icat3025a run standard diagnostic tests docs...introduction •system diagnostic programs can tell...
TRANSCRIPT
ICAT3025A
Run standard diagnostic tests
Chapter 1 – Operate system
diagnostics • 1.1 Run the system diagnostic program
according to specification
• 1.2 Modify the system configuration as
indicated by the diagnostic program
• 1.3 Carry out preventative maintenance
in line with organisational guidelines
Introduction
• System diagnostic programs can tell you about
the state of the hardware and software of your
computer system. Most diagnostic programs
work by running a series of predetermined tests
and producing a report.
Power On Self Test (POST)
• The boot process is a series of steps performed
when you first turn a computer system on.
• During this process hardware checks will be
performed by the Power On Self Test (POST).
• If POST is completed successfully, control of the
computer system will be handed to the operating
system.
POST error reporting
• If any errors are detected by the POST test,
there are three ways they may be reported:
– a series of beep codes may be heard
– an error message may appear on the screen
– a series of codes are sent to a special address
and these codes can be viewed using a special
plug-in card known as a POST card reader.
Post error beep codes
Award BIOS Beep Codes
Essential devices such as CPU and
memory are checked first. Errors here are
reported with beep codes. These codes
vary with different manufacturers.
POST error messages
• Once the video system has been enabled, error messages will be displayed on the screen. As with the error codes, different BIOS manufacturers have different error.
• Example error messages” – CMOS battery failed
– Keyboard error or no keyboard present
POST card reader
• POST card readers are printed circuit boards which plug into an expansion slot. At each step in the POST sequence, a code is generated for that step, known as a POST code.
• If the system stops, you can identify the test that was being performed at that time from the code displayed.
CMOS setup
• The BIOS Setup utility will allow you to change
many settings for your computer system such as
the boot device order, power management
settings, system time and date and password
settings.
CMOS setup features • Standard: You can set basic settings such as the
time and date. From this menu you can also see
whether all the hard drives and optical drives
installed on the system have been recognised
by BIOS.
• Advanced: You can set the boot disk priority
here (e.g. 1. floppy; 2. hard disk; 3. CD-ROM)
CMOS setup – integrated
peripherals
• Allows you to enable or disable the peripheral
devices that are integrated into the motherboard.
If a device is disabled here, it won’t be able to be
accessed by the operating system or any system
diagnostic program.
Loading the operating system
• The last stage of the boot process is to attempt to load the operating system.
• BIOS will search for a boot record at the very first sector on the boot device specified as the First Boot Device.
• This first sector of the disk stores the Master Boot Record (MBR) which stores information about how the drive is organised and, for more recent operating systems, a boot loader which points the system to the active partition on the drive.
(cont.)
Loading the operating system
(cont.)
• The boot loader and other programs will gather
system hardware information and load start-up
device drivers. Control of the computer system is
passed to the operating system kernel and the
operating system continues to load services and
components as required.
Event logs • Operating systems will maintain logs that record
information about programs, security and system
events on your computer.
• If services or devices fail to load as the operating
system is loaded, notice of these events will be
stored in a log file.
(cont.)
Event logs (cont.)
Click here for
more information
about the logged
event – you will
need to be
connected to the
internet
Device management tools
• As your operating system is being loaded, one of the functions it must perform is to load device drivers (programs that control a hardware device such as a printer or video card).
• Most current desktop operating systems provide a graphical user interface that allows you to examine and manage the devices that are attached to your system.
• Device management tools provide you with a listing of all devices and information about their status and usually allow you to change configurations, update drivers and change advanced settings for devices.
Windows Device Manager
Red cross indicates a
disabled device
Black exclamation mark
on yellow background
indicates a device with a
problem
System resources
• Most operating systems today will automatically detect new hardware devices and assign resources to the device. – Interrupt Request Lines (IRQs) – hardware lines over
which devices can send signals to get the attention of the processor when the device is ready to accept or send information.
– Input/Output (I/O) addresses – memory addresses reserved for transferring data to and from a device.
– Memory Addresses – used for communication between devices and the operating system.
– Direct Memory Access (DMA) – channels that transfer data between system memory and hardware devices without passing it through the CPU.
Cleaning unwanted files
• Over time your hard drive will fill with unwanted files. On a Windows system, use the Disk Cleanup Wizard to remove the following files safely and regain hard drive space: – temporary internet files
– downloaded program files (ActiveX controls and Java applets downloaded from the internet)
– Windows temporary files
– Windows components that you are not using
– installed programs that you no longer use.
(cont.)
Cleaning unwanted files (cont.)
• Disk Cleanup Wizard
Error checking
• Power failures, improper shut-downs (such as turning the computer off by holding the power button in), hardware problems and system crashes can lead to a corrupted hard drive directory.
• A corrupted hard drive directory can cause files to ‘disappear’ – the file data is still written on the disk but the reference to the file location is lost.
