1 viruses viruses, disaster recovery and a maintenance plan that works
TRANSCRIPT
1
Viruses
Viruses, Disaster Recovery
and a
Maintenance Plan that Works
2
Preventive Maintenance
A good maintenance plan will Help to prevent failures Reduce repair costs Reduce downtime Help equipment last longer, reducing
replacement costs Help to prevent data loss
3
Preventive Maintenance
Table 17-1 Guidelines For Developing a PC PreventiveMaintenance plan
Component Maintenance How Often
Inside the case Make sure air vents are clear; YearlyUse compressed air to blow dustout of case; Ensure chips andcards are firmly seated
CMOS setup Keep a backup record of setup If changes are made
Floppy drive Only clean the drive head if drive When the drive failsdoes not work
Hard drive Perform regular backups At least weeklyRun virus scan program At least dailyDefragment drive MonthlyProtect PC from harm
4
Preventive Maintenance
Table 17-1 Guidelines For Developing a PC PreventiveMaintenance plan
Component Maintenance How Often
Keyboard Keep it clean MonthlyKeep liquids away Always
Mouse, monitor Clean regularly At least monthly
Printers Clean out dust and bits of paper At least monthlyClean paper, ribbon pathsUse only top-quality cartridges
Software Check that it is authorised only At least monthlyEmpty Recycle Bin; \temp folder
Written record Record all software, hardware, When changes arerepairs, maintenance made
5
Preventive Maintenance
When moving equipment Back up the hard drive, or at least back up
data and copy important configuration files to a floppy disk
Remove tape cartridges or CDs from the drives
Turn off the PC and all other devices Disconnect the power cords from the
electrical outlet and the devices
6
Preventive Maintenance
Disconnect all external devices from the computer
Consider labelling the cable connections to identify where each is connected
Coil up all cords and secure them with plastic ties or rubber bands
Pack the computer, monitor, and all other devices in their original shipping cartons; use packing material to pad them
7
Viruses and Other ComputerInfestations
A computer infestation is A virus, a Trojan Horse, or a Worm Any unwanted program that is
unknowingly transmitted to a computer Designed to damage data and software Not designed to damage the computer
hardware, although it may destroy boot sector information
A virus hoax - warning about a nonexistent virus that ties up network traffic
8
Viruses and Other ComputerInfestations
Virus A program that can replicate itself by
attaching itself to other programs Needs the infected, or host, program to
execute in order for it to be able to execute May simply replicate itself, filling up the
hard drive, or may actually do damage May be triggered to do damage at a future
point in time: on a specific date, or when the host program activates some logic
9
Viruses and Other ComputerInfestations
Worm A program that spreads copies of itself
throughout a network, overloading memory
Does not need a host program Trojan Horse
A program disguised as a helpful utility or a legitimate program
Requires human intervention to move Does not need a host program
10
Where Viruses Hide
Boot sector In the program code that is part of the
Master Boot Record on a hard drive In the part of the boot record program that
loads the OS on the active partition of the hard drive
In the boot program on a floppy disk (one of the most common ways a virus is spread)
11
Where Viruses Hide
Files In executable (.exe or .com) programs or
word processing documents with macros If a virus copies itself into a data file
containing no macros, it can do no more damage than corrupting the data it has overwritten with itself
Multipartite virus A combination of a boot sector virus and a
file virus
12
Viruses
Cloaking techniques Viruses try to hide from antivirus software
Polymorphic - changes its distinguishing characteristics so it is harder to recognise
Encrypting - can transform itself from a replicating program to a nonreplicating program and back again to avoid detection
Stealth - actively conceals itself Alters OS information to mask the size of the file it is
hiding in Monitors file operations: when it sees its host file is
about to be opened, it removes itself from the file
13
Damage from Infestations
Damage done by an infestation is called the payload The payload may be dropped in response
to a triggering event, such as a date, opening of a certain file, or pressing of a certain key
Damage may be minor, such as displaying bugs crawling over the screen, or major, such as erasing everything on a hard drive
14
Damage from Infestations
Figure 17-1 The harmless or benign Walker virus displaysa man walking across the screen
15
Damage from Infestations
Figure 17-2 The crash virus appears to be destructive,making the screen show only garbage, but does no
damage to the hard drive data
16
How Infestations Spread
Dangerous practices include Trading floppy disks containing program files Connecting the computer to an unprotected
network Buying software from unreliable sources Downloading programs from the Internet Using floppy disks from unknown sources Using shared network programs Using e-mail that automatically executes a word
processor to read attached files Not write-protecting original program disks
17
How Infestations Spread
How a virus replicates Once a program containing a virus is copied
to your PC, the virus can spread only when the infected program is executed
