ICAT3025A Run standard diagnostic tests
Chapter 1 – Operate system diagnostics • 1.1 Run the system diagnostic program according to specification • 1.2 Modify the system configuration as indicated by the diagnostic program • 1.3 Carry out preventative maintenance in line with organisational guidelines
Introduction • System diagnostic programs can tell you about the state of the hardware and software of your computer system. Most diagnostic programs work by running a series of predetermined tests and producing a report.
Power On Self Test (POST) • The boot process is a series of steps performed when you first turn a computer system on. • During this process hardware checks will be performed by the Power On Self Test (POST). • If POST is completed successfully, control of the computer system will be handed to the operating system.
POST error reporting • If any errors are detected by the POST test, there are three ways they may be reported: – a series of beep codes may be heard – an error message may appear on the screen – a series of codes are sent to a special address
and these codes can be viewed using a special plug-in card known as a POST card reader.
Post error beep codes Essential devices such as CPU and memory are checked first. Errors here are reported with beep codes. These codes vary with different manufacturers.
Award BIOS Beep Codes
POST error messages • Once the video system has been enabled, error messages will be displayed on the screen. As with the error codes, different BIOS manufacturers have different error. • Example error messages” – CMOS battery failed – Keyboard error or no keyboard present
POST card reader • POST card readers are printed circuit boards which plug into an expansion slot. At each step in the POST sequence, a code is generated for that step, known as a POST code. • If the system stops, you can identify the test that was being performed at that time from the code displayed.
CMOS setup • The BIOS Setup utility will allow you to change many settings for your computer system such as the boot device order, power management settings, system time and date and password settings.
CMOS setup features • Standard: You can set basic settings such as the time and date. From this menu you can also see whether all the hard drives and optical drives installed on the system have been recognised by BIOS. • Advanced: You can set the boot disk priority here (e.g. 1. floppy; 2. hard disk; 3. CD-ROM)
CMOS setup – integrated peripherals • Allows you to enable or disable the peripheral devices that are integrated into the motherboard. If a device is disabled here, it won’t be able to be accessed by the operating system or any system diagnostic program.
Loading the operating system • The last stage of the boot process is to attempt to load the operating system. • BIOS will search for a boot record at the very first sector on the boot device specified as the First Boot Device. • This first sector of the disk stores the Master Boot Record (MBR) which stores information about how the drive is organised and, for more recent operating systems, a boot loader which points the system to the active partition on the drive. (cont.)
Loading the operating system (cont.) • The boot loader and other programs will gather system hardware information and load start-up device drivers. Control of the computer system is passed to the operating system kernel and the operating system continues to load services and components as required.
Event logs • Operating systems will maintain logs that record information about programs, security and system events on your computer. • If services or devices fail to load as the operating system is loaded, notice of these events will be stored in a log file.
Event logs (cont.) Click here for more information about the logged event – you will need to be connected to the internet
Device management tools • As your operating system is being loaded, one of the functions it must perform is to load device drivers (programs that control a hardware device such as a printer or video card). • Most current desktop operating systems provide a graphical user interface that allows you to examine and manage the devices that are attached to your system. • Device management tools provide you with a listing of all devices and information about their status and usually allow you to change configurations, update drivers and change advanced settings for devices.
Windows Device Manager
Red cross indicates a disabled device
Black exclamation mark on yellow background indicates a device with a problem
System resources • Most operating systems today will automatically detect new hardware devices and assign resources to the device. – Interrupt Request Lines (IRQs) – hardware lines over which devices can send signals to get the attention of the processor when the device is ready to accept or send information. – Input/Output (I/O) addresses – memory addresses reserved for transferring data to and from a device. – Memory Addresses – used for communication between devices and the operating system. – Direct Memory Access (DMA) – channels that transfer data between system memory and hardware devices without passing it through the CPU.
Cleaning unwanted files • Over time your hard drive will fill with unwanted files. On a Windows system, use the Disk Cleanup Wizard to remove the following files safely and regain hard drive space: – temporary internet files – downloaded program files (ActiveX controls and Java applets downloaded from the internet) – Windows temporary files – Windows components that you are not using – installed programs that you no longer use.
Cleaning unwanted files (cont.) • Disk Cleanup Wizard
Error checking • Power failures, improper shutdowns (such as turning the computer off by holding the power button in), hardware problems and system crashes can lead to a corrupted hard drive directory. • A corrupted hard drive directory can cause files to ‘disappear’ – the file data is still written on the disk but the reference to the file location is lost. • To rectify these problems, operating systems have disk error checking tools.
