Dynamic Link Library (DLL)
- What Are They....?
Article By Kevin Vella - UniBlue Systems
|
|
|
Have you ever wondered what DLLs are, what they do and why do you
need them?
Here is a brief users' guide to dynamic link libraries.
If you know what they are then you know that you need to secure them
like any other bit of data resident on your PC.
|
A DLL or dynamic
link library is, simply put, a collection of small software
programs any of which are called up by a larger program (e.g.,
Microsoft Word) that is running on your computer. The components of
DLLs have several functions including calling up a specific device
such as a printer or a CD or DVD player to perform a specific
operation such as printing or playing music or a movie. DLL files
that support specific device operation are known as device drivers.
In tech-talk, DLL files are dynamic libraries linked from and to
applications that use them during program execution for specific
operations instead of being compiled into the main program. These
sub-components are stored in separate files and may be identified
through their three-letter extension reflecting the acronym.
One of the advantages of having DLL files is to save putting a
burden on your computer's memory since DLLs are not loaded into RAM
until the file is needed. In other words, the print driver will not
be loaded as long as you are editing your Word document. Once you
click on the print button, Word runs the printer DLL to print your
document.
Test
Drive WinTasks Pro 5.0
http://www.updatexp.com/wintaskspro5-trial
The screenshot below shows an example of the DLL files each and
every process will be running.
Your computer
therefore may have hundreds of DLL programs that are waiting to be
activated (or are already activated) as soon as the required
operation is needed. Some DLLs are required for you to utilise the
Windows and program graphical user interfaces; others are used to
connect to the Internet or to send emails; others still are called
by your audio programs to drive your sound card. Some are common to
many programs, others are not.
Irrespective of their function, DLLs are very important and should
be interfered with only extreme cases.
DLLs and System Security
Here's how DLLs can be threatened by computer viruses
and how certain viruses work to create DLLs that are difficult to
track. We suggest two tools besides anti-virus that will help you
enhance your computer security.
DLLs may be infected by computer viruses in the same way as all your
other data. In addition, viruses install DLLs on your computer that
make it very difficult for anti-virus products to combat. This is
the preferred strategy of many known dangerous viruses.
In each of these instances the original virus was hard to trace and
left anti-virus companies baffled for a couple of days until
remedies were developed. However, in the meantime, millions of
computers worldwide were being infected and seriously threatened.
The following are just three malware types (Source: Panda Software)
that infect or install DLLs and thus present a danger to your
computer security and data stored within.
1. Hupigon.BS is a backdoor. A backdoor is a point of entry
into your computer either through software or hardware and gives
partial or complete remote access to someone through the Internet.
Hupigon.BS receives remote control commands including to log the
keystrokes typed by you, to obtain files from your computer, to
download specific to run them later, and/or capturing screenshots.
Hupigon.BS installs its own set of DLLs into all the processes
running on your PC - in this way the backdoor makes sure that all
its files and processes cannot be seen by some security tools and
programs.
2. MTX is a worm that reaches your computer in a file with a
PIF, EXE, or SCR extension through email. It passes itself as a
harmless music file or image related to such famous people as Jimi
Hendrix or Bill Gates. The worm will send itself to all your contact
list in your address book every time you send out an email
effectively reducing your bandwidth. The main effect is to infect
and replace some of your original executables including EXEs and
DLLs. Your registry settings are also infected.
When the attached file is run, MTX carries out its infection. From
then on, MTX waits until a new e-mail message is sent from your
infected computer.
When the user sends a message to any recipient, MTX immediately
spreads. It sends another message to the same recipient attaching an
infected file to it.
3. Sikou.A is a Trojan that connects to a certain IP address
to download and install a DLL on the affected computer. This DLL
then connects to another IP address and downloads other files, which
contain remote control commands that the Trojan will carry out. Some
of those commands are downloading and running files, shutting down
the computer. Sikou.A repeats this process frequently to download
the second DLL, so that the author of the Trojan may order new
control commands to all affected computers by simply updating the
auxiliary DLL on the server from where it is downloaded. Sikou.A
reaches the computer embedded in a specially crafted Word document,
which exploits a Microsoft vulnerability to execute the Trojan when
you open the document.