Viruses are loaded into memory with the program and then executed from memory
Memory-resident viruses stay in memory after the host program is terminated
Non-memory resident viruses terminate when the host program is closed
18
How Infestations Spread
1 Host program is copied into memory2 The virus may or may not move itself to a new location in memory3 A second program is opened and copied into memory4 The virus copies itself to the second program in memory5 The newly infected second program is written back to the hard drive
Figure 17-3 How a virus replicates
19
Protecting Against Infestations
Make backups Buy antivirus (AV) software and set your
computer to run it automatically at startup Keep the AV software current by periodically
downloading upgrades from the Internet Set a virus scan program to automatically
scan word-processor documents as they are opened
Establish and faithfully execute a plan to make backups of the hard drive
20
Protecting Against Infestations
Only buy software from reputable vendors Do not trade program files on floppy disks Do not use floppy disks from unknown
sources Download software from the Internet
sparingly, then scan program files for viruses before executing them
Never use pirated software Format floppy disks before first use
21
Protecting Against Infestations
Write-protect original program disks Avoid shared network programs, such as
Java or ActiveX programs on the Internet Adopt strict company policies against
using unauthorised software If someone has been on a computer
before you, reboot it Set the PC to boot from drive C, then A Turn on AV protection for the CMOS MBR
22
Virus Symptoms
A programs takes longer than usual to load The number and length of disk accesses
seem excessive for simple tasks Unusual error messages occur regularly Less memory than usual is available Files mysteriously disappear or appear Strange graphics display on the monitor The computer makes strange noises The DOS MEM command reveals strange
TSRs loaded into memory
23
Virus Symptoms
The system does not recognise the hard drive when you’ve booted from a floppy disk
The system does not recognise the CD-ROM drive, although it had worked earlier
Executable files have changed size The access lights on the hard drive and
floppy drive turn on when they shouldn’t The hard drive boots but hangs up before
getting a DOS prompt or Windows 95 safe boot
24
Virus Symptoms
There is a noticeable reduction in disk space Files constantly get corrupted Strange or bizarre error messages display DOS error messages display about the FAT
or partition table File extensions or file attributes change
without reason A message displays from the AV software The number of bad sectors on the hard drive
continues to increase
25
Protecting Against Viruses
If you suspect you have a virus Run the latest version of a virus scan program to
detect and delete the virus
When selecting AV software, look for The ability to download current upgrades from the
Internet The ability to automatically execute at startup The ability to detect macro viruses in word-
processing documents The ability to automatically monitor files being
downloaded from the Internet
26
Protecting Against Viruses
Table 17-2 Antivirus software
27
Using AV Software
To scan for viruses on a floppy disk using AV software from Windows 95 Click Start, Programs, Nuts & Bolts, Cheyenne
AntiVirus Scanner In the scanning box, enter what you want the
software to scan: to scan a floppy disk, insert the disk in drive A and enter A:
Click Advanced to see the options Click the File Types tab; verify that All Files is
selected; click OK to return to the opening screen Click Start to execute the scan
28
Using AV Software
Figure 17-4 Set the Cheyenne AntiVirus software to scanboth boot sectors and files
29
Using AV Software
Figure 17-5 Set the Cheyenne AntiVirus software to scanall files, including compressed files
30
Backup Hardware
Tape drives Hold from several hundred megabytes to
several gigabytes May be an internal or external device May not require special backup software,
although using it will make backups as efficient and effortless as possible
More convenient than floppy or removable disks and relatively inexpensive
Store data sequentially, so access is slow and inconvenient for general storage of data
31
Backups - Tape Drives
How a tape interfaces with a computer An external tape drive can use the parallel
port with an optional pass-through to the printer so they can share the port
An external or internal tape drive can use the SCSI bus
An external or internal tape drive can use its own proprietary controller card
An external or internal tape drive can use the floppy drive controller
32
Backups - Tape Drives
Figure 17-7 An external tape drive can use the parallelport for input/output, with an optional pass-through to the
printer
33
Backups - Tape Drives
Tape drives accommodate one of two kinds of tapes Full-size data cartridges: 4 x 6 x 5/8 inches Minicartridges: 3 1/4 x 2 1/2 x 3/5 inches Minicartridges are more popular because their
drives fit into a standard 5 1/4 inch drive bay Tapes have a FAT at the beginning that
tracks the location of data and bad sectors Tapes must be formatted before they are
used
34
Backups - Tape Drives
Figure 17-8 Minicartridge for a tape drive has awrite-protect switch
35
Backups - Tape Drives
Figure 17-9 Tables from two tape drive manufacturersindicate the multitude of formats used when reading and
