You are previewing Malicious Mobile Code.
O'Reilly logo
Malicious Mobile Code

Book Description

Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy. The good news is that there are effective ways to thwart Windows malicious code attacks, and author Roger Grimes maps them out in Malicious Mobile Code: Virus Protection for Windows. His opening chapter on the history of malicious code and the multi-million dollar anti-virus industry sets the stage for a comprehensive rundown on today's viruses and the nuts and bolts of protecting a system from them. He ranges through the best ways to configure Windows for maximum protection, what a DOS virus can and can't do, what today's biggest threats are, and other important and frequently surprising information. For example, how many people know that joining a chat discussion can turn one's entire computer system into an open book? Malicious Mobile Code delivers the strategies, tips, and tricks to secure a system against attack. It covers:

  • The current state of the malicious code writing and cracker community

  • How malicious code works, what types there are, and what it can and cannot do

  • Common anti-virus defenses, including anti-virus software

  • How malicious code affects the various Windows operating systems, and how to recognize, remove, and prevent it

  • Macro viruses affecting MS Word, MS Excel, and VBScript

  • Java applets and ActiveX controls

  • Enterprise-wide malicious code protection

  • Hoaxes

  • The future of malicious mobile code and how to combat such code

These days, when it comes to protecting both home computers and company networks against malicious code, the stakes are higher than ever. Malicious Mobile Code is the essential guide for securing a system from catastrophic loss.