Defragmentation • The process of rewriting noncontiguous parts of a file to contiguous sectors on a disk for the purpose of increasing data access and retrieval speeds.
Using hardware manufacturer’s diagnostic programs • Many hardware manufacturers supply diagnostic programs which can test the functionality of a hardware device. • Read your owner’s manual or visit the manufacturer’s website to see if any diagnostic software is available for your hardware. • Some hardware manufacturers may require you to run a diagnostic program before an item can be returned under warranty.
Using third-party diagnostic programs • Third party diagnostic tools can be broadly grouped into two categories: – Operating system independent – are complete with their own operating system; by being independent of an operating system these programs can directly test the computer system hardware – Operating system dependent – are written to run on specific operating systems; to test devices such as sound cards which need device drivers to operate you would need to select an operating system dependent program.
Operating system independent diagnostic programs • The hardware tests performed by POST are only cursory and can only give an indication that the computer system hardware is functioning correctly. • There are a range of diagnostic programs available to thoroughly test the major system hardware components such as CPU, memory, fixed disk drives, diskette drives, serial and parallel ports, video and keyboard (e.g. Memtest86).
Operating system dependent diagnostic programs • There is a vast range of diagnostic programs written for particular operating systems, from commercial to shareware to freeware programs. • Commercial products are usually a suite of tools including: – – – –
Maintenance and diagnostics tools for hardware and software Operating system diagnostics and optimisation tools Optimisation tools such as a disk defragmenter and disk cleanup Benchmarking tools to rate the performance of your computer and its individual components – Some have antivirus, antispyware or other security features which you will look at in more detail in Chapter 2. – File recovery tools – Backup and restore functions .
Chapter 2 – Scan system for viruses • 2.1 Scan the system to check and maintain virus protection • 2.2 Report identified viruses to an appropriate person • 2.3 Remove virus infections found by the scan using software tools and/or procedures or by restoring back-ups • 2.4 Document relevant symptom and removal information
Introduction • Computer viruses and other malicious code such as Trojans and worms can damage information systems and data and disrupt network services. • Malware (malicious software) – any program developed with the purpose of causing harm to a computer system.
Introduction (cont.) • Viruses can be spread by downloads from the internet, email attachments, floppy discs or CDs or through your network connections. • This chapter looks at ways companies can limit their exposure to viruses by implementing antivirus policies.
What is a computer virus? • A computer program that can attach a copy of itself to another computer program. Whenever the infected program runs, the attached virus program activates and can attach itself to other programs. • Computer viruses have three main components: – Infection mechanism – Payload – Trigger.
Boot sector virus • Boot sector viruses spread by modifying a disks boot record. • Because the boot record is accessed every time the computer is booted, a boot sector virus will be always loaded into memory. • Typically boot sector viruses are spread through the use of removable media such as floppy disks.
Macro virus • Macro viruses can modify or replace the macro to perform malicious actions; they attach themselves to a document. • The Melissa virus was a macro virus which appeared in April 1999 spreading through computer systems using Microsoft Word by two methods: – It modified the Word template which allowed it to propagate. – It attached itself to the current document and mailed itself out as an attachment to the top 50 addresses in the address book with Microsoft Outlook.
File virus • File viruses infect files that are executable such as .com or .exe files. • Viruses can be classified by the methods used to conceal themselves from both users and antivirus software.
Worms • Worms are programs that are self-replicating. However, they do not need a carrier program to spread and they spread to other computers, usually through computer network connections. • One of the features of worms that make them so destructive is that they can rapidly spread.
Trojan horse • A Trojan horse (or just Trojan) is a program that pretends to be a legitimate and useful piece of software, but which secretly performs some other unwanted task. • Typically they might arrive as an email attachment or as an unwanted surprise within a free software download.
Logic bomb • A logic bomb is code which delivers its payload when a trigger condition is reached and might be a component of a virus or a Trojan.
Blended threats • Some malware has characteristics of several of the previous definitions – some viruses include Trojans while some worms include viruses or Trojans. This is known as a blended threat.
What can malware do? • The payload (or damage caused) of the malware threats defined above include: – large-scale emailing to email addresses in your email address list – file deletion – commonly critical operating system files are targeted – file modification – some malware attaches itself to executable files or tries to disable antivirus software – performance degradation – for example, network degradation when there is a worm attack – system instability – system errors may occur – unauthorised access to your computer system.
How antivirus software works • The function of antivirus software is to protect your computer system from viruses. • It has three major tasks: – it needs to detect if some code is a virus or not – once detected, it needs to be identified – the detected virus needs to be removed from the system.
