Practise safe file transfer  

Gratuitous Advice #01  (Every care, but no responsibility taken for its use.)

Viruses are not a problem wholly confined to Windows Personal Computers (PCs), but most of the 'nasties' are found infesting Microsoft Windows and its software.

This page of notes and links is intended to help users of Windows PCs to avoid virus infections. It does not pretend to be a complete explanation and guide, but rather presents some fundamental principles and provides some basics leads that will allow anyone to protect their files fairly well.

This page uses the term virus generically, rather than accurately, to describe all forms of 'nasties' including worms.

As this page has become, as usual, too long-winded here is an index to guide the reader.

Index

  Rationale for this page  

Many of my friends have recently begun to use a PC and the Internet and, unaware of the dangers, have caught and passed on some awful infections! Others have used relatively safe computers, such as Acorn/RISC OS, for years and have not developed the extreme caution and discipline needed to avoid infection when occasionally forced to use Microsoft Windows.

Examples of recently encountered, vicious worms and a recent hoax will illustrate the problem and need for diligence.

  • The PCs of two friends were recently infected by Kakworm.
  • One day last week I was 'spammed' twice by the Snowhite worm, and
  • The next I was 'warned' of the Jesus virus (a well known hoax).

This page is an attempt to provide the minimum information needed to help curb the problems my friends are having. If others find it useful that is a bonus.
Return to index

  Avoiding viruses  

There are no apologies if this page reads a bit like a "Safe Sex" promotion. The model and principles are quite similar.

PC users needs to inform themselves to some extent about the:

  • nature of computer infections
  • the most likely sources of contamination
  • how viruses are transmitted
  • how to eradicate them
  • how to tell a virus from a hoax
  • and what to tell your friends!
This page will not attempt to educate the reader in most of these things, but instead suggests how to find out.
It also provides a few principles that should lead to safer computing. A few links are provided below to get one started on this process.
Return to index

  Sources of infection  

Infection comes from sharing files and this is most commonly done by:

  • inserting some removable media such as a floppy disc into an infected PC and then into one's own PC.
  • opening an attachment which comes via an e-mail client (e.g.Outlook Express).
  • downloading a file from the internet using a browser (e.g. Internet Explorer) or an FTP client.

Removable media as vector

Floppy discs used to be the most common media for sharing viruses. Students and colleagues sharing work documents or games were frequent offenders.

Moral: Scan every file as it enters your PC!

As Microsoft Windows software and associated files have become so bloated the floppy has become almost obsolete because it often cannot contain the files folk want to share.

A new removable media risk is the CD ROM! As home users 'burn' their files for sharing on a cheap CD it is all too easy to include nasty infections if one is not cautious. Sadly 'burning' does not sterilize the CD! It is not amusing to re-infect one's own computer when retrieving a file from carefully saved backup CD.

Moral: Always scan before burning.

Network (especially internet) transfer of viruses

Computers connected to each other over a network allow the easy transfer of all files including viruses. This applies to the internet as much as Local Area Networks (LAN). PCs networked in schools, universities and work places, even when they have frequent check-ups, are common sources. Because of their ubiquity shared games, jokes and document files are common carriers. The seemingly innocuous files from otherwise reliable sources are great Trojan horses for viruses.

The comments here apply mainly to the internet, but the principles are similar. One may meticulously keep one's own PC clean, but others do not. Even the best protected networks of computers should always be considered suspect! The very nature of the internet means that it is certain that viruses are lurking; seeking something to devour!

While one can download hostile files (Web, FTP, etc) they most commonly arrive as attachment to e-mail messages. It is the attached file, not the message, which is the menace.

The 'Snowhite' virus mentioned above came to the author via e-mail with a curiosity arousing introduction and was wrapped as an application simply entitled joke.exe. It had probably been sent by Outlook Express when the infected PC sent me another, separate, innocent e-mail message.

Had it arrived on his Windows PC the up-to-date anti-virus software (AVS) would have created quite a fuss and allowed him to purge it from his system. As it came safely to his RISC PC it was his practised caution, his human memory of this virus's existence and a quick check with the virus warning site of his AVS supplier (see some links below) that confirmed the vicious nature of the beast.

