McAfee Dr Solomon’s Anti-Virus v8.5 User Manual

Dr Solomon’s Anti-Virus

User’s Guide

Version 8.5

COPYRIGHT

Copyright © 2000 Network Associates, Inc. and its Affiliated Companies. All Rights Reserved. No part
of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written pe rmission of Network A ssociates,
Inc.

TRADEMARK ATTRIB UTIONS

* ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX,
Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr
Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk,
Hunter, ISDN Tel/Scope , LM 1, LANGur u, Leading H elp Desk Technol ogy, Magic Sol utions, Mag icSpy,
MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More
Power To You, Multimed ia Cloaking, NetCrypto , NetOctopus, NetRoom, Net Scan, Net Shield, NetShiel d,
NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts,
PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty
Good Privacy, PrimeSupport, RecoverKey, Recover Key-International, ReportMagic, RingFence, Ro uter
PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer,
SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM,
TeleSniffer, TIS, TMach, TMeg, Total N etwork Security, Total Network Visibility, Tota l Service Desk,
Total Virus Defense, T-POD, Tru sted Mac h, Truste d Mail, Unin stall er, Vi rex, Vi rex-PC, V irus Fo rum,
ViruScan, VirusScan, VShield, WebScan, WebShield, W ebSniffer , WebStalker WebWall , and ZAC 2000

are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All
other registered and unregistered trademarks in this document are the sole property of their respective
owners.

LICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT
("AGREEMENT"), FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") BY
NETWORK ASSOCIATES, INC. ("McAfee"). BY CLICKING THE ACCEPT BUTTON OR
INSTALLING THE SOFTWARE, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY)
CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. IF YOU DO
NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE BUTTON THAT
INDICATES THAT YOU DO NOT ACCE PT THE TERMS OF THIS AGREEMENT AND DO NOT
INSTALL THE SOFTWARE. (IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE
PLACE OF PURCHASE FOR A FULL RE FUND.)

1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and

conditions of this Agreement, McAfee hereby grants to you a non-exclus ive, non-transferable righ t
to use one copy of the specified version of the Software and the acco mpanying docum entation (the
"Documentation"). You may install one copy of the Software on one computer, workstation,
personal digital assistant, pager, "smart phone" or other electronic device for which the Software
was designed (each, a "Client Device"). If the Software is licensed as a suite or bundle with more
than one specified Software product, this license applies to all such specified Software products,
subject to any restrictions or usage terms specified on the ap plicable price list or product pack aging
that apply to any of such Software products individually.

Issued May 2000/ Dr Solomon’s Anti-Virus v8.5

(i.e., the required number of licenses would equal the number of distinct inputs to the
multiplexing or pooling software or hardware "front end"). If the number of Clien t Devices or
seats that can connect to the Software can exceed the number of licenses you have obtained, then
you must have a reasonabl e mechanism in p lace to ensu re that your us e of the So ftware does no t
exceed the use limits specified for the licenses yo u have obtained. Th is license autho rizes you to
make or download one copy of the Docu mentation for each Client Device or seat that is licensed,
provided that each such copy contains all of the Documentation's proprietary notices.

c. Volume Licenses. If the Software is licensed with volume license terms specified in the

applicable price list or product packaging for the Software, you may make, use and install as
many additional copies of the Software on the number of Client Devices as the volume license
authorizes. You must have a reasonable mechanism in place to ensure that the number of C lient
Devices on which the Software has been installed does not exceed the number of licenses you
have obtained. This license au thorizes you to make or d ownload one copy of the D ocumentation
for each additional copy authorized by the volume license, provided that each such copy contains
all of the Documentation's proprietary notices.

2. Term. This Agreement is effective for an unlimited duration unless and until earlier terminated as

set forth herein. This Agreement will terminate automatically if you fail to comply with any of the
limitations or other requirements described herein. Upon any termination or expiration of this
Agreement, you must destroy all copies of the Software and the Documentation. You may
terminate this Agreement at any point by destroying all copies of the Software and the
Documentation.

3. Updates. For the time period specified in the applicable price list or product packaging for the

Software you are entitled to download revisions or updates t o the Software when and as McAfee
publishes them via its electronic bulletin board system, website or through other online services.
For a period of ninety (90) days from the date of the original purchase of the Software, you are
entitled to download one (1) revision or upgrade to the Software when and as McAfee publishes it
via its electronic bulletin board system, website or through other online services. After the
specified time period, you have no further rights to receive any revisions or upgrades without
purchase of a new license or annual upgrade plan to the Software.

4. Ownership Rights. The Software is protected by United States copyright laws and international

treaty provisions. McAfee and its suppliers own and retain all right, title an d interest in and to the
Software, including all copyrights, patents, trade secret rights, trademarks and other intellectual
property rights therein. Your possession, installation, or use of the Software does not transfer to
you any title to the intellectual p roperty in the Software, and you will not acquire any rights to the
Software except as expressly set forth in this Agreement. All copies of the Software and
Documentation made her eunder must cont ain the same propri etary notices that ap pear on and in the
Software and Documentation.

User’s Guide iii

5. Restrictions. You may not rent, lease, loan or resell the Software. You may not permit third parties

to benefit from the use or functionality of the Software via a timesharing, service bureau or other
arrangement, except to the extent such use is specified in the applicable list price or product
packaging for the Software. You may not transfer any of the rights granted to you under this
Agreement. You may not reverse engineer, decompile, or disassemble the Software, except to the
extent the foregoing restriction i s expres s ly pr ohi bi te d by appl i cable law. You may not modify, or
create derivative works based upon, the Software in whole or in part. You may not copy the
Software or Documentation except as expressly permitted in Section 1 above. You may not remove
any proprietary notices or labels on the Software. All rights not expressly set forth hereunder are
reserved by McAfee. McAfee reserves the right to periodically conduct audits upon advance
written notice to verify compliance with the terms of this Agreement.

6. Warranty and Disclaimer
a. Limited Warranty. McAfee warrants that for sixty (60 ) days from the date of or iginal purchase

the media (e.g., diskettes) on which the Software is contained will be free from defects in
materials and workmanship.

b. Customer Remedies. McAfee's and its suppliers' entire liability and your exclusive remedy for

any breach of the foregoing warranty shall be, at McAfee's option, either (i) return of the
purchase price paid for the license, if any, or (ii) replacement of th e defective media in which the
Software is contained. You must return the defective media to McAfee at your expense with a
copy of your receipt. This limited warranty is void if the defect has resulted from accident,
abuse, or misapplication. Any replacement media will be warranted for the remainder of the
original warranty period. Outside the Un ited States, this remedy is not available to the extent
McAfee is subject to restrictions under United States export control laws and regulations.

c. Warranty Disclaimer. Except for the limited warranty set forth herein, THE SOFTWARE IS

