That said, a virus writer could construct a virus that caused severe data damage only after it had been on the computer for an extended period of time. However, there is the risk (to the virus writer) that the virus might be detected and eliminated by antivirus software prior to the time it is programmed to inflict damage. If my computer stopped, I’d suspect hardware or Windows, in that order. I keep my antivirus program, firewalls (hardware and software), and antispyware software in good working order, so I’d suspect a virus last of all.

I Have Antivirus Software, So My Computer Can’t Get a Virus
Wrong answer. Even with antivirus software, several different factors can still mean that a virus can get in and/or hide in your computer:

_ If you fail to keep your antivirus signatures up to date, then any new virus may be able to get inside your computer.
_ If the “real-time” antivirus mechanism in your antivirus software is turned off or deactivated (this can and does happen in the real world from time to time), then the virus can walk right into your computer while the antivirus program is sleeping.
_ A brand-new virus can get into your computer even if you keep your antivirus signatures up to date. Remember, it can take a few days or longer for the antivirus software companies to detect, capture, and dissect new viruses before they can update their signature files. Even then, your computer will be protected only after it downloads the new signature file from the antivirus software company.
_ If you’ve been running your computer prior to getting antivirus software and you’ve put any files on it from any outside source — even if you’ve never connected to the Internet — there could already be a virus on your computer. If you don’t follow the installation procedures and skip the all-computer scan that most antivirus programs want to do when they’re first installed, it’s possible that a virus that you caught earlier is still be lurking in there.

All Viruses Are Destructive
I disagree with all statements that say all. (Well, most of them anyway.) Okay, word games aside, some viruses exist only to replicate themselves, and other than that, they do nothing harmful. But a purist would say that even these are harmful, because they upset their computers’ feng shui. A system with even a benign virus is tainted, and there could someday be some unintended consequence of that. Bottom line: This one’s arguable either way. Wanna have some fun? Get a couple of cyber-philosophers in a room and watch them argue this one for a couple of hours.

Viruses Can Damage Computer Hardware
I know I’m going to get into trouble with this one. Some expert out there is going to have a good counter-argument, but for the most part, this fear is false. Here’s how it looks from the virus writer’s perspective: Why aim for the hardware when there’s so much brittle software that can be damaged? Go for the easy target first. Besides, if the virus hurts the hardware, how’s it going to spread itself any further? The purist would argue that a virus can damage computer hardware by giving it instructions that make the system misuse some part of itself (for example, by writing excessively to the hard drive), but few such hardware-eating viruses have been released. This is partly because there are so many different types, makers, and formats of computer hardware that one virus would be hard put to trash all of them. Besides, nearly all computer hardware has built-in safeguards that prevent any real damage. But if you do get a virus and see sparks or flames shooting out of your computer or keyboard, please catch it on video and send it to me.

Viruses Can Hide inside Data Files
Hmmmm, well, this is theoretically possible, but I have not heard of such a virus. Yet. For now, viruses hide inside computer programs — and in the places where programs normally hang out (such as the boot sector of a floppy disk or a hard drive). By definition, data files aren’t executable, and viruses have to be executed. It’s safest to say that viruses hide only in executable program files. But wait. . . . Macro viruses are found in Word and Excel documents, so if this is what you mean by data files, then you’re correct. Other than this, generally viruses do not live inside data files.

Pictures Can Give You Computer Viruses
Nope. Well, not yet. Pictures are just data files that are read by special programs. But, someday, someone may come up with a picture file format that accommodates the inclusion of computer instructions — for whatever purpose someone dreams up. Are you thinking “macro virus” right now? So am I. Anytime someone comes up with a way to store data that includes a place for simple computer instructions (like Microsoft Word and Excel do), then the risk of malicious instructions becomes a real risk.

I Need More Than One Antivirus Software Program to Be Fully Protected
No, and no. Here’s what I mean. As long as you stick with one of well-known brands of antivirus programs, you’ll find that they all develop new virus signatures at about the same time. So if you’re thinking of switching from to because you think that gets their virus definitions out sooner, I personally wouldn’t waste my time.

You Can’t Get a Virus from an Official Software CD
I wish. It’s rare, but it has happened, and it very well could happen again. The big software companies have very good and almost byte-tight procedures that eliminate the possibility that a virus can sneak into a software development lab and from there to a CD master. It can happen. I wouldn’t laugh at you if you scanned CDs for viruses before installing software from them. Promise.

Antivirus Software Companies Create Viruses
To put it kindly, I don’t think so. Do the math: The antivirus companies have enough business trying to keep up with viruses “in the wild” that they’d be idiots to risk causing trouble for themselves. This sounds as crazy as Microsoft and Intel being in cahoots to keep us buying newer computers! Makes an entertaining (if trite) premise for a movie, maybe; doesn’t hold up so well in reality.

Some Countries Sponsor Virus Writers and Hackers
Gotcha. This one’s actually true. Three or four countries do have state-sponsored hackers. I shouldn’t name these countries by name, but many of them are known to be hostile to the United States in other ways. Some of these same countries sponsor hackers in order to give us a little trouble. Official attempts to disrupt and break into foreign information technology go back at least as far as the British code breakers who figured out the Nazi “Enigma” encryption machine in World War II. The adversaries have changed over the years, but their struggle has kept pace with the development of cyberspace, and it continues today.