• To rectify these problems, operating systems have disk error checking tools.
Defragmentation
• The process of rewriting non-contiguous parts of a file to contiguous sectors on a disk for the purpose of increasing data access and retrieval speeds.
Using hardware manufacturer’s
diagnostic programs
• Many hardware manufacturers supply diagnostic
programs which can test the functionality of a
hardware device.
• Read your owner’s manual or visit the
manufacturer’s website to see if any diagnostic
software is available for your hardware.
• Some hardware manufacturers may require you
to run a diagnostic program before an item can
be returned under warranty.
Using third-party diagnostic
programs • Third party diagnostic tools can be broadly
grouped into two categories: – Operating system independent – are complete with
their own operating system; by being independent of an operating system these programs can directly test the computer system hardware
– Operating system dependent – are written to run on specific operating systems; to test devices such as sound cards which need device drivers to operate you would need to select an operating system dependent program.
Operating system independent
diagnostic programs
• The hardware tests performed by POST are only
cursory and can only give an indication that the
computer system hardware is functioning
correctly.
• There are a range of diagnostic programs
available to thoroughly test the major system
hardware components such as CPU, memory,
fixed disk drives, diskette drives, serial and
parallel ports, video and keyboard (e.g.
Memtest86).
Operating system dependent
diagnostic programs • There is a vast range of diagnostic programs
written for particular operating systems, from commercial to shareware to freeware programs.
• Commercial products are usually a suite of tools including: – Maintenance and diagnostics tools for hardware and software
– Operating system diagnostics and optimisation tools
– Optimisation tools such as a disk defragmenter and disk cleanup
– Benchmarking tools to rate the performance of your computer and its individual components
– Some have antivirus, antispyware or other security features which you will look at in more detail in Chapter 2.
– File recovery tools
– Backup and restore functions .
Chapter 2 – Scan system for
viruses
• 2.1 Scan the system to check and maintain virus protection
• 2.2 Report identified viruses to an appropriate person
• 2.3 Remove virus infections found by the scan using software tools and/or procedures or by restoring back-ups
• 2.4 Document relevant symptom and removal information
Introduction
• Computer viruses and other malicious code
such as Trojans and worms can damage
information systems and data and disrupt
network services.
• Malware (malicious software) – any program
developed with the purpose of causing harm to a
computer system.
(cont.)
Introduction (cont.)
• Viruses can be spread by downloads from the
internet, email attachments, floppy discs or CDs
or through your network connections.
• This chapter looks at ways companies can limit
their exposure to viruses by implementing
antivirus policies.
What is a computer virus?
• A computer program that can attach a copy of itself to another computer program. Whenever the infected program runs, the attached virus program activates and can attach itself to other
programs.
• Computer viruses have three main components: – Infection mechanism
– Payload
– Trigger.
Boot sector virus
• Boot sector viruses spread by modifying a disks boot record.
• Because the boot record is accessed every time the computer is booted, a boot sector virus will be always loaded into memory.
• Typically boot sector viruses are spread through the use of removable media such as floppy disks.
Macro virus • Macro viruses can modify or replace the macro
to perform malicious actions; they attach themselves to a document.
• The Melissa virus was a macro virus which appeared in April 1999 spreading through computer systems using Microsoft Word by two methods: – It modified the Word template which allowed it to
propagate.
– It attached itself to the current document and mailed itself out as an attachment to the top 50 addresses in the address book with Microsoft Outlook.
File virus
• File viruses infect files that are executable such
as .com or .exe files.
• Viruses can be classified by the methods used
to conceal themselves from both users and
antivirus software.
Worms
• Worms are programs that are self-replicating. However, they do not need a carrier program to spread and they spread to other computers, usually through computer network connections.
• One of the features of worms that make them so destructive is that they can rapidly spread.
Trojan horse
• A Trojan horse (or just Trojan) is a program that pretends to be a legitimate and useful piece of software, but which secretly performs some other unwanted task.
• Typically they might arrive as an email attachment or as an unwanted surprise within a free software download.
Logic bomb
• A logic bomb is code which delivers its payload
when a trigger condition is reached and might be
a component of a virus or a Trojan.
Blended threats
• Some malware has characteristics of several of
the previous definitions – some viruses include
Trojans while some worms include viruses or
Trojans. This is known as a blended threat.
What can malware do?
• The payload (or damage caused) of the malware threats defined above include: – large-scale emailing to email addresses in your email
address list
– file deletion – commonly critical operating system files are targeted
– file modification – some malware attaches itself to executable files or tries to disable antivirus software
– performance degradation – for example, network degradation when there is a worm attack
– system instability – system errors may occur
– unauthorised access to your computer system.
How antivirus software works
• The function of antivirus software is to protect
your computer system from viruses.
• It has three major tasks:
– it needs to detect if some code is a virus or not
– once detected, it needs to be identified
– the detected virus needs to be removed from the
system.
(cont.)
