Virus entry points

For several years now, the trend is towards more connectivity between computers. More and more each day, the computer is less of an isolated item with only one input point. Although this has been beneficial for users and PCÆs in general, it has also multiplied the number of available entry points for viruses.

For these reasons, it is important to know which are the entry points that a virus can use to access a computer, and understand how an antivirus must protect all entry points.

In addition to having multiplied the possible entry points for viruses, new types of viruses and new forms of transmitting these viruses have also appeared.

Last but not least, the importance of monitoring all outgoing items must be stressed. This is not usually taken into consideration, since it is considered that ôthere is no entry of virusesö. It should not be forgotten, however, that most infections occur without malicious intentions. Thus, a user may send an infected file or diskette without realizing that he is also sending a virus. If every user carefully monitors their outgoing messages as well as the incoming ones, the rapid diffusion of viruses as occurs today could be avoided. A user who sends a virus could find him/herself in trouble under such circumstances.

Diskettes and CD-ROMs

In the past, these were the only entry points to a PC (if it was not connected to a network). Viruses can be carried in files that are saved on either of these two mediums or can reside in the boot sector of a diskette. Given that both mediums can contain files susceptible of having a macro virus, the three most common types of viruses (boot, file and macro) may enter a computer by these mediums.

The Panda Software response to this entry point is two-fold. On one hand, it contains a permanent program that offers permanent protection. This way, all access to any file contained on diskette or CD-ROM will trigger a permanent protection scan. And, on the other hand, it offers the possibility of carrying out an immediate scan (on-demand scan) of the diskette or CD-ROM inserted in the computer to verify that it is virus-free.

Therefore, with adequate permanent protection, an antivirus can efficiently resolve the danger that this entry point poses.

Network

This entry point has been around for a long time, but has become very wide spread in the last few years. Today, in almost all stations where there are several computers, there is a network that connects them. The basic objective of a network is the sharing of information and thus the sharing of files. Since many types of files are shared on a network, this medium can be a point of transmission of file and macro viruses.

The Panda Software response to this entry point is also two-fold. On one hand, the key protection is still via a permanent program offering permanent protection. It is the same one that monitors the access to files mentioned above. Each time that a user tries to send or receive an infected file on the network, the permanent program will scan the file and display a warning. As in the previous case, this response also offers the possibility of carrying out an immediate scan (on-demand scan) to check any drive on the network. However, given the shared character of a network, new files can be added constantly making it difficult to ensure that a network station is virus-free.

As with the previous case, and even more importantly, having adequate permanent protection is the best guarantee of protection against viruses for this entry point.

Internet

Although Internet has existed for years, it has only recently become a massive means of communication. It is more and more present every day in every field. The primary function of Internet is to facilitate, and in many cases make possible, the exchange of information. Thus, Internet also facilitates the exchange of files which, as already stated, are a ôvehicleö for transmitting viruses. However, Internet presents a situation slightly more complicated than a network for the following reasons:

Internet provides different services, including for example: Web pages, electronic mail, etc. Each of these services uses a particular protocol (language); thus it is necessary to know these languages in order to correctly perform virus scans of this entry point. For example, an e-mail message may contain an attached file that is infected. Since the file is not in its normal format, a conventional antivirus cannot detect it. For this reason, an antivirus must be specially developed to understand the format used to receive e-mail messages in order to detect the virus.

The following are entry points of viruses transmitted via Internet:

• Electronic mail: viruses may be hidden in files attached to e-mail messages. They can never be found in the e-mail message itself. In other words, an e-mail message that does not have an attachment or embedded object cannot contain a virus. It is important to note that two protocols are used for electronic mail on the Internet. One is POP3, used for incoming mail (messages received) and the other is SMTP, used for outgoing mail (messages sent).

• News (NNTP): through this service, you can access newsgroups being discussed or that are placed in certain servers for consultation and subsequent discussion. You can also subscribe in order to periodically receive e-mails containing the latest news, although these may be infected. You can scan all the news received from Exchange/Outlook and Outlook Express.

• Downloading files (FTP): files can be downloaded from the Internet using this service. These files may be virus-infected.

• Web pages (HTTP): principally, Web pages (HTML pages) are only text and graphics that do not present any virus threats. More and more, however, Web pages contain other components such as Java applets or ActiveX controls. These types of components can be virus-infected and affect a computer for the sole reason of having accessed a Web page.

To correct such a potentially serious problem, Panda Software offers a series of solutions. These are the following:

• Electronic mail: A special permanent program scans all outgoing messages (SMTP protocol) and incoming messages (POP3 protocol) for viruses. Thus, an e-mail message containing a virus-infected file cannot be sent or received. Other antiviruses scan only incoming mail. This is very dangerous since it is possible to send a virus, with all the consequences this can cause the sender. Electronic mail antivirus protection provided by Panda Antivirus 6.0 is independent from the e-mail program being used, and operates with all types of such programs.

There is an added danger with electronic mail. All outgoing and incoming messages are stored in a message database. The message database format is not recognized by conventional antiviruses, so a normal antivirus will not be able to scan all outgoing and incoming messages for viruses prior to the installation of the program. For some reason, they also cannot scan those messages that were not scanned at the time they were received. To solve this problem, Panda Antivirus 6.0 is able to recognize the format of the message database of Microsoft Outlook Express (including Internet Explorer 4), Microsoft Exchange and Microsoft Outlook programs. This way, Panda Antivirus 6.0 allows the user to scan any message, any time he/she wishes from a message database, thus offering the guarantee of virus-free electronic mail.

• News (NNTP): all possibly-infected contents (related documents) located in a server that provides a news service will be scanned by the special permanent protector responsible for monitoring the connection with that server. This guarantees the safe consultation of information regardless of the news program used.

• Downloading files (FTP): a special permanent program, in charge of monitoring the Internet connection, will scan all FTP downloaded files. This prevents the downloading of an infected file. All files previously downloaded could be scanned with an antivirus file, thus avoiding the problem mentioned above with e-mail messages. The virus protection is independent from the FTP program being used.

• Web pages (HTTP): All Web page or HTML page contents (Java applets, ActiveX, etc.) that may be virus-infected will be scanned by a special permanent program in charge of monitoring the Internet connection. This guarantees secure Website browsal, regardless of the search engine used while visiting the Websites.

In summary, it can be said that Panda Antivirus 6.0 offers the best protection against possible viruses coming in through the Internet. On one hand, all the data is scanned as it enters the computer, to verify that no virus is being carried with the message. On the other hand, it is possible to scan all electronic mail handled by the user, that is all incoming and outgoing messages, guaranteeing a virus-free connection to the Internet.