Kaspersky ANTI-VIRUS CORPORATE SUITE User Manual

KASPERSKY LAB

Kaspersky® Anti-Virus for Windows
Workstations 6.0

USER GUIDE

KASPERSKY ANTI-VIRUS FOR WINDOWS

WORKSTATIONS 6.0

User Guide

© Kaspersky Lab

http://www.kaspersky.com

Revision date: September 2008

Table of Contents

CHAPTER 1. THREATS TO COMPUTER SECURITY............................................... 11

1.1. Sources of Threats .............................................................................................. 11

1.2. How threats spread ............................................................................................. 12

1.3. Types of Threats.................................................................................................. 14

1.4. Signs of Infection ................................................................................................. 17

1.5. What to do if you suspect infection ..................................................................... 18

1.6. Preventing Infection............................................................................................. 19

CHAPTER 2. KASPERSKY ANTI-VIRUS FOR WINDOWS WORKSTATIONS 6.0 . 21

2.1. What’s new in Kaspersky Anti-Virus for Windows Workstations 6.0................. 21

2.2. The elements of Kaspersky Anti-Virus for Windows Workstations Defense..... 24

2.2.1. Protection components................................................................................. 24

2.2.2. Virus scan tasks............................................................................................ 26

2.2.3. Program tools................................................................................................ 27

2.3. Hardware and software system requirements ................................................... 28

2.4. Software packages.............................................................................................. 29

2.5. Support for registered users................................................................................ 30

CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS FOR WINDOWS

WORKSTATIONS 6.0................................................................................................ 31

3.1. Installation procedure using the Installation Wizard........................................... 32

3.2. Setup Wizard ....................................................................................................... 36

3.2.1. Using objects saved with Version 5.0 .......................................................... 36

3.2.2. Activating the program.................................................................................. 37

3.2.2.1. Selecting a program activation method................................................. 37

3.2.2.2. Entering the activation code .................................................................. 38

3.2.2.3. Obtaining a key file................................................................................. 38

3.2.2.4. Selecting a license key file..................................................................... 38

3.2.2.5. Completing program activation.............................................................. 39

3.2.3. Selecting a security mode ............................................................................39

3.2.4. Configuring update settings.......................................................................... 40

3.2.5. Configuring a virus scan schedule ............................................................... 40

4 Kaspersky Anti-Virus for Windows Workstations 6.0

3.2.6. Restricting program access.......................................................................... 41

3.2.7. Configuring Anti-Hacker settings.................................................................. 42

3.2.7.1. Determining a security zone’s status .................................................... 42

3.2.7.2. Creating a list of network applications................................................... 43

3.2.8. Finishing the Setup Wizard .......................................................................... 44

3.3. Installing the program from the command prompt .............................................44

3.4. Procedure for installing the Group Policy Object................................................ 45

3.4.1. Installing the program ................................................................................... 45

3.4.2. Upgrading the program ................................................................................ 46

3.4.3. Uninstalling the program............................................................................... 46

3.5. Upgrading from 5.0 to 6.0 ................................................................................... 47

CHAPTER 4. PROGRAM INTERFACE ....................................................................... 48

4.1. System tray icon .................................................................................................. 48

4.2. The context menu................................................................................................ 49

4.3. Main program window......................................................................................... 50

4.4. Program settings window.................................................................................... 53

CHAPTER 5. GETTING STARTED.............................................................................. 55

5.1. What is the protection status of the computer?.................................................. 55

5.1.1. Protection indicators ..................................................................................... 56

5.1.2. Kaspersky Anti-Virus for Windows Workstations component status.......... 59

5.1.3. Program performance statistics ................................................................... 60

5.2. How to scan your computer for viruses .............................................................. 61

5.3. How to scan critical areas of the computer......................................................... 61

5.4. How to scan a file, folder or disk for viruses ....................................................... 62

5.5. How to train Anti-Spam ....................................................................................... 63

5.6. How to update the program ................................................................................ 64

5.7. What to do if protection is not running ................................................................ 64

CHAPTER 6. PROTECTION MANAGEMENT SYSTEM............................................ 66

6.1. Stopping and resuming protection on your computer ........................................ 66

6.1.1. Pausing protection........................................................................................ 67

6.1.2. Stopping protection....................................................................................... 68

6.1.3. Pausing / stopping protection components and tasks................................. 68

6.1.4. Restoring protection on your computer........................................................ 69

6.1.5. Shutting down the program .......................................................................... 70

Table of Contents 5

6.2. Types of malicious programs to be monitored ................................................... 70

6.3. Creating a trusted zone ....................................................................................... 71

6.3.1. Exclusion rules.............................................................................................. 72

6.3.2. Trusted applications...................................................................................... 77

6.4. Starting tasks under another profile.................................................................... 81

6.5. Configuring Scheduled Tasks and Notifications................................................. 82

6.6. Power options...................................................................................................... 84

