Thursday, July 16, 2009

WOW 12

WOW 12 - Virus Prevention - Part II

Hi Friends,
Yesterday, we covered a topic on how to format a virus affected RM (Removable Media; Thumb drive). In today article, I'll cover on how to prevent a virus from affecting your system.

Just read the last statement, I will be telling on how to prevent a virus from affecting your system. What I meant is, " The virus will still be present in your RM, however it will not be able to attack your system."

Before actually telling what are the required steps, let me tell you how a virus (present in your RM) starts working once the RM is plugged in.

Process:
  1. Once the RM is plugged in, Windows (OS) triggers Autorun feature for that drive. (applicable for Optical Media like CD's, DVD's.. alike)
  2. By Default, Windows opens up a Auto Play screen (where you would be able to select an option) on inserting the RM. (again applicable for Optical Media)
  3. #2 happens only if Windows does not find any "autorun.inf" file or autorun.exe (for Optical Media) (autorun.inf is the configuration file which tells windows which file to run when the media is inserted)
  4. Normally, viruses come in an executable file (exe, bat, com, etc.) and they call this executable file in the "autorun.inf". At times, we also use "Autorun.exe"
  5. This is how most of the virus(s) are triggered and once they are up, they attack our system.
There are multiple solutions for preventing a virus from executing. The simplest method would be to turn off Autoplay feature and the other method (our highlight) will be to write something into the autorun file our-self.

Method 1: (Turn off Autoplay)
  • I shall cover this in detail in WOW 13.
Method 2: (Create Autorun.inf)
  • Open Notepad and key in the following lines:
  • [autorun]
    open=MyApp.exe
    icon=MyIcon.ico
    label=MyApplication
  • The first line in mandatory. Here MyApp.exe, MyIcon.ico are the files that you want to be opened.
  • To make this simple (If you don't want any programs to run), just add the first line in the notepad and Save it as "Autorun.inf"
  • Now comes the most important part. Once you have the autorun.inf file. Right click it and choose Properties. Check and make the file Read-only.
  • To make the file Read-only is most important coz otherwise the virus will just overwrite the file we created.
  • Now, even if the virus is present in our RM, as it is not able to call the file through Autorun, it will not execute.

P.S.: Though through all these steps, we can make most of the virus ineffective, it is always advisable to keep an Antivirus software and keep it updated. I update my Antivirus Definitions at least once in a day.

Danish :)
Posted by Danny TT
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)