1 viruses viruses, disaster recovery and a maintenance plan that works

1

Viruses

Viruses, Disaster Recovery

and a

Maintenance Plan that Works

2

Preventive Maintenance

A good maintenance plan will Help to prevent failures Reduce repair costs Reduce downtime Help equipment last longer, reducing

replacement costs Help to prevent data loss

3


Table 17-1 Guidelines For Developing a PC PreventiveMaintenance plan

Component Maintenance How Often

Inside the case Make sure air vents are clear; YearlyUse compressed air to blow dustout of case; Ensure chips andcards are firmly seated

CMOS setup Keep a backup record of setup If changes are made

Floppy drive Only clean the drive head if drive When the drive failsdoes not work

Hard drive Perform regular backups At least weeklyRun virus scan program At least dailyDefragment drive MonthlyProtect PC from harm

4


Table 17-1 Guidelines For Developing a PC PreventiveMaintenance plan

Component Maintenance How Often

Keyboard Keep it clean MonthlyKeep liquids away Always

Mouse, monitor Clean regularly At least monthly

Printers Clean out dust and bits of paper At least monthlyClean paper, ribbon pathsUse only top-quality cartridges

Software Check that it is authorised only At least monthlyEmpty Recycle Bin; \temp folder

Written record Record all software, hardware, When changes arerepairs, maintenance made

5


When moving equipment Back up the hard drive, or at least back up

data and copy important configuration files to a floppy disk

Remove tape cartridges or CDs from the drives

Turn off the PC and all other devices Disconnect the power cords from the

electrical outlet and the devices

6


Disconnect all external devices from the computer

Consider labelling the cable connections to identify where each is connected

Coil up all cords and secure them with plastic ties or rubber bands

Pack the computer, monitor, and all other devices in their original shipping cartons; use packing material to pad them

7

Viruses and Other ComputerInfestations

A computer infestation is A virus, a Trojan Horse, or a Worm Any unwanted program that is

unknowingly transmitted to a computer Designed to damage data and software Not designed to damage the computer

hardware, although it may destroy boot sector information

A virus hoax - warning about a nonexistent virus that ties up network traffic

8


Virus A program that can replicate itself by

attaching itself to other programs Needs the infected, or host, program to

execute in order for it to be able to execute May simply replicate itself, filling up the

hard drive, or may actually do damage May be triggered to do damage at a future

point in time: on a specific date, or when the host program activates some logic

9


Worm A program that spreads copies of itself

throughout a network, overloading memory

Does not need a host program Trojan Horse

A program disguised as a helpful utility or a legitimate program

Requires human intervention to move Does not need a host program

10

Where Viruses Hide

Boot sector In the program code that is part of the

Master Boot Record on a hard drive In the part of the boot record program that

loads the OS on the active partition of the hard drive

In the boot program on a floppy disk (one of the most common ways a virus is spread)

11

Where Viruses Hide

Files In executable (.exe or .com) programs or

word processing documents with macros If a virus copies itself into a data file

containing no macros, it can do no more damage than corrupting the data it has overwritten with itself

Multipartite virus A combination of a boot sector virus and a

file virus

12

Viruses

Cloaking techniques Viruses try to hide from antivirus software

Polymorphic - changes its distinguishing characteristics so it is harder to recognise

Encrypting - can transform itself from a replicating program to a nonreplicating program and back again to avoid detection

Stealth - actively conceals itself Alters OS information to mask the size of the file it is

hiding in Monitors file operations: when it sees its host file is

about to be opened, it removes itself from the file

13

Damage from Infestations

Damage done by an infestation is called the payload The payload may be dropped in response

to a triggering event, such as a date, opening of a certain file, or pressing of a certain key

Damage may be minor, such as displaying bugs crawling over the screen, or major, such as erasing everything on a hard drive

14


Figure 17-1 The harmless or benign Walker virus displaysa man walking across the screen

15


Figure 17-2 The crash virus appears to be destructive,making the screen show only garbage, but does no

damage to the hard drive data

16

How Infestations Spread

Dangerous practices include Trading floppy disks containing program files Connecting the computer to an unprotected

network Buying software from unreliable sources Downloading programs from the Internet Using floppy disks from unknown sources Using shared network programs Using e-mail that automatically executes a word

processor to read attached files Not write-protecting original program disks

17


How a virus replicates Once a program containing a virus is copied

to your PC, the virus can spread only when the infected program is executed

Viruses are loaded into memory with the program and then executed from memory

Memory-resident viruses stay in memory after the host program is terminated

Non-memory resident viruses terminate when the host program is closed

18


1 Host program is copied into memory2 The virus may or may not move itself to a new location in memory3 A second program is opened and copied into memory4 The virus copies itself to the second program in memory5 The newly infected second program is written back to the hard drive