6.7. Advanced Disinfection Technology .................................................................... 85

CHAPTER 7. FILE ANTI-VIRUS ................................................................................... 86

7.1. Selecting a file security level ............................................................................... 87

7.2. Configuring File Anti-Virus................................................................................... 88

7.2.1. Defining the file types to be scanned ........................................................... 88

7.2.2. Defining protection scope............................................................................. 91

7.2.3. Configuring advanced settings..................................................................... 92

7.2.4. Restoring default File Anti-Virus settings ..................................................... 95

7.2.5. Selecting actions for objects......................................................................... 95

7.3. Postponed disinfection ........................................................................................ 97

CHAPTER 8. MAIL ANTI-VIRUS .................................................................................. 99

8.1. Selecting an email protection level ................................................................... 100

8.2. Configuring Mail Anti-Virus................................................................................ 102

8.2.1. Selecting a protected email group.............................................................. 102

8.2.2. Configuring email processing in Microsoft Office Outlook......................... 104

8.2.3. Configuring email scans in The Bat! .......................................................... 105

8.2.4. Restoring default Mail Anti-Virus settings .................................................. 107

8.2.5. Selecting actions for dangerous email objects .......................................... 107

CHAPTER 9. WEB ANTI-VIRUS ................................................................................ 110

9.1. Selecting the web security level........................................................................ 111

9.2. Configuring Web Anti-Virus............................................................................... 113

9.2.1. Setting a scan method................................................................................ 113

9.2.2. Creating a trusted address list.................................................................... 114

9.2.3. Restoring default Web Anti-Virus settings ................................................. 115

9.2.4. Selecting responses to dangerous objects................................................ 116

CHAPTER 10. PROACTIVE DEFENSE .................................................................... 117

10.1. Proactive Defense settings .............................................................................119

6 Kaspersky Anti-Virus for Windows Workstations 6.0

10.1.1. Activity control rules.................................................................................. 121

10.1.2. Office Guard.............................................................................................. 124

10.1.3. Registry Guard.......................................................................................... 126

10.1.3.1. Selecting registry keys for creating a rule ......................................... 128

10.1.3.2. Creating a Registry Guard rule.......................................................... 129

CHAPTER 11. ANTI-SPY............................................................................................ 132

11.1. Configuring Anti-Spy ....................................................................................... 134

11.1.1. Creating Popup Blocker trusted address list ........................................... 134

11.1.2. Banner ad blocking list ............................................................................. 136

11.1.2.1. Configuring the standard banner ad blocking list ............................. 136

11.1.2.2. Banner ad white lists.......................................................................... 137

11.1.2.3. Banner ad black lists.......................................................................... 138

11.1.3. Creating an Anti-Dialer trusted number list.............................................. 138

CHAPTER 12. PROTECTION AGAINST NETWORK ATTACKS............................ 140

12.1. Selecting an Anti-Hacker security level ..........................................................142

12.2. Application rules .............................................................................................. 143

12.2.1. Creating rules manually............................................................................ 145

12.2.2. Creating rules from template.................................................................... 146

12.3. Packet filtering rules ........................................................................................147

12.4. Fine-tuning rules for applications and packet filtering .................................... 149

12.5. Ranking rule priority......................................................................................... 153

12.6. Rules for security zones.................................................................................. 153

12.7. Firewall mode .................................................................................................. 156

12.8. Configuring the Intrusion Detection System................................................... 157

12.9. List of network attacks detected...................................................................... 158

12.10. Blocking and allowing network activity ......................................................... 161

CHAPTER 13. PROTECTION AGAINST UNWANTED E-MAIL ..............................163

13.1. Selecting an Anti-Spam sensitivity level ......................................................... 165

13.2. Training Anti-Spam.......................................................................................... 166

13.2.1. Training Wizard......................................................................................... 167

13.2.2. Training with outgoing emails................................................................... 167

13.2.3. Training using your email client................................................................ 168

13.2.4. Training using Anti-Spam reports ............................................................ 168

13.3. Configuring Anti-Spam .................................................................................... 170

Table of Contents 7

13.3.1. Configuring scan settings ......................................................................... 170

13.3.2. Selecting spam filtration technologies...................................................... 171

13.3.3. Defining spam and potential spam factors .............................................. 172

13.3.4. Creating white and black lists manually................................................... 173

13.3.4.1. White lists for addresses and phrases .............................................. 174

13.3.4.2. Black lists for addresses and phrases............................................... 175

13.3.5. Additional spam filtration features ............................................................ 177

13.3.6. Mail Dispatcher ......................................................................................... 179

13.3.7. Actions for spam....................................................................................... 180

13.3.8. Configuring spam processing in Microsoft Office Outlook ...................... 180

13.3.9. Configuring spam processing in Outlook Express (Windows Mail)........ 183

13.3.10. Configuring spam processing in The Bat!.............................................. 184

CHAPTER 14. SCANNING FOR VIRUSES ON THE COMPUTER......................... 187

14.1. Managing virus scan tasks.............................................................................. 188

14.2. Creating a list of objects to scan ..................................................................... 188

14.3. Creating virus scan tasks................................................................................ 190

14.4. Configuring virus scan tasks ........................................................................... 191

14.4.1. Selecting a security level.......................................................................... 192

14.4.2. Specifying the types of objects to scan.................................................... 193

14.4.3. Restoring default scan settings ................................................................ 195

14.4.4. Selecting actions for objects..................................................................... 196

14.4.5. Additional virus scan settings ................................................................... 198

14.4.6. Setting up global scan settings for all tasks............................................. 199

CHAPTER 15. TESTING KASPERSKY ANTI-VIRUS FEATURES ......................... 200

15.1. The EICAR test virus and its variations .......................................................... 200

15.2. Testing File Anti-Virus ..................................................................................... 202

15.3. Testing Virus scan tasks .................................................................................203

CHAPTER 16. PROGRAM UPDATES....................................................................... 205

16.1. Starting the Updater ........................................................................................206

16.2. Rolling back to the previous update................................................................ 207

16.3. Creating update tasks .....................................................................................207

16.4. Configuring update settings ............................................................................ 208

16.4.1. Selecting an update source...................................................................... 209

16.4.2. Selecting an update method and what to update.................................... 211

8 Kaspersky Anti-Virus for Windows Workstations 6.0

16.4.3. Configuring connection settings............................................................... 213

16.4.4. Update distribution.................................................................................... 215

16.4.5. Actions after updating the program.......................................................... 216

CHAPTER 17. ADVANCED OPTIONS ...................................................................... 217

17.1. Quarantine for potentially infected objects...................................................... 218

17.1.1. Actions with quarantined objects.............................................................. 219

17.1.2. Setting up Quarantine............................................................................... 221

17.2. Backup copies of dangerous objects.............................................................. 222

17.2.1. Actions with backup copies ...................................................................... 222

17.2.2. Configuring Backup settings .................................................................... 224

17.3. Reports ............................................................................................................ 224

