The most important thing you can do to safeguard against viruses or combat
existing ones is to use anti-viral software. Anti-viral software performs three
functions: prevention, detection, and removal of viruses. (For a general
overview of computer viruses and their symptoms, see the section "About
Viruses".)
There are several anti-viral programs available for Windows computers. Most are
commercial packages; these include McAfee's VirusScan, Symantec's Norton AntiVirus, DataWatch's Virex, and Dr.
Solomon's Anti-Virus Toolkit. One very popular package,
F-PROT, is freeware.
The two main packages recommended by Stanford are McAfee's VirusScan and
F-PROT. You should select one of these tools as your main anti-viral software.
VirusScan, made by McAfee Inc., is a highly effective commercial anti-viral
program and is available on Windows 3.1, Windows 95, Windows NT, and Macintosh
platforms. It is currently licensed to Stanford University and is available for
Stanford faculty, staff, and students, and SLAC employees at no charge.
In addition to combating the standard viruses that affect operating systems,
applications and disk drives, VirusScan is also effective against the Microsoft
Word viruses that have become common on campus. (For more information on this
type of "macro" virus, see "A Word about Macro Viruses" below.) McAfee also
provides regular updates to the "virus definition files" that help VirusScan
identify new viruses.
The system requirements for VirusScan are:
|
Windows 3.1:
|
- IBM-compatible personal computer running Windows 3.1x; 386 or better
- 5MB hard drive space
- 4MB of available memory (8MB recommended)
|
|
Windows 95:
|
- 2.5MB of free hard drive space
- At least 8MB of memory
|
|
Windows NT:
|
- A workstation running Windows NT, version 3.51 or later
- 1.5MB of free hard drive disk space
|
VirusScan is available as part of the PC-Stanford package. You can go to the PC-Stanford Web Page to learn more about the entire suite of applications and download the software. Direct links are also provided in this document below.
-
If the computer on which you want to load VirusScan is directly connected to SUNet, download the single-file VirusScan installer file. To do so, go to the PC-Stanford Single File Installer Download Page.
In order to download the software, you must have a valid SUNet ID and password. You will be asked provide your SUNet ID and password at the WebLogin authentication page. After you have been authenticated, you can proceed to download the software.
- Format a diskette for the VirusScan Emergency Disk (Windows 95 and NT only).
Before you run the installer program, create a bootable high-density
diskette for your system. You'll need to do this from DOS. Enter either of the
following commands at Start/Run:
|
format a: /s
|
If your diskette is not yet formatted
|
|
sys a:
|
If your diskette is formatted
|
- To install VirusScan, simply click on the ".exe"
file (e.g., vscan95.exe) to run the installer program. Follow the instructions and select "Typical" when the program asks what kind of installation to perform.
- (Windows 95 and NT only) At the end of the installation, you will be prompted to create an
"Emergency disk." Insert the diskette you prepared in step 2 above.
- If you plan to install VirusScan on a computer not connected to SUNet,
such as your computer at home, you will need to place the installer program on a set of floppy disks. To do so, go to the PC-Stanford Floppy Disk Creation Page at
http://www.stanford.edu/group/itss/pcstanford/download/floppy.html
In order to download the software, you must have a valid SUNet ID and password. You will be asked provide your SUNet ID and password at the WebLogin authentication page. After you have been authenticated, you can proceed to download the software.
- Double click on the vs95_all.exe or vsnt_all.exe file to extract the disk image files. Then to make the set of installation floppies, double click on each of the image files (which are labeled something like "v95_dks1.exe", "v95_dks2.exe", etc.) and follow the instructions. You will be asked to insert a floppy disk; make sure each floppy is a completely blank, PC-formatted 1.44 MB disk.
- Format a diskette for the VirusScan Emergency Disk. Before you run the installer program, create a bootable high-density
diskette for your system. You'll need to do this from DOS. Enter either of the
following commands at Start/Run:
|
format a: /s
|
If your diskette is not yet formatted
|
|
sys a:
|
If your diskette is formatted
|
- Insert the installation floppy disks (from step 2) into the computer on which you want to install VirusScan and launch the "setup" program from the A: drive. Follow the instructions and select "Typical" when the program asks what kind of installation to perform.
