Virus Protection

You need effective virus protection to ensure the integrity and availability of your files and data. An active antivirus program is designed to prevent malware from modifying, deleting or compromising your files or personal information. An antivirus program has at least two tasks:

  • It first scans the PC for malicious programs and attempts to clean the PC in the event of an infection.
  • It permanently protects the PC against the dangers of malicious programs by means of a so-called guard function.

  • How an Antivirus Program Works

    Virus Analysis via Virus Definition Files

    Basically, all antivirus programs use the same methods to detect malware on the PC. To detect malicious programs, they use the so-called (virus) definition file, in which the recognition characteristics (signatures) of the viruses are recorded. The manufacturers update these regularly. It is therefore essential for the functioning of the antivirus program to update the definition files regularly. Many providers have integrated an automatic update function into the program for this purpose. A disadvantage of this concept is that only already known malware can be identified and deleted.

    Virus Analysis via Feuristics and the So-Called Sandbox

    Further possibilities for detecting malware are the heuristic function and the so-called sandbox. They recognize malware by its behavior patterns, by similar file headers (header entries in a file) or by suspicious file formats. In the so-called sandbox, the file is executed in a protected and sealed room so that potential damage cannot leave the sandbox. The behavior analysis then decides whether a program is harmful if, for example, it attempts to manipulate system data or can be classified as harmless. Sometimes, however, only one guess of the antivirus program can be assumed.

  • Procedure after a Virus Attack

    After an antivirus program has found malware on the PC, it is advisable to reinstall the computer, since no one can determine beyond doubt what effects the malware had and whether it could be completely deleted by the antivirus program.

    1. Keep calm.
    2. Use another PC to change the passwords you used on the infected system. The old passwords must be rated as compromised, i.e. as insecure.
    3. Make a backup1 of the infected computer's data.
    4. Reinstall the infected computer. Format the hard disk completely and reinstall the operating system. Make sure to use only original software, i.e. software from a legal source with a legal installation key.
    5. If necessary, check the authenticity of the programs with a checksum check.
    6. Do not connect the newly installed computer to the Internet for the time being: Disconnect the network cable before installing the operating system and do not establish a WLAN connection.
    7. Install the Windows updates first. The best way is to use an offline source2.
    8. Install an antivirus program. Purchase one at a store or download one from a secure computer and install it on the previously infected system.
    9. Now you can connect to the network or Internet.
    10. Once you have installed the remaining Windows updates and updated your antivirus solution, install the remaining programs you need.
    11. Run all update routines again. For installed programs it is recommended to use the update software Secunia PSI.
    12. Copy the previously saved data back to your PC.

    1 In general, a malicious program will not infect any of your personal data in such a way that copying the data from the infected system to an external memory is impossible and unacceptable. If you fear a loss of security due to the backup, you can either remove the storage medium with the data and install it in a PC protected from malware or start it virus-free with a so-called boot CD and then copy the data. Both options also apply if access to the operating system is no longer possible. Be careful when using this backup and consider the files on it to be contaminated by the malware.
    Source for boot CDs: http://www.knoppix.org/ or http://www.nu2.nu/pebuilder/ (as of October 2012).

    2 You can safely update Microsoft Windows and Office applications using "WSUS Offline Update". Offline updates are easy to use and save you time, as all the files you need are downloaded in one large package. Download and run the update program on a system that is not infected with malware. Follow the next steps in the program that creates an installation media that you can use to install the updates on the freshly installed PC. Source: http://www.wsusoffline.net (as of January 2015).

  • Download: Sophos Antivirus

    As a student or employee, you can use the anti-virus program Sophos Antivirus. During installation, accept the User Account Control prompt.