17.3.1. Configuring report settings ....................................................................... 227

17.3.2. The Detected tab ...................................................................................... 227

17.3.3. The Events tab.......................................................................................... 228

17.3.4. The Statistics tab ...................................................................................... 229

17.3.5. The Settings tab........................................................................................ 230

17.3.6. The Macros tab......................................................................................... 231

17.3.7. The Registry tab ....................................................................................... 232

17.3.8. The Phishing Sites tab.............................................................................. 233

17.3.9. The Popup Windows tab .......................................................................... 233

17.3.10. The Banner Ads tab ............................................................................... 234

17.3.11. The Dial Attempts tab............................................................................. 235

17.3.12. The Network Attacks tab ........................................................................ 235

17.3.13. The Banned Hosts tab ........................................................................... 236

17.3.14. The Application Activity tab ....................................................................237

17.3.15. The Packet Filtering tab.......................................................................... 237

17.3.16. The Established Connections tab .......................................................... 238

17.3.17. The Open Ports tab ................................................................................ 240

17.3.18. The Traffic tab......................................................................................... 240

17.4. General information about the program ......................................................... 241

17.5. Managing licenses........................................................................................... 242

17.6. Technical Support ........................................................................................... 244

17.7. Creating a monitored port list.......................................................................... 245

17.8. Checking encrypted connections.................................................................... 247

17.9. Configuring the Kaspersky Anti-Virus for Windows Workstations interface.. 249

17.10. Rescue Disk .................................................................................................. 250

Table of Contents 9

17.10.1. Creating a rescue disk............................................................................ 251

17.10.2. Using the rescue disk ............................................................................. 253

17.11. Using additional services .............................................................................. 254

17.11.1. Kaspersky Anti-Virus for Windows Workstations event notifications.... 254

17.11.1.1. Types of events and notification delivery methods......................... 255

17.11.1.2. Configuring email notification .......................................................... 257

17.11.1.3. Configuring event log settings......................................................... 258

17.11.2. Self-Defense and access restriction ......................................................259

17.11.3. Resolving conflicts with other applications ............................................ 261

17.12. Importing and exporting Kaspersky Anti-Virus for Windows Workstations

settings .............................................................................................................261

17.13. Resetting to default settings.......................................................................... 262

CHAPTER 18. WORKING WITH THE PROGRAM FROM THE COMMAND

PROMPT .................................................................................................................. 264

18.1. Activating the application................................................................................. 265

18.2. Managing program components and tasks.................................................... 266

18.3. Anti-virus scans ...............................................................................................269

18.4. Program updates............................................................................................. 273

18.5. Rollback settings ............................................................................................. 274

18.6. Exporting settings............................................................................................ 275

18.7. Importing settings ............................................................................................ 276

18.8. Starting the program........................................................................................ 276

18.9. Stopping the program...................................................................................... 276

18.10. Obtaining a Trace File................................................................................... 277

18.11. Viewing Help.................................................................................................. 277

18.12. Return codes from the command line interface ........................................... 278

CHAPTER 19. MODIFYING, REPAIRING, AND REMOVING THE PROGRAM .... 279

19.1. Modifying, repairing, and removing the program using Installation Wizard... 279

19.2. Uninstalling the program from the command prompt..................................... 281

CHAPTER 20. FREQUENTLY ASKED QUESTIONS............................................... 283

APPENDIX A. REFERENCE INFORMATION........................................................... 285

A.1. List of files scanned by extension..................................................................... 285

A.2. Possible file exclusion masks ........................................................................... 287

A.3. Possible threat exclusion masks ......................................................................288

10 Kaspersky Anti-Virus for Windows Workstations 6.0

A.4. Overview of settings in setup.ini ....................................................................... 289

APPENDIX B. KASPERSKY LAB............................................................................... 291

APPENDIX C. LICENSE AGREEMENT .................................................................... 293

CHAPTER 1. THREATS TO

COMPUTER SECURITY

As information technology has rapidly developed and penetrated many aspects
of human existence, so the number and range of crimes aimed at breaching
information security has grown.

Cyber criminals have shown great interest in the activities of both state structures
and commercial enterprises. They attempt to steal or disclose confidential
information, which damages business reputations, disrupts business continuity,
and may impair an organization's information resources. These acts can do
extensive damage to assets, both tangible and intangible.

It is not only big companies who are at risk; individual users can also be
attacked. Criminals can gain access to personal data (for instance, bank account
and credit card numbers and passwords), or cause a computer to malfunction.
Some types of attacks can give hackers complete access to a computer, which
can then be used as part of a “zombie network” of infected computers to attack
servers, send out spam, harvest confidential information, and spread new viruses
and Trojans.

In today’s world, it is widely acknowledged that information is a valuable asset
that should be protected. At the same time, information must be accessible to
those who legitimately require it (for instance, employees, clients and partners of
a business). Hence, the need to create a comprehensive information security
system, which must take account of all possible sources of threats, whether
human, man-made, or natural disasters, and use a complete array of defensive
measures, at the physical, administrative and software levels.

1.1. Sources of Threats

A person, a group of people, or phenomena unrelated to human activity can
threaten information security. Following from this, all threat sources can be put
into one of three groups:

• The human factor. This group of threats concerns the actions of people
with authorized or unauthorized access to information. Threats in this
group can be divided into:

• External, including cyber criminals, hackers, internet scams,
unprincipled partners, and criminal organizations.

12 Kaspersky Anti-Virus for Windows Workstations 6.0

• Internal, including the actions of company staff and users of
home PCs. Actions taken by this group could be deliberate or
accidental.

• The technological factor. This threat group is connected with technical
problems – use of obsolete or poor-quality software and hardware to
process information. This can lead to equipment failure and often to data
loss.

• The natural-disaster factor. This threat group includes the whole range
of events caused by nature and independent of human activity.

All three threat sources must be accounted for when developing a data security
protection system. This User Guide focuses on the area that is directly tied to
Kaspersky Lab’s expertise – external threats involving human activity.

1.2. How threats spread

As modern computer technology and communications tools develop, hackers
have more opportunities for spreading threats. Let’s take a closer look at them:

The Internet

The Internet is unique, since it is no one’s property and has no
geographical borders. In many ways, this has promoted the development
of web resources and the exchange of information. Today, anyone can
access data on the Internet or create their own webpage.

