2.6.10 Malicious Code Defense

The cure for most malicious code, after avoiding infection in the first place by diligent application of security patches, is to scan the system regularly with anti-virus software. Many packages are available. Some of these work by monitoring the system, and flagging small bits of code that behave like malicious code. Others operate by comparing the contents of your hard drive to a series of profiles of malicious code. If a code snippet matches a virus definition, it is flagged. Newer viruses change themselves to avoid creating a useable signature. These are called polymorphic viruses.

Disabling System Restore

Windows ME and XP utilize a restore utility that backs up selected files automatically to a folder called C:\_Restore folder. An infected file could be stored as a backup file if it was infected due to an attack by malicious code. Once in an archive, virus scanning software may not be able to reach and delete it. Further, if the system rolls back to an earlier version as part of a recovery process, it may re-infect itself. Users must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

Standard User Accounts

Using standard user mode for all user accounts except for necessary administration accounts is an effective way of ensuring that standard users are not able to accidentally install malware and that malware cannot install itself since a standard user account is not able to perform tasks such as writing to system files, installing programs, and changing system settings. This can keep standard users from performing all of their necessary tasks, but these rare situations can be dealt with on a case by case basis. Security is much more important than the annoyance of having to receive administrative approval to perform specific tasks.