Setting up hardware and software

home Internet
Internet

Is there a virus on Skype? Kaspersky blocks Skype - Firewall Kaspersky Internet Security, we understand the default settings

The first step to safe travel through the vast expanses of various networks is, of course, installing a reliable means of protection. One of the few such tools is the comprehensive product Kaspersky Internet Security. Despite the fact that the KIS product is quite complex, immediately after installation it is ready to perform all the duties assigned to it. The need for additional settings is extremely rare, and this is a very big plus for developers. But it is necessary to understand that this opportunity is based on the sharp edge of compromise solutions. Let's look at what they are using the example of a firewall.

Firewall settings consist of two parts: program rules and package rules. Application rules can be used to allow or block specific programs or groups of programs from sending or receiving packets or establishing network connections. Packet rules allow or deny the establishment of incoming or outgoing connections, and the transmission or reception of packets.

Let's see what the rules for programs are.

All programs have four categories:

  1. Trusted - they are allowed to do everything without exception.
  2. Weak restrictions - the “action request” rule has been established, allowing the user to independently make a decision about the advisability of network communication between programs of this group.
  3. Strong restrictions - in terms of permission to work with the network, the same as weak ones.
  4. Not trusted - by default, these programs are prohibited from any network communication (humanly speaking, I feel very sorry for them).

By default, all programs from Microsoft, KIS itself and other programs from well-known manufacturers are placed in the “trusted” group by default. For the default settings, the choice is good, but personally I would not trust all programs, even from famous manufacturers, so completely.

How do programs fall into one group or another? It's not that simple here. The decision to place a particular program into one of four groups is made based on several criteria:

  1. Availability of information about the program in KSN ( Kaspersky Security Network).
  2. Availability of the program digital signature(already passed).
  3. Heuristic analysis for unknown programs (something like fortune telling).
  4. Automatically place a program in a group pre-selected by the user.

All these options are located in the “Application Control” settings. By default, the first three options are installed, the use of which leads to a large number"trusted" programs. The fourth option can be selected independently as an alternative to the first three.

Let's conduct an experiment. Let's put some program (for example, the Opera browser) in the list of programs with weak restrictions and see how the “action request” rule works. For program rules to take effect, you must close and reopen the program for which the rules have been changed. If you now try to go to any site, no action request will occur, and the program will quietly install network connection. As it turns out, the “action request” rule only works if the “Select action automatically” option is unchecked in the main protection settings.

Another surprise awaits users of network utilities such as ping, tracert (if the “action request” rule is extended to trusted programs), putty (ssh client) and, possibly, the like. For them, KIS stubbornly refuses to display the action request screen. There can only be one way out - to set permissions for a specific program manually.

Before moving on to package rules, let me give you one piece of advice: create your own subgroups for each group of programs. For example: “Network utilities”, “ Office programs", "Internet programs", etc. Firstly, you can always quickly find the desired program, and, secondly, it will be possible to set rules for specific groups, instead of setting rules for individual programs.

Batch rules.

Packet rules define individual characteristics of packets: protocol, direction, local or remote port, network address. Batch rules can act as “permit”, “deny” and “by program rules”. The rules are scanned from top to bottom until an allowing or prohibiting rule is found based on a set of characteristics. If a rule for a package is not found, then the default rule (the latest one) is applied. Usually in firewalls the last rule is to prohibit the reception and transmission of any packets, but for KIS this rule is permissive.

An action “according to a program rule” is by its nature a “window” for the actual actions of program rules. This is convenient because you can determine the order in which rules are executed. For example, the program tries to send a packet to port 53 of the DNS server. If there is a packet rule with an action “according to program rules”, direction “outgoing”, remote port 53 (or not defined), and an allowing rule is set for the program to send a packet to port 53, then the packet will be sent if the program is prohibited from sending packets to port 53, then this packet will not be sent.

The scope of the rules covers a certain area: “any address” (all addresses), “subnet address” - here you can select the type of subnet “trusted”, “local” or “public”, and “addresses from the list” - specify IP addresses or domain names manually. The relationship of a specific subnet to “trusted”, “local” or “public” is set in the general firewall settings.