Finding holes in the Web browser
The spyware taking up residence in a computer may be an ActiveX control, a browser snap-in (intended to extend browser functions), a browser helper object, or a standalone executable that is loaded into the user’s computer when he or she visits a Web site that contains the spyware. The spyware may load because of a security setting that is too lax, such as permitting the downloading of unsigned ActiveX controls. Spyware can also install itself via one of many vulnerabilities that have been discovered in recent years. For instance, it could be an ActiveX control that is specially designed to fool the browser into thinking that the control is coming from a Trusted Sites Zone or Intranet Zone instead of the Internet Zone.

Tagging along in e-mail
E-mail programs that display HTML e-mail (such as Outlook, Outlook Express, and Mozilla Thunderbird) are often subject to the same vulnerabilities that have beset Microsoft Internet Explorer in recent years. Often, just displaying a mail message is sufficient for the spyware to get loaded in the user’s computer. This is because Outlook is using the same vulnerable DLLs to display HTML as is used by Internet Explorer.

Hiding in software downloads
Many downloadable software programs — and programs that you can purchase online or over the counter — contain spyware programs that are silently installed when you install the software. Sometimes (but not always), the software’s
End User License Agreement (EULA) states that “other programs may be installed.” How many people read the fine print? I must admit that I don’t always read the EULA before installing software. Maybe you should add “carefully read all license agreements” to your list of New Year’s resolutions, no matter what time of year it is now.

Peer-to-peer file sharing
Although nothing is inherently wrong with peer-to-peer file sharing, almost all its actual uses are illegal, and as the saying goes, “If you play with fire, you will get burned.” The predominant use of peer-to-peer file sharing is to share music files and other protected or copyrighted content, typically illegally, with others on the peer-to-peer network. Legal problems aside, the software for these peer-to-peer networks leaves a computer or network open to spyware in the following ways:

- The software doesn’t limit the files that might be shared to just music, so frequently what comes down the peer-to-peer pipe is spyware.

-Some peer-to-peer programs themselves have spyware bundled with them that gets installed when the peer-to-peer program is installed. The result is a pretty ugly situation. Not only does the peer-to-peer software poke several holes in your system, enabling spyware to seep in, but some software also contains vulnerabilities that allow people to retrieve any file they choose to from the peer computer. Is it any wonder, then, that many companies forbid the use of peer-to-peer sharing programs?

What the phrases TCP/UDP actually means
TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is compressed, then a header is put on it and it is sent to another computer (UDP stands for User Datagram Protocol). This is how ALL internet transfers occur, by sending packets. The header in a packet contains the IP address of the one who originally sent you it. Now, your computer comes with an excellent (and free) tool that allows you to see anything that is connected (or is attempting to connect) to you, although bear in mind that it offers no blocking protection; it simply tells you what is going on, and that tool is NETSTAT.

netstat -a

(make sure you include the space in between the “t” and the “a”).
If you’re connected to the Internet when you do this, you should see something like:

Active Connections
Proto Local Address Foreign Address State
TCP macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED
TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING

Now, “Proto(col)” simply means what kind of data transmission is taking place (TCP or UDP), “Local address” is your computer (and the number next to it tells you what port you’re connected on), “Foreign Address” is the machine that is connected to you (and what port they’re using), and finally “State” is simply whether or not a connection is actually established, or whether the machine in question is waiting for a transmission, or timing out etc. Now, you need to know all of Netstat’s various commands, so type:

netstat ?

You will get something like this:

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If
used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p
option may be used to specify a subset of the default.

Have a play around with the various options, but the most important use of these methods is when you combine them. The best command to use is

netstat -an

because this will list all connections in Numerical Form, which makes it a lot easier to trace malicious users….Hostnames can be a little confusing if you don’t know what you’re doing (although they’re easily understandable, as we shall see later). Also, by doing this, you can also find out what your own IP address is, which is always useful. Also,

netstat -b

will tell you what ports are open and what programs are connecting to the internet.

Well Known Ports
These run from 0 to 1023, and are bound to the common services that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp (Simple Mail Transfer Protocol) so if you find one of these ports open (and you usually will), it’s usually because of an essential function.

Registered Ports
These run on 1024 to 49151. Although not bound to a particular service, these are normally used by networking utilities like FTP software, Email client and so on, and they do this by opening on a random port within this range before communicating with the remote server, so don’t panic (just be wary, perhaps) if you see any of these open, because they usually close automatically when the system that’s running on them terminates (for example, type in a common website name in your browser with netstat open, and watch as it opens up a port at random to act as a buffer for the remote servers). Services like MSN Messenger and ICQ usually run on these Ports.

Dynamic/Private Ports Ranging from 49152 to 65535
These things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap:

Well Known Ports 0 to 1023 Commonly used, little danger.
Registered Ports 1024 to 49151 Not as common, just be careful.
Dynamic/Private Ports 49152 to 65535 Be extremely suspicious.

Active Connections

Proto Local Address Foreign Address State
TCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED
TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING

Now, straight away, this should make more sense to you. Your computer is connected on two ports, 80 and 27374. Port 80 is used for http/www transmissions (i.e. for all intents and purposes, it’s how you connect to the net, although of course it’s a lot more complicated than that). Port 27374, however, is distinctly suspicious; first of all, it is in the registered port range, and although other services (like MSN) use these, let’s assume that you have nothing at all running like instant messengers, WebPages etc….you’re simply connected to the net through proxy. So, now this connection is looking even more troublesome, and when you realize that 27374 is a common port for Netbus (a potentially destructive Trojan), you can see that something is untoward here. So, what you would do is:

run Netstat , and use:
Netstat -a
then
Netstat -an
So you have both Hostnames AND IP addresses.