Home » McAfee Manuals » Computer Software » McAfee AVDCDE-BA-CA » Manual Viewer

McAfee AVDCDE-BA-CA User Guide - Page 14

Where next?, including Microsoft VBScript and Active Server s - rule

View all McAfee AVDCDE-BA-CA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Preface Instead, harmful objects exist to deliver their equivalent of a virus payload. Programmers have written objects, for example, that can read data from your hard disk and send it back to the website you visited, that can "hijack" your e-mail account and send out offensive messages in your name, or that can watch data that passes between your computer and other computers. Even more powerful agents have begun to appear in applications that run directly from websites you visit. JavaScript, a scripting language with a name similar to the unrelated Java language, first appeared in Netscape Navigator, with its implementation of version 3.2 of the Hyper Text Markup Language (HTML) standard. Since its introduction, JavaScript has grown tremendously in capability and power, as have the host of other scripting technologies that have followed it-including Microsoft VBScript and Active Server Pages, Allaire Cold Fusion, and others. These technologies now allow software designers to create fully realized applications that run on web servers, interact with databases and other data sources, and directly manipulate features in the web browser and e-mail client software running on your computer. As with Java and ActiveX objects, significant security measures exist to prevent malicious actions, but virus writers and security hackers have found ways around these. Because the benefits these innovations bring to the web generally outweigh the risks, however, most users find themselves calculating the tradeoffs rather than shunning the technologies. Where next? Malicious software has even intruded into areas once thought completely out of bounds. Users of the mIRC Internet Relay Chat client, for example, have reported encountering viruses constructed from the mIRC scripting language. The chat client sends script viruses as plain text, which would ordinarily preclude them from infecting systems, but older versions of the mIRC client software would interpret the instructions coded into the script and perform unwanted actions on the recipient's computer. The vendors moved quickly to disable this capability in updated versions of the software, but the mIRC incident illustrates the general rule that where a way exists to exploit a software security hole, someone will find it and use it. Late in 1999, another virus writer demonstrated this rule yet again with a proof-of-concept virus called VBS/Bubbleboy that ran directly within the Microsoft Outlook e-mail client by hijacking its built-in VBScript support. This virus crossed the once-sharp line that divided plain-text e-mail messages from the infectable attachments they carried. VBS/Bubbleboy didn't even require you to open the e-mail message-simply viewing it from the Outlook preview window could infect your system. xiv McAfee VirusScan Anti-Virus Software

