Fresh Off The Block


Mar
10
2014

How to check your Antivirus is properly working

Some of the worst viruses to hit Windows – and even a few not-so-bad ones – make every attempt to make cleaning your computer difficult, through methods such as disabling your antivirus, interfering with opening the Security Centre or any cleaning or security tools your computer may be running, and even in some cases modifying your computer's HOSTS file so even going on the internet can either be blocked or have you redirected from real sites to illegitimate ones. This is why it's important to block viruses before they spread.

Most competent anti-malware programs contain real-time protection shields to block viruses and other malware as soon as they crop up; and a fair few even include internet shields to stop downloads and take you away from infected sites that are likely to give you a virus. But what if you're ALREADY compromised? If there's already a virus on your computer that's changing the websites you visit and disabling your antimalware shields, etc. – then you might not even know you're infected and your computer could even be open to further infections, without you knowing they're coming in. Fortunately, there's an easy way to find out if your security is working as expected.

Most companies working in computer security are members of, or are regulated by, various institutes across the globe who want to make sure every threat is being properly dealt with and every anti-malware does a competent job in keeping users safe. In Europe, the main one of these is the European Institute for Computer Antivirus Research, or EICAR for short. EICAR do a lot of research into computer viruses; and their research is shared with the makers of anti-malware products to improve detections, identify new viruses and basically keep the security you're using in working order. One of the ways they do these is by releasing test files, which contain specific messages not found in most ordinary programs. The test files are not viruses, but antivirus and antimalware programs are asked to treat them as one; and because the messages are unique to the test file, if the product DOES warn about the test file when it sees one, it's probably a good sign you're properly protected.

You can make one of the EICAR Test Files yourself through a simple text editor like Notepad, allowing you a quick way to test your security is in working order. Just do the following:

  • Launch Notepad on your computer
  • Copy and paste the following line into the Notepad file:

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
     

  • Save the File. In the Save Dialog, change "Save As Type:" to "All Files". Then save the file with any name ending ".com" – for example eicar.com

If your antivirus is working and capable, during or within a few seconds of the file being saved, your antivirus should block and warn about the new file. You may even be told the file has been automatically deleted or moved to the quarantine / virus chest. Any of these messages is a good sign your antivirus is working.

If your antivirus also includes an on-demand scanner, you can also use this file to test that. First, restore the file from quarantine if your antivirus moved it earlier (check your antivirus product's documentation on how to do this). Then run a scan. If the antivirus product finds an infection in the file you saved using the steps above, you can be assured everything is in proper working order.

If you didn't get warned about the file when you saved it; and it wasn't found in a scan – then it may be time to investigate as your computer may have been compromised and your security is under threat.

The EICAR Test File is a great way to ensure your antivirus' protection and scanning routines are working exactly as they should be, without damaging the security of your computer. And you can easily delete the file once you're done to stop being warned about it again; and re-create it later if you want to test another time.

What Our Visitors are Talking About


Latest CommentsOn Twitter Right Now
  • “Unlock” Dialogue for Clone System tool in Aomei Backupper 2.5 by William Sims
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Gamer Repulic's Dorthea
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Sherman Moya
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Microsoft gets 561 million euro fine for missing browser ballot “oversight” | The Sanitarium.FM
  • Valve’s Steam Gaming Computer: What we know so far by Valve's Steam Gaming Computer: What we know so far | The Sanitarium.FM
  • Tweet to @TMWeb to have your comments appear here!

    Previous Articles


    Apr
    05
    2011

    Symantec: Targeted computer attacks almost doubled in 2010

    Antivirus software maker Symantec said Tuesday that attacks increased some 93 percent from 2009 to 2010, with a staggering 286 million new threats reported last year alone. An increase in the number of attacks on enterprise systems was noted, as well as the use of social networks as an attack vector. Read the rest of this entry »

    Digiprove sealThis informative article has been Digiproved © 2011
    Acknowledgements: http://www.betanews.com/article/Syman more...
    Some Rights Reserved
    Feb
    12
    2011

    JottiQ: Scan mutiple files for malware at once – and get the results without opening your browser.

