Deepening: Using Antivirus Tools & Software

Credits Pablo, Daniel O’Clunaigh, Ali Ravi, Samir Nassar Last Updated 2014-03

This Deepening looks at how participants can be active users of antivirus software for their devices, and how to make informed decisions around which to use and why. If you are not holding a multi-day training, prepare take-home instructions for what participants should do if their antivirus software identifies malware.

ADIDS Element

Deepening

Parent Topic(s)

Using Antivirus Tools

Duration

30-45 minutes

Have feedback on this content? Does something need updating?

Leave a note anywhere on this page - look for the Hypothes.is toolbar in the upper right-hand corner.

Have content you'd like to share with other trainers?

Email us at levelup@riseup.net (GPG public key here) or read our guide on Contributing to LevelUp.

 

Materials to Prepare

  • Flipchart paper and markers (in case you need to document any questions to answer later during the synthesis portion of the session to follow).
  • USB devices for participants with updated portable apps for Windows users and apps for OSX users.

Antivirus on portable apps with with updated virus definitions for OSX and Windows per your trainees’ operating systems:

Windows options not currently available as portable apps include:

Deepening

Trainer’s Note

Because of the time required for a full scan, trainers should consider assigning an evening “homework” task for participants, to carry out a virus scan of their computers after making sure they have updated antivirus installed in the classroom. Instruct them to quarantine any malware they find. Set aside time for a boot scan the following day for any devices with malware. If any participants have advanced malware issues, set aside time outside of the training to help them address it.

Step 1: What are Participants Using?

Do a survey of participants who have licensed, registered operating systems and updated antivirus software (this can include FOSS software): - Those that do are welcome to use their antivirus software but may choose to use ClamWin or ClamXav. - Those that do not should run ClamWin or ClamXav for the purposes of this exercise, depending on their operating system and requirements. - Participants are not obligated to use ClamWin or ClamVax in the future ahead of the workshop, however emphasize that they should choose one antivirus program so they don’t conflict during active monitoring mode.

Step 2: Explaining ClamWin and ClamXav

Distribute copies of ClamWin Portable (for Windows users) and ClamXav (for Mac Users), with updated virus definitions already downloaded.

Explain some of the peculiarities of ClamWin and ClamXav:

  • It is an open source anti-virus program.
  • It lacks certain features available with commercial antivirus programs, such as “Internet Protection” which is basically a firewall feature.
  • It has the advantage of being available in a portable version (for Windows) which allows you to run it from a USB stick on computers for which you don’t have administrative rights.
  • It doesn’t scan automatically, but rather only when executed by the user.

The portable apps version of ClamWin (for Windows) does not have active monitoring mode, but it is also available as ClamWin Sentinel; ClamXav, which is a full app for OSX, has “sentinel” mode available, which is an active monitoring mode feature.

Step 3: Exploring ClamWin and ClamXav

Instruct participants to open the program and explore its options. By clicking on Tools and Preferences, they should instruct the program to quarantine infected files so potentially important information isn’t lost during the first scan. If you have time, have them select a small folder on their computers for a practice scan during the training.

Walk through the most common scenarios for what to do when malware is found:

  • Quarantining and removing malware
  • What boot-time scans are
  • When to use tools like Avira Rescue System
  • The importance of conducting regular backups
  • Being ready to re-install everything
Trainer’s Note

Security experts generally advise that users reinstall their operating system and applications after they confirm they have been infected, because it is increasingly hard for anti-virus applications to protect themselves once the operating system has been compromised. Although most users are unwilling to do this due to the time and hassle involved, put this forward as the best way to ensure their devices are safe after finding malware.

Step 4: Using Antivirus on Work and Personal Computers

If participants are using their daily work computers or personal computers in the workshop, have them carry out a scan of their drives in the evening and have the antivirus program quarantine any identified malware:

  • Allot time on the next day of the training to ask what they found, if anything.
  • If participants are finding malware, show them how to remove it, and show them how to perform a boot-time scan on the second evening of the training.
  • If any infections require more in-depth assistance, set aside time for one of the trainers to provide 1:1 help.

If participants are not using work or personal computers, that aren’t good candidates or available for scanning, instruct them on what to do when they return home:

  • Download a non-portable apps version of antivirus software from those suggested above, or one that you recommend.
  • Scan their drives when they return home, remove any malware identified.
  • Perform boot-time scans, and then any additional steps as needed.

If at all possible, work with the host organization and the participants to identify a trusted individual with the skills assist them, if necessary.