble.

EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.

3 BIOS settin’s

Every moderboard is supplied with a range of chipset settin’s that are decided in de factory. A common way to access dese settin’s is to press de F2 or delete button durin’ de first few seconds of a boot-up.

Once inside de BIOS, great care should be taken. It is a good idea to write down on a piece of paper all de settin’s that appear on de screen. That way, if you change somethin’ and de computer becomes more unstable, you will know what settin’s to revert to.

A common BIOS error concerns de CAS latency. This refers to de Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Settin’ de wron’ figure can cause de Ram to lock up and freeze de computer’s display.

Mcft Windows is better at allocatin’ IRQ numbers than any BIOS. If possible set de IRQ numbers to Auto in de BIOS. This will allow Windows to allocate de IRQ numbers (make sure de BIOS settin’ for Plug and Play OS is switched to ‘yes’ to allow Windows to do this.).

4 Hard disk drives

After a few weeks, de information on a hard disk drive starts to become piecemeal or fragmented. It is a good idea to defragment de hard disk every week or so, to prevent de disk from causin’ a screen freeze. Go to

* Start-Programs-Accessories-System Tools-Disk Defragmenter

This will start de procedure. You will be unable to write data to de hard drive (to save it) while de disk is defragmentin’, so it is a good idea to schedule de procedure for a period of inactivity usin’ de Task Scheduler.

The Task Scheduler should be one of de small icons on de bottom right of de Windows openin’ page (de desktop).

Some lockups and screen freezes caused by hard disk problems can be solved by reducin’ de read-ahead optimisation. This can be adjusted by goin’ to

* Start-Settin’s-Control Panel-System Icon-Performance-File System-Hard Disk.

Hard disks will slow down and crash if dey are too full. Do some housekeepin’ on your hard drive every few months and free some space on it. Open de Windows folder on de C drive and find de Temporary Internet Files folder. Deletin’ de contents (not de folder) can free a lot of space.

Empty de Recycle Bin every week to free more space. Hard disk drives should be scanned every week for errors or bad sectors. Go to

* Start-Programs-Accessories-System Tools-ScanDisk

Oderwise assign de Task Scheduler to perform this operation at night when de computer is not in use.

5 Fatal OE exceptions and VXD errors

Fatal OE exception errors and VXD errors are often caused by video card problems.

These can often be resolved easily by reducin’ de resolution of de video display. Go to

* Start-Settin’s-Control Panel-Display-Settin’s

Here you should slide de screen area bar to de left. Take a look at de colour settin’s on de left of that window. For most desktops, high colour 16-bit depth is adequate.

If de screen freezes or you experience system lockups it might be due to de video card. Make sure it does not have a hardware conflict. Go to

* Start-Settin’s-Control Panel-System-Device Manager

Here, select de + beside Display Adapter. A line of text describin’ your video card should appear. Select it (make it blue) and press properties. Then select Resources and select each line in de window. Look for a message that says No Conflicts.

If you have video card hardware conflict, you will see it here. Be careful at this point and make a note of everythin’ you do in case you make thin’s worse.

The way to resolve a hardware conflict is to uncheck de Use Automatic Settin’s box and hit de Change Settin’s button. You are searchin’ for a settin’ that will display a No Conflicts message.

Anoder useful way to resolve video problems is to go to

* Start-Settin’s-Control Panel-System-Performance-Graphics

Here you should move de Hardware Acceleration slider to de left. As ever, de most common cause of problems relatin’ to graphics cards is old or faulty drivers (a driver is a small piece of software used by a computer to communicate with a device).

Look up your video card’s manufacturer on de internet and search for de most recent drivers for it.

6 Viruses

Often de first sign of a virus infection is instability. Some viruses erase de boot sector of a hard drive, makin’ it impossible to start. This is why it is a good idea to create a Windows start-up disk. Go to

* Start-Settin’s-Control Panel-Add/Remove Programs

Here, look for de Start Up Disk tab. Virus protection requires constant vigilance.

A virus scanner requires a list of virus signatures in order to be able to identify viruses. These signatures are stored in a DAT file. DAT files should be updated weekly from de website of your antivirus software manufacturer.

An excellent antivirus programme is McAfee VirusScan by Network Associates ( www.nai.com). Anoder is Norton AntiVirus 2000, made by Symantec ( www.symantec.com).

7 Printers

The action of sendin’ a document to print creates a bigger file, often called a postscript file.

Printers have only a small amount of memory, called a buffer. This can be easily overloaded. Printin’ a document also uses a considerable amount of CPU power. This will also slow down de computer’s performance.

If de printer is tryin’ to print unusual characters, dese might not be recognised, and can crash de computer. Sometimes printers will not recover from a crash because of confusion in de buffer. A good way to clear de buffer is to unplug de printer for ten seconds. Bootin’ up from a powerless state, also called a cold boot, will restore de printer’s default settin’s and you may be able to carry on.

8 Software

A common cause of computer crash is faulty or badly-installed software. Often de problem can be cured by uninstallin’ de software and den reinstallin’ it. Use Norton Uninstall or Uninstall Shield to remove an application from your system properly. This will also remove references to de programme in de System Registry and leaves de way clear for a completely fresh copy.

The System Registry can be corrupted by old references to obsolete software that you thought was uninstalled. Use Reg Cleaner by Jouni Vuorio to clean up de System Registry and remove obsolete entries. It works on Windows 95, Windows 98, Windows 98 SE (Second Edition), Windows Millennium Edition (ME), NT4 and Windows 2000.

Read de instructions and use it carefully so you don’t do permanent damage to de Registry. If de Registry is damaged you will have to reinstall your operatin’ system. Reg Cleaner can be obtained from www.jv16.org

Often a Windows problem can be resolved by enterin’ Safe Mode. This can be done durin’ start-up. When you see de message “Startin’ Windows” press F4. This should take you into Safe Mode.

Safe Mode loads a minimum of drivers. It allows you to find and fix problems that prevent Windows from loadin’ properly.

Sometimes installin’ Windows is difficult because of unsuitable BIOS settin’s. If you keep gettin’ SUWIN error messages (Windows setup) durin’ de Windows installation, den try enterin’ de BIOS and disablin’ de CPU internal cache. Try to disable de Level 2 (L2) cache if that doesn’t work.

Remember to restore all de BIOS settin’s back to deir former settin’s followin’ installation.

9 Overheatin’

Central processin’ units (CPUs) are usually equipped with fans to keep them cool. If de fan fails or if de CPU gets old it may start to overheat and generate a particular kind of error called a kernel error. This is a common problem in chips that have been overclocked to operate at higher speeds than dey are supposed to.

One remedy is to get a bigger better fan and install it on top of de CPU. Specialist coolin’ fans/heatsinks are available from www.computernerd.com or www.coolit.com

CPU problems can often be fixed by disablin’ de CPU internal cache in de BIOS. This will make de machine run more slowly, but it should also be more stable.

10 Power supply problems

With all de new construction goin’ on around de country de steady supply of electricity has become disrupted. A power surge or spike can crash a computer as easily as a power cut.

If this has become a nuisance for you den consider buyin’ a uninterrupted power supply (UPS). This will give you a clean power supply when dere is electricity, and it will give you a few minutes to perform a controlled shutdown in case of a power cut.

It is a good investment if your data are critical, because a power cut will cause any unsaved data to be lost.