Viruses and Worms
Computer viruses are programs that manage to spread themselves from computer to computer, and in some cases may damage files on the machine they infect. Worms are similar, but function slightly differently. Contrary to popular myth, not all viruses deliberately cause harm. Some are simply pranks where the author is intent on seeing how far they can spread their creation. Unfortunately even some of these viruses can cause damage, not deliberately, but because they have not been well written. Any kind of virus will inevitably use some resources such as memory on an infected machine. A virus is nothing more than a computer program, and like all programs, there has to be some means for the program to be installed.
Email Attachments
By far the commonest source of viruses is via email. Generally, email itself is safe, however email supports the sending of attachments, or extra files along with text. An analogy is that email is like a parcel service. Email itself is like a letter or packing slip, but there may also be a package attached which might contain some goodies, or else a bomb. Unfortunately people tend to be inquisitive by nature, so when something comes attached to their email, they have a tendency to click on it to see what it is. Remember the old saying "Curiosity killed the cat" ? Well, it can kill your computer too, or at least cost you a packet in repairs to software and lost productivity.
So how can you deal with attachments? For a start, don't send unnecessary ones yourself. If you use Microsoft Word, it can be set to be used as the default email editor. DON'T!! Word has the potential to be a means of spreading a type of virus called the macro virus. In addition to the threat of virus contamination, Word documents create much larger emails to deliver than if you typed in plain text. Just because you can type in any of a gazillion different fonts doesn't mean the person at the other end has them on their system, so your artist layout may well go to waste. You're also probably losing productivity trying to figure out what style of type looks good. Plain and simple, if you don't need to send formatted text, type your message straight in your email program in plain text. If you must preseverve layout, you should consider purchasing a program like Adobe Acrobat, which not only preseves formatting, but also maintains font styles even if the recipient doesn't have the same fonts installed on their system. Some office suites such as Corel Office include built in the capability to create Acrobat documents.
If you must send a formatted document that has to be edited by the recipient, you may have a legitimate reason for sending a Word attachment, however there is something you can do to further verify that the attachement is legitimate. I'll cover this in more detail in the section on digital signatures.
Apart from Word documents, what other form of attachments might you want to send or receive? Well, anything that exists as a file on your computer can be sent or recieved as an attachment. You should be extremely wary of any attachment where the last three letters in the name are any of the following combinations: .com .exe .bat .pif .scr .vbs .chm No one should be sending you attachments of this type. While occasionally there are a variety of fun toys and screensavers that are files of these types, it is extremely dangerous to ever open a file of one of these types. It's far better to miss out on a few visual jokes than infect your computer with a virus or worm. Unfortunately, by default, Windows hides the last three letters of filenames for many files. There is a way to change this behaviour so that the full file name is always shown. If you are unsure about how to do this, ask your computer professional.
Common files that you may receive that are usually safe to open are files that end with .gif, .jpg, .txt or .pdf . These are ONLY safe if the full file name is shown, as some viruses depend on the fact that the last three letters are hidden as explained above, and use a name that appears to have a safe file name, eg virus.gif could actually be virus.gif.exe when the full name is shown.
Anti-virus Software
Not opening attachments is a fairly good way to remain virus free, however don't depend on it alone. Sometimes you do need to open attached files, or someone else may use your computer who does not know about security. Using an anti-virus program that can scan your email before it ends up in your inbox is now pretty much an essential part of modern computing. Anti virus programs aren't a reason for complacency though. They need regular updating with the latest virus patterns (you wouldn't expect last winter's flu vaccine to protect you this winter now would you?). This should be done at least once a month. Depending on what program you use you may need to purchase a subscription to continue to receive updates. Subscriptions are inexpensive, and far cheaper than paying to have your computer cleaned of a viral infection. Some viruses can actually disable anti virus programs if the virus somehow manages to find its way onto your computer without the anti virus program detecting it (usually because of out of date virus patterns), once this happens your anti virus program is rendered worse than useless as it may give you a false sense of security.
Other Precautions
I've discussed caution with attachments, and maintaining up to date anti virus software, but a third, perhaps less obvious precaution is your choice and maintenance of your email software and operating system. By far the majority of computer users today use Windows in some version as their operating system of choice. Unfortunately the vast majority of viruses are also written for Windows. Using Windows NT, Windows 2000 or Windows XP will generally provide you with a more robust and somewhat less virus friendly version of Windows than Windows 95, 98 or ME, but only if configured correctly, and there are still plenty of viruses that can infect these machines.