PROVIDED "AS IS." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, MCAFEE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
NONINFRINGEMENT WITH RESPECT TO THE SOFTWARE AND THE
ACCOMPANYING DOCUMENTATION. YOU ASSUME RESPONSIBILITY FOR
SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR
THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE.
WITHOUT LIMITING THE FOREGOING PROVISIONS, MCAFEE MAKES NO
WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM
INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET
YOUR REQUIREMENTS. SOME STATES AND JURISDICTIONS DO NOT ALLOW
LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE LIMITATION MAY NOT
APPLY TO YOU. The foregoing provisions shall be enforceable to the maximum extent
permitted by applicable law.

iv Dr Solomon’s Anti-Virus

7. Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY,
WHETHER IN TORT, CONTRACT, OR OTHERWISE, SHALL MCAFEE OR ITS S UPPLIERS
BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL,
INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE,
COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL OTHER DAMAGES
OR LOSSES. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY DAMAGES IN EXCESS
OF THE LIST PRICE MCAFEE CHARGES FOR A LICE NSE TO THE S OFTWARE, EVEN IF
MCAFEE SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR
PERSONAL INJURY TO THE EXTENT THAT APPLICABLE LAW PROHIBITS SUCH
LIMITATION. FURTHERMORE, SOME STATES AND JURISDICTIONS DO NOT ALLOW
THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES,
SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. The foregoing
provisions shall be enforceable to the maximum extent permitted by applicable law.

8. United S tates Government. The Software and accompanying Documentation are deemed to be
"commercial computer software" and "commercial computer software documentation,"
respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any
use, modification, reproduction, release, performance, display or disclosure of the Software and
accompanying Documentation by the United States Government shall be governed solely by the
terms of this Agreement and shall be prohibited except to the extent expressly permitted by the
terms of this Agreement.

9. Export Controls. Neither the Software nor the Documentation and underlying information or
technology may be downloaded or otherwise exported or re-exported (i) into (or to a national or
resident of ) Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria or any other country to which the
United States has embargoed goods; or (ii) to anyone on the United States Treasury Department's
list of Specially Designated Nations or the United States Commerce Department's Table of Denial
Orders. By downloading or using the Software you are agreeing to the foregoing and you are
certifying that you are not located in, under the control of, or a national or resident of any such
country or on any such list.

IN ADDITION, YOU SHOULD BE AWARE OF THE FOLLOWING: EXPORT OF THE
SOFTWARE MAY BE SUBJECT TO COMPLIANCE WITH THE RULES AND
REGULATIONS PROMULGATED FROM TIME TO TIME BY THE BUREAU OF EXPORT
ADMINISTRATION, UNITED STATES DEPARTMENT OF COMMERCE, WHICH
RESTRICT THE EXPORT AND R E -EX POR T OF CERTAIN PRODUCTS AND TECHNICAL
DATA. IF THE EXPORT OF THE SOFTWARE IS CONTROLLED UNDER SUCH RULES
AND REGULATIONS, THEN THE SOFTWARE SHALL NOT BE EXPORTED OR
RE-EXPORTED, DIRECTLY OR INDIRECTLY, (A) WITHOUT ALL EXPORT OR
RE-EXPORT LICENSES AND UNITED STATES OR OTHER GOVERNMENTAL
APPROVALS REQUIRED BY ANY APP LICABLE LAWS, OR (B) IN V IOLATION OF ANY
APPLICABLE PROHIBITION AGAINST THE EXPORT OR RE-EXPORT OF ANY PART OF
THE SOFTWARE.

User’s Guide v

SOME COUNTRIES HAVE RESTRICTIONS ON THE USE OF ENCRYPTION WITHIN
THEIR BORDERS, OR THE IMPORT OR EXPORT OF ENCRYPTION EVEN IF FOR ONLY
TEMPORARY PERSONAL OR BUSINESS USE. YOU ACKNOWLEDGE THAT THE
IMPLEMENTATION AND ENFORCEMENT OF THESE LAWS IS NOT ALWAYS
CONSISTENT AS TO SPECIFIC COUNTRIES. ALTHOUGH THE FOLLOWING
COUNTRIES ARE NOT AN EXHAUSTIVE LIST THERE MAY EXIST RESTR ICTIONS ON
THE EXPORTATION TO, OR IMPORTATION OF, ENCR YPTION BY: BELGIUM, CH INA
(INCLUDING HONG KONG), FRANCE, INDIA, INDONESIA, ISRAEL, RUSSIA, SAUDI
ARABIA, SINGAPORE, AND SOUTH KOREA. YOU ACKNOWLEDGE IT IS YOUR
ULTIMATE RESPONSIBILITY TO COMPLY WITH ANY AND ALL GOVERNMENT
EXPORT AND OTHER APPLICABLE LAWS AND THAT MCAFEE HAS NO FURTHER
RESPONSIBILITY AFTER THE INITIAL SALE TO YOU WITHIN THE ORIGINAL
COUNTRY OF SALE.

10.High Risk Activities. The Software is not fault-tolerant and is not designed or in tended for use in
hazardous environments requiring fail-safe performance, including without limitation, in the
operation of nuclear facilities, aircraft navigation or communication systems, air traffic control,
weapons systems, direct life-support machines, or any other application in which the failure of the
Software could lead directly to death, personal injury, or severe physical or property damage
(collectively, "High Risk Activities"). McAfee expressly disclaims any express or implied
warranty of fitness for High Risk Activities.

11.Miscellaneous. This Agreement is governed by the laws of the United States and the State of
California, without reference to conflict of laws principles. The application of the United Nations
Convention of Contracts for the International Sale of Goods is expressly excluded. This Agreement
sets forth all rights for the user of the Software and is the entire agreement between the parties. This
Agreement supersedes any other communications with respect to the Software an d Documentation.
This Agreement may not be modified except by a written addendum issued by a duly authorized
representative of McAfee. No provision hereof shall be deemed waived unless such waiver shall
be in writing and signed by McAfee or a duly authorized representative of McAfee. If any
provision of this Agreement is held invalid, the remainder o f this Agreement shall continue in full
force and effect. The parties confirm that it is their wish that this Agreement has been written in
the English language only.

12.McAfee Customer Contact. If you have any questions concerning these terms and conditions, or
if you would like to contact McAfee for any other reason, please call (408) 988-3832, fax (408)
970-9727, or write: McAfee Software, 3965 Freedom Circle, Santa Clara, California 95054.
http://www.mcafee.com.