Figure 17-3 How a virus replicates

19

Protecting Against Infestations

Make backups Buy antivirus (AV) software and set your

computer to run it automatically at startup Keep the AV software current by periodically

downloading upgrades from the Internet Set a virus scan program to automatically

scan word-processor documents as they are opened

Establish and faithfully execute a plan to make backups of the hard drive

20


Only buy software from reputable vendors Do not trade program files on floppy disks Do not use floppy disks from unknown

sources Download software from the Internet

sparingly, then scan program files for viruses before executing them

Never use pirated software Format floppy disks before first use

21


Write-protect original program disks Avoid shared network programs, such as

Java or ActiveX programs on the Internet Adopt strict company policies against

using unauthorised software If someone has been on a computer

before you, reboot it Set the PC to boot from drive C, then A Turn on AV protection for the CMOS MBR

22

Virus Symptoms

A programs takes longer than usual to load The number and length of disk accesses

seem excessive for simple tasks Unusual error messages occur regularly Less memory than usual is available Files mysteriously disappear or appear Strange graphics display on the monitor The computer makes strange noises The DOS MEM command reveals strange

TSRs loaded into memory

23

Virus Symptoms

The system does not recognise the hard drive when you’ve booted from a floppy disk

The system does not recognise the CD-ROM drive, although it had worked earlier

Executable files have changed size The access lights on the hard drive and

floppy drive turn on when they shouldn’t The hard drive boots but hangs up before

getting a DOS prompt or Windows 95 safe boot

24

Virus Symptoms

There is a noticeable reduction in disk space Files constantly get corrupted Strange or bizarre error messages display DOS error messages display about the FAT

or partition table File extensions or file attributes change

without reason A message displays from the AV software The number of bad sectors on the hard drive

continues to increase

25

Protecting Against Viruses

If you suspect you have a virus Run the latest version of a virus scan program to

detect and delete the virus

When selecting AV software, look for The ability to download current upgrades from the

Internet The ability to automatically execute at startup The ability to detect macro viruses in word-

processing documents The ability to automatically monitor files being

downloaded from the Internet

26

Protecting Against Viruses

Table 17-2 Antivirus software

27

Using AV Software

To scan for viruses on a floppy disk using AV software from Windows 95 Click Start, Programs, Nuts & Bolts, Cheyenne

AntiVirus Scanner In the scanning box, enter what you want the

software to scan: to scan a floppy disk, insert the disk in drive A and enter A:

Click Advanced to see the options Click the File Types tab; verify that All Files is

selected; click OK to return to the opening screen Click Start to execute the scan

28

Using AV Software

Figure 17-4 Set the Cheyenne AntiVirus software to scanboth boot sectors and files

29

Using AV Software

Figure 17-5 Set the Cheyenne AntiVirus software to scanall files, including compressed files

30

Backup Hardware

Tape drives Hold from several hundred megabytes to

several gigabytes May be an internal or external device May not require special backup software,

although using it will make backups as efficient and effortless as possible

More convenient than floppy or removable disks and relatively inexpensive

Store data sequentially, so access is slow and inconvenient for general storage of data

31

Backups - Tape Drives

How a tape interfaces with a computer An external tape drive can use the parallel

port with an optional pass-through to the printer so they can share the port

An external or internal tape drive can use the SCSI bus

An external or internal tape drive can use its own proprietary controller card

An external or internal tape drive can use the floppy drive controller

32


Figure 17-7 An external tape drive can use the parallelport for input/output, with an optional pass-through to the

printer

33


Tape drives accommodate one of two kinds of tapes Full-size data cartridges: 4 x 6 x 5/8 inches Minicartridges: 3 1/4 x 2 1/2 x 3/5 inches Minicartridges are more popular because their

drives fit into a standard 5 1/4 inch drive bay Tapes have a FAT at the beginning that

tracks the location of data and bad sectors Tapes must be formatted before they are

used

34


Figure 17-8 Minicartridge for a tape drive has awrite-protect switch

35


Figure 17-9 Tables from two tape drive manufacturersindicate the multitude of formats used when reading and

writing to tapes

a) Tape compatibility for the Ditto 2GB tape drive

36


Figure 17-9 Tables from two tape drive manufacturersindicate the multitude of formats used when reading and

writing to tapes (continued)

b) Minicartridge capacities obtained by the Eagle TR-3 tape drive using five different tape types