Table of Contents

  1. Malicious Mobile Code
    1. Preface
      1. About This Book
      2. Why Another Book on Viruses?
      3. What This Book Doesn’t Cover
      4. Organization of the Book
        1. Chapter Summary
      5. Conventions Used in This Book
      6. Software Covered in This Book
      7. Comments and Questions
      8. Acknowledgments
    2. 1. Introduction
      1. The Hunt
      2. What Is Malicious Mobile Code?
        1. Major Types of Malicious Mobile Code
        2. In the Wild
        3. Malicious Mobile Code Naming
          1. VGrep
        4. How Bad Is the Problem of Malicious Code?
        5. Home Statistics
        6. The Growing Problem
        7. Anti-malicious Mobile Code Organizations
      3. Malicious Code and the Law
      4. Malicious Code-Writing Subculture
        1. Inside the Malicious Hacker’s Mind
        2. Typical Virus Writer
        3. Protesting with Malicious Code
        4. Malicious Mobile Code for the Social Good?
        5. Hacker Clubs, Newsletters, and Contests
        6. Malicious Code Tutorial Books
        7. How Does Malicious Code Spread?
      5. MMC Terminology
      6. Summary
    3. 2. DOS Computer Viruses
      1. Introduction
      2. DOS Technologies
        1. PC Boot Sequence
        2. .EXE and .COM Files
          1. .COM files
          2. .EXE files
        3. Software to Hardware
        4. Interrupts
      3. DOS Virus Technologies
        1. Writing a Virus
      4. Types of DOS Viruses
        1. Boot Viruses
          1. How boot viruses infect hard disks
          2. Special boot virus delivery methods
        2. Memory Residency
        3. File-Infecting Viruses
          1. Overwriting viruses
          2. Cavity viruses
          3. Appending viruses
          4. Other executable types
          5. Companion viruses
          6. Cluster viruses
      5. Virus Defense Mechanisms
        1. Encryption
        2. Polymorphism
        3. Entry Point Changers
        4. Random Execution
        5. Stealth
        6. Armor
        7. A Good Defense Is a Bad Offense
        8. Trouble on the Horizon
      6. Examples of DOS Viruses
      7. Detecting a DOS-Based Computer Virus
      8. Removing a DOS Virus
      9. Protecting Yourself from Viruses
      10. Risk Assessment -- Low
      11. Summary
    4. 3. Windows Technologies
      1. Windows Technologies
        1. Windows APIs
          1. Win32 API
          2. 32-bit access
        2. Windows Booting
        3. Windows Technologies Introduced with Windows 3.x
          1. Text mode to GUI mode booting
          2. Virtual machines
          3. Program information files
          4. Virtual memory and swap files
          5. NE executable
          6. Core Windows files
          7. Dynamic linking libraries
          8. Processes and services
          9. Initialization files
          10. SYSTEM.INI
          11. WIN.INI
          12. WININIT.INI
          13. Startup folder
          14. Registration database
          15. File type associations
          16. Hidden file extensions
          17. File types that can hurt
          18. Resource sharing
        4. Windows 3.x Startup Sequence
        5. New Technologies in Windows 9x
          1. Old carryovers
          2. Dynamic VxDs
          3. WINSTART.BAT and DOSSTART.BAT
          4. Portable executables
          5. Password files
          6. Integration of browser and web-based content
          7. Safe mode
          8. Hard drive file storage schemes
          9. Memory rings
        6. Windows 9x Startup Sequence
        7. Windows NT
          1. SAM and NT security
          2. Administrators and domains
          3. System accounts
          4. NTFS
          5. NT file streams
          6. Multiboot
          7. Logging and auditing
        8. NT 4.0 Boot Process
      2. New Windows Versions
        1. Windows ME
          1. System restore
          2. System file protection
        2. Windows 2000
          1. Potentially abused components
        3. Future Windows Versions
      3. Summary
    5. 4. Viruses in a Windows World
      1. DOS Viruses on Windows Platforms
        1. Overall Effects on All Windows Platforms
          1. Boot virus infections
          2. File infections
        2. Windows 3.x/DOS Virus Interaction
          1. DOS boot viruses and Windows 3.x
          2. DOS file infectors under Windows 3.x
        3. Windows 9x/DOS Virus Interactions
          1. Windows 9x antivirus features
          2. Boot viruses and Windows 9x
