Fresh Off The Block


Mar
10
2014

How to check your Antivirus is properly working

Some of the worst viruses to hit Windows – and even a few not-so-bad ones – make every attempt to make cleaning your computer difficult, through methods such as disabling your antivirus, interfering with opening the Security Centre or any cleaning or security tools your computer may be running, and even in some cases modifying your computer's HOSTS file so even going on the internet can either be blocked or have you redirected from real sites to illegitimate ones. This is why it's important to block viruses before they spread.

Most competent anti-malware programs contain real-time protection shields to block viruses and other malware as soon as they crop up; and a fair few even include internet shields to stop downloads and take you away from infected sites that are likely to give you a virus. But what if you're ALREADY compromised? If there's already a virus on your computer that's changing the websites you visit and disabling your antimalware shields, etc. – then you might not even know you're infected and your computer could even be open to further infections, without you knowing they're coming in. Fortunately, there's an easy way to find out if your security is working as expected.

Most companies working in computer security are members of, or are regulated by, various institutes across the globe who want to make sure every threat is being properly dealt with and every anti-malware does a competent job in keeping users safe. In Europe, the main one of these is the European Institute for Computer Antivirus Research, or EICAR for short. EICAR do a lot of research into computer viruses; and their research is shared with the makers of anti-malware products to improve detections, identify new viruses and basically keep the security you're using in working order. One of the ways they do these is by releasing test files, which contain specific messages not found in most ordinary programs. The test files are not viruses, but antivirus and antimalware programs are asked to treat them as one; and because the messages are unique to the test file, if the product DOES warn about the test file when it sees one, it's probably a good sign you're properly protected.

You can make one of the EICAR Test Files yourself through a simple text editor like Notepad, allowing you a quick way to test your security is in working order. Just do the following:

  • Launch Notepad on your computer
  • Copy and paste the following line into the Notepad file:

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
     

  • Save the File. In the Save Dialog, change "Save As Type:" to "All Files". Then save the file with any name ending ".com" – for example eicar.com

If your antivirus is working and capable, during or within a few seconds of the file being saved, your antivirus should block and warn about the new file. You may even be told the file has been automatically deleted or moved to the quarantine / virus chest. Any of these messages is a good sign your antivirus is working.

If your antivirus also includes an on-demand scanner, you can also use this file to test that. First, restore the file from quarantine if your antivirus moved it earlier (check your antivirus product's documentation on how to do this). Then run a scan. If the antivirus product finds an infection in the file you saved using the steps above, you can be assured everything is in proper working order.

If you didn't get warned about the file when you saved it; and it wasn't found in a scan – then it may be time to investigate as your computer may have been compromised and your security is under threat.

The EICAR Test File is a great way to ensure your antivirus' protection and scanning routines are working exactly as they should be, without damaging the security of your computer. And you can easily delete the file once you're done to stop being warned about it again; and re-create it later if you want to test another time.

What Our Visitors are Talking About


Latest CommentsOn Twitter Right Now
  • “Unlock” Dialogue for Clone System tool in Aomei Backupper 2.5 by William Sims
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Gamer Repulic's Dorthea
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Sherman Moya
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Microsoft gets 561 million euro fine for missing browser ballot “oversight” | The Sanitarium.FM
  • Valve’s Steam Gaming Computer: What we know so far by Valve's Steam Gaming Computer: What we know so far | The Sanitarium.FM
  • Tweet to @TMWeb to have your comments appear here!

    Previous Articles


    Jan
    15
    2012

    VirusTotal gets updated, file size limit increased to 32 MB and new interface

    This article was not written by the team at Technically Motivated. It was quoted heavily from a similar post from dotTech.org; which itself was based on a posting from the VirusTotal blog; and has been reprinted here under the terms permitted by the Creative Commons Attribution-Noncommercial license the original work was licenced under. Technically Motivated makes no claim of ownership for this article.

