Virus or Worm

I chose to try Spybot’s S & D. after the install it started to run. This first step it performed was a registry backup. This is a precaution it takes, as many of the spyware it removes is deeply embedded in the registry and any time you edit and remove items from the registry while not using the uninstall that came with the application you should back up the registry beforehand. The next thing it performed was an update to the application. Next, it is recommended to run the Immunize peace of the application. This will help prevent hooks from spyware to be able to hook into applications such as IE. Lastly I ran the search for problems peace. The result were that there were 3 non-default Windows security settings. These are settings I have changed and I do not want Spybot to change back, so I have uncheck these boxes. The rest of the items that shows up are Tracking Cookies. Tracking cookies are use primarily by online advertisers to keep information about the kinds of things you like to click on while browsing the internet. This information is used for behavioral targeting when you go to the next site that contains ads that that company is responsible for. That way the company can place an ad in front of you that you are more likely to have interest in. This is beneficial to both the end user and the ad company. You are not bombarded with ads that you have no interest in and in turn the ad company increases the effectiveness of their advertizing. This is what my company does. I am a Sr. Network Windows Admin for Adknowledge. Bellow is a screen shot of the results.

The next topic we will discuss is the difference between a virus and a worm. A virus is a piece of code that attaches itself to a file and is then replicated to other files and replicates itself on a system, quite often disabling or at least really impacting the systems overall performance. A worm is very similar in that it is a piece of code that replicates, however a worm tries find vulnerabilities on the network and enter into other systems via those vulnerabilities. Once on that system is searches the network again trying to find a method it can spread. Worm can cause both system performance issues and network performance issues.

The last topic we will discuss is my recommendation to HealthFirst Hospital Foundation with regard to patch management. I would highly recommend to most companies with over 25 pc to look into using Microsoft’s WSUS. This services is very easy to manage all patches to be installed on your network and can be fully automated if need be. This will result in less internet usage as the server will be the only system downloading the patches. The clients will then be pointed to update from this server instead of the windows update website. The server side can control the release of patches to groups of pc. This is a great help with regard to testing the patches before rolling out all patches to all systems within the organization, possibly preventing a company outage due to a patch conflict with one of the other applications that reside on the pcs. The other applications within the network like antivirus applications will need there own server site management. An example of this is Symantec’s Endpoint Protection has a server side peace that will manage and keep up to date all clients on the network. The other nice thing about having such a system is that is can also remotely install and even reinstall the client side app if need be.

References:

Bird, D., & Harwood, M. (2003). Network+ Exam N10-002.Indianapolis: Que Certification.

http://www.computer-lynx.com/a-virus-or-worm.htm, Retrieved December 14th 2008.

http://technet.microsoft.com/en-us/wsus/default.aspx, Retrieved December 14th 2008.

Advertisements