          3. DOS file infectors under Windows 9x
        4. Windows NT/DOS Virus Interaction
          1. Boot viruses under NT
          2. DOS file infectors under NT
        5. DOS Virus in Windows Summary
      2. Windows Viruses on Windows Platforms
        1. First Windows Viruses
        2. Effects of Windows Viruses
          1. Windows virus implications
      3. Signs and Symptoms of Windows NT Virus Infections
        1. Common Signs and Symptoms
        2. Programs Won’t Start
        3. Windows Cannot Use 32-bit Disk Support
        4. NT STOP Errors
        5. Installation Errors
        6. Swap File Problems
      4. Windows Virus Examples
        1. WinNT.Remote Explorer
        2. WinNT.Infis
        3. Win95.CIH
        4. Win32.Kriz
        5. Win95.Babylonia
        6. Win95.Fono
        7. Win95.Prizzy
        8. Win32.Crypto
        9. Win32.Bolzano
        10. Win2K.Stream
      5. Detecting a Windows Virus
        1. Unplug the PC from the Network
        2. Use an Antivirus Scanner
        3. Use AV Boot in Windows 2000
        4. Troubleshoot Any Boot Problems
        5. Run Scandisk
        6. Boot to Safe Mode
        7. Look for Newly Modified Executables
        8. Look for Strange Programs That Automatically Start
        9. Look for Strange Device Drivers
        10. Look for 32-bit Performance to be Disabled
        11. Unexpected System File Protection Messages
      6. Removing Viruses
        1. Use an Antivirus Scanner
        2. Removing Boot Viruses
          1. Boot with a clean disk
        3. Removing the Boot Virus Manually
      7. Removing Infected Files
        1. Research the Virus
        2. Stop Any Virus Services
        3. Boot to the Command-line Mode
        4. Delete and Replace Infected Files
        5. Clean Up Startup Areas
        6. Replace Registry to Remove Malicious Startup Programs
        7. Using System Recovery Tools
        8. Restore from a Tape Backup
      8. Preventing Viruses in Windows
        1. Install Antivirus Software
        2. Disable Booting from Drive A
        3. Don’t Run Untrusted Code
        4. Install Service Packs and Updates
        5. Reveal File Extensions
        6. Limit Administrative Logons
        7. Tighten Security
      9. Future
      10. Risk Assessment -- Medium
      11. Summary
    6. 5. Macro Viruses
      1. Microsoft Office Version Numbers
      2. What Is a Macro Virus?
        1. Why Virus Writers Like Macro Viruses
        2. How Macro Viruses Spread
        3. What a Macro Virus Can Do
      3. Microsoft Word and Excel Macros
        1. Word Macros
        2. Automacros
        3. Visual Basic for Applications
        4. Excel Macros
      4. Working with Macros
        1. Macro Editor
        2. Organizer
        3. Visual Basic Editor
      5. Office 2000 Security
        1. Security Levels
        2. Signed Macros
        3. Trusting Add-ins and Templates
        4. Office 2000 Security Peculiarities
      6. Macro Virus Technologies
        1. Word Infections
        2. Excel Infections
        3. General Macro Virus Techniques
          1. Class module viruses
          2. Office disables macro copying commands
          3. MRU exploits
          4. Email viruses
          5. Add-in viruses
          6. Stealth macro viruses
          7. Encrypted and polymorphic macro viruses
          8. Dropping off a friend
          9. More external manipulation with VBA
          10. Startup directory files
          11. Random evolution
          12. Construction kits
          13. Cross-platform infectors
          14. Shiver cross-platform virus
          15. Language problems
      7. Macro Virus Examples
        1. W97M.Melissa.ac
        2. W97M.Marker
        3. Caligula Word Virus
        4. Triplicate Virus
        5. GaLaDRieL
        6. W2KM_PSD
      8. Detecting Macro Viruses
        1. Macro Warnings
          1. Ways viruses can get around macro warnings
        2. False-positives
        3. Your Word Document Will Only Save as a Template
        4. Unexpected Document Modifications,Words, Messages, Graphics
        5. New Macros Appear
        6. Tools→Macro Is Disabled
        7. Global Template File Date Is Current
        8. Startup Directory Contains New Files
        9. View the Document with a Text Editor
      9. Removing Macro Viruses and Repairing the Damage
        1. Try a Virus Scanner
        2. Get a Clean Application
        3. Bypass Automacros
        4. Inspect Data and Delete Malicious Macros