KIS packet rules, unlike most firewalls, are overloaded with a large number of directions: “inbound”, “inbound (stream)”, “outbound”, “outbound (stream)”, and “inbound/outbound”. Moreover, rules with some combinations of protocol and direction do not work. For example, an ICMP deny rule in combination with stream directions will not work, i.e. prohibited packets will pass through. For some reason, stream directions are applied to UDP packets, although the UDP protocol by its nature does not create a “stream” as such, unlike TCP.

Another, not entirely pleasant, point is that the packet rules do not have the ability to specify a reaction to blocking an incoming packet: prohibit receiving the packet with a notification to the party that sent it, or simply discard the packet. This is the so-called “invisibility” mode, which was previously present in the firewall.

Now let's turn to the rules themselves.

Rules 1 and 2 allow, according to program rules, to send DNS requests via TCP and UDP protocols. Of course, both rules are useful, but basically they are network programs how email and browsers request website addresses through the system DNS service, for whose work he is responsible system program"svchost.exe". In turn, the service itself uses very specific addresses DNS servers, specified manually or via DHCP. DNS addresses servers rarely change, so allowing DNS queries to be sent would be sufficient system service"svchost.exe" to fixed domain name servers.

Rule 3 allows programs to send email via TCP. Here, as well as for the first two rules, it would be enough to create a rule for a specific program for working with by email indicating which port and server to send to.

Rule 4 allows any network activity for trusted networks. Be very careful when enabling this rule, do not accidentally confuse the network type. This rule effectively disables firewall functionality on trusted networks.

Rule 5 allows any network activity according to the rules of programs for local networks. Although this rule does not completely disable the firewall, it significantly weakens its control functions. According to the logic of rules 4 and 5, rules would need to be placed at the very top to prevent packets from being processed by rules 1 - 3 when the computer is on a trusted or local network.

Rule 6 prohibits remote control computer via RDP protocol. Although the scope of the rule is “all addresses,” it actually only applies to “public networks.”

Rules 7 and 8 prohibit access from the network to network services computer via TCP and UDP protocols. In fact, the rule only applies to “public networks.”

Rules 9 and 10 allow everyone, without exception, to connect to a computer from any network, of course excluding services prohibited by rules 6 - 8. The rule applies only to programs with permitted network activity. But be very careful, network activity is allowed by default to almost all programs except untrusted ones.

Rules 11 - 13 allow the reception of incoming ICMP packets for all programs. These rules make no more sense than 1 - 3, because ICMP in the vast majority of cases uses ping program and tracert.

Rule 14 prohibits the reception of all types of ICMP packets, of course, with the exception of those allowed by rules 11 - 13.

Rule 16 prohibits incoming ICMP v6 echo request. ICMP v6 is not needed in the vast majority of cases. It would be possible to ban it completely.

Rule 17 allows everything that is not expressly permitted or prohibited by the previous rules. Although this rule is not displayed on the screen, it is absolutely necessary to remember its existence.

The default KIS firewall settings are certainly good and are suitable for most home computer users, which is what this product is aimed at. But flexibility and undemanding additional settings, which was mentioned at the beginning of the article, unfortunately is achieved at the expense of the security of the users themselves, making this very security very dependent on the human factor: the knowledge and error-free actions of the user himself.

Prevents unauthorized access programs to the video stream.

Default Kaspersky Internet Security 2015 blocks access to the webcam for programs from groups Strong restrictions And Untrusted. If a program from the group tries to access the webcam Weak restrictions, Kaspersky Internet Security 2015 will ask for permission to allow this program to access the webcam.

You can independently configure program rights to allow or deny access to the webcam.

IMPORTANT! Kaspersky Internet Security 2015 doesn't control program access to:

  • Audio data from the microphones built into the webcam, if the program tries to receive audio data separately from video data.
  • Storage media built-in or connected to the webcam.
  • Control interface additional features webcams (tilt, rotate, focus, zoom, etc.).

1. List of supported webcam models

Kaspersky Internet Security 2015 supports the following webcam models:

  • Logitech HD Webcam C270
  • Logitech HD Webcam C310
  • Logitech Webcam C210
  • Logitech Webcam Pro 9000
  • Logitech HD Webcam C525
  • Microsoft LifeCam VX-1000
  • Microsoft LifeCam VX-2000
  • Microsoft LifeCam VX-3000
  • Microsoft LifeCam VX-800
  • Microsoft LifeCam Cinema
  • Microsoft LifeCam HD-5000

Note. Kaspersky Lab does not guarantee support for webcams not listed.

