Virus entry points
For several years now, the trend is towards more connectivity between
computers. More and more each day, the computer is less of an isolated item with only
one input point. Although this has been beneficial for users and PCÆs in general, it has also multiplied the number of available entry points for
viruses.
For these reasons, it is important to know which are the entry points that a
virus can use to access a computer, and understand how an antivirus must protect
all entry points.
In addition to having multiplied the possible entry points for viruses, new
types of viruses and new forms of transmitting these viruses have also appeared.
Last but not least, the importance of monitoring all outgoing items must be
stressed. This is not usually taken into consideration, since it is considered
that ôthere is no entry of virusesö. It should not be forgotten, however, that most infections occur without
malicious intentions. Thus, a user may send an infected file or diskette without
realizing that he is also sending a virus. If every user carefully monitors their
outgoing messages as well as the incoming ones, the rapid diffusion of viruses
as occurs today could be avoided. A user who sends a virus could find
him/herself in trouble under such circumstances.
Diskettes and CD-ROMs
In the past, these were the only entry points to a PC (if it was not connected
to a network). Viruses can be carried in files that are saved on either of
these two mediums or can reside in the boot sector of a diskette. Given that both
mediums can contain files susceptible of having a macro virus, the three most
common types of viruses (boot, file and macro) may enter a computer by these
mediums.
The Panda Software response to this entry point is two-fold. On one hand, it contains a
permanent program that offers permanent protection. This way, all access to any file
contained on diskette or CD-ROM will trigger a permanent protection scan. And, on
the other hand, it offers the possibility of carrying out an immediate scan
(on-demand scan) of the diskette or CD-ROM inserted in the computer to verify
that it is virus-free.
Therefore, with adequate permanent protection, an antivirus can efficiently
resolve the danger that this entry point poses.
Network
This entry point has been around for a long time, but has become very wide
spread in the last few years. Today, in almost all stations where there are
several computers, there is a network that connects them. The basic objective of a
network is the sharing of information and thus the sharing of files. Since many
types of files are shared on a network, this medium can be a point of
transmission of file and macro viruses.
The Panda Software response to this entry point is also two-fold. On one hand, the key
protection is still via a permanent program offering permanent protection. It is the
same one that monitors the access to files mentioned above. Each time that a user
tries to send or receive an infected file on the network, the permanent program
will scan the file and display a warning. As in the previous case, this
response also offers the possibility of carrying out an immediate scan (on-demand
scan) to check any drive on the network. However, given the shared character of a
network, new files can be added constantly making it difficult to ensure that a
network station is virus-free.
As with the previous case, and even more importantly, having adequate
permanent protection is the best guarantee of protection against viruses for this entry
point.
Internet
Although Internet has existed for years, it has only recently become a massive
means of communication. It is more and more present every day in every field.
The primary function of Internet is to facilitate, and in many cases make
possible, the exchange of information. Thus, Internet also facilitates the exchange
of files which, as already stated, are a ôvehicleö for transmitting viruses. However, Internet presents a situation slightly
more complicated than a network for the following reasons:
Internet provides different services, including for example: Web pages,
electronic mail, etc. Each of these services uses a particular protocol (language);
thus it is necessary to know these languages in order to correctly perform virus
scans of this entry point. For example, an e-mail message may contain an
attached file that is infected. Since the file is not in its normal format, a
conventional antivirus cannot detect it. For this reason, an antivirus must be
specially developed to understand the format used to receive e-mail messages in order
to detect the virus.
The following are entry points of viruses transmitted via Internet:
- Electronic mail: viruses may be hidden in files attached to e-mail messages. They can never be
found in the e-mail message itself. In other words, an e-mail message that
does not have an attachment or embedded object cannot contain a virus. It is
important to note that two protocols are used for electronic mail on the Internet.
One is POP3, used for incoming mail (messages received) and the other is SMTP, used for outgoing mail (messages sent).
- News (NNTP): through this service, you can access newsgroups being discussed or that are
placed in certain servers for consultation and subsequent discussion. You can
also subscribe in order to periodically receive e-mails containing the latest
news, although these may be infected. You can scan all the news received from Exchange/Outlook and Outlook Express.
- Downloading files (FTP): files can be downloaded from the Internet using this service. These files may
be virus-infected.
- Web pages (HTTP): principally, Web pages (HTML pages) are only text and graphics that do not
present any virus threats. More and more, however, Web pages contain other
components such as Java applets or ActiveX controls. These types of components can be virus-infected and affect a computer for
the sole reason of having accessed a Web page.
To correct such a potentially serious problem, Panda Software offers a series of solutions. These are the following:
- Electronic mail: A special permanent program scans all outgoing messages (SMTP protocol) and incoming
messages (POP3 protocol) for viruses. Thus, an e-mail message containing a
virus-infected file cannot be sent or received. Other antiviruses scan only incoming
mail. This is very dangerous since it is possible to send a virus, with all the
consequences this can cause the sender. Electronic mail antivirus protection
provided by Panda Antivirus 6.0 is independent from the e-mail program being used, and operates with all types
of such programs.
There is an added danger with electronic mail. All outgoing and incoming
messages are stored in a message database. The message database format is not
recognized by conventional antiviruses, so a normal antivirus will not be able to
scan all outgoing and incoming messages for viruses prior to the installation of
the program. For some reason, they also cannot scan those messages that were not
scanned at the time they were received. To solve this problem, Panda Antivirus 6.0 is able to recognize the format of the message database of Microsoft Outlook Express (including Internet Explorer 4), Microsoft Exchange and Microsoft Outlook programs. This way, Panda Antivirus 6.0 allows the user to scan any message, any time he/she wishes from a message
database, thus offering the guarantee of virus-free electronic mail.
- News (NNTP): all possibly-infected contents (related documents) located in a server that
provides a news service will be scanned by the special permanent protector responsible for monitoring the connection with that
server. This guarantees the safe consultation of information regardless of the news
program used.
- Downloading files (FTP): a special permanent program, in charge of monitoring the Internet connection, will scan
all FTP downloaded files. This prevents the downloading of an infected file.
All files previously downloaded could be scanned with an antivirus file, thus
avoiding the problem mentioned above with e-mail messages. The virus protection
is independent from the FTP program being used.
- Web pages (HTTP): All Web page or HTML page contents (Java applets, ActiveX, etc.) that may be virus-infected will be scanned by a special permanent program in charge of monitoring the Internet connection. This
guarantees secure Website browsal, regardless of the search engine used while
visiting the Websites.
In summary, it can be said that Panda Antivirus 6.0 offers the best protection against possible viruses coming in through the
Internet. On one hand, all the data is scanned as it enters the computer, to
verify that no virus is being carried with the message. On the other hand, it is
possible to scan all electronic mail handled by the user, that is all incoming and
outgoing messages, guaranteeing a virus-free connection to the Internet.