        5. Repairing Word Documents
        6. Manually Repairing Other Damage
        7. Restore from a Backup
      10. Preventing Macro Viruses
        1. Disable Macros in Documents
        2. Upgrade All Versions of Office to the Latest Version
        3. Automate Document Scanning
        4. Set Office Security to High
        5. Locking the VBA Normal Project
        6. Save Normal Template Prompt
        7. Confirming Downloads for Office Documents
        8. Rename DEBUG.EXE
        9. Word Startup Switches
        10. Network Security
      11. Risk Assessment -- High
        1. The Future of Macro Viruses
          1. Getting rid of Microsoft Office isn’t the answer
      12. Summary
    7. 6. Trojans and Worms
      1. The Threat
      2. What Are Trojan Horses and Worms?
      3. Signs and Symptoms
      4. Types of Trojans
        1. Remote Administration Trojans
        2. Backdoor Programs
        3. Network Redirect
        4. Distributed Attacks
        5. Denial of Service
        6. Direct Action
        7. Audio and Video Capturing
        8. Phone Dialing Trojans
        9. Password Stealers
        10. Keyloggers
        11. Parasites
      5. Trojan Technology
        1. Stealth
        2. Hiding as Source Code
        3. Compressors
        4. Binders
        5. Sweep Lists
        6. Script Trojans
      6. Becoming Familiar with Your PC
        1. Startup Programs
        2. IP Ports
        3. TCP and UDP
        4. NetStat Command
      7. Trojan and Worm Examples
        1. Back Orifice
        2. PICTURE.EXE Trojan
        3. Win32.Ska-Happy99
        4. Win32.ExplorerZip
        5. Win32.PrettyPark
        6. JS.KAK.Worm
        7. Bat.Chode.Worm
        8. Win32.Qaz
        9. Life Stages Worm
      8. Detecting and Removing Trojansand Worms
        1. Cut Off Internet Access
        2. Use Scanners and Detectors
        3. Check Your Startup Files
        4. Check Memory
        5. Look for Trojan Ports
        6. Delete Trojan Files
        7. Extra Steps for Email Worms
      9. Preventing Trojans and Worms
        1. Don’t Run Unknown Executable Content
        2. Scanners and Detector Programs
        3. Disable NetBIOS over TCP/IP
        4. Download the Latest IE and OS Patches
        5. Password-Protect Drive Shares
        6. Consider Limiting Email Attachments
        7. Rename or Remove Key Executables
        8. Change File Associations of Potentially Harmful Programs
        9. Use Firewalls
        10. Run Programs as a Nonadmin
      10. Risk Assessment -- High
      11. Summary
    8. 7. Instant Messaging Attacks
      1. Introduction to Instant Messaging
        1. Types of Instant Messaging Networks
        2. Mobile Messaging
      2. Types of Instant Messaging
        1. ICQ
        2. Internet Relay Chat
        3. Web Chats
        4. Proprietary IM Standards
      3. Introduction to Internet Relay Chat
        1. IRC Networks
        2. IRC Clients
        3. IRC Commands
        4. Other IRC Features
          1. DCC
          2. CTCP
      4. Hacking Instant Messaging
        1. Hacking AIM and ICQ
          1. Punters and busters
          2. Malicious file transfers
          3. Name hijacking
          4. IP address stealing
          5. Web buffer overflow
        2. Hacking IRC
          1. Script files
          2. Bots
          3. Lag
          4. Flooding
          5. NetSplit
          6. Nick collision kill
          7. Channel desyncs
          8. Channel wars
          9. Network redirection
      5. Examples of IRC Attacks
        1. Example Malicious Scripts
          1. CTCP flood
          2. Mass deop attack
        2. IRC Worms and Trojans
          1. Simpsalapim
          2. Mr. Wormy
        3. Using IRC to Send Viruses
          1. Septic
          2. Script worms less of a threat now
      6. Detecting Malicious IM
      7. Removing Malicious IM
      8. Protecting Yourself from IM Attacks
      9. Risk Assessment -- Medium
      10. Summary
    9. 8. Internet Browser Technologies
      1. Introduction
      2. Browser Technologies
        1. What Is a Browser?
          1. Browser versions
        2. URLs
          1. Hiding malicious URLs
      3. Web Languages
        1. HTML
          1. Viewing HTML source code
          2. HTML versions
        2. XML
        3. DHTML
        4. Scripting Languages
          1. JavaScript
          2. VBScript
          3. JScript
          4. Remote scripting calls
          5. Hypertext preprocessor script