However, these very features of the worldwide web give hackers the
ability to commit crimes on the Internet, and make the hackers difficult to
detect and punish.

Hackers place viruses and other malicious programs on Internet sites and
disguise them as useful freeware. Furthermore, scripts that run
automatically when you open certain web pages can execute dangerous
actions on your computer, including modifying the system registry,
stealing personal data, and installing malicious software.

By using network technologies, hackers can attack remote PCs and
company servers. These attacks can cause parts of your system to
malfunction, or could provide hackers with complete access to your
system and thereby to the information stored on it. They can also use it as
part of a zombie network.

Lastly, since it became possible to use credit cards and e-money through
the Internet in online stores, auctions, and bank homepages, online
scams have become increasingly common.

Threats to Computer Security 13

Intranet

Your intranet is your internal network, specially designed for handling
information within a company or a home network. An intranet is a unified
space for storing, exchanging, and accessing information for all the
computers on the network. This means that if one computer on the
network is infected, the others are at great risk of infection. To avoid such
situations, both the network perimeter and each individual computer must
be protected.

Email

Since the overwhelming majority of computers have email client programs
installed, and since malicious programs exploit the contents of electronic
address books, conditions are usually right for spreading malicious
programs. The user of an infected computer might unknowingly send
infected emails to friends or coworkers who in turn send more infected
emails. For example, it is common for infected file documents to go
undetected when distributed with business information via a company’s
internal email system. When this occurs, more than a handful of people
are infected. It might be hundreds or thousands of company workers,
together with potentially tens of thousands of subscribers.

Beyond the threat of malicious programs lies the problem of electronic
junk email, or spam. Although not a direct threat to a computer, spam
increases the load on email servers, eats up bandwidth, clogs up the
user’s mailbox, and wastes working hours, thereby incurring financial
harm.

In addition, hackers have begun using mass mailing programs and social
engineering methods to convince users to open emails, or click on a link
to certain websites. It follows that spam filtration capabilities are valuable
for several purposes: to stop junk email; to counteract new types of online
scans, such as phishing; to stop the spread of malicious programs.

Removable storage media

Removable media (floppies, CD-ROMs, and USB flash drives) are widely
used for storing and transmitting information.

Opening a file that contains malicious code and is stored on a removable
storage device can damage data stored on the local computer and spread
the virus to the computer’s other drives or other computers on the
network.

14 Kaspersky Anti-Virus for Windows Workstations 6.0

1.3. Types of Threats

There are a vast number of threats to computer security today. This section will
review the threats that are blocked by Kaspersky Anti-Virus for Windows
Workstations.

Worms

This category of malicious programs spreads itself largely by exploiting
vulnerabilities in computer operating systems. The class was named for
the way that worms crawl from computer to computer, using networks and
email. This feature allows worms to spread themselves very rapidly.

When a worm penetrates a computer, it scans for the network addresses
of other computers that are locally accessible, and sends a burst of self­made copies to these addresses. In addition, worms often utilize data
from email client address books. Some of these malicious programs
occasionally create working files on system disks, but they can run
without any system resources except RAM.

Viruses

Viruses are programs that infect other files, adding their own code to them
to gain control of the infected files when they are opened. This simple
definition explains the fundamental action performed by a virus –
infection.

Trojans

Trojans are programs that carry out unauthorized actions on computers,
such as deleting information on drives, making the system hang, stealing
confidential information, and so on. This class of malicious program is not
a virus in the traditional sense of the word, because it does not infect
other computers or data. Trojans cannot break into computers on their
own. They are spread by hackers, who disguise them as regular software.
The damage that they inflict can greatly exceed that done by traditional
virus attacks.

Recently, worms have been the commonest type of malicious program damaging
computer data, followed by viruses and Trojans. Some malicious programs
combine features of two or even three of these classes.

Adware

Adware comprises programs that are included in software, unknown to
the user, which is designed to display advertisements. Adware is usually
built into software that is distributed free. The advertisement is situated in
the program interface. These programs also frequently collect personal
data on the user and send it back to their developer, change browser

Threats to Computer Security 15

settings (start page and search pages, security levels, etc.) and create
traffic that the user cannot control. This can lead to a security breach and
to direct financial losses.

Spyware

This software collects information about a particular user or organization
without their knowledge. Spyware often escapes detection entirely. In
general, the goal of spyware is to:

• Trace user actions on a computer;

• Gather information on the contents of your hard drive; in such

cases, this usually involves scanning several directories and the
system registry to compile a list of software installed on the
computer;

• Gather information on the quality of the connection, bandwidth,
modem speed, etc.

Riskware

Riskware includes software that has not malicious features but could form
part of the development environment for malicious programs or could be
used by hackers as auxiliary components for malicious programs. This
program category includes programs with backdoors and vulnerabilities,
as well as some remote administration utilities, keyboard layout togglers,
IRC clients, FTP servers, and all-purpose utilities for stopping processes
or hiding their operation.

Another type of malicious program that is similar to adware, spyware, and
riskware are programs that plug into your web browser and redirect traffic. The
web browser will open different web sites than those intended.

Jokes

Joke software does not do any direct damage, but displays messages
stating that damage has already been done or will be under certain
conditions. These programs often warn the user of non-existent dangers,
such as messages that warn of formatting the hard drive (although no
formatting actually takes place) or detecting viruses in uninfected files.

Rootkits

These are utilities that are used to conceal malicious activity. They mask
malicious programs to keep anti-virus programs from detecting them.
Rootkits modify basic functions of the computer’s operating system to
hide both their own existence and actions that the hacker undertakes on
the infected computer.

16 Kaspersky Anti-Virus for Windows Workstations 6.0

Other dangerous programs

These are programs created to, for instance, set up denial of service
(DoS) attacks on remote servers, hack into other computers, and
programs that are part of the development environment for malicious
programs. These programs include hack tools, virus builders, vulnerability
scanners, password-cracking programs, and other types of programs for
cracking network resources or penetrating a system.