Sikou.A creates the following files: A file with a random name and
an EXE extension, in the Windows system directory. This file is a
copy of the Trojan. 00015522.DLL, in the Windows system directory.
This file is a DLL (Dynamic Link Library). 00015522.SYS, in the
subfolder DRIVERS of the Windows system directory. This file is a
driver that hides the files belonging to the Trojan. Sikou.A creates
Windows Registry entries.
The Four Pillars of Security
You first suspect
that there may be something happening to your computer because it is
not as fast as it was just a few days back, the programs you usually
run are not responding as well as they used to or your Internet
connection is very slow.
Anything could
be wrong but you suspect that you may have a virus or your computer
has been invaded by malware which has installed hidden DLLs onto
your system.
Probably, your first instinct is to run an anti-virus and an anti-spyware.
This may yield results but sometimes malicious programs just don't
show up even though you are using the latest and the best products
on the market. If you still find that your computer is not
performing properly, you probably call up
Windows Task Manager (CTRL+ALT+DEL) to see whether you can
identify any process which looks strange or out of place.
If you do find a suspicious process Tasks Manager does not give you
any sort of information to help you. By logging on to
processlibrary.com you can get this information simply by either
entering a search query or looking for the particular process in the
directory-style listings found on the website. By following the
advice detailed in each process description you can already
fine-tune your system or clean up the malicious code.
But with what?
Windows XP Task Manager is limited in this scenario because:
It doesn't give you any information that allows you, at a glance, to
determine what the various processes are and what they are doing;
It does not always show all the processes that are working in the
background;
IT DOES NOT SHOW YOU MOST OF THE DLLs
running on your computer
It does not highlight possible security threats or any harmless
processes that are either not being used by the system or redundant;
You cannot determine what action to take on legitimate processes;
It doesn't give you the full complement of tools for full resource
control to improve your system's performance and safeguard
completely against existing or new threats. For example, if you
found that you have a scheduler that is residual from a previously
uninstalled software, neither does Task Manager tell you where the
scheduler process is nor will it allow you to deactivate
permanently.
See here:
http://www.updatexp.com/wintasks-5-professional.html
This is where
WinTasks Pro 5.0 comes in... it gives you a complete overview of
all the processes and dlls running on your computer together with
descriptions of what the processes are, where they are located and
whether it is safe to terminate or block them. With this information
you can use the full compliment of tools in WinTasks to terminate or
block unwanted and harmful processes.
Processlibrary.com is the logical development of the information
features of WinTasks and the database of this free online site is
used to keep WinTasks continually updated. No two utilities on the
market work together in such a way as to give you such a high-level
of protection and performance.
To combat the dangerous threats to you computer, data and DLLs in
your computer you need to consider:
# Investing in good anti virus software package (Like
PC Tools Anti Virus)
# Installing a professional grade anti-spyware software package
(Like
Spy Sweeper)
# Try to install a firewall as the third pillar of security.
# Use processlibrary.com and
WinTasks as a fourth component of security.
------------------------------
The
How To Play Your DVD's
In Windows Media Player!
The DVD XPack instantly adds DVD playback to
Windows Media Player 9, 10 and 11. It Installs the
same theatre-quality video and audio decoders
proven by over 45 million users of WinDVD -
the world's leading software DVD player!
Why Use It? BECAUSE:
It's FAST, low-cost, easy to use AND Microsoft approved!
The
InterVideo DVD XPack
 Plugin
(The
above link not working?
Click Here )
|
|
|
If you have found
this article on
Windows
Update Error: 0x80070057 useful, then why not sign up for my
FREE Windows XP Newsletter service?
Enjoy the rest of site and
remember if you have a query about this site or a comment to make
then drop me a line at the
Contact Page
|
Kind Regards
Marc Liron -
Bio
Microsoft MVP
Your Guide to using Windows XP
A Unique Windows XP Newsletter?
Sign Up Now!
- Make sure you get your
FREE tips and advice...
Other Websites By Marc Liron - Microsoft MVP
News and Articles on Windows Vista:
www.instantvista.com
My Techie Blog:
www.marclironblog.com
My Windows Technology Newsletter
www.marctalkstech.com
| 
