Question Tools Logo ™ Question Tools     Automating Assessment

  Home Tutorials Pricing Editor  

Anti Virus

We often get asked about security and anti virus approaches for Windows PCs, and while it has nothing really to do with Question Tools, it seemed like a good idea to provide some advice. Please note that these recommendations represent a personal view.


  1. On Windows, use the free ClamWin anti virus scanner (, and scan once a week at night, when it can use all of the disk and processor time it wants.
  2. It is best not to use some of the commercial products — they so often bring a machine to a treacle-like crawl.
  3. Do not open mail attachments that end in .exe or .com, or anything offering dubious services, pictures from people you do not know, or strange messages from people you do know (their machine might be infected).
  4. Never download anything from a web page that tells you it has detected a virus. You will be downloading a virus, rather than anything that helps.
  5. Keep your machine updated with Windows or Mac OS X updates.
  6. Back up your files regularly onto a separate hard disk (some usb hard disks are now very cheap). Cobian Backup is free and excellent ( It is best to take full backups, not incremental ones, as incremental backups save space but are harder to restore.
  7. Keep the Windows Firewall switched on. Whatever critics may say about it, the fact remains that Windows firewall has never been breached.
  8. Do not install Adobe Flash, it has been very publicly identified as a major security weakness. Java also has weaknesses and is best avoided. If you do want to have Flash then consider using Firefox as your browser, and install the Flashblock plug-in which allows you to select which Flash content plays. The AdBlock plug in is also rather good. All are free.
  9. Be careful who uses your machine. A lot of infections arise when family members or other work colleagues are tricked into downloading something they should not. If you do allow children to use your machine, give them their own account that does not have administrator privileges.
  10. Do not use internet banking — banks cannot stop a key-logger on your computer recording your username and password. If everything goes badly then emptying your bank account is top of the criminal's to do list. The banks are starting to introduce hard-coded keys for on-line banking, and these do make it more secure (it is an extra thing the criminal has to emulate in order to get into your bank account). If you do use internet banking then make sure you use it both with a hard-coded physical device as well as a password.
  11. If Clamwin (or any other virus scanner) finds something, do not panic, but follow the steps in the next column.

If you find a virus...

  1. Try not to use anything that involves you entering a password until you have sorted the problem out, just in case your system really has been infected.
  2. If it is a file in your email then all that means is that the virus installer has been sent to you. It does not mean that it has been run and infected your system. All you have to do is delete the file.
  3. Find out of the file is really a virus. Anti-virus scanners are not perfect. They are looking for patterns in files, and sometimes they make mistakes. If you find a file, then use the path that is shown (that's the route from the folders) to find the file, and upload it to one of these sites: or — if the other scanners do not think it is a virus then it probably just your virus scanner's mistake.

A bit more detail

In order to understand PC security you first need to understand the motivations of the different parties.

Security companies want you to purchase their anti-virus tools, and so some of them have large budgets to disseminate newsworthy horror stories. The problem with this is that they often highlight exotic but irrelevant theoretical threats. Another problem is that the different security companies complete with one another with claims for what their software can do, and so their software tries to do too much, often reducing powerful machines to a crawl. In truth, some of it is very poor software.

Criminals often buy virus kits from other criminals, and have three basic interests.

They want to steal your passwords and credit card numbers using a key-logger. They can then get money from your bank, and log on to the sites you buy from and order expensive things to send to other addresses (where allowed).

They want to use your machine as a spam email server. Spam makes money, otherwise they would not bother with it.

They want to use your machine as part of a botnet. Whenever the criminal wants he (it usually is a he) can tell your computer to send lots of silly requests to a particular web site. At the same time ten or twenty thousand other computers will be told to do the same thing. In this way the site's servers are overloaded with requests. This is a denial of service attack, and is sometimes used to extort money from companies worried that their web site is overwhelmed and unavailable. Some criminals even hire out their botnets to anyone who will pay.

What is in a virus?

The sort of thing your son, daughter, friend or work colleague might unwittingly download onto your machine and run is almost always harmless in itself. What it will do is download all of the nasty stuff. That is how it can be so small. Strictly speaking, something downloaded and run like this is called a trojan, as the user is tricked into running it, but the end result of an infected machine is just the same.

An infected machine will often have quite a few complex components. Its first problem is how to hide itself. The crude approach of disabling Windows update and antivirus scans might be simple, but it can work. If you find that Windows Update never runs, or your anti-virus scanner cannot run, or Windows Firewall seems to have turned itself off or has errors, then be suspicious. Find another scanner, download it and run it. Make sure it is a recognised scanner (they are listed on sites like - otherwise you might be downloading and installing another infection.

Some infections hide themselves as root-kits. They sit behind the operating system and are harder to detect. Sometimes the only solution is to wipe the computer's hard disk and completely reinstall (hence the importance of backups, which should be scanned before being restored).

There will be something in an infection to receive instructions. The infected machine will need email addresses to spam, the messages to send, details of the sites to attack, etc.

If spam email is sent then then a simple email send program will be included.

A key-logger will record and analyse every key that is pressed. The key-logger is there to get your password, and rest assured if you log onto your bank's web site and your machine has one of these then the information is likely to find its way back to the criminal. It will then be passed or sold on, as will be your credit card numbers if you enter those. The secure connections your web browser makes when submitting information are no protection against a key-logger. This is because it grabs the information as it is typed, and before it is encrypted prior to transmission.

The criminal's biggest problem

The problem for a criminal is how to get you, or someone who uses your machine, to run that first trojan that downloads all the bits needed for an infection. Getting it into your email inbox is not a problem - spam can do that. The problem is that it has to run, to execute, otherwise it cannot 'come alive' and download the real infection.

This did not used to be a problem for the IT criminal, as Microsoft's scripting technology in Internet Explorer and Outlook, would happily infect the user's computer without them needing to do anything.

Microsoft used to be the criminal's biggest friend on the security front. That has changed, and Microsoft has really tightened up. Recent versions of Windows have shown big improvements, and now it is Adobe, with their PDF reader and Adobe Flash, that are widely viewed as the biggest threat. Some companies, such as Apple, have refused to allow Adobe Flash onto some of their platforms precisely because it is such a security risk.

  Support Contact About Legal Resources Search