Hacker attacks

Hacker attacks can be initiated either by hackers or by malicious
programs. They are aimed at stealing information from a remote
computer, causing the system to malfunction, or gaining full control of the
system's resources. You can find a detailed description of the types of
attacks blocked by Kaspersky Anti-Virus for Windows Workstations in
section 12.9, on pg. 158.

Some types of online scams

Phishing is an online scam that uses mass emailings to steal confidential

information from the user, generally of a financial nature. Phishing emails
are designed to resemble informative emails from banks and well-known
companies to the greatest extent possible. These emails contain links to
fake websites created by hackers to mimic the site of the legitimate
organization. On this site, the user is asked to enter, for example, his
credit card number and other confidential information.

Dialers to pay-per-use websites – type of online scam using
unauthorized use of pay-per-use Internet services, which are commonly
pornographic web sites. The dialers installed by hackers initiate modem
connections from your computer to the number for the pay service. These
phone numbers often have very high rates and the user is forced to pay
enormous telephone bills.

Intrusive advertising

This includes popup windows and banner ads that open when using your
web browser. The information in these windows is generally not of benefit
to the user. Popup windows and banner ads distract the user from the
task and take up bandwidth.

Spam

Spam is anonymous junk email, and includes several different types of
content: adverts; political messages; requests for assistance; emails that
ask one to invest large amounts of money or to get involved in pyramid
schemes; emails aimed at stealing passwords and credit card numbers,
and emails that ask to be sent to friends (chain letters).

Threats to Computer Security 17

Spam significantly increases the load on mail servers and the risk of
loosing important data.

Kaspersky Anti-Virus for Windows Workstations uses two methods for detecting
and blocking these threat types:

• Reactive – this method searches for malicious files using a threat
signature database that is regularly updated. At least one virus infection is
necessary to implement this method – in order to add threat signature to
the database and distribute database update.

• Proactive – in contrast to reactive protection, this method is based not on
analyzing the object’s code but on analyzing its behavior in the system.
This method is aimed at detecting new threats that are still not defined in
the signatures.

By employing both methods, Kaspersky Anti-Virus for Windows Workstations
provides comprehensive protection for your computer from both known and new
threats.

Warning:

From this point forward, we will use the term "virus" to refer to malicious and
dangerous programs. The type of malicious programs will only be emphasized
where necessary.

1.4. Signs of Infection

There are a number of signs that a computer is infected. The following events
are good indicators that a computer is infected with a virus:

• Unexpected messages or images appear on the screen, or unusual
sounds are played;

• The CD/DVD-ROM tray opens and closes unexpectedly;

• The computer arbitrarily launches a program without your assistance;

• Warnings pop up on the screen about a program attempting to access the

Internet, even though you initiated no such action;

There are also several typical traits of a virus infection through email:

• Friends or acquaintances tell you about messages from you that you
never sent;

• Your inbox houses a large number of messages without return addresses
or headers.

18 Kaspersky Anti-Virus for Windows Workstations 6.0

It must be noted that these signs can arise from causes other than viruses. For
example, in the case of email, infected messages can be sent with your return
address but not from your computer.

There are also indirect indications that your computer is infected:

• Your computer freezes or crashes frequently;

• Your computer loads programs slowly;

• You cannot boot up the operating system;

• Files and folders disappear or their contents are distorted;

• The hard drive is frequently accessed (the light blinks);

• The web browser program (e.g., Microsoft Internet Explorer) freezes or

behaves unexpectedly (for example, you cannot close the program
window).

In 90% of cases, these indirect systems are caused by malfunctions in hardware
or software. Despite the fact that such symptoms rarely indicate infection, we
recommend that, upon detecting them, you are recommended to run a complete
scan of your computer (see 5.2 on pg. 61).

1.5. What to do if you suspect

infection

If you notice that your computer is behaving suspiciously…

1. Don’t panic! This is the golden rule: it could save you from losing
important data.

2. Disconnect your computer from the Internet or local network, if it is on
one.

3. If the computer will not boot from the hard drive (the computer displays
an error message when you turn it on), try booting in safe mode or with
the emergency operating system boot disk that you created when you
installed the operating system.

4. Before doing anything else, back up your work on removable storage
media (floppy, CD/DVD, flash drive, etc.).

5. Install Kaspersky Anti-Virus for Windows Workstations, if you have not
done so already.

6. Update the program’s threat signatures and application modules (see

5.6 on pg. 64). If possible, download the updates off the Internet from a

Threats to Computer Security 19

different, uninfected, computer, for instance at a friend’s, an Internet
café, or work. It is better to use a different computer since, when you
connect an infected computer to the Internet, there is a chance that the
virus will send important information to hackers or spread the virus to
the addresses in your address book. That is why if you suspect that
your computer has a virus, you should immediately disconnect from the
Internet. You can also get threat signature updates on floppy disk from
Kaspersky Lab or its distributors and update your signatures using the
disk.

7. Select the security level recommended by the experts at Kaspersky
Lab.

8. Start a full computer scan (see 5.2 on pg. 61).

1.6. Preventing Infection

Not even the most reliable and deliberate measures can provide 100% protection
against computer viruses and Trojans, but following such a set of rules
significantly lowers the likelihood of virus attacks and the level of potential
damage.

One of the basic methods of battling viruses is, as in medicine, well-timed
prevention. Computer prophylactics involve a rather small number of rules that, if
complied with, can significantly lower the likelihood of being infected with a virus
and losing data.

The basic safety rules are given below. By following them, you can avoid virus
attacks.

Rule No. 1: Use anti-virus software and Internet security programs. To do so:

• Install Kaspersky Anti-Virus for Windows Workstations as soon as
possible.

• Regularly update the program’s threat signatures (see 5.6 on pg. 64). You
should update the signatures several times per day during virus
outbreaks. In such situations, the threat signatures on Kaspersky Lab’s
update servers are updated immediately.

• Select the security settings recommended by Kaspersky Lab for your
computer. You will be protected constantly from the moment the computer
is turned on, and it will be harder for viruses to infect your computer.

• Select the settings for a complete scan recommended by Kaspersky Lab,
and schedule scans for at least once per week. If you have not installed
Anti-Hacker, we recommend that you do so to protect your computer
when using the Internet.