Section	Page
Preface	7
What happened?	7
Why worry?	7
Where do viruses come from?	8
Virus prehistory	8
Viruses and the PC revolution	9
Boot-sector viruses	9
File infector viruses	10
Stealth, mutation, encryption, and polymorphic techniques	11
Macro viruses	12
On the frontier	12
Java, ActiveX, and scripted objects	13
Where next?	14
How to protect yourself	15
How to contact McAfee and Network Associates	16
Customer service	16
Technical support	17
Download support	18
Network Associates training	18
Comments and feedback	18
Reporting new items for anti-virus data file updates	19
International contact information	20
1 About VirusScan Software	23
Introducing VirusScan anti-virus software	23
How does VirusScan software work?	25
Fast, accurate virus detection	25
Encrypted polymorphic virus detection	25
“Double heuristics” analysis	26
Wide-spectrum coverage	26
What comes with VirusScan software?	27
What’s new in this release?	31
Installation and distribution features	31
Interface enhancements	32
Changes in product functionality	33
New update options for your VirusScan software	33
2 Installing VirusScan Software	35
Before you begin	35
System requirements	35
Other recommendations	35
Preparing to install VirusScan software	36
Installation options	36
Installation steps	37
Using the Emergency Disk Creation utility	49
Determining when you must restart your computer	54
Testing your installation	55
Modifying or removing your VirusScan installation	56
3 Removing Infections From Your System	59
If you suspect you have a virus...	59
Deciding when to scan for viruses	62
Recognizing when you don’t have a virus	63
Understanding false detections	64
Responding to viruses or malicious software	65
Responding when the VShield scanner detects malicious software	65
Responding when the System Scan module detects a virus	65
Responding when the E-mail Scan module detects a virus	68
Responding when the Download Scan module detects a virus	69
Responding when Internet Filter detects a virus	70
Responding when the VirusScan application detects a virus	70
Responding when the E-Mail Scan extension detects a virus	72
Viewing virus information	74
Viewing file information	75
Submitting a virus sample	76
Using the SendVirus utility to submit a file sample	76
Capturing boot sector, file-infecting, and macro viruses	79
Capturing boot-sector infections	79
Capturing file-infecting or macro viruses	80
Making disk images	81
Preparing file archives to send	81
Sending samples via e-mail	82
Mailing infected floppy disks	83
4 Using the VShield Scanner	85
What does the VShield scanner do?	85
Why use the VShield scanner?	86
Browser and e-mail client support	87
Enabling or starting the VShield scanner	88
Starting the scanner automatically	89
Enabling the VShield scanner and its modules	90
Method 1: Use the VShield shortcut menu	90
Method 2: Use the System Scan Status dialog box	90
Method 3: Use the VShield Properties dialog box	91
Method 4: Use the VirusScan Console	92
Understanding the VShield system tray icon states	92
Using the VShield configuration wizard	93
Setting VShield scanner properties	97
Configuring the System Scan module	98
Choosing Detection options	99
Choosing Action options	105
Choosing Alert options	108
Choosing Report options	110
Choosing Exclusion options	112
Configuring the E-mail Scan module	115
Choosing Detection options	116
Choosing Action options	121
Choosing Alert options	124
Choosing Report options	127
Configuring the Download Scan module	130
Choosing Detection options	130
Choosing Action options	134
Choosing Alert options	136
Choosing Report options	138
Configuring the Internet Filter module	140
Choosing Detection options	141
Choosing Action options	145
Choosing Alert options	146
Choosing Report options	148
Configuring the Security module	149
Enabling password protection	150
Entering your password to configure settings	151
Protecting individual property pages	152
Using the VShield shortcut menu	153
Disabling or stopping the VShield scanner	153
Preventing the scanner from starting automatically	154
Stopping the VShield scanner completely	154
Method 1: Use the VShield shortcut menu	154
Method 2: Use the VirusScan Console	155
Method 3: Use the VirusScan control panel	156
Disabling the VShield scanner and its modules	156
Method 1: Use the VShield shortcut menu	157
Method 2: Use the System Scan Status dialog box	157
Method 3: Use the VShield Properties dialog box	158
Tracking VShield software status information	159
Viewing VShield task status information	160
5 Using the VirusScan application	161
What is the VirusScan application?	161
Why use the VirusScan application?	162
Starting the VirusScan application	163
Method 1: Displaying the VirusScan application main window	163
Method 2: Starting a scan task from the VirusScan Console	165
Method 3: Starting a scan task from a settings file	166
Method 4: Starting the application from the command line	168
Configuring the VirusScan Classic interface	169
Choosing Where & What options	169
Choosing Action options	171
Choosing Report options	173
Configuring the VirusScan Advanced interface	174
Choosing Detection options	175
Choosing Action options	180
Choosing Alert options	182
Choosing Report options	183
Choosing Exclusion options	186
Enabling password protection	189
6 Creating and Configuring Scheduled Tasks	191
What does VirusScan Console do?	191
Why schedule scan operations?	191
Starting the VirusScan Console	192
Using the Console window	194
Working with default tasks	196
Working with the VShield task	198
Working with the AutoUpgrade and AutoUpdate tasks	199
Creating new tasks	200
Enabling tasks	204
Checking task status	206
Configuring VirusScan application options	208
Choosing Detection options	209
Choosing Action options	213
Choosing Alert options	216
Choosing Report options	217
Choosing Exclusion options	220
Choosing security options	223
7 Updating and Upgrading VirusScan Software	227
Developing an updating strategy	227
What are .DAT files?	227
What is the scan engine?	227
Update and upgrade methods	228
Understanding the AutoUpdate utility	230
Configuring the AutoUpdate Utility	231
Configuring update options	235
Configuring advanced update options	237
Understanding the AutoUpgrade utility	240
Configuring the AutoUpgrade utility	241
Configuring upgrade options	246
Configuring advanced upgrade options	248
Using the AutoUpgrade and SuperDAT utilities together	250
8 Using Specialized Scanning Tools	253
Scanning Microsoft Exchange and Outlook mail	253
When and why you should use the E-Mail Scan extension	253
Using the E-Mail Scan extension	254
Configuring the E-Mail Scan extension	255
Choosing Detection options	257
Choosing Action options	260
Choosing Alert options	262
Choosing Report options	266
Scanning cc:Mail	269
Using the ScreenScan utility	269
9 Using VirusScan Utilities	277
Understanding the VirusScan control panel	277
Opening the VirusScan control panel	277
Choosing VirusScan control panel options	278
Using the Alert Manager Client Configuration utility	281
VirusScan software as an Alert Manager client	282
Configuring the Alert Manager client utility	282
A Default Vulnerable and Compressed File Extensions	287
Adding file name extensions for scanning	287
Current list of vulnerable file name extensions	288
Current list of compressed files scanned	292
B Network Associates Support Services	295
Adding value to your McAfee product	295
PrimeSupport options for corporate customers	295
The PrimeSupport KnowledgeCenter plan	295
The PrimeSupport Connect plan	296
The PrimeSupport Priority plan	297
The PrimeSupport Enterprise plan	297
Ordering a corporate PrimeSupport plan	298
PrimeSupport options for home users	300
How to reach international home user support	302
Ordering a PrimeSupport plan for home users	302
Network Associates consulting and training	303
Professional Services	303
Jumpstart Services	303
Network consulting	304
Total Education Services	304
C Using the SecureCast Service to Get New Data Files	305
Introducing the SecureCast service	305
Why should I update my data files?	306
Which data files does the SecureCast service deliver?	306
Installing the BackWeb client and SecureCast service	307
System requirements	307
Phase 1: Download and install BackWeb	307
Phase 2: Register with the Enterprise SecureCast service	312
Troubleshooting the Enterprise SecureCast service	317
Registration problems	317
Unsubscribing from the SecureCast service	317
Support resources	317
SecureCast service	317
BackWeb client	318
D Understanding iDAT Technology	319
Understanding incremental .DAT files	319
Product requirements	319
How does iDAT updating work?	320
What does McAfee post each week?	321
Best practices	322
Three-stage updating	322
Scheduling internal .DAT updates	323
Frequently asked questions	323
Connectivity issues	323
Corrupted data	324
Incremental vs. full .DAT update	324
Network configuration issues	324
Scheduling issues	324