    VirusTotal is an awesome website. If you don't know about it already, you have been missing out on life — VirusTotal allows users to scan a file with 40+ anti-virus/anti-malware engines. VirusTotal recently introduced an update to the website. This update brings many goodies. Let's take a look at what they are:

    • New interface. VirusTotal has a new interface; it is more modern and streamlined.
    • New file size limit. In the past VirusTotal only accepted files that were 20 MB or smaller in size. That limit has now been increased to 32 MB. Oh happy days.
    • New back-end engine. VirusTotal has now been migrated to Google Apps Engine. This basically means VirusTotal runs on Google's cloud services. For most of us normal users, it makes no difference if VirusTotal is running on Google Apps Engine or some other cloud service. However Google Apps Engine allows VirusTotal to scale better when the need arises, ensuring a better service level; plus scans and analyzes should now be faster thanks to Google's infrastructure.
    • Other changes. Aside from the major changes mentioned above, other changes include:
      • Thanks to HTML5, VirusTotal now computes the hash of files locally thus if you are looking to scan a file that has already been scanned by VirusTotal, you don't have to upload the file before you are given the ability to view the older scan results.
      • The URL scanner uses more engines now, bringing the total to 19.
      • Releasing version 2 of the public API, improving responsiveness among other things.
      • And more.

    Hit up the link below to check out the new VirusTotal yourself:

    VirusTotal homepage

    [via VirusTotal Blog]

    Apr
    05
    2011

    Symantec: Targeted computer attacks almost doubled in 2010

    Antivirus software maker Symantec said Tuesday that attacks increased some 93 percent from 2009 to 2010, with a staggering 286 million new threats reported last year alone. An increase in the number of attacks on enterprise systems was noted, as well as the use of social networks as an attack vector. Read the rest of this entry »

    Digiprove sealThis informative article has been Digiproved © 2011
    Acknowledgements: http://www.betanews.com/article/Syman more...
    Some Rights Reserved
    Dec
    16
    2010

    Microsoft Security Essentials updated to v2 – with tons of new stuff!

    Microsoft Security Essentials is a product created by Microsoft themselves, to help address the ever-growing malware issue on Windows computers. While it is commonly thought to be a terrific effort by Microsoft and the product tends to get very favourable reviews, I myself have found myself in the minority of people who feel the product was not really up to scratch. My main reasoning for this is because MSE felt like an unfinished and unpolished software in my viewpoint – the scans were slow, and it offered very little in terms of features other than a malware scan, and analysis of programs in your Startup. I also personally felt a tiny niggle in that the program seemed just a bit too basic when compared to other Anti-Malware solutions. In effect, it felt almost too much like a beta product, and the fact it was "v1" didn't help this viewpoint.

    It seems Microsoft have listened to my critiques, as now, Microsoft has released v2 of MSE, adding few features and making improvements. Strangely, Microsoft seems to be keeping fairly quiet about the update – I cannot even find an official announcement nor an official changelog for the release. However, the Help file of MSE v2 lists the following changes made in v2:

    This version of Microsoft® Security Essentials includes the following new features and enhancements to better help protect your computer from threats:

    • Windows Firewall integration. Security Essentials setup enables you to turn on or off Windows Firewall.
    • Network Inspection System. This feature enhances real-time protection by inspecting network traffic to help proactively block exploitation of known network-based vulnerabilities.
    • New and improved protection engine. The updated engine offers enhanced detection and cleanup capabilities with better performance.

    These features are described in more detail in the following sections.