- At the end of the installation, you will be prompted to create an
"Emergency disk." Insert the diskette you prepared in step 3 above.
It is highly recommended that you download and read the
User's Guide for VirusScan for your operating system. These are the files ending in ".pdf".
You will need Adobe Acrobat to view and print the manual.
If you don't have Adobe Acrobat Reader, go to
http://www.adobe.com/prodindex/acrobat/readstep.html
to download a copy.
In order to be protected against all known viruses, it is important to keep the virus definitions up to date. McAfee updates the
DAT files every 6-8 weeks.
When Stanford gets these updates, they will be put on ftp.stanford.edu, but if
want to be sure you have the latest, you should download them directly from
McAfee at http://www.nai.com/download/updates/updates.asp.
- Windows 95:
You will know VirusScan is running when you see the VShield icon on the
right-most side of the task bar.
To configure the "on-access" scanner with the VShield Configuration Manager,
double-click on the VShield icon in the lower right-hand corner of the task bar. Then
click on Properties. The Detection tab will let you specify which actions will prompt scanning to take place, such as inserting a floppy diskette or
executing a program.
To scan specific files or the hard disk immediately using "on-demand" scanning, click on Start/Programs/McAfee VirusScan/VirusScan. Select the file or disk you want to scan, then click on the Scan Now button.
For more information, see the User's Guide: VirusScan for Windows 95, which is the v94doc.pdf file.
- Other Systems:
For information on configuring VirusScan for Windows 3.1, see the User's Guide: VirusScan for Windows 3.1x, which is the wscdoc31.pdf file.
For information on configuring VirusScan for Windows NT, see the User's Guide: VirusScan for Windows NT, which is the vntdoc.pdf file.
While VirusScan does detect and remove the Word and Excel macro viruses, it will not fix damage from macro viruses, such as changing virus-affected templates back into regular documents. For details on how to repair affected files, see http://www.nai.com/vinfo/t0118.asp and download the "DOCFIX for MS Word Version 6/7" file.
For PC users running Windows 95/98/NT, 3.1 or DOS, if you are unable to use VirusScan, F-PROT is the recommended anti-viral tool. (A
commercial version called F-PROT Pro, sold by Data Fellows, is also available.)
Important Note:F-PROT ALSO protects against macro viruses.
There are two parts to F-PROT: VIRSTOP.EXE, which is used for the prevention of
viral infections, and F-PROT.EXE, the preferred method for detecting and
removing viruses.
If VIRSTOP detects a virus attack, it will stop the process and display an
alert telling you what virus is present. You should then run the F-PROT
application to remove the virus.
F-PROT is easy to install, but it is very important to stay up-to-date with
this tool, because it only recognizes viruses it has been taught about. As of
October 1998, F-PROT 3.03 is the latest version available; it can be found at
the following location:
ftp://ftp.datafellows.com/f-prot/free/fp-303.zip
Make sure you have the latest version, otherwise you won't be protected against
all known viruses. The most recent version will always be found in the ftp://ftp.datafellows.com/f-prot/free
directory.
After you have downloaded FPROT, you will need to uncompress it with a utility
called unzip (StuffIt Expander also unzips files). StuffIT is available from the PC-Stanford Site. Unzip is available from:
ftp://ftp.simtel.net/pub/simtelnet/msdos/arcers/unz532x.exe
When you unzip the F-Prot package, many files will be expanded on your computer, including
F-PROT.EXE, VIRSTOP.EXE, and the associated documentation.
A virus is a small computer program that copies itself by attaching to another
computer program. The virus may carry out some task, which is often damaging.
Even if a virus is intended to be harmless, it can be detrimental nonetheless;
viruses occupy memory and disk space which can be enough to disrupt normal
operation of your computer.
A virus may contain a "time-bomb," where an activity is designed to
occur on a certain date or when a condition has been fulfilled. An odd
message may flash on the screen, or important files may be corrupted.
Aside from real computer viruses, there are many "hoaxes". These are
myths or stories, usually passed around via e-mail, about some new, destructive virus... Almost all
virus warnings received via e-mail are hoaxes!
Please do not forward e-mail messages about viruses without finding out if they are really true!
It is easy to do a little research on your own. A number of sites keep a current list of
virus hoaxes found on the net:
Some viruses infect a microcomputer and then infect every diskette that
is inserted, unless the diskette is write-protected.