Match case Limit results 1 per page

Preface

xiv

McAfee VirusScan Anti-Virus Software

Instead, harmful objects exist to deliver their equivalent of a virus payload.

Programmers have written objects, for example, that can read data from your

hard disk and send it back to the website you visited, that can

“

hijack

”

your

e-mail account and send out offensive messages in your name, or that can

watch data that passes between your computer and other computers.

Even more powerful agents have begun to appear in applications that run

directly from websites you visit. JavaScript, a scripting language with a name

similar to the unrelated Java language, first appeared in Netscape Navigator,

with its implementation of version 3.2 of the Hyper Text Markup Language

(HTML) standard. Since its introduction, JavaScript has grown tremendously

in capability and power, as have the host of other scripting technologies that

have followed it

—

including Microsoft VBScript and Active Server Pages,

Allaire Cold Fusion, and others. These technologies now allow software

designers to create fully realized applications that run on web servers, interact

with databases and other data sources, and directly manipulate features in the

web browser and e-mail client software running on your computer.

As with Java and ActiveX objects, significant security measures exist to

prevent malicious actions, but virus writers and security hackers have found

ways around these. Because the benefits these innovations bring to the web

generally outweigh the risks, however, most users find themselves calculating

the tradeoffs rather than shunning the technologies.

Where next?

Malicious software has even intruded into areas once thought completely out

of bounds. Users of the mIRC Internet Relay Chat client, for example, have

reported encountering viruses constructed from the mIRC scripting language.

The chat client sends script viruses as plain text, which would ordinarily

preclude them from infecting systems, but older versions of the mIRC client

software would interpret the instructions coded into the script and perform

unwanted actions on the recipient

’

s computer.

The vendors moved quickly to disable this capability in updated versions of

the software, but the mIRC incident illustrates the general rule that where a

way exists to exploit a software security hole, someone will find it and use it.

Late in 1999, another virus writer demonstrated this rule yet again with a

proof-of-concept virus called VBS/Bubbleboy that ran directly within the

Microsoft Outlook e-mail client by hijacking its built-in VBScript support. This

virus crossed the once-sharp line that divided plain-text e-mail messages from

the infectable attachments they carried. VBS/Bubbleboy didn

’

t even require

you to open the e-mail message

—

simply viewing it from the Outlook preview

window could infect your system.