Rule No. 2: Use caution when copying new data to your computer:

20 Kaspersky Anti-Virus for Windows Workstations 6.0

• Scan all removable storage drives, for example floppies, CDs/DVDs, and
flash drives, for viruses before using them (see 5.4 on pg. 62).

• Treat emails with caution. Do not open any files attached to emails unless
you are certain that you were intended to receive them, even if they were
sent by people you know.

• Be careful with information obtained through the Internet. If any web site
suggests that you install a new program, be certain that it has a security
certificate.

• If you are copying an executable file from the Internet or local network, be
sure to scan it with Kaspersky Anti-Virus for Windows Workstations.

• Use discretion when visiting web sites. Many sites are infected with
dangerous script viruses or Internet worms.

Rule No. 3: Pay close attention to information from Kaspersky Lab.

In most cases, Kaspersky Lab announces a new outbreak long before it
reaches its peak. The likelihood of the infection in such a case is low, and
once you download the threat signature updates, you will have plenty of
time to protect yourself against the new virus.

Rule No. 4: Do not trust virus hoaxes, such as prank programs and emails about

infection threats.

Rule No. 5: Use the Windows Update tool and regularly install Windows

operating system updates.

Rule No. 6: Buy legitimate copies of software from official distributors.

Rule No. 7: Limit the number of people who are allowed to use your computer.

Rule No. 8: Lower the risk of unpleasant consequences of a potential infection:

• Back up data regularly. If you lose your data, the system can fairly quickly
be restored if you have backup copies. Store distribution floppies, CDs,
flash drives, and other storage media with software and valuable
information in a safe place.

• Create a Rescue Disk (see 17.10 on pg. 250) that you can use to boot up
the computer, using a clean operating system.

Rule No. 9: Regularly inspect the list of installed programs on your computer. To

do so, open Install/Remove Programs in the Control Panel, or open the
Program Files directory. You may discover software here that was installed
on your computer without your knowledge, for example, while you were
using the Internet or installing a different program. Programs like these are
almost always potentially dangerous.

CHAPTER 2. KASPERSKY ANTI-

VIRUS FOR WINDOWS
WORKSTATIONS 6.0

Kaspersky Anti-Virus for Windows Workstations 6.0 heralds a new generation of
data security products.

What really sets Kaspersky Anti-Virus for Windows Workstations 6.0 apart from
other software, even from other Kaspersky Lab products, is its multi-faceted
approach to data security.

2.1. What’s new in Kaspersky Anti-

Virus for Windows Workstations

6.0

Kaspersky Anti-Virus for Windows Workstations 6.0 has a new approach to data
security. The program’s main feature is that it combines and noticeably improves
the existing features of all the company’s products in one security solution. The
program provides protection against viruses, spam attacks, hacker attacks,
unknown threats, phishing, and rootkits.

You will no longer need to install several products on your computer for overall
security. It is enough simply to install Kaspersky Anti-Virus for Windows
Workstations 6.0.

Comprehensive protection guards all incoming and outgoing data channels. All
of the program’s components have flexible settings that enable Kaspersky Anti­Virus for Windows Workstations to adapt to the needs of each user.
Configuration of the entire program can be done from one location.

Let’s take a look at the new features in Kaspersky Anti-Virus for Windows
Workstations.

New Protection Features

• Kaspersky Anti-Virus for Windows Workstations protects you both from
known malicious programs, and from programs still unknown. Proactive
Defense (see Chapter 10 on pg. 117) is the program’s key advantage. It
analyzes the behavior of applications installed on your computer,

22 Kaspersky Anti-Virus for Windows Workstations 6.0

monitoring changes to the system registry, tracking macros, and fighting
hidden threats. The component uses a heuristic analyzer to detect and
record various types of malicious activity, with which actions taken by
malicious programs can be rolled back and the system can be restored to
its state prior to the malicious activity.

• The program protects the computer against rootkits and dialers, blocks
banner ads, popup windows, and malicious scripts downloaded from web
pages, and detects phishing sites.

• File Anti-Virus technology has been improved to lower the CPU load and
increase the speed of file scans. iChecker™ and iSwift™ help achieve
this. By operating this way, the program rules out scanning files twice.

• The scan process now runs as a background task, enabling the user to
continue using the computer. If there is a competition for system
resources, the virus scan will pause until the user’s operation is
completed and then resumes at the point where it left off.

• Critical areas of the computer, which if infected would seriously affect
data quality or security, are given their own separate task. This task can
be configured to run automatically every time the system is started.

• Protection for email systems against malicious programs and spam has
been significantly improved. The program scans these protocols for
emails containing viruses and spam:

• IMAP, SMTP, POP3, regardless of which email client you use

• NNTP (virus scan only), regardless of the email client

• Regardless of the protocol (MAPI, HTTP) when using plug-ins

for MS Outlook and The Bat!

• Special plug-ins are available for the most common mail clients, such as
Outlook, Microsoft Outlook Express (Windows Mail), and The Bat! These
place email protection against both viruses and spam directly in the mail
client.

• Anti-Spam now has a training mode, based around the iBayes algorithm,
which learns by monitoring how you deal with email. It also provides
maximum flexibility in configuring spam detection – for instance, you can
create black and white lists of addressees and key phrases that mark
email as spam.

Anti-Spam uses a phishing database, which can filter out emails designed
to obtain confidential financial information.

• The program filters inbound and outbound traffic, traces and blocks
threats from common network attacks, and lets you use the Internet in
Stealth Mode.

Kaspersky Anti-Virus for Windows Workstations 6.0 23

• When using a combination of networks, you can also define which
networks to trust completely and which to monitor with extreme caution.

• The user notification function (see 17.11.1 on pg. 254) has been
expanded for certain events that arise during program operation. You can
select the method of notification yourselves for each of these event types:
e-mails, sound notifications, pop-up messages.

• Scanning has been added for data transmitted across secure SSL
connections.