* Using software compression with an assumed 2:1 compression ratio

37

Troubleshooting Tape Drives

A minicartridge does not work If you are trying to write data, verify that

the minicartridge is write-enabled Are you inserting the minicartridge

correctly? Are you using the correct type of

minicartridge? Is the minicartridge formatted? Re-tension the tape using backup software

to eliminate loose spots on the tape

38


Take the minicartridge out and reboot Try using a new minicartridge If the tape was removed from the drive

while data was being written to it, the data may be unreadable

The drive doesn’t work after installation Check that pin 1 is correctly oriented Check for a resource or IRQ conflict For DOS, check for appropriate entries in

Config.sys and Autoexec.bat

39


Data transfer is slow Does the tape software have an option for

optimising speed or data compression? Some tape drives can use an accelerator card

to speed up data transfer Try a new minicartridge If possible, completely erase the tape and

reformat it If you have an accelerator card, verify that it is

connected Check that there is enough memory

40


The drive intermittently fails or gives errors Try a new tape Clean the read/write heads of the drive For an external drive, move it as far as

possible from the computer and monitor Reformat the tape Re-tension the tape Verify that you are using the correct tape

type and format

41

Tape Backup Methods

Full, incremental, and differential Full - all data on the hard drive is backed up Incremental - backs up only files that have

been changed or created since the last backup (full or incremental)

Differential - backs up only files that have been changed or created since the last full backup

Child, Parent, and Grandparent Track, store, and rotate copies of backups

42

Tape Backup Methods

Table 17-3 The Child, Parent, Grandparent backupmethod

43

Backup Software

Most tape drives come with some backup software

Windows 95 and Windows NT can back up your hard drive To install Windows 95 backup component

Click Start, Settings, Control Panel Double-click Add/Remove Programs Click the Windows Setup tab Under Disk Tools, select Backup; click OK,

then Apply to install from the disks or CDs

44

Backup Software

Table 17-4 Tape Drives Supported and Not Supported byWindows 95 Backup

45

Windows 95 Backup Utility

To use Windows 95 Backup utility to backup your hard drive

Click Start, Programs, Accessories, System Tools, and Backup

The Welcome to Microsoft Backup screen displays with a dialog box telling you that it has created a file set for a full system backup of the entire hard drive; click OK to continue

With the Backup tab selected, click File, Open File Set; the list of file sets displays

If this is your first time, only the Full System Backup set is listed

46


Figure 17-10 The Windows 95 Backup utility automaticallybuilds a file set to back up the entire hard drive

47


Select Full System Backup and click Open The backup utility builds a complete list of the

files on the hard drive; click Next Step to create the full system backup

To back up only certain folders, files, or logical drives, don’t open Full System Backup; select files, folders, and drives you want to back up

Click Next Step to continue Select the drive to hold the backup Click Start Backup to begin the process; you

will be asked to enter a Backup Set Label A progress report displays on the screen

48


Figure 17-11 Windows 95 Backup lets you select foldersand files to back up

49


To recover files, folders, or the entire drive from backup using the Windows 95 Backup utility

From the backup utility, click the Restore tab Click the medium to restore from under the

Restore from list Select the backup you want; click Next Step A backup set displays Check the entire backup set, or select

individual files or folders you want to restore Click Start Restore

50


Windows 95 Backup features May back up files with certain extensions Can back up only files and folders that have been

altered during a selected time interval Use full backup or use incremental backup of files

that have changed since the last full backup Can use data compression Can verify backup by automatically comparing

files when the backup is finished Can format tapes when needed

51

Using the Windows NTBackup Utility

Manual backup Click Start, Programs, Administrative

Tools, Backup Select drives, folders, and files to back up Click Backup and enter the required

information Click OK to start the backup On-screen progress reports will display on

the monitor

52


Figure 17-12 Windows NT backup utility works similarlyto Windows 95 Backup

53


Installing the schedule service Click Start, Settings, Control Panel Double-click Services From the Services window select Schedule,

then Startup Select the Startup Type to be Automatic Select System Account under Log On As Click OK Click Start to start the scheduler; click Close The service is running and will start each time

the OS is loaded

54


Figure 17-13 Installing the Schedule service

55


From the Windows NT command prompt, the AT command can be used to schedule a program to run at a later time and date

The Windows NT command NTBackup performs backups from the command prompt, giving the same results as the Backup utility under Administrative Tools

