Network+ need explanation to answer

Discussion in 'Network+' started by toby462, Jul 6, 2007.

  1. toby462

    toby462 New Member

    3
    0
    8
    Hi, this is my first post to this forum, after googling to maybe find someone that could answer a question for me. I've got to the end of my N+ course now and am revising for the test, but there was one question for which the answer did not make any sense. Now before i go ahead and post the question along with the answer, which is a question from one of the Tutor Marked Assignments (my course is with skillstrain), i need to be clear that i'm not breaking any forum rules by doing so, as it's the current syllabus for the training. There is a tutor team that i've sent a number of mails to, about this, but they have not been able to answer my question, so i have tried the obvious route already with no luck. I'd appreciate any help as i need to be clear before the test.
     
    WIP: N+ S+ P+
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Hi and welcome to CF!

    A difficult one that. My *personal* feeling is that posting *one* question, and the answer that makes no sense is 'fair use'.

    However - the forum has to be very strict in following the rules as it cannot afford to get involved in legal wrangles.

    In addition, although sometimes people suggest rephrasing a queation for posting, this can lead to the subtleties of the original phrasing being missed.

    I'll leave it up to the mods to suggest a way forward.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. toby462

    toby462 New Member

    3
    0
    8
    Ok, obviously the wording is the key to this and i may run into trouble reciting part of comptia's syllabus, but i still need to understand their reasoning.
    To summarise the problem, can somebody here please explain to me how your system becomes less likely to become infected with a virus just because you've made a backup? Are there viruses in circulation that can see if a system has recently been backed up and decide it's not worth the effort because data can easily be copied back? Are they really that picky now? :blink
    I understand the part backups play in disaster recovery, but the question is specifically aimed at virus protection, or avoidance. That using backups for disaster recovery after a system has been infected is clearly the best way to restore a system AFTER it's been infected, but as far as providing any level of virus protection just by performing a backup..... in fact are there not viruses out there that could remain dormant until a backup is attempted, dormant in the backup software?
    I'm obviously concerned because i'm near to taking the test, concerned that my tutor team's response to my 3 mails was to simply quote areas from the book but not explain the reasoning. Later on, when i come to rely on this knowledge, i'd like to be able to have a good understanding of what i'm doing, if someone asks me a question i'd like to be able to give them an answer other than 'because it says so in the book!'.
    I'd appreciate any comments on this, also if publicly posting the original question really is in breach of the forum policies, i'd also appreciate help from anyone who may have the time to look into this, i could mail the original question and answer plus copies of the 3 mails from the tutor team.
    I'm really stuck on this at the moment, the test is coming up and i feel like someone is trying to convince me that black is white. Thanks in advance to anyone that can help.
     
    WIP: N+ S+ P+
  4. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    I think what the question is getting at is that you have the option of restoring a PC from a backup if the virus cannot be removed or if the stability of the system is so bad that you cant even log on.

    If the virus\trojan\worm can do its thing then it will. Viruses are not picky, although they don’t seem to go near Macs! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  5. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    On the surface - as you say - this makes no sense. I suspect that the actual wording of the question and the offered choices is going to be crucial here.

    I'm quite happy to take a look at the exact details if you send them to me via the private messaging system on this forum. It is my belief that this woudn't contravene the board's rules as it wouldn't be publicaly viewable.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  6. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    Disclaimer: I've never taken this course through Skillstrain so I don't know specifically what he's talking about.

    toby463,

    As soon as you mentioned the "problem statement" I got a flash gut instinct that understanding the problem is based on what is known as the "archive bit" of files. According to Wikipedia, here's a short definition and purpose of the archive bit.

    Understand that one of the main effects of viruses is to change and modify either certain files or any files. So when viruses "infect" a file therefore modifying the file, the archive bit is flipped to 1 to indicate a change. However, what if prior to the virus infection, a normal standard file change occured, such as saving your Microsoft Word document. In that case, the archive bit may have been set to 1 by the file save, then set to 1 again by the virus infection. Remember that some viruses like to "hide" by seeming normal.

    According to Wikipedia, it says "Backup software optionally clears the archive bit when making a backup copy of the file." As previously stated, "clearing the archive bit" is the same as "setting the archive bit value to 0." My guess as to how backing up may reduce the likelyhood for virus infection is in conjunction with the virus scanner software that should be on the computer to do it's job. One job is basically doing a "stakeout" of key critical system files. Maybe the virus scanner software intercepts the virus infection by checking the archive bit status. If the archive bit is 0 because the file has been backed up, then any attempt to modify the file therefore setting the archive bit to 1 may indicate a possible virus infection attempt which is intercepted by the virus scanning software and squished before actual infection.

    Does this make sense?

    Source:
    1. Archive Bit - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Archive_bit
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  7. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,373
    89
    190
    Hey its the Archive Bit again! wooo-hooo!
    (sorry, the peeps at CF Xmas meet will understand)
     
  8. toby462

    toby462 New Member

    3
    0
    8
    Thanks r.h.lee, i understand your explanation, wasn't something i'd considered. The nearest my tutor team got to explaining how performing a backup can help you avoid virus infection is

    which didn't help to ease my confusion, helping to avoid a virus is also getting rid of it when it's already there? Surely you can't avoid infection by a virus if your system is already infected?
    My argument being that wiping a machine and restoring backups is disaster recovery, something i was assessed on after the previous chapter. There wasn't any mention of archive bits by way of explanation and from their responses i don't believe that's what they were trying to tell me. Thanks a lot for an explanation though, archive bits is not an area i've read too much into yet but will read up on.
     
    WIP: N+ S+ P+
  9. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    I have to say that I seriously doubt that the archive bit plays any part of virus detection. It is just too unreliable. AFAIK most AV progs hook Windows system calls which are provided for that purpose.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  10. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    To me this is just another badly written question and as your tutor has pointed out they are going to look into it, which means, they are not happy with the way the question is worded either.

    My advice.. forget it, it's a nonsense!
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.