ANTIVIRUS CAPABILITY AND PRECAUTIONARY MEASURES

1. ANTIVIRUSES:
   As already been discussed most of the updates information comes from common up-stream, so there are chances that a virus remain unknown for long( for example, few virus discussed in "little-black book of computer virus" by M. LUDWIG is undetacted even today).
   But, "something is better than nothing" , so you can choose any of the antiviruses among- Avast at www.avast.com/free-antivirus-download

kaspersky at www.kaspersky.com/downloads,

mcafee at www.home.mcafee.com/store/download.aspx ,

avira at http://www.free-av.com/ etc.
If i have to suggest i rather put more emphasis on use of a combination of these programs, i.e.
one antivirus+ one antispyware+ one firewall program=maximum security;

Among anti-spyware program i found ,1. MICROSOFT SECURITY ESSENTIALS(from microsoft),at www.microsoft.com/security/products/mse.aspx

2. SPY-BOT-SEARCH & DESTROY, at www.safer-networking.org/en/download/index.html

3. SPYWARE DOCTOR(from pc-tools) at www.pctools.com/spyware-doctor/download/

much more useful.Among these first two are free-of-cost,while you will have pay for "SPYWARRE DOCTOR".
FIREWALL PROGRAMS:
Among firewall programs i suggest

• BLACK ICE DEFENDER- at http://www.networkice.com/
  




• LOCKDOWN 2000- at http://www.lockdown2000.com/

PRECAUTIONARY MEASURES:

1. If you are a dial-up user and use external modem, the rate of blinking of light(which is in the front of modem) gives the rate of data transfer.When system is idle the blinking rate may be once or twice i 15-20 minutes. If suppose you are not doing anything which require huge data transfer for example, you are reading mails but even then blinking rate is quite high then definately, some data transfer is taking place without your knowledge.
   

In case of internal modem, one can rely on two-t.v. like looking screen near the clock, here also blinking of light represent data transfer.

2. Whenever you have doubt that your system's security is compormised(as in above case) take the following steps:

• Click start>Run
  




• Type "CMD" over there and click "ok"
  
  




• On the DOS-PROMPT ,thus appeared type the command "Netstat -a", this command will give you a list of everything your computer is communicating online currently with as:

ACTIVE CONNECTIONS

PROTOCOL LOCAL ADDRESS FOREIGN ADDRESS STATE

TCP COMP:0000 10.0.0.1:0000 ESTABLISHED

TCP COMP:2020 10.0.0.5:1010 ESTABLISHED

TCP COMP:9090 10.0.0.3:1918 ESTABLISHED

First column gives the protocol used for connection, second column holds your computer's address, third is foreign address to which your computer is connected, and forth column tells that connection is established or suspended.

A software for same purpose called " Xnetstat" can be downloaded from www.arez.com/fs/xns

3. File with suspecious extention should not be accepted(specially if it is from some chatline or freeware sites.) ,for example, picture files generally comes in jpg, jpeg, bmp, tiff and, gif format any other format say "picture.exe" is un acceptable. There is no reason for having a single file with more than one-extension.If you are uncertain about what type of file is here go to

• http://www.altavista.com/, or
  




• http://www.metacrawler.com/

and in search field type

*Doc file type (for document files)

*Exe file type (for exe files)

This will give you a more detailed explanation on the possible formats of particular file type.

4. REPORTING OF HACK ATTEMPTS:

Consistent attempt to break into your system (if any), must be reported. So obtain a copy a copy of " Netlab" from www.filedudes.lvdi.net/win95/dns/netlab95.html and install it. Consult your firewall program documentation for instruction and identify how many time a individual ip-address attempted to gain access and at what time recent attack was, and follow the following steps:

• Write down the ip-address you have got by your firewall program(black ice or lockdown2000)
  




• Click start> Run
  




• type "CMD"

and "Netstat -a" on the dos-screen thus appeared.Look whether your attacker is connected ,once the hacker is unsucessfull you can proceed to gather information to report about attack. To do this:

• Start Netlab and type ip-address of attacker and click on "ping" button. If you see a response then, attacker is online.
  




• Next step is to check whose ip is it, by using "whois.arin.net " on the person's ip-address. After typing ip-address click "who-is " button. You will then see who the ip-address belongs to.

This will reveal who the "hackers internet service provider is" . This is very important if you can figure out where your attack is coming from, you can forward the appropriate information to right people.

5. SOCIAL ENGINEERING:

Social engineering term is often used among "hackers" for technique that rely upon weakness of people.

Even today one of every twenty user keep their user-id as password.So don't do such mistakes.

REMMEMBER: YOU ARE YOUR SYSTEM'S WORST ENEMY.

AT last, though the antivirus serves our purpose a little, but we can add our intelligence to improve our personal security.

FURTHER REFRENCES:

1.FIREWALL FUNDAMENTALS: www.amazon.com/Firewall-Fundamentals-Wes-Noonan/dp/1587052210

2.MICROSOFT BETA ANTIVIRUS AND ANTISPYWARE SOLUTIONS: www.amazon.com/Microsoft-Announces-Antivirus-Antispyware-Solution/dp/B0007N4BWI

3. C. Dalton and D. Clarke. Secure partitioned access to local network resources over internet, Technical report, H.P. lab. 1998.