How antivirus software works (cont.) • The software that runs and searches for the virus is known as the scanning engine. • This scans files looking for virus signatures or definitions which are a sequence of bytes recognised as suggesting that a known virus is present. • Some scanning engines also use another approach where the system is monitored for virus-like behaviour. (cont.)
How antivirus software works (cont.) • The scanning engine should allow for scanning either: – on-demand – scans will scan selected files, folders or drives when started by the user or as scheduled, or – on-access – scans test for the presence of viruses such as objects as files are accessed.
How antivirus software works (cont.) • Disinfection – the process a scanning engine will use to try to remove the virus from the infected system. • Quarantine – the process the scanning engine will use if it doesn’t know how to clean an infection. The infected file is isolated from the system until either the user decides how to handle the file or an antivirus update is available to deal with virus. • Because of the different actions that a virus can take, it is not always possible to restore the computer system to the exact state that it was before the infection.
Protecting against virus infections • Procedures to minimise the risks associated with viruses need to address the following points: – – – – –
installation of anti-virus software updating the antivirus software regularly keeping software updated with the latest patches users exercising caution performing regular system backups.
Install antivirus software • There are many vendors of antivirus software including: – – – –
Symantec Corporation McAfee Inc Trend Micro Grisoft Inc.
Server-based solutions • For businesses or organisations with many workstations to manage, many will choose an antivirus solution that is centrally managed with users being unaware that the antivirus software has been updated. • A central server stores the antivirus software and signature files. The workstations receive their software and signature updates from the central server across the network at scheduled times.
Keep the antivirus software updated • Antivirus software manufacturers will regularly update their virus definitions and program files and publish them on their website. • Antivirus programs can usually be configured to automatically obtain the updates and manually if required. • It is recommended that updates are obtained and installed at least twice weekly.
Keep your software updated with the latest patches • Viruses exploit vulnerabilities in the software running on your computer system. • As vulnerabilities are discovered, software companies update their software to protect them against viruses and other security threats. • It is recommended that updates be automated.
Users to exercise caution • The following steps can be taken to minimise the risks: – configure your antivirus software to scan incoming and outgoing mail – users should be instructed to not open any files attached to an email from an unknown source – users should be instructed to delete chain emails and junk email – users should be instructed not to download or install unauthorised software.
Back up your files regularly • Your organisation will have procedures in place to back-up system files and data files regularly. • These backups can be used to restore files that have been damaged by viruses. • To be effective, backups need to be performed regularly and the backup media stored in a remote location.
Reporting of a virus infection • Reporting of viruses helps system administrators to determine how prevention techniques can be improved. • Most antivirus software will allow you to produce a report when viruses are detected or your company might use a standardised form for reporting to the system administrator. • Server-based antivirus solutions allow for centralised reporting of virus infections.
Using an antivirus software package • The steps to perform common tasks with antivirus software will vary from one package to the next. • Most antivirus programs will allow you to perform the following tasks: – – – –
scan all drives scan selected drives, folders or files configure scan settings update definitions and program these updates manually or automatically – produce a report of test results. (cont.)
Using an antivirus software package (cont.) • For further information on the particular antivirus software you are using, you will find the following sources of information useful: – user guide or manual – program help files – vendor’s website.
Other threats and how to protect against them
• As the internet keeps growing, the number of threats to keeping your computer system secure also keeps growing. • Most antivirus vendors offer an ‘Internet Security’ package. These suites vary from vendor to vendor but generally include:
– antivirus – to protect against viruses, worms and Trojans – antispyware – to protect against spyware, adware and other malware – antispam – to filter spam and protect against phishing attackers – firewall – to protect against hackers.
Adware/spyware • Adware is any software designed to monitor an end user and present ads to that user usually as advertising banners or pop-ups on your computer. • Spyware is any software that gathers and relays information from your computer to a remote location without your knowledge.
Spyware • Spyware can include the following: – Data miners – which can collect information from your computer system and relay it to a remote server. – Toolbar hijacks which place a custom toolbar within your web browser that displays ads and can track your internet browsing. – Programs which change the home page setting to a different URL in the web browser.
Spam • Spam is unsolicited commercial email. The spam messages might offer low-cost prescription drugs or weight-loss drugs, get-rich schemes or special offers too good to be true. • The trouble with spam is that it: – wastes staff time – uses bandwidth and fill up mailboxes – some spam contains offensive material.
Phishing • Phishing refers to a form of Internet scam where the attackers try to trick users into supplying confidential information such as bank account numbers and passwords.
Firewall • A basic PC firewall acts as a barrier between a computer and the internet. • It blocks unauthorised access to your computer, allowing only authorised traffic from the internet to your computers.