As an alternative to Windows, you can use Linux if you own a PC. Contrary to popular misconceptions, Linux is not harder to use than Windows, and does not lack good quality software. If you use your computer for email, wordprocessing, web browsing and maybe a few other standard office tasks such as presentation graphics, image editing etc, then Linux is a very good alternative to Windows at a cost of nothing for the software. Linux is complex, but once it's installed and successfully running, it's very easy to use and in fact can be made to look almost identical to Windows. Most people never install Windows on their own computers, so a working Linux machine is really a good alternative if you're trying to save money as well as provide better security for your machine. Not all computer firms support Linux yet, but all good ones should be considering it.
If you're an existing Windows user like most people, you need to make sure you keep your version of Windows up to date with security updates. In actual fact this applies to any software that has any means of interacting with the Internet. Windows was designed to be powerful for administrators and easy to use, but unfortunately this can often backfire by making Windows much easier for virus writers to work with too. Microsoft releases updates when they find flaws in Windows, but many people fail to install them. A number of virus infections I have seen could not have occured had users installed security updates when they became available. Because of the way Outlook, Outlook Express and Internet Explorer are so frequently used for web browsing and email, these programs have been very popular targets for virus writers. Unfortunately there have been plenty of flaws for them to exploit. Many of these flaws have been fixed, but there may well be more to be discovered. If you're paranoid, or simply don't want to worry about having to keep track of all the security updates, or pay someone else to do it, consider using an alternative email program. There are a number on the market that aren't affected by the flaws that occur in Outlook/Outlook Express, and best of all many of these are free. Among them are Pegasus mail, Eudora, and Netscape Mail (Part of the Netscape suite which also includes a web browser, newsreader and various other features.) Of these, Pegasus Mail is the smallest and most efficient, however you won't be able to import your mail from Outlook/Outlook Express (although you can indirectly import your address book.)
Other Sources of Viruses
So far, most of the focus has been on viruses associated with email. This is by far the most common source of infection today, but infection via shared disks can still occur. With the ubiquity of CD writers, large amounts of data can be exchanged readily, however with CD-R disks data is generally not erasable, so infected data potentially poses a problem. Any data that is to be copied to CD-ROM should be scanned with an up to date anti virus program prior to copying. Some viruses can also spread themselves over a LAN (Local area network) which can pose problems with disinfection, as an infected computer can reinfect others on the network. In this kind of environment it is important to provide anti virus protection to the entire network, and potentially look at a corporate anti virus program which can ensure all workstations are updated. Network security policy also needs to be clearly defined so that users cannot unwittingly infect the network. Restricting access to floppy disk drives and CD-ROM drives is one possible security measure that can help keep your network environment healthy.
Social 'viruses'
Have you ever received an email from a friend telling you of a terrible new virus that will delete everything on your hard drive, and that IBM or Microsoft have declared to be 'the worst yet' and totally uncurable? Guess what? You're reading the virus. Somewhere in the message it will ask you to forward it to everyone in your address book as a favour to protect them from this plague. The reality is IBM and Microsoft aren't anti virus makers, and legitimate anti virus makers don't tell people to forward messages to all people on your mailing list. A legitimate virus will have a proper write up detailing its action, risk assessment, occurrence, and removal instructions, or lack thereof, on the web site of most anti virus vendors within hours or being discovered.
In fact not all social 'viruses' are about computer viruses at all. Some tell you about someone wanting to see how many different email addresses they can collect, or about some petition to stop some outrageous action, or show support for something else, or how to get rich by forwarding to so many people. The thing they all have in common is they ask you to forward the message to as many people as possible, thereby creating a flood of email, and thereby propogating the 'virus'. Social viruses can do nothing without gullible individuals, so if you receive an email inviting you to forward it to everyone in your address book, take a deep breath, think twice, and fire up your favourite search engine and search for 'email hoaxes'. If you're uncertain, contact your computer professional. Even if you feel silly being told you've been had, at least you've avoided spreading the hoax to other unsuspecting individuals, and you're doing your bit to help stamp out rubbish that jams up the flow of legitimate information over the Internet.
This concludes my article on computer viruses. If you have any questions, or comments feel free to contact me at CreateIT.
In my next article, I'll be looking at 'hacking' and what risks it poses.
Share