writing to tapes
a) Tape compatibility for the Ditto 2GB tape drive
36
Backups - Tape Drives
Figure 17-9 Tables from two tape drive manufacturersindicate the multitude of formats used when reading and
writing to tapes (continued)
b) Minicartridge capacities obtained by the Eagle TR-3 tape drive using five different tape types
* Using software compression with an assumed 2:1 compression ratio
37
Troubleshooting Tape Drives
A minicartridge does not work If you are trying to write data, verify that
the minicartridge is write-enabled Are you inserting the minicartridge
correctly? Are you using the correct type of
minicartridge? Is the minicartridge formatted? Re-tension the tape using backup software
to eliminate loose spots on the tape
38
Troubleshooting Tape Drives
Take the minicartridge out and reboot Try using a new minicartridge If the tape was removed from the drive
while data was being written to it, the data may be unreadable
The drive doesn’t work after installation Check that pin 1 is correctly oriented Check for a resource or IRQ conflict For DOS, check for appropriate entries in
Config.sys and Autoexec.bat
39
Troubleshooting Tape Drives
Data transfer is slow Does the tape software have an option for
optimising speed or data compression? Some tape drives can use an accelerator card
to speed up data transfer Try a new minicartridge If possible, completely erase the tape and
reformat it If you have an accelerator card, verify that it is
connected Check that there is enough memory
40
Troubleshooting Tape Drives
The drive intermittently fails or gives errors Try a new tape Clean the read/write heads of the drive For an external drive, move it as far as
possible from the computer and monitor Reformat the tape Re-tension the tape Verify that you are using the correct tape
type and format
41
Tape Backup Methods
Full, incremental, and differential Full - all data on the hard drive is backed up Incremental - backs up only files that have
been changed or created since the last backup (full or incremental)
Differential - backs up only files that have been changed or created since the last full backup
Child, Parent, and Grandparent Track, store, and rotate copies of backups
42
Tape Backup Methods
Table 17-3 The Child, Parent, Grandparent backupmethod
43
Backup Software
Most tape drives come with some backup software
Windows 95 and Windows NT can back up your hard drive To install Windows 95 backup component
Click Start, Settings, Control Panel Double-click Add/Remove Programs Click the Windows Setup tab Under Disk Tools, select Backup; click OK,
then Apply to install from the disks or CDs
44
Backup Software
Table 17-4 Tape Drives Supported and Not Supported byWindows 95 Backup
45
Windows 95 Backup Utility
To use Windows 95 Backup utility to backup your hard drive
Click Start, Programs, Accessories, System Tools, and Backup
The Welcome to Microsoft Backup screen displays with a dialog box telling you that it has created a file set for a full system backup of the entire hard drive; click OK to continue
With the Backup tab selected, click File, Open File Set; the list of file sets displays
If this is your first time, only the Full System Backup set is listed
46
Windows 95 Backup Utility
Figure 17-10 The Windows 95 Backup utility automaticallybuilds a file set to back up the entire hard drive
47
Windows 95 Backup Utility
Select Full System Backup and click Open The backup utility builds a complete list of the
files on the hard drive; click Next Step to create the full system backup
To back up only certain folders, files, or logical drives, don’t open Full System Backup; select files, folders, and drives you want to back up
Click Next Step to continue Select the drive to hold the backup Click Start Backup to begin the process; you
will be asked to enter a Backup Set Label A progress report displays on the screen
48
Windows 95 Backup Utility
Figure 17-11 Windows 95 Backup lets you select foldersand files to back up
49
Windows 95 Backup Utility
To recover files, folders, or the entire drive from backup using the Windows 95 Backup utility
From the backup utility, click the Restore tab Click the medium to restore from under the
Restore from list Select the backup you want; click Next Step A backup set displays Check the entire backup set, or select
individual files or folders you want to restore Click Start Restore
50
Windows 95 Backup Utility
Windows 95 Backup features May back up files with certain extensions Can back up only files and folders that have been
altered during a selected time interval Use full backup or use incremental backup of files
that have changed since the last full backup Can use data compression Can verify backup by automatically comparing
files when the backup is finished Can format tapes when needed
51
Using the Windows NTBackup Utility
Manual backup Click Start, Programs, Administrative
Tools, Backup Select drives, folders, and files to back up Click Backup and enter the required
information Click OK to start the backup On-screen progress reports will display on
the monitor
52
Using the Windows NTBackup Utility
Figure 17-12 Windows NT backup utility works similarlyto Windows 95 Backup
53
Using the Windows NTBackup Utility
Installing the schedule service Click Start, Settings, Control Panel Double-click Services From the Services window select Schedule,
then Startup Select the Startup Type to be Automatic Select System Account under Log On As Click OK Click Start to start the scheduler; click Close The service is running and will start each time
