Task 3.1: Installing, Updating, and Running Antivirus Software

Computer viruses have been around for decades; Fred Cohen, an American computer scientist, originated the term virus in the 1980s. Viruses depend on people to spread them. Worms, while closely related to viruses, spread without human intervention. Viruses propagate through three basic means:

Master Boot Record Infection The original method of attack works by attacking the master boot record (MBR) of floppy disks or the hard drive. It’s now considered ineffective because so few people pass around floppy disks.

File Infection File infection is a slightly newer form of virus propagation that relies on the user to execute the file. Extensions such as .com and .exe are typically used. Social engineering is needed to get the user to execute the program.

Macro Infection Macro infection is the most modern of the three types and began appearing in the 1990s. Macro viruses exploit scripting services installed on your computer. The “I Love You” virus (released in 2000) was a prime example of a macro infector.

Protection against computer viruses is one of the most important and basic security countermeasures that you can deploy. Some individuals think that deployment of an antivirus program is enough. Well, that is not true—an out-of-date antivirus program is little better than none at all.

Scenario

You have just completed the building of a new system for a client. You are now going to install and update the antivirus program. You will then make an initial scan with the antivirus program to make sure the system is clean and ready to be delivered to the client.

Scope of Task

Duration

This task should take about 30 minutes.

Setup

For this task, you will need a Windows workstation or server. You will also need to download the free avast! antivirus software from www.avast.com.

Caveat

Most antivirus programs do not scan for or prevent spyware. Make sure you understand what the antivirus software will and will not prevent.

The version of avast! being used for this task is for noncommercial home use only.

Procedure

In this task, you will install, update, and scan a system for viruses using the avast! antivirus scanning software. avast! is an example of a signature-scanning antivirus program. Signature-scanning antivirus programs work in a fashion similar to intrusion detection system (IDS) pattern-matching systems. Signature-scanning antivirus software looks at the beginning and end of executable files for known virus signatures. Signatures are nothing more than a series of bytes found in the virus’s code.

Equipment Used

For this task, you must have:

• A Windows XP, Windows Vista, Windows 7, or Windows Server system
• A Local Administrator account
• An Internet connection

Details

The following sections guide you through installing, updating, and running an antivirus program.

Downloading and Installing the avast! Antivirus Tool

1. After logging on as a Local Administrator, open Internet Explorer, go to www.avast.com/free-antivirus-download, and download the current version of the software.

2. You will be prompted to run, save, or cancel the application. Click Run.

3. When the download is completed, you will be prompted with the Internet Explorer security screen. Click Run to continue.

4. You will then be prompted with the avast! setup screen. Click Next to continue.

5. You will be prompted to read the avast! Read Me file. This file contains basic information, such as the minimum requirements for installation. Take a few minutes to review this information. Click Next to continue.

6. You will be prompted to review the license agreement. Click the I Agree radio button. Then click Next to continue.

7. avast! will now prompt you to choose a destination directory. Leave it as suggested: C:Program FilesAlwil SoftwareAvast5.

8. Before the installation, the program will prompt you to select the installed configuration. Typical is selected by default. Click Next to continue.

9. The Installation information screen will then appear. Please review the information. Click Next to complete the installation.

10. You will be asked, “Do you wish to schedule a boot-time antivirus scan of your local hard drives? The scan will be performed after your computer is restarted.” Click Yes if you want the computer to perform an antivirus scan on system restart; click No otherwise.

11. The Setup Finished screen will appear, and you will be prompted with the Welcome to avast! Free Antivirus screen. Click Close to complete the installation.

Updating avast! Antivirus

Although most antivirus programs check for updates periodically, it is still a good idea to make sure you have the most recent version. This is particularly important when performing a new installation or when you have been asked to check a system for viruses.

1. To begin the update process, right-click the avast! icon that is located on the notification tray at the bottom-right corner of the screen.

2. You should now see a menu of options, which include updating. There are two update options:

• Engine And Virus Definitions
• Program

As you have just downloaded the program, you should check to see that you have the most current version of the program. Click Program.

3. After waiting a short period of time, you should receive a message that the signatures have been updated.

4. Click Close in the summary window to complete this task.

Performing an Antivirus Scan

1. Right-click the avast! icon located on the notification tray at the bottom-right corner of the screen and select Open avast! User Interface.

2. Once the window opens, you’ll be presented with the avast! user interface. There are three choices on this page:

Scan Computer This option scans the system.

Real-Time Shields This option shows the status of your protection.

Maintenance This option updates the antivirus engine and definitions.

3. Select the Scan Computer option. Select Quick Scan, and then click the Start button at the right side of the interface. The program will then start scanning memory and the selected drive. If a virus is found, a warning will appear.

4. Once the scan is completed, you will be presented with a report telling you what was found. In this example scan, four suspicious programs were found.

5. By selecting Show Report, you will be presented with a more detailed listing of the threats that were found on your computer.

Testing the avast! Antivirus Tool

Hopefully you did not find any viruses on your computer. The purpose of this portion of the exercise is to give you a better understanding of how signature-scanning antivirus software works.

Although it is not actually a virus and the code is harmless, it does match a known virus signature. The code was developed by the European Institute of Computer Anti-Virus Research (EICAR) to test the functionality of antivirus software.

In real life, virus creators attempt to circumvent the antivirus signature process by making viruses polymorphic. A polymorphic virus modifies itself from infection to infection, making it hard for antivirus software to detect it.

Criteria for Completion

You have completed this task when you have accomplished the steps in this exercise. You will then know how to install an antivirus program, how to update an antivirus program, and how to use an antivirus program to scan for viruses.