    Jotti’s malware scan is a service that allows users to scan files with 18 different anti-virus/anti-malware scanners and get a report from each. Users upload individual files to their website, and Jotti’s malware scan sends it to all the scanners, which then scan the file and report back the result. Jotti then collects and displays them on the page. You can only upload one file at a time, and there may be a delay before results come in, in order to prevent the server being overloaded.

    JottiQ is a desktop program that extends the usability of Jotti’s malware scan. Its main purpose was to get around the single-file limitation for those who have a need to scan several files at once, but there’s many more things it can do. Read the rest of this entry »

    Dec
    16
    2010

    Microsoft Security Essentials updated to v2 – with tons of new stuff!

    Microsoft Security Essentials is a product created by Microsoft themselves, to help address the ever-growing malware issue on Windows computers. While it is commonly thought to be a terrific effort by Microsoft and the product tends to get very favourable reviews, I myself have found myself in the minority of people who feel the product was not really up to scratch. My main reasoning for this is because MSE felt like an unfinished and unpolished software in my viewpoint – the scans were slow, and it offered very little in terms of features other than a malware scan, and analysis of programs in your Startup. I also personally felt a tiny niggle in that the program seemed just a bit too basic when compared to other Anti-Malware solutions. In effect, it felt almost too much like a beta product, and the fact it was "v1" didn't help this viewpoint.

    It seems Microsoft have listened to my critiques, as now, Microsoft has released v2 of MSE, adding few features and making improvements. Strangely, Microsoft seems to be keeping fairly quiet about the update – I cannot even find an official announcement nor an official changelog for the release. However, the Help file of MSE v2 lists the following changes made in v2:

    This version of Microsoft® Security Essentials includes the following new features and enhancements to better help protect your computer from threats:

    • Windows Firewall integration. Security Essentials setup enables you to turn on or off Windows Firewall.
    • Network Inspection System. This feature enhances real-time protection by inspecting network traffic to help proactively block exploitation of known network-based vulnerabilities.
    • New and improved protection engine. The updated engine offers enhanced detection and cleanup capabilities with better performance.

    These features are described in more detail in the following sections.

    • Windows Firewall integration
      • Windows Firewall can help prevent attackers or malicious software from gaining access to your computer through the Internet or a network. Now when you install Security Essentials, the installation wizard verifies that Windows Firewall is turned on. If you have intentionally turned off Windows Firewall, you can avoid turning it on by clearing a check box. You can change your Windows Firewall settings at any time via the System and Security settings in Control Panel.
    • Network Inspection System
      • Attackers are increasingly carrying out network-based attacks against exposed vulnerabilities before software vendors can develop and distribute security updates. Studies of vulnerabilities show that it can take a month or longer from the time of an initial attack report before a suitable security update is developed, tested, and released. This gap in protection leaves many computers vulnerable to attacks and exploitation for a substantial period of time. Network Inspection System works with real-time protection to better protect you against network-based attacks by greatly reducing the time span between vulnerability disclosures and update deployment from weeks to a few hours.
    • Award-winning protection engine
      • Under the hood of Security Essentials is its award-winning protection engine that is updated regularly. The engine is backed by a team of antimalware researchers from the Microsoft Malware Protection Center, providing responses to the latest malware threats 24 hours a day.

    The new MSE v2 also seems to include some sort of "behaviour monitor". This is not mentioned in the help file, but appears in the program's Settings tab, with the explanation, "Tick to check for certain patterns of suspicious activity".

    Even more unusually, it seems like at this time there is no update of MSE available from MSE itself or Windows Update; you need to download v2 manually.

    I am yet to fully test out MSE v2, but from an initial viewpoint, it definitely isn't an unfinished product any more. In fact, it certainly seems to have become a much more comprehensive and professional-looking tool, which even feels like it could hold its own against some other commercial anti-malware solutions. The new version supports Windows XP, Vista and 7 in both 32- and 64-bit builds; and takes 7.5-9.5 MB of space to download depending on the build. You can download MSE v2 from the following links:

    Microsoft Security Essentials homepage

    [Direct download – 32-bit] [Direct download – 64-bit] Digiprove sealThis informative article has been Digiproved © 2010-2018