Statements made to you in the course of this sale are subject to the Year 2000 Information and
Readiness Disclosure Act (Public Law 105-271). In the case of a dispute, this Act may reduce your
legal rights regarding the use of any statements regarding Year 2000 readiness, unless otherwise
specified in your contract or tariff.

vi Dr Solomon’s Anti-Virus

Table of Contents

Preface....................................................xiii

Whathappened?................................................xiii

Whyworry?................................................xiii

Wheredovirusescomefrom? ....................................xiv

Virusprehistory ............................................xiv

VirusesandthePCrevolution .................................xv

Onthefrontier.................................................xviii

Wherenext? ................................................xx

Howtoprotectyourself ..........................................xxi

HowtocontactNetworkAssociates................................xxii

Customerservice...........................................xxii

Technical support .........................................xxiii

Downloadsupport .........................................xxiv

NetworkAssociatestraining.................................xxiv

Commentsandfeedback....................................xxiv

Reportingnewitemsforanti-virusdatafileupdates .............xxiv

Internationalcontactinformation .............................xxvi

Chapter 1. About Dr Solomon’sAnti-Virus .......................29

Introducing D r Solomon’sAnti-Virus ................................29

How does Dr Solomon’sAnti-Viruswork?............................31

What comes with Dr Solomon’sAnti-Virus? ..........................33

What’snewinthisrelease?........................................38

Chapter 2. Installing Dr Solomon’sAnti-Virus ....................41

Beforeyoubegin.................................................41

Systemrequirements.........................................41

Otherrecommendations ......................................42

Preparing to install Dr Solomon’sAnti-Virus .....................42

Installationoptions ..........................................43

Installationsteps ............................................43

Using the Emergency Disk Creation utility . . . . . . . . . ..............57

User’s Guide vii

Table of Contents

Determiningwhenyoumustrestartyourcomputer................62

Testingyourinstallation ..........................................63

Modifying or removing your Dr Solomon’s Anti-Virus installation . . . .64

Chapter 3. Removing Infections

FromYourSystem ....................................69

Ifyoususpectyouhaveavirus... ...................................69

Decidingwhentoscanforviruses ..................................72

Recognizing when you don’thaveavirus ............................73

Understandingfalsedetections ................................74

Responding to viruses or malicious software . . . . . . . . . . . ..............75

Submittingavirussample .........................................87

Using the SendVirus utility to submit a file sample . . ..............87

Capturing boot sector, file-infecting, and macro viruses . . . . . . . . . . . .90

Chapter4. UsingtheWinGuardScanner.........................95

WhatdoestheWinGuardscannerdo?...............................95

WhyusetheWinGuardscanner?...............................96

Browserande-mailclientsupport ..............................97

EnablingorstartingtheWinGuardscanner...........................98

UsingtheWinGuardconfigurationwizard ...........................103

SettingWinGuardscannerproperties ..............................109

UsingtheWinGuardshortcutmenu ................................165

DisablingorstoppingtheWinGuardscanner ........................165

TrackingWinGuardsoftwarestatusinformation......................172

Chapter 5. Using the Dr Solomon’sAnti-Virusapplication .........175

What is the Dr Solomon’sAnti-Virusapplication? ....................175

Why use the Dr Solomon’sAnti-Virusapplication? ...............176

Starting the Dr Solomon’sAnti-Virusapplication .....................177

Configuring the Dr Solomon’sAnti-VirusClassicinterface.............183

Configuring the Dr Solomon’sAnti-VirusAdvancedinterface ..........189

Chapter 6. Creating and Configuring Scheduled Tasks . . . . . . . . . . . .209

What does Dr S olomon’sAnti-VirusConsoledo? ....................209

Whyschedulescanoperations?...................................209

viii Dr Solomon’sAnti-Virus

Table of Contents

Starting the Dr Solomon’sAnti-VirusConsole .......................210

Using the Console window . . . . . . . . . . .............................212

Workingwithdefaulttasks ...................................215

WorkingwiththeVShieldtask ................................217

WorkingwiththeAutoUpgradeandAutoUpdatetasks ............218

Creatingnewtasks..............................................219

Enablingtasks..................................................223

Checkingtaskstatus ........................................226

Configuring Dr Solomon’sAnti-Virusapplicationoptions ..............228

Chapter 7. Updating and Upgrading Dr Solomon’sAnti-Virus ......249

Developinganupdatingstrategy ..................................249

Update and upgrade methods . . . . . . . . .............................250

Understanding the AutoUpdate utility . .............................252

ConfiguringtheAutoUpdateUtility.................................254

UnderstandingtheAutoUpgradeutility .............................263

Configuring the AutoUpgrade utility . . . .............................264

Using the AutoUpgrade and SuperDAT utilities together . . . . . . . . . .273

DeployinganEXTRA.DATfile.................................275

Chapter 8. Using Specialized

Scanning Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277

ScanningMicrosoftExchangeandOutlookmail .....................277

When and why y ou should use the E-Mail Scan extension . . . . . . . . .277

UsingtheE-MailScanextension...................................278

ConfiguringtheE-MailScanextension .........................279

Scanningcc:Mail................................................294

UsingtheScreenScanutility ......................................294

Chapter 9. Using Dr Solomon’s Anti-Virus Utilities . . . . . . . . . . . . . . .301

Understanding the Dr Solomon’sAnti-Viruscontrolpanel .............301

Opening the Dr Solomon’sAnti-Viruscontrolpanel...................301

Choosing Dr Solomon’sAnti-Viruscontrolpaneloptions ..............302

Using the Alert Manager Client Configuration utility . . . . . .............306

Dr Solomon’sAnti-VirusasanAlertManagerclient...................307

ConfiguringtheAlertManagerclientutility ..........................307

User’s Guide ix

Table of Contents

Appendix A. Default Vulnerable and Compressed File Extensions . .313

Addingfilenameextensionsforscanning...........................313

Currentlistofvulnerablefilenameextensions.......................314

Currentlistofcompressedfilesscanned ...........................318

Appendix B. Network Associates

Support Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Adding value to your Dr Solomon’sproduct .........................321

PrimeSupport options for corporate customers . . . . . .............321

Ordering a corporate PrimeSupport plan . . . . . . . . . . .............324

PrimeSupport options for home users . .............................326

How to reach international home user support . . . . . . .............328

Ordering a PrimeSupport plan for home users . . . . . . .............328

NetworkAssociatesconsultingandtraining.........................329

ProfessionalServices .......................................329

TotalEducationServices.....................................330

Appendix C. Using the SecureCast Service to Get New Data Files . .331

Introducing the SecureCast service . . . .............................331

Why should I update my data files? . . . .............................332

Which data files does the SecureCast service deliver? . . . . . . . . . . . .332

Installing the BackWeb client and SecureCast service . . . . .............333

Systemrequirements........................................333

Troubleshooting the Enterprise SecureCast service . .............343

UnsubscribingfromtheSecureCastservice.....................343

Supportresources ..............................................343

SecureCastservice .........................................343

BackWebclient.............................................344

Appendix D. Understanding iDAT Technology . . . . . . . . . . . . . . . . . . .345

Understandingincremental.DATfiles ..............................345

How does iDAT updating work? . . . . . . .............................346

What does Dr S olomon’sSoftwareposteachweek?..............347

Bestpractices ..................................................348

Frequentlyaskedquestions ......................................349

x Dr Solomon’sAnti-Virus

Table of Contents

Index......................................................353

User’s Guide xi

Table of Contents

xii Dr Solomon’sAnti-Virus

Preface

What happened?