        5. HTML Applications
      4. Other Browser Technologies
        1. Cascading Style Sheets
        2. Privacy Issues
        3. Cookies
        4. History
        5. Frames
        6. File and Password Caching
        7. AutoComplete
        8. Microsoft Wallet and Passport
        9. HTTPS and SSL
        10. Active Desktop
        11. Skins
      5. When to Worry About Browser Content
      6. Summary
    10. 9. Internet Browser Attacks
      1. Browser-Based Exploits
      2. Examples of Attacks and Exploits
        1. Viruses and Trojans
          1. HTML.Internal
          2. PHP viruses and Trojans
          3. eBayla
          4. Hotmail password exploit
          5. Embedded malicious code in shared postings
          6. HTML applications
        2. Browser Component Exploits
          1. Browser print templates
          2. File upload forms
        3. Redirection Exploits
          1. Web spoofing
          2. JavaScript redirect
          3. XML redirect
          4. CSS/DHTML redirect
          5. Frame problems
          6. Dotless IP address exploit
        4. Application Interaction Exploits
          1. Russian New Year
          2. Media Player vulnerabilities
          3. PowerPoint buffer overflow
          4. Office 2000 ODBC vulnerability
          5. Telnet attacks
          6. Active Desktop exploits
          7. More Office HTML exploits
        5. Privacy Invasions
          1. Cookie exploits
          2. Cookie hijacking
          3. Web bugs
          4. Application monitors
          5. ImportExportFavorites exploit
          6. Cached data bugs
      3. Detecting Internet Browser Attacks
        1. Use an Antivirus Scanner or Firewall
        2. Check Unexpected or Unexplained Errors
        3. View Source Code
        4. Look for the FileSystemObject in Scripts
        5. Look for Unexpected Newly Modified Files
      4. Removing and Repairing the Damage
        1. Remove Malicious Files
        2. Edit or Delete Modified Files
        3. Run Repair Tool
      5. Preventing Internet Browser Attacks
        1. Configure Browser Settings and Zones
          1. Internet Explorer security settings
          2. Internet Explorer security zones
          3. Internet security registry settings
          4. New cookie management update
          5. Internet Explorer Administration Kit
        2. Install the Latest Version of Browser and Security Patches
        3. Install and Use an Antivirus Scanner
        4. Avoid Untrusted Web Sites
        5. Remove HTA Association
      6. Risk Assessment -- Medium
      7. Summary
    11. 10. Malicious Java Applets
      1. Java
        1. Java Virtual Machine
        2. Java Byte Code
        3. Java Applet Versus Java Application
        4. Java’s Just-In-Time Compiler
      2. Java Security
        1. Java Security -- Classic Model
          1. Byte Code Verifier
          2. Applet Class Loader
          3. Name spaces
          4. The Security Manager
          5. CLASSPATH
          6. Some say the sandbox is too secure
          7. Java security expands
        2. Java 2™ Security -- A Granular Approach
        3. Archive Formats
          1. Java archives
          2. Not all Java browsers are created equally
      3. Java Exploits
        1. Paid to Hack
          1. History of Java exploits
        2. Types of Exploits
          1. Attacks within the sandbox
          2. Social engineering applets
          3. Java viruses and Trojans
          4. Applets that break the sandbox
      4. Example Java Exploits
        1. Annoying Applets
          1. Java.NoisyBear
          2. Hostile Thread Java applet
          3. DigiCrime’s Irritant
        2. Java Viruses
          1. Strange Brew Java virus
          2. BeanHive Java virus
          3. Hoax Java bombs
        3. Compromising Intrusions
          1. DNS subversion trick
          2. Bug in the Java Byte Code Verifier
          3. Microsoft Virtual Machine Verifier vulnerability
        4. Plug-ins
      5. Detecting Malicious Java Applets
      6. Removing Malicious Java Code
      7. Protecting Yourself from Malicious Java Code
        1. Total Security: Disable Java
        2. Run Only Trusted Java
        3. Use an Antivirus Scanner
          1. Firewalls
        4. Configure Stronger Browser Java Security
          1. Internet Explorer Java security
          2. Java-specific settings in Internet Explorer
          3. Java Scratch Pad
          4. Customizing Java permissions in Internet Explorer