Other viruses attach themselves to programs, and after the infected
program is run, subsequent programs are infected as well.
Infected diskettes passed around by computer users in an office can
cause viruses to spread. Viruses can become a problem when people are share
software in the public domain--on the Web or on bulletin boards; these
distribution media make it very easy for undetected viruses to spread quickly.
Viruses can also be spread through attachments (such as Word documents) sent
through electronic mail. Note that it is not the electronic mail itself, but
the attached file that can carry a virus. Such an attachment will only infect
your computer if you actually open up (say, in Word) or execute the attached
file.
Not all viruses are harmful; certain viruses only replicate and have no
other intended function. The damage viruses cause range from minor to
severe. Some viruses announce their presence very clearly by flashing
unusual messages or graphical displays. However, usually the presence of
a virus is very subtle or nearly undetectable. You
may suspect a virus when:
- You notice changes in file sizes or contents
- There is unaccounted use of RAM or your system is getting bigger without
your having made changes
- Unusual error messages appear
- The disk lights stay on longer than they used to
- Applications take a long time to load, unexpectedly quit, or crash
- Files or folders seem to be missing
Although it's important to be aware of the potential presence of
viruses, unusual behavior is most often due to bugs in
software or conflicts between drivers, TSRs and other software. In
fact, 99 % of all suspected new viruses are eventually proven to be
(merely) mundane bugs in the operating system or applications being
used.
A new kind of virus, called a macro virus, has emerged and spread rapidly across the campus. This type of virus can infect the operating system, and possibly pose a threat to your
hard drive. They may also change documents that use macros (small programs that are
associated with documents). Macro viruses are spread in Microsoft Word 6 or
higher documents, on both Windows and Macintosh platforms. Macro viruses have
also been found in Excel for Windows, version 5 and above.
One common macro virus affects Word users by turning documents into templates, no matter how they are saved. Another more dangerous virus deletes all macros from Word's NORMAL.DOT template and removes Tools:Macro and Tools:Customize from the menu commands.
If you are using Word 6.x or Word 7.x, or Excel 5 or greater,
it is highly recommended that you install and use VirusScan on a regular basis to prevent the infection and spread of macro viruses. See the section on VirusScan above.
It is recommended that you use a preventative anti-viral software at all times.
You should also scan your hard disk for viruses on a regular basis,
especially if you have installed or downloaded software, or used floppy
disks.
In addition to using anti-viral software, there are certain precautions
you should get into the habit of performing in order to protect your
computer from viruses:
- Keep system and application diskettes locked. (You lock a diskette by
sliding the write-protect tab so that you can see through the hole).
- Make backup copies of all your software, and use the copies instead. A
virus cannot infect a locked diskette.
- Make periodic backups of your hard disk. Optimally, you should make a
backup of your hard disk once a week.
- Run anti-viral scanning software, such as VirusScan, right before you backup
to make sure that your backups do not become infected and to ensure that your
system is not infected.
- Before using new software, run anti-viral software to make sure that the
software is not infected. This applies to commercial software as well as
software in the public domain.
- Keep your anti-viral software up-to-date. This is very important because
older releases of most anti-viral software cannot detect new viruses. As soon
as you are notified of a new virus and subsequent release of anti-viral
software, (through bulletin boards such as comp.virus, electronic mail,
newsletters, the grapevine), install the new release as soon as possible.
If you manage a network of microcomputers, or are responsible for a
group of computers shared in a department, it is vital that you take the
precautions listed above. You should also:
- Install current releases of anti-viral software and periodically check to
see that the anti-viral software is still on each computer.
- Configure VirusScan to scan floppy disks when they are inserted into the
computer.
- You should make clean startup diskettes along with backup copies of
anti-viral software, and keep these tucked away in a secure place.
- Educate the people in your organization about viruses and distribute copies
of free anti-viral software and the documentation.
- For obvious reasons, scan servers quite frequently to protect against
viruses.
If you want more information about virus protection, check out the comp.virus
bulletin board for up-to-date information, as well as the following general
information sites (maintained by virus-protection software vendors):
ITSS Computer Resource Center
©1998 by Stanford University
Comments to crc-publications@lists.stanford.edu
VirusScan