If you’ve ever lost important files stored on your hard disk, watched indismay

as your computer ground to a halt only to display a prankster’s juvenile

greeting on your monitor, or found yourself having to apologize for abusive

e-mail messages you never sent, you know first-hand how computer viruses

and other harmful programs can disrupt your productivity. If you haven’t yet

suffered from a virus “infection,” count yourself lucky. But with more than

50,000 known viruses in circulation capable of attacking Windows- and

DOS-based computer systems, it really is only a matter of time before you do.

The good news is that of those thousands of circulating viruses, only a small

proportion have the means to do real damage to your data. In fact, the term

“computer virus” identifies a broad array of programs that have only one

feature in common: they “reproduce” themselves automatically by attaching

themselves to host software or disk sectors on your computer, usually without

your knowledge. Most viruses cause relatively trivial problems, ranging from

the merely annoying to the downright insignificant. Often, the primary

consequence of a virus infection is the cost you incur in time and effort to track

down the source of the infection and eradicate all of its traces.

Why worry?

So why worry about virus infections, if most attacks do little harm? The

problem is twofold. First, although relatively few viruses have destructive

effects, that fact says nothing about how widespread the malicious viruses are.

In many cases, viruses with the most debilitating effects are the hardest to

detect—the virus writer bent on causing harm will take extra steps to avoid

discovery. Second, even “benign” viruses can interfere with the normal

operationofyourcomputerandcancauseunpredictablebehaviorinother

software. Some viruses contain bugs, poorly written code, or other problems

severe enough to cause crashes when they run. Other times, legitimate

software has problems running when a virus has, intentionally or otherwise,

altered system parameters or other aspects of the computing environment.

Tracking downthe sourceof resulting system freezes or crashes can drain time

and money from more productive activities.

Beyond these problems lies a problem of perception: once infected, your

computer can serve as a source of infection for other computers. If you

regularly exchange data with colleagues or customers, you could unwittingly

pass on a virus that could do more damage to your reputation or your dealings

with others than it does to your computer.

User’s Guide xiii

Preface

The threat from viruses and other malicious software is real, and it is growing

worse. Some estimates have placed the total worldwide cost in time and lost

productivity for merely detecting and cleaning virus infections at more than

$10 billion per year, a figure that doesn’t include the costs of data loss and

recovery in the wake of attacks that destroyed data.

Where do viruses come from?

As you or one of your colleagues recovers from a virus attack or hears about

new forms of malicious software appearing in commonly used programs,

you’ve probably asked yourself a number of questions about how we as

computer users got to this point. Where do viruses and other malicious

programs come from? Who writes them? Why do those who write them seek

to interrupt workflows, destroy data, or cost people the time and money

necessary to eradicate them? What can stop them?

Why did this happen to me?

It probably doesn’t console youmuch to hear that the programmerwho wrote

the virus that erased your hard disk’s file allocation table didn’t target you or

your computer specifically. Nor will it cheer you up to learn that the virus

problem will probablyalways be with us. But knowing a bit about the history

of computer viruses and how they work can help you better protect yourself

against them.

Virus prehistory

Historians have identified a number of programs that incorporated features

now associated with viru s software. Canadianresearcher and educator Robert

M. Slade traces virus lineage back to special-purpose utilities used to reclaim

unused file space and perform other useful tasks in the earliest networked

computers. Slade reports that computer scientists at a Xerox Corporation

research facility called programs like these “worms,” a term coined after the

scientists noticed “holes” in printouts from computer memory maps that

looked as though worms had eaten them. The term survives to this day to

describe programs that make copies of themselves, but without necessarily

using host software in the process.

A strong academic tradition of computer prank playing most likely

contributed to the shift away from utility programs and toward more

malicioususesoftheprogrammingtechniquesfoundinwormsoftware.

Computer science students, often to test their programming abilities, would

construct rogue worm programs and unleash them to “fight” against each

other, competing to see whose program could “survive” while shutting down

rivals. Those same students also found uses for worm programs in practical

jokes they played on unsuspecting colleagues.

xiv Dr Solomon’sAnti-Virus

Some of these studentssoon discovered that they coulduse certain features of

the host computer’s operating system to give them unauthorized access to

computer resources. Others took advantage of users who had relatively little

computer knowledge tosubstitute their own programs—written fortheir own

purposes—in place of common or innocuous utilities. These unsophisticated

users would run what they thought was their usual software only to find their

files erased, to have their account passwords stolen, or to suffer other

unpleasant consequences. Such “Trojan horse” programs or “Trojans,” so

dubbed for their metaphorical r esemblance to the ancient Greek gift to t he city

of Troy, remain a significant, and growing, threat to computer users today.

Viruses and the PC revolution

What we now think of as true computer viruses first appeared, according to

Robert Slade, soon after the first personal computers reached the mass market

in the early 1980s. Other researchers date the advent of virus programs to 1986,

with the appearance of the “Brain” virus. Whichever date has the better claim,

the link between the virus threat and the personal computer is not

coincidental.

Preface

The new mass distribution of computers meant that viruses could spread to

many more hosts than before, w hen a comparatively few, closely guarded

mainframe systems dominated the computing world from their bastions in

large corporations and universities.Nor did the individual users who bought

PCs have much use for the sophisticated security measures needed to protect

sensitive data in those environments. As further catalyst, virus writers found

it relatively easy to exploit some PC technologies to serve their ow n ends.

Boot-sector viruses

Early PCs, for example, “booted” or loaded their operating systems from

floppy disks. The authors of the Brain virus discovered that they could

substitute their own program for the executable code present on the boot

sector of every floppy disk formatted with Microsoft’s MS-DOS, whether or

not it included system files. Users thereby loaded the virus into memory every

time they started their computers with any formatted disk in their floppy

drives. Once in memory, a virus can copy itself to boot sectors on other floppy

or hard disks. Those who unintentionally loaded Brain from an infected

floppy found themselves reading an ersatz “advertisement” for a computer

consulting company in Pakistan.

With that advertisement, Brain pioneered another characteristic feature of

modern viruses: the payload. The payload is the prank or malicious behavior

that,iftriggered,causeseffectsthatrangefromannoyingmessagestodata

destruction. It’s the virus characteristic that draws the most attention—many

virus authors now write their viruses specifically to deliver their payloads to

as many computers as possible.

User’s Guide xv

Preface

For a time,sophisticated descendants ofthis firstboot-sector virus represented

themostseriousvirusthreattocomputerusers.Variantsofbootsectorviruses

also infect the Master Boot Record (MBR), which stores the partition

information your computer needs to figure out where to find each of your

hard disk partitions and the boot sector itself.

Realistically, nearly every step in the boot process, from reading the MBR to

loading the operating system, is vulnerable to virus sabotage. Some of the

most tenacious and destructive viruses still include the ability to infect your

computer’s boot sector or MBR among their repertoire of tricks. Among other

advantages, loading atboot time can give a virus a chance todo itswork before

your anti-virus software has a chance to run. Many Dr Solomon’s anti-virus

products anticipate this possibility by allowing you to create an emergency

disk you can use to boot your computer and remove infections.

