ThimphuTech was the first technology blog in Bhutan. We started writing it in 2009, just as broadband and mobile internet started to take off. (Although internet in Bhutan was launched in 1999, it was either super-slow or super-expensive, and was only used by a selected few).

In the blog, we wrote about technology and food, but also about plenty of other stuff. The blog became popular and influential in Bhutan. A companion bi-weekly column -- Ask Boaz -- was published for many years in the Kuensel, Bhutan's national newspaper. (The complete Kuensel columns are available as an ebook, Blogging with Dragons).

We stopped updating the blog when we left Bhutan in 2014, but the information within the posts can still prove useful, and thus we decided to keep it online.

We thank all our readers.
Tashi Delek,
Boaz & Galit.

Saturday, March 12, 2011

Dealing with suspicious files (K2 #10)

Question of the Week
At the end of a system scan with Avira anti-virus software I get a summary report. If there are suspicious files detected or warnings, how do we deal with it?
-- Tandin Wangmo

The purpose of the anti-virus software is to protect your computer against malicious software, such as computer viruses. It should prevent new infections, and detect and remove existing ones. Anti-virus software works by looking for suspicious patterns in files on your hard disk or pen-drive. These patterns are known as "signatures". The list of signatures must be updated whenever new viruses are discovered - and this happens very often, thanks to the creative minds of computer hackers... So make sure your anti-virus software is set up for automatic updates (it is also advisable to turn on Windows Update to patch up security vulnerabilities in the Windows operating system).

After scanning your hard disk and detecting a suspicious file, you are usually given an option to select one of three basic actions: clean, delete or quarantine. If you choose clean, the software will attempt to "disinfect" the file. If cleaning succeeds, then great, you got your file back! Unfortunately, many viruses are not easy to remove and cleaning will often fail. You are therefore left with the ultimate question: to delete or to quarantine? If you are absolutely sure that the file is not yours and is part of a rouge program, then go ahead and delete it. Also, if you are sure that you can live without the infected file - for example, a program that you no longer need - delete the file. But remember that the file will be gone forever. Otherwise, it is safer to quarantine the file until you - or a computer expert - decide what to do with it. The quarantine is a special area on your hard disk where suspected files are stored. Quarantined files cannot cause any damage to your computer. After the anti-virus software is updated, it is worth trying to re-clean quarantined files, as sometimes the update contains new information regarding virus cleaning.

It is important to realize that anti-virus software products, such as Avira, are far from perfect. They might miss infected files; they are often unable to clean files; they sometimes report a clean file as infected - this is known as "false alarm" or "false positive"; and they are often not very user-friendly, requiring consultation with a computer security expert. As is often the case with biological viruses, prevention is easier and better than cure. While a good anti-virus software should be the first program you install on a new computer, always be extra careful when swapping pen-drives, opening email attachments, or downloading software from dubious websites.

Readers are encouraged to submit technology-related questions to