Morals:
  • Never be seduced by the apparently innocent and beguiling file.
  • Ensure that the anti-virus software is configured to check attachments arriving through the e-mail client(s) being used. It is not enough that the AVS is loaded in many cases.
  • Always scan attachments before opening them.
  • Learn to recognize the likely types of dangerous attachment. The author is always wary (almost paranoid!) about unsolicited jokes and games.
  • Check lists of viruses and hoaxes to reassure oneself. See section on: Virus or Hoax?
  • One's AVS should protect one's PC, but who wants to be a pioneer in finding a new virus?
Return to index

  Safe practices and habits  

Avoid Windows computing!

Next time get a better, safer computer like RISC OS with the Operating System safely protected in ROM. For most of us this not totally possible under the near monopoly of Microsoft Windows. The author received the above-mentioned viruses without threat as he normally uses his RISC PC, rather than his Windows PC for e-mail.

Some obvious, but frequently ignored principles are listed here as a guide to safe file transfer.

Follow principles of safe computing

Sophos has provided a splendid list of practices that, if diligently followed, will make computing safe for all users. See Guidelines for Safer Computing from Sophos.

Up-to-date anti-virus software (AVS)

Most people buy PCs with anti-virus software fitted and running. Sadly most never seem to upgrade the crucial data files that help identify the latest viruses.

This should be done at least once a month and preferably once a week. The suppliers make this easy via the internet, and the application can be set to automatically update whenever one is on-line. An equally amazing thing is that most computer owners do not spend the few dollars to maintain their subscription to the latest virus information after their free period (say one year) is over! All of that precious data (one's memoirs!) could be lost for the sake of a few dollars!

In the case of the Kakworm invasion mentioned above the original purveyor had had her anti-virus software removed and not replaced by a repairer. She was also using an old version of Windows 95 Outlook Express which had not been patched to thwart this kind of worm.

Two lessons: Always regularly keep your:

  • Anti-virus software current, running and configured to check incoming attachments via the e-mail client(s) being used.
  • Windows software up-to-date. It is so flawed that Microsoft are continually releasing patches to fix things. In this case of Kakworm (and similar worms) the openness of the earlier versions of Outlook Express and Internet Explorer allowed their manipulation by the worm.

Never run/load/open a new file until it has been scanned by your AVS

The most likely files to do damage are those which can undertake some action (e.g. an executable program with an .exe extension; or a screen saver file (.scr)) However less obvious files such as Microsoft Word documents may contain malign macros that can do significant damage (e.g. Melissa-X, Chronic). Text files (.txt), HTML files (.html, .htm etc) and most image formats are probably safe. However note that malicious folk can 'mark-up' nasty viruses into HTML files. (e.g. Kakworm) Look here to see how to configure Outlook Express to minimize this danger.

The moral is to trust nothing until it has been scanned, either automatically or manually. I mention manually as the so-called fix by Microsoft for Outlook Express and Internet Explorer simply told the receiver of Kakworm that there was an ActiveX problem but with no mention of a virus and, worse than that, did not allow either McAfee or Norton's AVS to detect the virus until the folder containing it was opened! Microsoft seem to delight in thwarting applications from other manufacturers!

Never accept a file on face value

Almost every virus tale of woe I have heard begins "I thought it was safe because it was sent to me by my (wife, lover, best friend, the President of the USA)". These, usually innocent carriers, either do not practise 'safe file transfer' themselves or Outlook Express has sent the file under instruction of the malevolent worm itself without the knowledge or consent of the forwarding party.

Gratuitous advice:

  • Do not trust even the nearest and dearest in affairs of file transfer!
  • Ditch Outlook Express if at all feasible. This would not completely stop virus transmission, but it would probably halve it! (The author uses Opera (browser and e-mail client). (click here) Alternatives to the vulnerable, dominant software do exist.)
  • If one must use Outlook Express configure it correctly to send only text files and not the hideous, time and money wasting HTML attachments. HTML files (Web pages), being largely text files, used to be fairly safe. Since they can now carry scripted instructions (especially ActiveX) for the software (e.g. Internet Explorer & Outlook Express) to undertake actions, good or naughty, HTML attachments should be handled with the caution bestowed on Word documents (.doc), executables (.exe) et cetera.