the OS is loaded
54
Using the Windows NTBackup Utility
Figure 17-13 Installing the Schedule service
55
Using the Windows NTBackup Utility
From the Windows NT command prompt, the AT command can be used to schedule a program to run at a later time and date
The Windows NT command NTBackup performs backups from the command prompt, giving the same results as the Backup utility under Administrative Tools
56
Using the Windows NTAT Command
Table 17-5 Explanation of Parameters in Windows NT forTwo AT Commands Used to Schedule Tasks for a Later
Date and Time
Windows NT AT Commands Used to Schedule Tasks:AT [\\computername] [id] [/DELETE[/YES]]AT [\\computername] time [\INTERACTIVE] [/EVERY:date[,...] | /NEXT:date[,...] “command”------------------------------------------------------------------------------------------------------------------Command Parameter Description
\\computername Name of the remote computer the command applies to
id Identification number assigned by Windows NT
/DELETE Deletes the identified command
/YES Provides confirmation of the deletion without a userresponse
time Time the event is scheduled to occur
57
Using the Windows NTAT Command
Table 17-5 Explanation of Parameters in Windows NT forTwo AT Commands Used to Schedule Tasks for a Later
Date and Time (continued)
Windows NT AT Commands Used to Schedule Tasks:AT [\\computername] [id] [/DELETE[/YES]]AT [\\computername] time [/INTERACTIVE] [/EVERY:date[,...] | /NEXT:date[,...] “command”------------------------------------------------------------------------------------------------------------------Command Parameter Description
/INTERACTIVE Allows the process to interact with the user
/EVERY:date,... Specifies day of the week or month the process isscheduled to occur
/NEXT:date,... The next date the process will be performed
“command” The command you are scheduling
AT with no parameters Displays currently scheduled events
58
Using the Windows NTAT Command
Table 17-6 Explanation of Parameters of the NTBackupCommand
NTBACKUP command:NTBACKUP operation path [/a] [/v] [/r] [/d “text”] [/b] [/hc:{on|off}] [t {option}][/l”filename”] [/e]---------------------------------------------------------------------------------------------------------------Command Parameter Description
operation Either BACKUP or EJECT (eject the tape)
path Path or paths to folders to back up
/a Data will be appended to data already on the tape
/v Verifies that the write operation runs without errors
/r Restricts access to the tape
/d “text” Description of the backup contents
59
Using the Windows NTAT Command
Table 17-6 Explanation of Parameters of the NTBackupCommand (continued)
NTBACKUP command:NTBACKUP operation path [/a] [/v] [/r] [/d “text”] [/b] [/hc:{on|off}] [t {option}][/l”filename”] [/e]---------------------------------------------------------------------------------------------------------------Command Parameter Description
/b Back up the registry
/hc:on or /hc:off Use data compression
/t option Specifies the type of backup (/t normal, /t daily, /t incremental, /t copy, /t differential)
/l filename Record to a log file; include the path in the filename
/e Only include exceptions in the log file
60
Managing and MaintainingTapes
Commands to manage tapes include Erase Tape - erases all data on a tape Re-tension Tape - fast forwards to the end
of the tape then rewinds the tape to eliminate any loose spots
Format Tape - formats the tape Eject Tape - ejects the cartridge from the
drive Catalogue - lists a description of the backup,
including the files and folders backed up
61
RAID
Besides maintaining good backups, another method of protecting data is to continuously write 2 copies of the data, each to a different hard drive
RAID or Redundant array of independent disks is a collection of several methods for improving performance and/or automatically recovering from a failure
62
RAID
Table 17-7 The Three Most Common RAID Levels
63
RAID
Some terms: Fault tolerance - the degree to which a system
can tolerate failures Disk striping - Treating multiple hard drives as a
single volume Disk mirroring - strategy whereby the same data
is written to 2 hard drives in a computer Duplexing - redundant data is written to 2 or
more drives, each with its own adaptor card Hot swapping - a system feature whereby one
hard drive can be removed and another inserting without powering down the computer
64
RAID
Figure 17-14 RAID 5, disk striping with parity, allows forincreased drive capacity as well as fault tolerance: Any
one drive can fail and data can still be re-created
65
Chapter Summary
The goals of preventive maintenance are To make PCs last longer and work better To protect data and software To reduce the cost of repairs
Computer infestations include Viruses Trojan Horses Worms
66
Chapter Summary
Antivirus software is your best defence against viruses
Some viruses are relatively harmless; others can destroy everything on the hard drive
There are steps to take to protect your PC from infestations, including not trading floppy disks and using the latest updates of antivirus software
67
Chapter Summary
Tape drives are very common hardware devices used to back up a hard drive
A full backup, followed by incremental or differential backups can speed up the time it takes to make a backup
Windows 95 and Windows NT include a Backup utility that can be used with tape drives