        5. Apply the Latest Security Patches
        6. Use the Latest Browser Version
        7. Know Your Java CLASSPATH
        8. Disable Plug-ins
        9. Remove Unneeded Applets
        10. Avoid Malicious Sites
        11. Be Aware of Social-Engineered Malicious Code
      8. Risk Assessment -- Low
      9. Summary
    12. 11. Malicious ActiveX Controls
      1. ActiveX
        1. ActiveX Controls
        2. ActiveX Scripting
          1. Safe for scripting and initializing
        3. Differences Between ActiveX and Java
        4. Activating ActiveX
          1. Cabinet archival files
      2. ActiveX Security
        1. Digital Signing and Certificates
          1. Digital authentication summary
          2. Encryption
          3. A simple encryption example
          4. Public key security
          5. Hashing
          6. Certificates and certificate authorities
          7. Digital certificate incompatibilities
          8. Certificate granting process
          9. Trusting the trust giver
          10. Revocation
          11. Always trusting a certificate
        2. Authenticode
          1. Java, Authenticode, and Internet Explorer
          2. Timestamping
        3. Signed Code in Action
          1. Internet Explorer and Authenticoded Java
      3. ActiveX Security Criticisms
        1. ActiveX Has No Sandbox
        2. Safe for Scripting Vulnerability
        3. Buffer Overflows
        4. Users Can’t Be Trusted
        5. Authenticity Doesn’t Prevent Tampering
        6. Authenticode Is Only as Strong as Its Private Keys
        7. Weak Revocation
        8. No Granularity
        9. ActiveX Controls Are Registered to the Machine
        10. No Easy Way to See All Controls
        11. Security in Browser
      4. Malicious ActiveX Examples
        1. Exploder
        2. Runner
        3. InfoSpace Compromise
        4. Quicken Exploit
        5. Microsoft’s Not Safe for Scripting Controls
          1. Norton Utilities exploit
          2. Help desk controls
          3. DHTML edit vulnerability
          4. Taskpads
          5. Scriptlet.typlib and Eyedog exploits
          6. Office 2000 UA control
          7. Active Setup control
        6. Windows 2000 Sysmon Buffer Overflow
      5. Detecting Malicious ActiveX Controls
      6. Removing and Preventing Malicious Active Controls
        1. Run Only Trusted Code
        2. Kill Bit Setting
        3. Examine Certificates
        4. Configure ActiveX Browser Security
        5. Remove Unnecessary Controls
          1. Reappearing controls
          2. Error messages while removing controls
          3. Viewing and removing all controls
        6. View Trust Relationships
        7. Change Safe for Scripting Functionality
        8. Enable Certificate Revocation Checking
      7. Risk Assessment -- Medium
      8. Summary
    13. 12. Email Attacks
      1. Introduction
      2. Email Programs
        1. Types of Email
          1. MIME
          2. Encrypted email
          3. Newsgroups
          4. Preview pane
          5. Hiding behind email
        2. Why Is Outlook Such a Popular Target?
        3. Microsoft Outlook Technology
          1. Outlook interfaces
        4. Windows Scripting Host
          1. Encoded scripts
          2. Future of WSH
      3. Email Exploits
        1. Email Worms
          1. Bubbleboy
          2. ILoveYou virus
          3. Hiding viruses
          4. Hybris
        2. Email Exploits
          1. Users don’t even have to open email to execute exploit
          2. Internet cache vulnerability
          3. Compiled help vulnerability
          4. vCard buffer overflow
      4. Detecting Email Attacks
      5. Removing Infected Email
        1. Information for Microsoft ExchangeServer Administrators
          1. ExMerge
      6. Preventing Email Attacks
        1. Disable Scripting and HTML Content in Email
        2. Treat Unexpected Emails with Caution
        3. Keep Email Client Updated
        4. Run Antivirus Software
        5. Implement Outlook Security Patch
          1. Getting around blocked access to file attachments
          2. Preventing malicious code from using Outlook to spread
          3. Strengthening overall Outlook security
          4. Options for Outlook 97 and Outlook Express users
          5. Problems with Outlook Security Update
          6. Uninstalling the Outlook Security Update
        6. Remove WSH Association
        7. Reveal Hidden File Extensions