56

Using the Windows NTAT Command

Table 17-5 Explanation of Parameters in Windows NT forTwo AT Commands Used to Schedule Tasks for a Later

Date and Time

Windows NT AT Commands Used to Schedule Tasks:AT [\\computername] [id] [/DELETE[/YES]]AT [\\computername] time [\INTERACTIVE] [/EVERY:date[,...] | /NEXT:date[,...] “command”------------------------------------------------------------------------------------------------------------------Command Parameter Description

\\computername Name of the remote computer the command applies to

id Identification number assigned by Windows NT

/DELETE Deletes the identified command

/YES Provides confirmation of the deletion without a userresponse

time Time the event is scheduled to occur

57


Table 17-5 Explanation of Parameters in Windows NT forTwo AT Commands Used to Schedule Tasks for a Later

Date and Time (continued)

Windows NT AT Commands Used to Schedule Tasks:AT [\\computername] [id] [/DELETE[/YES]]AT [\\computername] time [/INTERACTIVE] [/EVERY:date[,...] | /NEXT:date[,...] “command”------------------------------------------------------------------------------------------------------------------Command Parameter Description

/INTERACTIVE Allows the process to interact with the user

/EVERY:date,... Specifies day of the week or month the process isscheduled to occur

/NEXT:date,... The next date the process will be performed

“command” The command you are scheduling

AT with no parameters Displays currently scheduled events

58


Table 17-6 Explanation of Parameters of the NTBackupCommand

NTBACKUP command:NTBACKUP operation path [/a] [/v] [/r] [/d “text”] [/b] [/hc:{on|off}] [t {option}][/l”filename”] [/e]---------------------------------------------------------------------------------------------------------------Command Parameter Description

operation Either BACKUP or EJECT (eject the tape)

path Path or paths to folders to back up

/a Data will be appended to data already on the tape

/v Verifies that the write operation runs without errors

/r Restricts access to the tape

/d “text” Description of the backup contents

59


Table 17-6 Explanation of Parameters of the NTBackupCommand (continued)

NTBACKUP command:NTBACKUP operation path [/a] [/v] [/r] [/d “text”] [/b] [/hc:{on|off}] [t {option}][/l”filename”] [/e]---------------------------------------------------------------------------------------------------------------Command Parameter Description

/b Back up the registry

/hc:on or /hc:off Use data compression

/t option Specifies the type of backup (/t normal, /t daily, /t incremental, /t copy, /t differential)

/l filename Record to a log file; include the path in the filename

/e Only include exceptions in the log file

60

Managing and MaintainingTapes

Commands to manage tapes include Erase Tape - erases all data on a tape Re-tension Tape - fast forwards to the end

of the tape then rewinds the tape to eliminate any loose spots

Format Tape - formats the tape Eject Tape - ejects the cartridge from the

drive Catalogue - lists a description of the backup,

including the files and folders backed up

61

RAID

Besides maintaining good backups, another method of protecting data is to continuously write 2 copies of the data, each to a different hard drive

RAID or Redundant array of independent disks is a collection of several methods for improving performance and/or automatically recovering from a failure

62

RAID

Table 17-7 The Three Most Common RAID Levels

63

RAID

Some terms: Fault tolerance - the degree to which a system

can tolerate failures Disk striping - Treating multiple hard drives as a

single volume Disk mirroring - strategy whereby the same data

is written to 2 hard drives in a computer Duplexing - redundant data is written to 2 or

more drives, each with its own adaptor card Hot swapping - a system feature whereby one

hard drive can be removed and another inserting without powering down the computer

64

RAID

Figure 17-14 RAID 5, disk striping with parity, allows forincreased drive capacity as well as fault tolerance: Any

one drive can fail and data can still be re-created

65

Chapter Summary

The goals of preventive maintenance are To make PCs last longer and work better To protect data and software To reduce the cost of repairs

Computer infestations include Viruses Trojan Horses Worms

66

Chapter Summary

Antivirus software is your best defence against viruses

Some viruses are relatively harmless; others can destroy everything on the hard drive

There are steps to take to protect your PC from infestations, including not trading floppy disks and using the latest updates of antivirus software

67

Chapter Summary

Tape drives are very common hardware devices used to back up a hard drive

A full backup, followed by incremental or differential backups can speed up the time it takes to make a backup

Windows 95 and Windows NT include a Backup utility that can be used with tape drives

1 viruses viruses, disaster recovery and a maintenance plan that works

Documents