ButmostbootsectorandMBRviruseshadaparticularweakness:theyspread

by means of floppy disks or other removable media, riding concealed in that

first track of disk space. As fewer users exchanged floppy disks and as

software distribution came to rely on other media, such as CD-ROMs and

direct downloading from the Internet, other virus ty pes eclipsed the boot

sector threat. But it’s far from gone—many later-generation viruses routinely

incorporate functions that infect your hard disk boot sector or MBR, even if

they use other methods as their primary means of transmission.

Those same viruseshave alsobenefitted fromseveral generationsof evolution,

andtherefore incorporate muchmore sophisti cated infectionand concealment

techniques that make it far from simple to detect them, even when they hide

in relatively predictable places.

File infectorviruses

At about the same time as the authors of the Brain virus found vulnerabilities

in the DOS boot sector, other virus writers found out how to use other

software to help replicate their creations.An earlyexample of this typeof virus

showed up in computers at Lehigh U niversity in Pennsylvania. The virus

infected part of the DOS command interpreter COMMAND.COM, which it

used to load itself into memory. Once there, it spread to other uninfected

COMMAND.COM files eachtime auser enteredany standard DOScommand

that involved disk access. This limited its spread to floppy disks that

contained, usually, a full operating system.

Later viruses quickly overcame this limitation, sometimes with fairly clever

programming. Virus writers might, for instance, have their virus add its code

to the beginning of an executable file, so that when users start a program, the

virus code executes immediately, then transfers control back to the legitimate

software, which runs as though nothing unusual has happened. Once it

activates, the virus “hooks” or “traps” requests that legitimate software makes

to the operating system and substitutes its own responses.

xvi Dr Solomon’sAnti-Virus

Preface

Particularly clever viruses can even subvert attempts to clear them from

memory by trapping the CTRL+ALT+DEL keyboard sequence for a warm

reboot, then faking a restart. Sometimes the only outward indication that

anything on your system is amiss—before any payload detonates, that

is—might be a small change in the file size of infected legitimate software.

Stealth, mutation, encryption, and polymorphic techniques

Unobtrusive as they might be, changes in file size and other scant evidence of

a virus infection usually gives most anti-virus software enough of a scent to

locate and remove the offending cod e. One of the virus writer’s principal

challenges, therefore, is to find ways to hide his or her handiwork. The earliest

disguises were a mixture of innovative programming and obvious giveaways.

The Brain virus, for instance, redirected requests to see a disk’s boot sector

away from the actual location of the infected sector to the new location of the

boot files, which the virus had moved. This “stealth” capability enabled this

and other viruses to hide from conventional search techniques.

Because viruses needed to avoid continuously reinfecting host systems—

doing so would quickly balloon an infected file’s size to easily detectable

proportions or would consume enough system resources to point to an

obvious culprit—their authors also needed to tell them to leave certain files

alone. They addressed this problem by having the virus write a characteristic

byte sequence or, in 32-bit Windows operating systems, create a particular

registry key that would flag infected files with the software equivalent of a “do

not disturb” sign. Although that kept the virus from giving itself away

immediately, it opened the way for anti-virus software to use the “do not

disturb” sequence itself, along with other characteristic patterns that the virus

wrote into files it infected, to spot its “code signature.” Most anti-virus

vendors now compile and regularly update a database of virus “definitions”

that their products use to recognize those code signatures in the files they scan.

In response, virus writers found ways to conceal the code signatures. Some

viruses would “mutate” or transform their code signatures with each new

infection. Others encrypted themselves and, as a result, their code signatures,

leaving only a couple of bytes to use as a key for decryption. The most

sophisticated new viruses employed stealth, mutation and encryption to

appear in an almost undetectable variety of new forms. Finding these

“polymorphic” viruses required software engineers to develop very elaborate

programming techniques for anti-virus software.

User’s Guide xvii

Preface

Macro viruses

By 1995 or so, the virus war had come to something of a standstill. New viruses

appeared continuously, prompted in part by the availability of ready-made

virus “kits” that enabled even some non-programmers to whip up a new virus

in no time. But most existing anti-virus software easily kept pace with updates

that detected and disposed of the new virus variants, which consisted

primarily of minor tweaks to well-known templates.

But 1995 marked the emergence of the Concept virus, which added a new and

surprising twist to virus history. Before Concept, most virus researchers

thought of data files—the text, spreadsheet, or drawing documents created by

the software you use—as immune to infection. Viruses, after all, are programs

and, as such, needed to run in the same way executable software did in order

to do their damage. Data files, on the other hand, simply stored information

that you entered when you worked with your software.

That distinction melted away when Microsoft began adding macro

capabilities to Word and Excel, the flagship applications in its Office suite.

Using the stripped-down version of its Visual Basic language included w ith

the suite, users could create document templates that would automatically

format and add other features to documents created with Word and Excel.

Other vendors quickly followed suit with their products, either using a

variation of the same Microsoft macro language or incorporating one of their

own. Virus writers, in turn, seized the opportunity that this presented to

conceal and spread viruses in documents that you, the user, created yourself.

The exploding popularity of the Internet and of e-mail software that allowed

users to attachfiles to messagesensured thatmacro viruses wouldspread very

quickly and very widely. Within a year,macro virusesbecame themost potent

virus threat ever.

On the frontier

Even as viruses grew more sophisticated and continued to threaten the

integrity of computer systems we all had come to depend upon, still other

dangers began to emerge from an unexpected source: the World Wide Web.

Once a repository of research papers and academic treatises, the web has

transformed itself into perhaps the most versatile and adaptable medium ever

invented for communication and commerce.

Because its potential seems so vast, the web has attracted the attention and the

developmental energies of nearly every computer-related company in the

industry.

xviii Dr Solomon’sAnti-Virus

Convergences in the technologies that have resulted from this feverish pace of

invention have given website designers tools they can use to collect and

display information in ways never previously available. Websites soonsprang

up that could send and receive e-mail, formulate and execute queries to

databases using advanced search en gines, send a nd receive live audio and

video, and distribute data and multimedia resources to a worldwide audience.

Much of the technology that made these features possible consisted of small,

easily downloaded programs that interact with your browser software and,

sometimes, with other software on your hard disk. This same avenue served

as an entry point into your computer system for other—less benign—

programs to use for their own purposes.

Java, ActiveX, and scripted objects

These programs, whether beneficial or harmful, come in a variety of forms.

Someare special-purpose miniatureapplications, or “applets,”written in Java,

a programming language first developed by Sun Microsystems. Others are

developed using ActiveX, a Microsoft technology that programmers can use

for similar purposes.

Preface

Both Java and ActiveX make extensive use of prewritten software modules, or

“objects,” that programmers can write themselves or take from existing

sources and fashion into the plug-ins, applets, device drivers and other

software needed to power the web. Java objects a re called “classes,” while

ActiveX objects are called “controls.” The principle difference between them

lies in how they run on the host system. Java applets run in a Java “virtual

machine” designed to interpret Java programming and translate it into action

on the host machine, while ActiveX controls run as native Windows software

that links and passes data among other Windows programs.