    The Kakworm mentioned above hides in the HTML attachment sent to Outlook Express. As well as adding destructive lines to some system files, it forwards itself with the HTML file generated by Outlook Express unless this is the latest version or has been repaired with the Microsoft patch. Even if one gets infected by a worm like Kakworm it is not automatically forwarded if Outlook Express is configured properly to send text only. Incidentally the sender and user both save money by sending and receiving much smaller files.

    A page showing how to configure Outlook Express correctly is available on this site. (Click here)

Back up files

Always make and keep back-up copies (not on the same disc!) of files, including 'works in progress'. Imagine loosing all of that PhD thesis while completing the final chapter!

This is also wise practice in case of file loss through hard disc failure (probably more common than major virus damage). But remember that valuable files may be able to be salvaged from a dud disc by an expert.

Return to index

  Virus or Hoax?  

Users of e-mail often receive warnings about viruses currently on the loose. How one should respond to the warning depends upon whether it is legitimate or a hoax.

Sadly there seem to be a great many hoaxes. These are not harmless practical jokes. While they may not destroy files they do behave like worms by urging the recipients to forward to warning to all in their address lists. These are vicious 'chain letters' which prey upon people's good instincts and, world-wide, cost businesses and individuals millions of dollars in wasted time and even attempts to repair a non-existent problem (with the risk of self-inflicted damage). Some ultra-cautious souls have been know to wipe and reformat their hard discs before re-installing Microsoft Windows and everything else! Hoaxes also exact a high price in anguish.

How to respond to a warning

One's response usually depends on the actual (rather than supposed) source.
  • Warnings directly from one's Internet Service Provider (ISP) (Big Pond are good at this) or anti-virus software (AVS) supplier are obviously worth heeding.

    Response: Upgrade your AVS and be vigilant.

  • A warning from a friend who is sure that they have accidentally let loose a virus (e.g. by injudiciously running an e-mail attachment before scanning it!) If your anti-virus software was current and running you would have known anyway.

    Response: Immediate action is needed.

    • Ensure one's AVS is up-to-date.
    • Do not open attachments on messages which seem to have come from that person before scanning.
    • If infected, disinfect and remove the offending file. Other repairs may be necessary (e.g. over-written system files).
    • If you also may have passed on the virus (e.g. by sending e-mail before getting the warning) warn your correspondents specifically. Do not spam everyone!
  • A warning forwarded by a friend at the request of a third party.

    Responses:

    • Be sceptical, but check by visiting the information pages of your Internet Service Provider and/or anti-virus software supplier or other good sources such as those links listed below.
    • Use a search engine (e.g. Google as provided on this page) using the name of the file or key words from the subject of the e-mail.
    • Do not waste everyone's time by spamming folk with warnings about hoaxes.
    • Do advise, courteously, those who pass on an hoax to you.
    • It is usually better to urge friends to practise 'safe file transfer' than to continually warn them.
  • Warnings from persons unknown (especially those who spam and do not identify themselves)

    Responses:

    • Be very sceptical, but check thoroughly.
    • Never forward warnings.

PC users, especially those using the internet, should do a little research into the nature of viruses and how they work. This will make one less fearful and better able to handle the inevitable one that gets through. It will also help one to detect the hoaxes. Most hoaxes, in an attempt to create maximum fear, make frightening claims that are often not possible, or at least quite improbable.

Browse a few PC journals in a library. Search the web. Check some of the sites listed below. Knowing at Christmas that viruses could lurk in seasonal bundles is a cause for caution. Read a few of the general pages on the web and you will learn that Kriz Kringle is dangerous, but that Elf-bowling is harmless.