    • Windows Firewall integration
      • Windows Firewall can help prevent attackers or malicious software from gaining access to your computer through the Internet or a network. Now when you install Security Essentials, the installation wizard verifies that Windows Firewall is turned on. If you have intentionally turned off Windows Firewall, you can avoid turning it on by clearing a check box. You can change your Windows Firewall settings at any time via the System and Security settings in Control Panel.
    • Network Inspection System
      • Attackers are increasingly carrying out network-based attacks against exposed vulnerabilities before software vendors can develop and distribute security updates. Studies of vulnerabilities show that it can take a month or longer from the time of an initial attack report before a suitable security update is developed, tested, and released. This gap in protection leaves many computers vulnerable to attacks and exploitation for a substantial period of time. Network Inspection System works with real-time protection to better protect you against network-based attacks by greatly reducing the time span between vulnerability disclosures and update deployment from weeks to a few hours.
    • Award-winning protection engine
      • Under the hood of Security Essentials is its award-winning protection engine that is updated regularly. The engine is backed by a team of antimalware researchers from the Microsoft Malware Protection Center, providing responses to the latest malware threats 24 hours a day.

    The new MSE v2 also seems to include some sort of "behaviour monitor". This is not mentioned in the help file, but appears in the program's Settings tab, with the explanation, "Tick to check for certain patterns of suspicious activity".

    Even more unusually, it seems like at this time there is no update of MSE available from MSE itself or Windows Update; you need to download v2 manually.

    I am yet to fully test out MSE v2, but from an initial viewpoint, it definitely isn't an unfinished product any more. In fact, it certainly seems to have become a much more comprehensive and professional-looking tool, which even feels like it could hold its own against some other commercial anti-malware solutions. The new version supports Windows XP, Vista and 7 in both 32- and 64-bit builds; and takes 7.5-9.5 MB of space to download depending on the build. You can download MSE v2 from the following links:

    Microsoft Security Essentials homepage

    [Direct download – 32-bit] [Direct download – 64-bit] Digiprove sealThis informative article has been Digiproved © 2010-2018
    Sep
    18
    2010

    Avast! Antivirus gets into the spirit of Talk Like a Pirate Day with opt-in “Pirate English” language pack

    Security vendor Avast! takes a cue from its own name and a slightly aged Internet meme to bring you a pirate-themed approach to home computer protection.

    Since last night, Avast has been preparing to celebrate the international “Talk Like a Pirate Day” that comes every year on September 19. Users using Avast! will at some point receive a prompt from the program telling them about Talk Like a Pirate Day and give them the option to install a special “Pirate English” language pack. This tongue-in-cheek new feature rebrands four of the main screens in Avast!’s user interface to use Pirate Speak for people who opt in to the feature through September 22.

    The changes are actually quite minimal, but somewhat humorous. A skull-and-crossbones is added to the avast! logo, and the “Secured” text to confirm that the program is working correctly changes to say “Ship-Shape”, also stating, “Yer ship be secure.” Menu options are also renamed to a more pirate-y theme, with the Scan options being renamed “Scour the Ship”, the Virus Chest becomes the “Dead-man’s chest”, and so on. If you like a little bit of pirate humour, then you’ll like this new feature.

    Digiprove sealThis informative article has been Digiproved © 2010
    Aug
    13
    2010

    Free 1 year license of BitDefender AntiVirus 2010! (Expired)

    On Friday 13 August, 2010, v3.co.uk ran a promotion lasting 24 hours, allowing users to get a 1 year license of BitDefender AntiVirus 2010 for free. Here was the official word from them:

    We’ve given you some of the very best full applications in the past and we’re back again with four full exclusive promos through August. The first is our exclusive BitDefender Antivirus 2010 [1-PC, 1-Year], worth $24.95/£16.99, available free of charge for everyone, for 24 hours, between miday CEST Friday 13 August to midday CEST Saturday 14 of August.

    Where can you download your exclusively free BitDefender Antivirus 2010? From the V3.co.uk Software Store: http://store.v3.co.uk

    Promotional information will be available on Friday, so keep checking the store. With this promo, you can download your software build on Friday, grab your serial code, then install or use at any time. Strictly one serial code per user, however.

    Better still, with BitDefender 2011 due soon, you’ll be able to upgrade from the free 2010 to 2011! BitDefender are also offering you an exclusive upgrade promo to the full security suite, BitDefender Internet Security. More information on Friday.

    This freebie has unfortunately now expired and is no longer available.

    Digiprove sealThis informative article has been Digiproved © 2010