The overwhelming majority of these objects are useful, even necessary, parts

of any interactive website. But despite the best efforts of Sun and Microsoft

engineers to design security measures into them, determined programmers

can use Java and ActiveX tools to plant harmful objects on websites, where

they can lurk until visitors unwittingly allow them access to vulnerable

computer systems.

Unlike viruses, harmful Java and ActiveX objects usually don’t seek to

replicate themselves. The web provides them with plenty of opportunities to

spread to target computer systems, while their small size and innocuous

nature makes it easy for them to evade detection. In fact, unless you tell your

web browser specifically to block them, Java and ActiveX objects download to

your system automatically whenever you visit a website that hosts them.

User’s Guide xix

Preface

Instead, harmful objects exist to deliver their equivalent of a virus payload.

Programmers have written objects, for example, th at can read data from your

hard disk and send it back to the website you visited, that can “hijack” your

e-mail account and send out offensive messages in your name, or that can

watch data that passes between your computer and other computers.

Even more powerful agents have beg un to appear in applications that run

directly from websites you visit. JavaScript, a scripting language with a name

similar to the unrelated Java language, first appeared in Netscape Navigator,

with its implementation of version 3.2 of the Hyper Text Markup Language

(HTML) standard. Since its introduction, JavaScript has grown tremendously

in capability and power, as have the host of other scripting technologies that

have followed it—including Microsoft VBScript and Active Server Pages,

Allaire Cold Fusion, and others. These technologies now allow software

designers to create fully realized applications that run on web servers, interact

with databases and other data sources, and directly manipulate features in the

web browser and e-mail client software running on your computer.

As with Java and ActiveX objects, significant security measures exist to

prevent malicious actions, but virus writers and security hackers have found

ways around these. Because the benefits these innovations bring to the web

generally outweightherisks,however,mostusersfindthemselvescalculating

the tradeoffs rather than shunning the technologies.

Where next?

Malicious software has even intruded into areas once thought completely out

of bounds. Users of the mIRC Int ernet Relay Chat client, for example, have

reported encountering viruses constructed from the mIRC scripting language.

The chat client sends script viruses as plain text, which would ordinarily

preclude them from infecting systems, but older versions of the mIRC client

software would interpret the instructions coded into the script and perform

unwanted actions on the recipient’s computer.

The vendors moved quickly to disable this capability in updated versions of

the software, but the mIRC incident illustrates the general rule that where a

way exists to exploit a software security hole, someone will find it and use it.

Late in 1999, another virus writer demonstrated this rule yet again with a

proof-of-concept virus called VBS/Bubbleboy that ran directly within the

Microsoft Outlook e-mail client byhijacking its built-in VBScript support. This

virus crossed the once-sharp line that divided plain-text e-mail messages from

the infectable attachments they carried. VBS/Bubbleboy didn’t even require

youto openthee-mailmessage—simplyviewingit from theOutlookpreview

window could infect your system.

xx Dr Solomon’sAnti-Virus

How to protect yourself

Dr Solomon’s Anti-Virus already gives you an important bulwark against

infection and damage to your data, but anti-virus software is only one part of

the security measuresyou should take to protect yourself. Anti-virus software,

moreover,isonlyasgoodasitslatestupdate.Becauseasmanyas200to300

viruses and variants appear each month, the virus definition (.DAT) files that

enable Dr Solomon’s software to detect and remove viruses can get quickly

outdated. If you have not updated the files that originally came with your

software, you could riskinfection from newly emerging viruses. Dr Solomon’s

Software has, however, assembled the world’s largest and most experienced

anti-virus research staff in its Anti-Virus Emergency Response Team

(AVERT)*. This means that the files you need to combat new viruses appear as

soon as—and often befo re—you need them.

Most other security measures are common sense—checking disks you receive

from unknown or questionable sources, either with anti-virus software or

some kind of verification utility, is always a good idea. Malicious

programmers have gone so far as to mimic the programs you trust to guard

your computer, pasting a familiar face on software with a less-than-friendly

purpose. Neither Dr Solomon’s nor any other anti-virus software, however,

can detect when someone substitutes an as-yet unidentified Trojan horse or

other malicious program for one of your favorite shareware or commercial

utilities—that is, until after the fact.

Preface

Web and Internet access poses its own risks. Dr Solomon’s Anti-Virus* gives

you the ability to block dangerous web sites so that users can’t inadvertently

download malicious software from known hazards; it also catches hostile

objects that get downloaded anyway. But having a top-notch firewall in place

to protect your network and implementing other network security measures

is a necessity when unscrupulous attackers can penetrate your network from

nearly any point on the globe, whether to steal sensitive data or implant

malicious code. You should also make sure that your network is not accessible

to unauthorized users, and that you have an adequate training program in

place to teach and enforce security standards. To learn about the origin,

behavior and other characteristics of particular viruses, consult the Virus

Information Library maintained on the AVERT website.

Dr Solomon’s Software can provide you with other powerful software in the

Active Virus Defense* (AVD) and Total Vi rus Defense (TVD) suites, the mo st

comprehensive anti-virus solutions available. Related companies within the

Network Associatesfamily provide other technologies thatalso helpto protect

your network, including the PGP Security CyberCop product line, and the

Sniffer Technologies network monitoring product suite. Contact your

Network Associates representative, or visit the Network Associates website,

to find out how to enlist the power of these security solutions on your side.

User’s Guide xxi

Preface

How to contact Network Associates

Customer service

On December 1, 1997, McAfee Associates merged with Network General

Corporation, Pretty Good Privacy, Inc., and Helix Software, Inc. to form

Network Associates, Inc. The combined Company subsequently acquired Dr

Solomon's Software, Trusted Information Systems, Magic Solutions, and

CyberMedia, Inc.

A January 2000 company reorganization formed four independent business

units, each concerned with a particular product line. These are:

• MagicSolutions. This division supplies the TotalService deskproduct line

and related products

• McAfee and Dr Solomon’s Software. These divisions provide the Active

Virus Defense product suite and related anti-virus software solutions to
corporate and retail customers.

• PGP Security. This division provides award-winning encryption and

security solutions, including the PGP data security and encryption product
line, the Gauntlet firewall product line, the WebShield E-ppliance
hardware line, and the CyberCop Scanner and Monitor product series.

• Sniffer Technologies. This division supplies the industry-leading Sniffer

network monitoring, reporting, and analysis utility and related software.

Network Associates continues to market and support the product lines from

each of the new independent business units. You may direct all questions,

comments, or requests concerning the software you purchased, your

registration status, or similar issues to the Network Associates Customer

Servicedepartmentatthefollowingaddress:

Network Associates Customer Service

4099 McEwan, Suite 500

Dallas, Texas 75244

U.S.A.