Responding to a virus

This is simple and straightforward.
  • Don't panic!
    • Not all viruses cause damage. Many are just a nuisance or take up space.
    • Most virus damage can be repaired fairly easily by competent experts or software (See Symantec Removal Tools below.)
    • More damage can be done by over-anxious users or ill-informed and over-zealous technicians whose answer is to destroy everything by reformatting the hard disc and re-installing Windows while leaving the user to re-install everything else!
  • Upgrade anti-virus software (AVS).
  • Follow instructions from your anti-virus software supplier.
  • Read about the particular virus.
  • Most anti-virus software only detects and removes the original file that imports the virus/worm into your system. If this file has been 'run' and has actually done its work it may have altered some files (e.g. in the Registry) that must be repaired or added some new and 'nasty' files that must be removed.
  • Some damage may need repair. If you are competent and have the information you can do these things by hand! However it is usually better to seek help from one's AVS supplier and Internet Service Provider (ISP). Do not be panicked into too drastic action. The Symantec site listed here has some very useful virus removal tools for some of the most damaging viruses/worms.
Return to index

  Links to helpful pages  

There are many places you can find information about viruses and hoaxes. Here are a few.

General sources of information

Learn what viruses can and cannot do. (e.g. Any talk of destroying your hard drive is suspect.) Assess the likelihood that a warning may be a hoax and always check before taking any drastic action. Bookmark a few of the virus/hoax sites that seem helpful and hope you do not need to check them in a hurry one day.

  • Anti-Virus (Coraweb)
  • Sophos Information The very latest (good) information from Sophos.
  • Sophos article: Don't fall for a virus hoax
  • Sophos describes hoaxes and scares
  • Sophos - Virus information
  • Symantec Information (very good)
  • Symantec Security Updates - Home Page
  • Symantec Security Updates - Reference Area Page
  • ZDNet Good for alerts. Good advice on recovering from a virus attack.
  • F-Secure Welcomes You
  • Virus or Hoax? Check It Out!
  • Vmyths.com - Truth About Computer Virus Myths & Hoaxes
  • Microsoft AntiVirus

    Anti-virus software sites

    These and other anti-virus makers have pages on hoaxes and real viruses.

    McAfee anti-virus software

  • McAfee.com - Homepage
  • McAfee.com - Virus Information Library
  • McAfee.com - Virus Information Library - Virus Hoaxes

    Norton's Anti-Virus

  • Symantec Worldwide Homepage Inter alia this site has some good virus removal tools for when the PC has been infected.
  • **Symantec Support page As well as the very latest information this has good removal tools, where needed, to repair damage by nasty worms etc.
  • Symantec AntiVirus Research Center

    VET Anti-Virus

  • VET Anti-Virus This is a very good Australian anti-virus system. It also appears to form the basis for EZ Anti-Virus.

    Check using online tool

  • Housecall is a site that allows the user to check her/his Windows system for viruses using its online tools. This is not the ideal way to do things, but when one gets caught without a proper, installed AV application it is very helpful.

    The site also provides many other useful pieces of information.

     

    Good, free and shareware anti-virus software

    If a PC user does not have anti-virus software and does not want to pay for a commercial product there are many good, free or cheap products. It probably is worthwhile paying to buy or register the better versions. Check out the page listed here.

  • ZDNet: Home Page

    There are several ways of finding what one needs. Try following the links to the Downloads > Utilities > AntiVirus pages. That page provides links to various Free or Shareware Anti-Virus Software. The links for each of these which were in existence at the time of writing are given below. If they change try searching the ZDNet site for "free anti-virus software".

  • ZDNet: Help and How To: Alerts & Solutions
  • ZDNet: Help and How To: Alerts & Solutions: Anti-Virus Software

    Return to index

      Search for information  

    To search the web directly enter key words and click on the Google Search button.

    Google

    To search with many engines at once go to:

    To find and use other good Search Engines go to the Search Page on this site:

    Return to index

    Bar
    Home | Navigate | Search | GAW 1997 | GAW 1998 | GAW 1999 | Links | Our World | Feedback
    Bar

    Created: 1998     Last Updated on 20th October 2003   :  Geography—Environment—Society

    Counter