Here is a link to a supplemental page that lists all the anti-
virus software manufacturers we've come across (the list is too
long to publish here in the body of the newsletter). There may be
a few more out there, but this comprehensive list should get you
started.
http://www.TheNakedPC.com/t/426/tr.cgi?av1
You'll see four links for each manufacturer: anti-virus product information, anti-virus product technical support, virus information, and virus encyclopedia. The links are presented in alphabetical order by the manufacturer's company name. The latest version number of each product is also displayed (note that many manufacturers offer multiple products).
When you look at our list, keep in mind that each manufacturer has its own preferred way of presenting its "virus info" page as well as a "virus encyclopedia" page. For example, at the Symantec Security Response page when you look up Gokar in the encyclopedia, one of the latest variants is W32.Gokar.A@mm. Here is a breakdown of the information you'll find on W32.Gokar.A@mm: discovery date, type, infection length, the date of the virus definitions that include this threat, a threat assessment, an in- the-wild assessment, damage, distribution, lengthy technical description, and detailed step-by-step removal instructions.
"Virus info" pages typically--although not always, and not for each manufacturer--cover topics like these: the day's active viruses, hoax listings, new virus discoveries (for the current day), warnings/advice articles or FAQs, virus calendar, glossary, regional information, links to specific virus removal tools, newsletter subscription offer (for example, "Symantec Security Response Newsletter" or "McAfee.com Dispatch"), and so on. These pages can be useful if you're intellectually curious about malware, but if you're trying to disinfect a system, you are best off in front of a friend or colleague's *uninfected* PC, studying the encyclopedia information on whatever virus you've got.
Here are a few common malware terms (these definitions are quoted
directly from the McAfee.com virus glossary). Should you be
interested, you'll find other terms and topics defined up on the
manufacturers' virus info pages.
http://www.TheNakedPC.com/t/426/tr.cgi?avgloss
Virus - A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies or creates the files. Some viruses display symptoms, and some viruses damage files and computer systems, but neither symptoms nor damage is essential in the definition of a virus; a non-damaging virus is still a virus.
Macro virus - A macro virus is a malicious macro. Macro viruses are written a macro programming language and attach to a document file (such as Word or Excel). When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus.
Spyware - (from Steve Gibson's OptOut page) Spyware is any software which employs a user's Internet connection in the background (the so-called "backchannel") without their knowledge or explicit permission.
Trojan horse - A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive. Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses.
Worm - Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network. Worms often spread via IRC (Internet Relay Chat).
False negative - A false negative error occurs when anti-virus software fails to indicate an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with anti- virus software because the may miss a new or a heavily modified virus.
False positive - A false positive error occurs when anti-virus software wrongly claims a virus infects a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program.
If you know of an anti-virus developer that isn't on this list, drop me a note.
You can reach Lee Hudspeth at:
mailto:LeeHudspeth@TheNakedPC.com