2. Checking access control to the webcam

  1. Connect your webcam to your computer. If your webcam has a separate switch, turn it on.
  2. Open device Manager:
  • Windows 8/8.1:
    • On Desktop move your mouse cursor to the upper right corner and click on the button Search.
    • In the search bar, enter device Manager and press the key on the keyboard Enter.

  1. In the window device Manager find your webcam.
  2. Double-click the left mouse button on the name of the webcam.
  3. In the window Properties go to the tab Driver click on the button Intelligence.
  4. In the window Driver File Information check if it's on the list Driver files file %windir%\System32\drivers\usbvideo.sys(Where %windir%– directory in which it is installed operating system). If the file is in the list, then Kaspersky Internet Security 2015 supports access control to this webcam.

3. Limitations in webcam support

Kaspersky Internet Security 2015 controls access to the webcam if:

  • UVC-compatible cameras, which do not require driver installation from the webcam manufacturer, are connected and operate using the driver included with the operating system.
  • A driver provided by the manufacturer and installed by the user for a webcam connected via USB interface or IEEE1394, registers the webcam only as Imaging device (Imaging Device).

Kaspersky Internet Security 2015 doesn't control access to the webcam if the application permission is set to Request an action and when the application accesses the webcam GUI Kaspersky Internet Security 2015 cannot be displayed (for example, is not responding or is in the process of loading).

Skype is becoming increasingly infected with viruses. Malicious “worms” are taken under the guise of some messages with links to various computer programs, including Skype, and are also able to successfully steal passwords. Therefore, you should be careful and not click on dubious links.

Skype can be hacked or infected even during installation if it is downloaded from a site that distributes malicious software. Therefore, you need to download Skype only from the developer’s official website (skype.com). Moreover, the program is offered in free access.
Recently I myself was faced with what I received from a friend who is in my contacts on Skype, suspicious message. I soon realized that my friend had “successfully” caught a virus in Skype, which sent a message to me.

Messages with an insidious virus

Messages that contain malware, can be of various kinds. For example, an attack by a similar virus began with the message “Is this the new avatar of your profile?” Then the wording became: “Look at this photo,” “In this photo he looks like Putin,” and now you can also find this: “Tough! How could you get burned like that?” There is a link next to the message. It can be either incomprehensible or quite logical, similar to a normal link that you want to go to.

What to do if Skype is infected with a virus?

First of all, you need to pause the virus and disable its ability to publish information using other programs. To do this, follow the instructions:

You need to get rid of this inscription by clicking the Delete button. The window must be clean, that is, not have any entries.

What programs should I use to check Skype for viruses and remove them?

You can use the VBA32 AntiRootkit utility. After downloading and launching it, a window will open in which you will need to click the No button and wait for the program to load. From the Tools menu, select LowLevel DiskAccessTool. A window will open in which the path to the %AppData% folder will be specified. On the right side of the program you will see a malicious file that may have a completely meaningless name. By right-clicking on this file, select from context menu Delete. Then you should confirm this action, exit the utility and restart the computer.

Advice! Before rebooting, it is best to check your computer for viruses using Kaspersky Anti-Virus or Dr.Web.

But many viruses are not detected by the ones we are used to antivirus programs. Therefore, to scan Skype and remove viruses from it, you can use the Malwarebytes Anyi-Malware program. To scan your computer, this program can be downloaded for free from the official website (malwarebytes.org).

Launch the program and go to Settings. In the window that opens, uncheck three boxes.

Then go to the Scanner tab and select Full Scan.

This way the program will check your computer for viruses and remove them. After execution this process You should restart your computer and also change your Skype password. I recommend changing passwords in other programs, for example, email.

This is how you can get rid of a malicious worm. And may your computer always be healthy!

On the Internet, namely on Skype program A new virus is spreading that sends malicious spam links. If in previous viruses the link looked like this - “Look, does he look like Putin?” or so – “Is this the new avatar of your profile?” and then an abbreviated, incomprehensible link. New virus sends a fully readable link and it looks like this - “Tough!! How could you get burned like that?” and below is the full link.

Many users of the current Internet use a program such as Skype to communicate. Until recently, Skype was considered the most secure and invulnerable messenger for communication between people different countries. Along with safe technologies, various other aspects of these products appear. Most Internet users know first-hand what viruses and malware are.