The department's hours of operation are 8:00 a.m. and 8:00 p.m. Central time,

Monday through Friday

Other contact information for corporate-licensed customers:

Phone: (972) 308-9960

Fax: (972) 619-7485 (24-hour, Group III fax)

E-Mail: services_corporate_division@nai.com

Web: http://www.nai.com

xxii Dr Solomon’sAnti-Virus

Other contact information for retail-licensed customers:

Phone: (972) 308-9960

Fax: (972) 619-7485 (24-hour, Group III fax)

E-Mail: cust_care@nai.com

Web: http://www.drsolomon.com/

Technical support

Dr Solomon’s Software and Network Associates are famous for their

dedication to customer satisfaction. The companies have continued this

tradition by making their sites on the World Wide Web valuable resources for

answers to technicalsupport issues.Dr Solomon’sSoftware encouragesyou to

make this your first stop for answers to frequently asked questions, for

updates to Dr Solomon’s and Network Associates software, and for access to

news and virus information

Preface

.

World Wide Web http://www.nai.com/asp_set/services/technical_support

/tech_intro.asp

Ifyoudonotfindwhatyouneedordonothavewebaccess,tryoneofour

automated services.

Internet techsupport@mcafee.com
CompuServe GO NAI
America Online keyword MCAFEE

If the automated services do not have the answers you need, contact Network

Associates at one of the following numbers Monday through Friday between

A.M.and8:00P.M. Central time to find out about Network Associates

8:00

technical support plans.

For corporate-licensed customers:

Phone (972) 308-9960
Fax (972) 619-7845

For retail-licensed customers:

Phone (972) 855-7044
Fax (972) 619-7845

This guide includes a summary of the PrimeSupport plans available to Dr

Solomon’s customers. To learn more about plan features and other details, see

Appendix B, “Network Associates Support Services.”

User’s Guide xxiii

Preface

To provide the answers you need quickly and efficiently, the Network

Associates technical support staff needs some information about your

computer and your software. Please include this information in your

correspondence:

• Product name and version number

• Computer brand and model

• Any additional hardware or peripherals connected to your computer

• Operating system type and version numbers

• Network type and version, if applicable

• Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN
script

• Specific steps to reproduce the problem

Download support

Toget help with navigating or downloading files from theNetwork Associates
or Dr Solomon’s websites or FTP sites, call:

Corporate customers (801) 492-2650
Retail customers (801) 492-2600

Network Associates training

For information about scheduling on-site training for any Dr Solomon’s or
Network Associates product, call Network Associates Customer Service at:
(972) 308-9960.

Comments and feedback

Dr Solomon’s Software appreciates your comments and reserves the right to
use any information you supply in any way it believes appropriate without
incurring any obligation whatsoever.

Reporting new items for anti-virus data file updates

Dr Solomon’s Anti-Virus offers you the best available detection and removal
capabilities, including advanced heuristic scanning that can detect new and
unnamed viruses as they emerge. Occasionally, however, an entirely new type
of virus that is not a variationon an older type can appear on your system and
escape detection.

xxiv Dr Solomon’sAnti-Virus

Preface

Because Dr Solomon’s researchers are committed to providing you with
effective and up-to-date tools you can use to protect your system, please tell
them about any new Java classes, ActiveX controls, dangerous websites, or
viruses that your software does not now detect. Note that Dr Solomon’s
Software reserves the right to use any information you supply as it deems
appropriate, without incurring any obligations whatsoever. Send your
questions or virus samples to:

virus_research@nai.com Use this address to send questions or

virus samples to our North America
and South America offices

vsample@nai.com Use this address to send questions or

virus samples gathered with Dr
Solomon’s Anti-Virus Toolkit* software
to our offices in the United Kingdom

To report items to the Dr Solo mo n’s Software European research office, use
these e-mail addresses:

virus_research_europe@nai.com Use this address to send questions or

virus samples to ouroffices in Western
Europe

virus_research_de@nai.com Use this address to send questions or

virus samples gathered with Dr
Solomon’s Anti-Virus Toolkit software
to our offices in Germany

To report items to the Dr Solo mo n’s Software Asia-Pacific research office, or
theofficeinJapan,useoneofthesee-mailaddresses:

virus_research_japan@nai.com Use this address to send questions or

virus samples to our offices in Japan
and East Asia

virus_research_apac@nai.com Use this address to send questions or

virus samples to our offices in Australia
and Southeast Asia

User’s Guide xxv

Preface

International contact information

To contact Network Associates outside the United States, use the addresses,
phone numbers and f ax numbers below.

Network Associates
Australia

Level 1, 500 Pacific H ighway
St. Leonards, NSW
Sydney, Australia 2065
Phone: 61-2-8425-4200
Fax: 61-2-9439-5166

Network Associates
Belgique

BDC Heyzel Esplanade, boîte 43
1020 Bruxelles
Belgique

Phone: 0032-2 478.10.29
Fax: 0032-2 478.66.21

Network Associates
Canada

Network Associates
Austria

Pulvermuehlstrasse 17
Linz, Austria
Postal Code A-4040
Phone: 43-732-757-244
Fax: 43-732-757-244-20

Network Associates
do Brasil

Rua Geraldo Flausino Gomez 78
Cj. - 51 Brooklin Novo - São Paulo
SP - 04575-060 - Brasil

Phone: (55 11) 5505 1009
Fax: (5511) 5505 1006

Network Associates
People’s Republic of China

139 Main Street, Suite 201
Unionville, Ontario
Canada L3R 2G6
Phone: (905) 479-4189
Fax: (905) 479-4540

Network Associates Denmark

Lautruphoej 1-3
2750 Ballerup
Danmark
Phone: 45 70 277 277
Fax: 4544 209 910

New Century Office Tower, Room 1557
No. 6 Southern Road Capitol Gym
Beijing
People’s Republic of China 100044
Phone: 8610-6849-2650
Fax: 8610-6849-2069

NA Network Associates Oy

Mikonkatu 9, 5. krs.
00100 Helsinki

Finland
Phone: 358 9 5270 70
Fax: 3589 5270 7100

xxvi Dr Solomon’sAnti-Virus

Preface

Network Associates
France S.A.

50 Rue de Londres
75008 Paris
France
Phone: 33 1 44 908 737
Fax: 33145227554

Network Associates Hong Kong

19th Floor, Matheson Centre
3 Matheson Way
Causeway Bay
Hong Kong 63225
Phone: 852-2832-9525
Fax: 852-2832-9530

Network Associates
Deutschland GmbH

Ohmstraße1
D-85716 Unterschleißheim
Deutschland
Phone: 49 (0)89/3707-0
Fax: 49 (0)89/3707-1199

Network Associates Srl

Centro Direzionale Summit
Palazzo D/1
Via Brescia, 28
20063 - Cernusco sul Naviglio (MI)
Italy
Phone: 39 02 92 65 01
Fax: 3902 92 14 16 44

Network Associates Japan, Inc.

Toranomon 33 Mori Bldg.
3-8-21 Toranomon Minato-Ku
Tokyo 105-0001 Japan
Phone: 81 3 5408 0700
Fax: 813 5408 0780

Network Associates
de Mexico

Andres Bello No. 10, 4 Piso
4th Floor
Col. Polanco
Mexico City, Mexico D.F. 11560
Phone: (525) 282-9180
Fax: (525) 282-9183

Network Associates Latin America

1200S.PineIslandRoad,Suite375
Plantation, Florida 33324
United States
Phone: (954) 452-1731
Fax: (954) 236-8031

Network Associates
International B.V.