• The program has added self-defense features, including protection
against unauthorized remote administration tools and password-protected
program settings. These features help keep malicious programs, hackers,
and unauthorized users from disabling protection.

• You can also create a rescue disk, with which you can reboot your
operating system after a virus outbreak and scan your computer for
malicious code.

New Program Interface Features

• The new Kaspersky Anti-Virus for Windows Workstations interface makes
the program’s functions clear and easy to use. You can also change the
program’s appearance by using your own graphics and color schemes.

• The program regularly provides you with tips as you use it: Kaspersky
Anti-Virus for Windows Workstations displays informative messages on
the level of protection, accompanies its operation with hints and tips, and
includes a thorough Help section.

New Program Update Features

• This version of the program debuts our improved update procedure:
Kaspersky Anti-Virus automatically checks the update source for updates.
If it finds new updates, Anti-Virus downloads them and installs them on
the computer.

• The program downloads updates incrementally, ignoring files that have
already been downloaded. This lowers the download traffic for updates by
up to 10 times.

• Updates are downloaded from the most efficient source.

• You can choose not to use a proxy server, by downloading program

updates from a local source. This noticeably reduces the traffic on the
proxy server.

• The program has an update rollback feature that can return to the
previous version of the signatures, if the threat signatures are damaged or
there is an error in copying.

24 Kaspersky Anti-Virus for Windows Workstations 6.0

• A tool has been added to Updater that copies updates to a local folder to
give other computers on the network access to them. This cuts down on
Internet traffic.

2.2. The elements of Kaspersky

Anti-Virus for Windows
Workstations Defense

Kaspersky Anti-Virus for Windows Workstations is designed with the sources of
threats in mind. In other words, a separate program component deals with each
threat, monitoring it and taking the necessary action to prevent malicious effects
of that threat on the user's data. This makes the Security Suite flexible, with user­friendly options for each of the components to fit the needs of a specific user or a
business as a whole.

Kaspersky Anti-Virus for Windows Workstations includes:

• Protection Components (see 2.2.1 on pg. 24) that comprehensively
defend all channels of data transmission and exchange on your computer
in real-time mode.

• Virus Scan Tasks (see 2.2.2 on pg. 26) that virus-check the computer’s
memory and file system, as individual files, folders, disks, or regions.

• Support Tools (see 2.2.3 on pg. 27) that provide support for the program
and extend its functionality.

2.2.1. Protection components

These protection components defend your computer in real time:

File Anti-Virus

A file system can contain viruses and other dangerous programs.
Malicious programs can remain inactive in your file system for years after
one day being copied from a floppy disk or from the Internet, without
showing themselves at all. But you need only act upon the infected file,
and the virus is instantly activated.

File Anti-virus is the component that monitors your computer’s file system.
It scans all files that are being opened, executed or saved on your
computer and all connected disk drives. Each time a file is accessed,
Kaspersky Anti-Virus intercepts it and scans the file for known viruses. If a
file cannot be disinfected for any reason, it will be deleted, with a copy of

Kaspersky Anti-Virus for Windows Workstations 6.0 25

the file either saved in Backup (see 17.2 on pg. 222), or moved to
Quarantine (see 17.1 on pg. 218).

Mail Anti-Virus

Email is widely used by hackers to spread malicious programs, and is one
of the most common methods of spreading worms. This makes it
extremely important to monitor all email.

The Mail Anti-Virus component scans all incoming and outgoing email on
your computer. It analyzes emails for malicious programs, only granting
the addressee access to the email if it is free of dangerous objects.

Web Anti-Virus

By opening various web sites on the Internet, you risk infecting your
computer with viruses installed on it with scripts that are stored on the
web pages. You also risk download a dangerous file to your computer.

Web Anti-Virus is specially designed to combat these risks, by
intercepting and blocking scripts on web sites if they pose a threat, and by
thoroughly monitoring all HTTP traffic.

Proactive Defense

With every new day, there are more and more malicious programs. They
are becoming more complex, combining several types, and the methods
they use to spread themselves change, they become harder and harder
to detect.

To detect a new malicious program before it has time to do any damage,
Kaspersky Lab has developed a special component, Proactive Defense. It
is designed to monitor and analyze the behavior of all installed programs
on your computer. Kaspersky Anti-Virus decides, based on the program’s
actions: is it potentially dangerous? Proactive Defense protects your
computer both from known viruses and from new ones that have yet to be
discovered.

Anti-Spy

Programs that display unwanted advertising (for example, banner ads and
popup windows), programs that call numbers for paid Internet services
without user authorization, remote administration and monitoring tools,
joke programs, etc. have become increasingly common.

Anti-Spy traces and blocks these actions on your computer. For example,
the component blocks banner ads and popup windows, blocks programs
that attempt autodialing, and analyzes web pages for phishing content.

26 Kaspersky Anti-Virus for Windows Workstations 6.0

Anti-Hacker

Hackers will use any potential hole to invade your computer, whether it is
an open port, data transmissions between computers, etc.

The Anti-Hacker component protects your computer while you are using
the Internet and other networks. It monitors inbound and outbound
connections, and scans ports and data packets.

Anti-Spam

Although not a direct threat to your computer, spam increases the load on
email servers, fills up your email inbox, and wastes your time, thereby
representing a business cost.

The Anti-Spam component plugs into your computer’s email client
program, and scans all incoming email for spam subject matter. The
component marks all spam emails with a special header. Anti-Spam can
be configured to process spam as you like (auto delete, move to a special
folder, etc.).

2.2.2. Virus scan tasks

In addition to constantly monitoring all potential pathways for malicious
programs, it is extremely important to periodically scan your computer for
viruses. This is necessary to detect malicious programs that were not previously
discovered by the program because, for instance, its security level was set too
low.

Kaspersky Anti-Virus for Windows Workstations configures, by default, the
following virus-scan tasks:

Critical Areas

Scans all critical areas of the computer for viruses. This includes system
memory, programs loaded on startup, boot sectors on the hard drive, and
the Microsoft Windows system directories. The task aims to detect active
viruses quickly without fully scanning the computer.

My Computer

Scans for viruses on your computer with a thorough inspection of all disk
drives, memory, and files.