At the very beginning, the virus spread under the guise of the following message: “Is this the new avatar of your profile?”, “Look, does he look like Putin?”, “having” under the message a malicious “link”, at the end of which was your Skype login.

The new virus in Skype looks like it has a different wording – “Terrible! How could you get burned like that?”

But, of course, Facebook has nothing to do with it. After a few seconds, a redirection occurs to another site, where it is also offered to download a malicious file.

By downloading this file, you automatically infect your computer. Subsequently, the virus begins to spread from your PC, sending the same malicious link to your Skype contacts over a short period of time. Once a virus has entered the computer system, it will not cause any damage, but it will give access to passwords stored on the computer.

An early virus on Skype that sends spam with the link “Is this your new profile avatar?” It's not difficult to remove. How to remove a virus in Skype - “Tough!! How could you get burned like that?” , which is spreading with renewed vigor, in most cases the virus blocks Skype settings, which makes it impossible to remove it. Below are instructions on how to remove a virus in Skype - “Tough!! How could you get burned like that?”

1.How to stop the spread of a virus to Skype contacts

Go to your Skype, click the TOOLS/SETTINGS tab. In the settings menu that opens, click on the ADDITIONAL/ADVANCED SETTINGS section. In the section that appears, click CONTROL ACCESS OF OTHER PROGRAMS to Skype. In the window that appears, delete all applications that are allowed access.

Attention virus in Skype - “Tough!! How could you get burned like that?” may not be displayed in the settings for CONTROL ACCESS OF OTHER PROGRAMS to Skype. Proceed to step No. 2.

2.How to clean Skype from a virus

Since many antiviruses do not detect the virus. We will remove the virus in Skype using a proven method. Go to the address

Kaspersky on this moment is one of the most popular antivirus software. But, like any software, it cannot work without failures. Very often, users are faced with a situation where the antivirus does not allow programs that do not pose a threat to the computer to work. There are often cases in which Kaspersky blocks Skype .

Disable blocking

If the antivirus evaluates a harmless program as dangerous, then it becomes impossible to launch. In this case, it should be added to the exclusion list. This will be the solution to the Skype blocking problem.

The most widespread are two Kaspersky products: Internet Security and Endpoint Security. Each of them has a different procedure for adding exceptions.

But before proceeding to the main part of the instructions, you need to find out the location of the Skype files. To do this, use the search or the “File location” function, which can be called from the shortcut properties.

Option 1: Kaspersky Internet Security

Most often, people use the Internet Security program. Launch it and open the settings using the gear-shaped button (located at the bottom of the window). Activate the “Advanced” tab, click on the “Threats and exceptions” item. In the new window, click on “Configure exceptions”, and then “Add”.

To begin, specify the location of the Skype.exe document. Insert eicar-test-file into the “Object” column, activate all the items in “Protection components”, and then click “Add”.

Option 2: Kaspersky Endpoint Security

For this software, you need to configure the “Trusted Zone” parameter, which includes system components or directories that do not require scanning. To get started, go to the program settings. Select the column " Antivirus protection" There, click on the “Settings” button located in the “Exceptions and...” category. In the new window, go to the “Trusted Programs” tab.

All that remains is to add Skype to the list that opens. To do this, click “Add” and specify the location of the Skype.exe file. This completes the setup of this antivirus software.

Did you like the article? Share with your friends!
Twitter
print
Was this article helpful?
Yes
No
Thanks for your feedback!
Something went wrong and your vote was not counted.
Thank you. Your message has been sent
Found an error in the text?
Select it, click Ctrl + Enter and we will fix everything!
Similar tips
How to burn a disc for a car radio so that there are no problems later
How to burn a disc for a car radio so that there are no problems later
How to switch to Tele2 while maintaining the number from MTS, Megafon and Beeline
How to switch to Tele2 while maintaining the number from MTS, Megafon and Beeline
Born to run: review of the Sony XPERIA Go smartphone Information about the type of speakers and audio technologies supported by the device
Born to run: review of the Sony XPERIA Go smartphone Information about the type of speakers and audio technologies supported by the device
How to reinstall Windows on an Asus laptop?
How to reinstall Windows on an Asus laptop?
Protection and warning of danger
Protection and warning of danger
1 Windows 7 x64 license emulator
1 Windows 7 x64 license emulator