Gatwickstraat 25
1043 GL Amsterdam
The Netherlands
Phone: 31 20 586 6100
Fax: 3120 586 6101

User’s Guide xxvii

Preface

Network Associates
Portugal

Av. da Liberdade, 114
1269-046 Lisboa
Portugal
Phone: 351 1 340 4543
Fax: 351 1 340 4575

Network Associates
South East Asia

78 Shenton Way
#29-02
Singapore 079120
Phone: 65-222-7555
Fax: 65-220-7255

Net Tools Network Associates
South Africa

Bardev House, St. Andrews
Meadowbrook Lane
Epson Downs, P.O. Box 7062
Bryanston, Johannesburg
South Africa 2021
Phone: 27 11 706-1629
Fax: 2711 706-1569

Network Associates
Spain

a

Orense 4, 4

Planta.
Edificio Trieste
28020 Madrid, Spain
Phone: 34 9141 88 500
Fax: 349155 61 404

Network Associates Sweden

Datavägen 3A
Box 596
S-17526Järfälla
Sweden
Phone: 46 (0) 8 580 88 400
Fax: 46(0) 8 580 88 405

Network Associates
Taiwan

Suite6,11F,No.188,Sec.5
NanKingE.Rd.
Taipei, Taiwan, Republic of China
Phone: 886-2-27-474-8800
Fax: 886-2-27-635-5864

Network Associates AG

Baeulerwisenstrasse 3
8152 Glattbrugg
Switzerland
Phone: 0041 1 808 99 66
Fax: 0041 1 808 99 77

Network Associates
International Ltd.

227 Bath Road
Slough, Berkshire
SL1 5PP
United Kingdom
Phone: 44 (0)1753 217 500
Fax: 44(0)1753 217 520

xxviii Dr Solomon’sAnti-Virus

1About Dr Solomon’sAnti-Virus

Introducing Dr So lomon’sAnti-Virus

Eighty percent of the Fortune 100—and more than 50 million users
worldwide—choose Dr Solomon’s Anti-Virus to protect their computers from
the staggering range of viruses and other malicious agents that has emerged
in the last decade to invade corporate networks and cause havoc for business
users. They do so because Dr Solomon’s Anti-Virus offers the most
comprehensive desktop anti-virus security solution available, with features
that spot viruses, block hostile ActiveX and Java objects, identify dangerous
websites, stop infectious e-mail messages—andeven root out “zombie” agents
that assist in large-scale denial-of-service attacks from across the Internet.
They do so also because they recognize how much value Dr Solomon’s
anti-virus research and development brings to their fight to maintain network
integrity and service levels, ensure data security, and reduce ownership costs.

With more than 50,000 viruses and malicious agents now in circulation, the
stakes in this battle have risen considerably. Viruses and worms now have
capabilities that can cost an enterprise real money, not just in terms of lost
productivity and cleanup costs, but in direct bottom-line reductions in
revenue, as more businesses move into e-commerce and online sales, and as
virus attacks proliferate.

1

Dr Solomon’s Anti-Virusfirsthoned its technologicaledge asone ofa handful
of pioneering utilities developed to combat the earliest virus epidemics of the
personal computer age. It has developed considerably in the intervening years
to keep pace with each new subterfuge that virus writers have unleashed. As
one of the first Internet-aware anti-virus applications, it maintains its value
today as an indispensable business utility for the new electronic economy.
Now, with this release, Dr Solomon’s Anti-Virus adds a whole new level of
manageability and integration with other Dr Solomon’s anti-virus tools.

Architectural improvements mean t hat each Dr Solomon’s Anti-Virus
component meshes closely with the others, sharing data and resources for
better application response and fewer demands on your system. Full support
for Network Associates ePolicy Orchestrator management sof tware means
that network administrators can handle the details of component and task
configuration, leaving you free to concentrate on your own work. A new
incremental updating technology, meanwhile, means speedier and less
bandwidth-intensive virus definition and scan engine downloads—now the
protection you need to deal with the blindingly quick distribution rates of
new-generation viruses can arrive faster than everbefore. To learn more about
these features, see “What’s new in this release?” on page 38.

User’s Guide 29

About Dr Solomon’sAnti-Virus

The new release also adds multiplatform support for Windows 95, Windows
98, Windows NT Workstation v4.0, and Windows 2000 Professional, all in a
single package with a single installer, but optimized to take advantage of the
benefits each platform offers. Windows NT Workstation v4.0 and Windows
2000 Professional users, for example, can run Dr Solomon’s Anti-Virus with
differing security levels that provide a range of enforcement options for
system administrators. That way, corporate anti-virus policy implementation
can vary from the relatively casual—where an administrator might lock down
a few critical settings, for example—to the very strict, with predefined settings
that users cannot change or disable at all.

At the same time, as the cornerstone product in the Dr Solomon’s Active Virus
Defense and Total Virus Defense security suites, Dr Solomon’s Anti-Virus
retains the same core features that have made it the utility of choice for the
corporate desktop. These include a virus detection rate second to none,
powerful heuristic capabilities, Trojan horse program detection and removal,
rapid- response updating with weekly virus definition (.DAT) file releases,
daily beta .DAT releases, and EXTRA.DAT file support in crisis or outbreak
situations. Because more than 300 new viruses or malicious software agents
appear each month Dr Solomon’s Software backs its software with a
worldwide reach and 24-hour “follow the sun” coverage from its Anti-Virus
Emergency Response Team (AVERT).

Evenwiththeriseofvirusesandwormsthatusee-mailtospread,thatflood
e-mail servers, or that infect groupware products and file servers directly, the
individual desktop remains the single largest source of infections, and is often
the most vulnerable point of entry. Dr Solomon’s Anti-Virus acts as a tireless
desktop sentry, guarding your system against more venerable virus threats
and against the latest threats that lurk on websites, often without the site
owner’s knowledge, or spread via e-mail, whether solicited or not.

In this environment, taking precautions to protect yourself from malicious
software is no longer a luxury, but a necessity. Consider the extent to which
you rely on the data on your computer and the time, trouble and money it
would take to replace that data if it became corrupted or unusable because of
a virus infection. Corporate anti-virus cleanup costs, by some estimates,
topped $16 billion in 1999 alone. Balance the probability of infection—and
your company’s share of the resulting costs—against the time and effort it
takes to put a few common sense security measures in place, and you can
quickly see the utility in protecting yourself.

Even if your own data is relatively unimportant to you, neglecting to guard
against viruses might mean that your computer could play unwitting host to
a virus that could spread to computers that your co-workers and colleagues
use. Checking your hard disk periodically with Dr Solomon’s Anti-Virus
significantly reduces your system’s vulnerability to infection and keeps you
from losing time, money and data unnecessarily.

30 Dr Solomon’sAnti-Virus