Kaspersky Anti-Virus for Windows Workstations 6.0 27

Startup Objects

Scans for viruses in all programs that are loaded automatically on startup,
plus RAM and boot sectors on hard drives.

There is also the option to create other virus-scan tasks and create a schedule
for them. For example, you can create a scan task for email databases once per
week, or a virus scan task for the My Documents folder.

2.2.3. Program tools

Kaspersky Anti-Virus for Windows Workstations includes a number of support
tools, which are designed to provide real-time software support, expanding the
capabilities of the program and assisting you as you go.

Updater

In order to be prepared for a hacker attack, or to delete a virus or some
other dangerous program, Kaspersky Anti-Virus for Windows
Workstations needs to be kept up-to-date. The Updater component is
designed to do exactly that. It is responsible for updating the Kaspersky
Anti-Virus for Windows Workstations threat signatures and program
modules.

The update distribution feature can save threat signature and application
module updates retrieved from Kaspersky Lab update servers in a local
folder. It then grants other computers on the network access to them to
conserve on Internet bandwidth.

Data Files

Each protection component, virus search task, and program update
creates a report as it runs. The reports contain information on completed
operations and their results. By using the Reports feature, you will remain
up-to-date on the operation of all Kaspersky Anti-Virus for Windows
Workstations components. Should problems arise, the reports can be
sent to Kaspersky Lab, allowing our specialists to study the situation in
greater depth and help you as quickly as possible.

Kaspersky Anti-Virus for Windows Workstations sends all files suspected
of being dangerous to a special Quarantine area, where they are stored in
encrypted form to avoid infecting the computer. You can scan these
objects for viruses, restore them to their previous locations, delete them,
or manually add files to Quarantine. Files that are found not to be infected
upon completion of the virus scan are automatically restored to their
former locations.

The Backup area holds copies of files disinfected and deleted by the
program. These copies are created in case you either need to restore the

28 Kaspersky Anti-Virus for Windows Workstations 6.0

files, or want information about their infection. These backup copies are
also stored in an encrypted form to avoid further infection.

You can manually restore a file from Backup to the original location and
delete the copy.

Rescue Disk

Kaspersky Anti-Virus for Windows Workstations can create a Rescue
Disk, which provides a backup plan if system files are damaged by a virus
attack and it is impossible to boot the operating system. By using the
Rescue Disk in such a case, you can boot your computer and restore the
system to the condition prior to the malicious action.

Support

All registered Kaspersky Anti-Virus users can take advantage of our
technical support service. To learn where exactly you can get technical
support, use the Support feature.

Using these links, you can go to a Kaspersky Lab user forum and a list of
frequently asked questions that may help you resolve your issue. In
addition, by completing the form on the site, you can send Technical
Support a message on the error or failure in the operation of the
application.

You will also be able to access Technical Support on-line, and, of course,
our employees will always be ready to assist you with Kaspersky Anti­Virus by phone.

2.3. Hardware and software system

requirements

For Kaspersky Anti-Virus for Windows Workstations 6.0 to run properly, your
computer must meet these minimum requirements:

General Requirements:

• 50 MB of free hard drive space

• CD-ROM drive (for installing Kaspersky Anti-Virus for Windows

Workstations 6.0 from an installation CD)

• Microsoft Internet Explorer 5.5 or higher (for updating threat signatures
and program modules through the Internet)

• Microsoft Windows Installer 2.0

Kaspersky Anti-Virus for Windows Workstations 6.0 29

Microsoft Windows 98, Microsoft Windows Me, Microsoft Windows NT
Workstation 4.0 (Service Pack 6a):

• Intel Pentium 300 MHz processor or faster (or compatible)

• 64 MB of RAM

Microsoft Windows 2000 Professional (Service Pack 4 or higher), Microsoft
Windows XP Home Edition, Microsoft Windows XP Professional (Service Pack 1
or higher), Microsoft Windows XP Professional x64 Edition:

• Intel Pentium 300 MHz processor or compatible

• 128 MB of RAM

Microsoft Windows Vista, Microsoft Windows Vista x64:

• Intel Pentium 800 MHz 32-bit (x86)/ 64-bit (x64) or faster (or compatible)

• 512 MB of RAM

2.4. Software packages

You can purchase the boxed version of Kaspersky Anti-Virus for Windows
Workstations from our resellers, or download it from Internet shops, including the
eStore section of www.kaspersky.com

If you buy the boxed version of the program, the package will include:

• A sealed envelope with an installation CD containing the program files

• A license key, included with the installation package or on a special

diskette, or an application activation code on the CD slip.

• A User Guide

• The end-user license agreement (EULA)

.

Before breaking the seal on the installation disk envelope, carefully read
through the EULA.

If you buy Kaspersky Anti-Virus for Windows Workstations from an online store,
you copy the product from the Kaspersky Lab website (Downloads → Product

Downloads). You can download the User Guide from the Downloads →
Documentation section.

You will be sent a license key or activation code by email after your payment has
been received.

30 Kaspersky Anti-Virus for Windows Workstations 6.0

The End-User License Agreement is a legal agreement between you and
Kaspersky Lab that specifies the terms on which you may use the software you
have purchased.

Read the EULA through carefully.

If you do not agree with the terms of the EULA, you can return your boxed
product to the reseller from whom you purchased it and be reimbursed for the
amount you paid for the program. If you do so, the sealed envelope for the
installation disk must still be sealed.

By opening the sealed installation disk, you accept all the terms of the EULA.

2.5. Support for registered users

Kaspersky Lab provides its registered users with an array of services to make
Kaspersky Anti-Virus for Windows Workstations more effective.

When the program has been activated, you become a registered user and will
have the following services available until the license expires:

• New versions of the program free of charge

• Consultation on questions regarding installation, configuration, and

operation of the program, by phone and email

• Notifications on new Kaspersky Lab product releases and new viruses
(this services is for users that subscribe to Kaspersky Lab news mailings)

Kaspersky Lab does not provide technical support for operating system use and
operation, or for any products other than its own.