How antivirus software works
(cont.) • The software that runs and searches for the
virus is known as the scanning engine.
• This scans files looking for virus signatures or definitions which are a sequence of bytes recognised as suggesting that a known virus is present.
• Some scanning engines also use another approach where the system is monitored for virus-like behaviour.
(cont.)
How antivirus software works
(cont.) • The scanning engine should allow for scanning
either: – on-demand – scans will scan selected files, folders or
drives when started by the user or as scheduled, or
– on-access – scans test for the presence of viruses such as objects as files are accessed.
(cont.)
How antivirus software works
(cont.) • Disinfection – the process a scanning engine will
use to try to remove the virus from the infected system.
• Quarantine – the process the scanning engine will use if it doesn’t know how to clean an infection. The infected file is isolated from the system until either the user decides how to handle the file or an antivirus update is available to deal with virus.
• Because of the different actions that a virus can take, it is not always possible to restore the computer system to the exact state that it was before the infection.
Protecting against virus infections
• Procedures to minimise the risks associated with
viruses need to address the following points:
– installation of anti-virus software
– updating the antivirus software regularly
– keeping software updated with the latest patches
– users exercising caution
– performing regular system backups.
Install antivirus software
• There are many vendors of antivirus software including: – Symantec Corporation
– McAfee Inc
– Trend Micro
– Grisoft Inc.
Server-based solutions
• For businesses or organisations with many workstations to manage, many will choose an antivirus solution that is centrally managed with users being unaware that the antivirus software has been updated.
• A central server stores the antivirus software and signature files. The workstations receive their software and signature updates from the central server across the network at scheduled times.
Keep the antivirus software
updated
• Antivirus software manufacturers will regularly
update their virus definitions and program files
and publish them on their website.
• Antivirus programs can usually be configured to
automatically obtain the updates and manually
if required.
• It is recommended that updates are obtained
and installed at least twice weekly.
Keep your software updated
with the latest patches • Viruses exploit vulnerabilities in the software
running on your computer system.
• As vulnerabilities are discovered, software companies update their software to protect them against viruses and other security threats.
• It is recommended that updates be automated.
Users to exercise caution
• The following steps can be taken to minimise the risks: – configure your antivirus software to scan incoming
and outgoing mail
– users should be instructed to not open any files attached to an email from an unknown source
– users should be instructed to delete chain emails and junk email
– users should be instructed not to download or install unauthorised software.
Back up your files regularly
• Your organisation will have procedures in place to back-up system files and data files regularly.
• These backups can be used to restore files that have been damaged by viruses.
• To be effective, backups need to be performed regularly and the backup media stored in a remote location.
Reporting of a virus infection
• Reporting of viruses helps system administrators to determine how prevention techniques can be improved.
• Most antivirus software will allow you to produce a report when viruses are detected or your company might use a standardised form for reporting to the system administrator.
• Server-based antivirus solutions allow for centralised reporting of virus infections.
Using an antivirus software
package • The steps to perform common tasks with
antivirus software will vary from one package to the next.
• Most antivirus programs will allow you to perform the following tasks: – scan all drives
– scan selected drives, folders or files
– configure scan settings
– update definitions and program these updates manually or automatically
– produce a report of test results.
(cont.)
Using an antivirus software
package (cont.)
• For further information on the particular antivirus software you are using, you will find the following sources of information useful: – user guide or manual
– program help files
– vendor’s website.
Other threats and how to protect
against them • As the internet keeps growing, the number of
threats to keeping your computer system secure also keeps growing.
• Most antivirus vendors offer an ‘Internet Security’ package. These suites vary from vendor to vendor but generally include: – antivirus – to protect against viruses, worms and
Trojans
– antispyware – to protect against spyware, adware and other malware
– antispam – to filter spam and protect against phishing attackers
– firewall – to protect against hackers.
Adware/spyware
• Adware is any software designed to monitor an
end user and present ads to that user usually as
advertising banners or pop-ups on your
computer.
• Spyware is any software that gathers and relays
information from your computer to a remote
location without your knowledge.
Spyware
• Spyware can include the following: – Data miners – which can collect information from your
computer system and relay it to a remote server.
– Toolbar hijacks which place a custom toolbar within your web browser that displays ads and can track your internet browsing.
– Programs which change the home page setting to a different URL in the web browser.
Spam
• Spam is unsolicited commercial email. The spam messages might offer low-cost prescription drugs or weight-loss drugs, get-rich schemes or special offers too good to be true.
• The trouble with spam is that it: – wastes staff time
– uses bandwidth and fill up mailboxes
– some spam contains offensive material.
Phishing
• Phishing refers to a form of Internet scam where
the attackers try to trick users into supplying
confidential information such as bank account
numbers and passwords.
Firewall
• A basic PC firewall acts as a barrier between a
computer and the internet.
• It blocks unauthorised access to your computer,
allowing only authorised traffic from the internet
to your computers.