        8. If You Use Web-based Email, Use Vendors Who Use Antivirus Scanners
        9. Modify Security on Outlook Clients
        10. Set Up Message Monitoring
      7. Risk Assessment -- High
      8. Summary
    14. 13. Hoax Viruses
      1. The Mother of All Computer Viruses
        1. Bamboozled
        2. Why Do People Write Hoax Messages?
        3. Partial Truths
        4. Hoaxes Can Come True
      2. Categories of Hoax Messages
        1. Virus Warning
          1. Good Times virus
        2. Chain Letters
          1. Sympathy requests
          2. Fake news reports
          3. Giveaways
          4. Threats
      3. Detection
        1. Read Message Looking for Telltale Signs
        2. Search for Information on Hoax
          1. Web sites about hoaxes
          2. Commercial vendor web sites
      4. Removing and Preventing Hoax Viruses
        1. Let Others Know It Is a Hoax
        2. Use ExMerge to Delete All Hoax Messages at Once
        3. Set Up an Email Filter
      5. Risk Assessment -- Low
        1. Future Hoaxes Will Be Better
      6. Summary
    15. 14. Defense
      1. Defense Strategy
      2. Malicious Mobile Code Defense Plan
        1. How to Create a Malicious Mobile Code Defense Plan
          1. Get management to buy in
          2. Pick a plan team
          3. Pick an operational team
          4. Take a technology inventory
          5. Determine plan coverage
          6. Discuss and write the plan
          7. Test the plan
          8. Implement the plan
          9. Provide quality assurance testing
          10. Protect new assets
          11. Test Rapid Response Team
          12. Predefine a process for updating and reviewing plan
        2. The Plan
          1. Remember to address foreign computers and networks
          2. Plan core
          3. Deployment
          4. Distributing updates
          5. Communication plan
          6. End user education
          7. Rapid response plan
        3. Rapid Response Plan Steps
      3. Use a Good Antivirus Scanner
        1. Checksums Versus Scan Strings
        2. Traits of a Good Antivirus Scanner
          1. Fast and accurate
          2. Stability
          3. Transparency
          4. Runs on your platforms
          5. Customizable
          6. Scanner should protect itself
          7. Good cleaning rate
          8. Scanning archived files
          9. Heuristics
          10. Rescue diskette
          11. Automated updates
          12. Good technical support
          13. Proactive research
          14. Enterprise capabilities
          15. Logging
          16. Notification
          17. Email capabilities
      4. Antivirus Scanning Locations
        1. Desktop
        2. Email Server
        3. File Server
        4. Internet Border
        5. Where Should Antivirus Software Run?
        6. Other Antivirus Scanner Considerations
          1. When to scan
          2. Internet-based scanning
          3. Should you disable the antivirus scanner to install new software?
      5. The Best Steps Toward Securing Any Windows PC
      6. Additional Defense Tools
        1. Firewalls
        2. Intrusion Detection
        3. Honey Pots
        4. Port Monitors and Scanners
        5. Security Scanners
        6. Internet Content Scanners
        7. Miscellaneous Utilities
          1. SmartWhoIs
          2. Locking programs down
          3. Filemon and Regmon
          4. Goat files
        8. Good Backup
      7. Antivirus Product Review
        1. Symantec’s Norton Antivirus
      8. Future
      9. Summary
    16. 15. The Future
      1. The Future of Computing
        1. Media Convergence
        2. Distributed Computing
        3. Other Key Technology Changes
          1. P2P computing
          2. Microsoft’s domination weakens
          3. Small computers
          4. Appliance computing
          5. Government monitoring
      2. MMC Exploits
        1. Malicious Code Popularity Will Increase
        2. Hacktivism Will Rise
        3. Increase in Linux Viruses
        4. Connectedness Can Be a Weakness
        5. Denial of Service Attacks
        6. Attack of the Killer Copier
      3. Real Defense Solutions
        1. Audit All Code
        2. Ultimate Authentication
        3. More Secure Applications
        4. Prevent Unauthorized Code Changes
        5. ISP Scanning
        6. Allow Only Approved Content to Execute
        7. National Security Infrastructure
        8. Stiffer Penalties
      4. Summary
    17. Index
    18. Colophon