Search for information
Many of my friends have recently begun to use a PC and the Internet and, unaware of the dangers, have caught and passed on some awful infections! Others have used relatively safe computers, such as Acorn/RISC OS, for years and have not developed the extreme caution and discipline needed to avoid infection when occasionally forced to use Microsoft Windows.
Examples of recently encountered, vicious worms and a recent hoax will illustrate the problem and need for diligence.
- The PCs of two friends were recently infected by Kakworm.
- One day last week I was ‘spammed’ twice by the Snowhite worm, and
- The next I was ‘warned’ of the Jesus virus (a well known hoax).
This page is an attempt to provide the minimum information needed to help curb the problems my friends are having. If others find it useful that is a bonus.
There are no apologies if this page reads a bit like a “Safe Sex” promotion. The model and principles are quite similar.
PC users needs to inform themselves to some extent about the:
- nature of computer infections
- the most likely sources of contamination
- how viruses are transmitted
- how to eradicate them
- how to tell a virus from a hoax
- and what to tell your friends!
This page will not attempt to educate the reader in most of these things, but instead suggests how to find out.
It also provides a few principles that should lead to safer computing. A few links are provided below to get one started on this process.
Infection comes from sharing files and this is most commonly done by:
- inserting some removable media such as a floppy disc into an infected PC and then into one’s own PC.
- opening an attachment which comes via an e-mail client (e.g.Outlook Express).
- downloading a file from the internet using a browser (e.g. Internet Explorer) or an FTP client.
Removable media as vector
Floppy discs used to be the most common media for sharing viruses. Students and colleagues sharing work documents or games were frequent offenders.
Moral: Scan every file as it enters your PC!
As Microsoft Windows software and associated files have become so bloated the floppy has become almost obsolete because it often cannot contain the files folk want to share.
A new removable media risk is the CD ROM! As home users ‘burn’ their files for sharing on a cheap CD it is all too easy to include nasty infections if one is not cautious. Sadly ‘burning’ does not sterilize the CD! It is not amusing to re-infect one’s own computer when retrieving a file from carefully saved backup CD.
Moral: Always scan before burning.
Network (especially internet) transfer of viruses
Computers connected to each other over a network allow the easy transfer of all files including viruses. This applies to the internet as much as Local Area Networks (LAN). PCs networked in schools, universities and work places, even when they have frequent check-ups, are common sources. Because of their ubiquity shared games, jokes and document files are common carriers. The seemingly innocuous files from otherwise reliable sources are great Trojan horses for viruses.
The comments here apply mainly to the internet, but the principles are similar. One may meticulously keep one’s own PC clean, but others do not. Even the best protected networks of computers should always be considered suspect! The very nature of the internet means that it is certain that viruses are lurking; seeking something to devour!
While one can download hostile files (Web, FTP, etc) they most commonly arrive as attachment to e-mail messages. It is the attached file, not the message, which is the menace.
The ‘Snowhite’ virus mentioned above came to the author via e-mail with a curiosity arousing introduction and was wrapped as an application simply entitled joke.exe. It had probably been sent by Outlook Express when the infected PC sent me another, separate, innocent e-mail message.
Had it arrived on his Windows PC the up-to-date anti-virus software (AVS) would have created quite a fuss and allowed him to purge it from his system. As it came safely to his RISC PC it was his practised caution, his human memory of this virus’s existence and a quick check with the virus warning site of his AVS supplier (see some links below) that confirmed the vicious nature of the beast.
Morals:
- Never be seduced by the apparently innocent and beguiling file.
- Ensure that the anti-virus software is configured to check attachments arriving through the e-mail client(s) being used. It is not enough that the AVS is loaded in many cases.
- Always scan attachments before opening them.
- Learn to recognize the likely types of dangerous attachment. The author is always wary (almost paranoid!) about unsolicited jokes and games.
- Check lists of viruses and hoaxes to reassure oneself. See section on: Virus or Hoax?
- One’s AVS should protect one’s PC, but who wants to be a pioneer in finding a new virus?
Safe practices and habits
|
Avoid Windows computing!
Next time get a better, safer computer like RISC OS with the Operating System safely protected in ROM. For most of us this not totally possible under the near monopoly of Microsoft Windows. The author received the above-mentioned viruses without threat as he normally uses his RISC PC, rather than his Windows PC for e-mail.
Some obvious, but frequently ignored principles are listed here as a guide to safe file transfer.
Up-to-date anti-virus software (AVS)
Most people buy PCs with anti-virus software fitted and running. Sadly most never seem to upgrade the crucial data files that help identify the latest viruses. This should be done at least once a month. The suppliers make this easy via the internet. An equally amazing thing is that most computer owners do not spend the few dollars to maintain their subscription to the latest virus information after their free period (say one year) is over! All of that precious data (one’s memoirs!) could be lost for the sake of a few dollars!
In the case of the Kakworm invasion mentioned above the original purveyor had had her anti-virus software removed and not replaced by a repairer. She was also using an old version of Windows 95 Outlook Express which had not been patched to thwart this kind of worm.
Two lessons: Always regularly keep your:
- Anti-virus software current, running and configured to check incoming attachments via the e-mail client(s) being used.
- Windows software up-to-date. It is so flawed that Microsoft are continually releasing patches to fix things. In this case of Kakworm (and similar worms) the openness of the earlier versions of Outlook Express and Internet Explorer allowed their manipulation by the worm.
Never run/load/open a new file until it has been scanned by your AVS
The most likely files to do damage are those which can undertake some action (e.g. an executable program with an .exe extension; or a screen saver file (.scr)) However less obvious files such as Microsoft Word documents may contain malign macros that can do significant damage (e.g. Melissa-X, Chronic). Text files (.txt), HTML files (.html, .htm etc) and most image formats are probably safe.
The moral is to trust nothing until it has been scanned, either automatically or manually. I mention manually as the so-called fix by Microsoft for Outlook Express and Internet Explorer simply told the receiver of Kakworm that there was an ActiveX problem but with no mention of a virus and, worse than that, did not allow either McAfee or Norton’s AVS to detect the virus until the folder containing it was opened! Microsoft seem to delight in thwarting applications from other manufacturers!
Never accept a file on face value
Almost every virus tale of woe I have heard begins “I thought it was safe because it was sent to me by my (wife, lover, best friend, the President of the USA)”. These, usually innocent carriers, either do not practise ‘safe file transfer’ themselves or Outlook Express has sent the file under instruction of the malevolent worm itself without the knowledge or consent of the forwarding party.
Gratuitous advice:
- Do not trust even the nearest and dearest in affairs of file transfer!
- Ditch Outlook Express if at all feasible. This would not completely stop virus transmission, but it would probably halve it! (The author uses Opera (browser and e-mail client). (click here) Alternatives to the vulnerable, dominant software do exist.)
- If one must use Outlook Express configure it correctly to send only text files and not the hideous, time and money wasting HTML attachments. HTML files (Web pages), being largely text files, used to be fairly safe. Since they can now carry scripted instructions (especially ActiveX) for the software (e.g. Internet Explorer & Outlook Express) to undertake actions, good or naughty, HTML attachments should be handled with the caution bestowed on Word documents (.doc), executables (.exe) et cetera.
The Kakworm mentioned above hides in the HTML attachment sent to Outlook Express. As well as adding destructive lines to some system files, it forwards itself with the HTML file generated by Outlook Express unless this is the latest version or has been repaired with the Microsoft patch. Even if one gets infected by a worm like Kakworm it is not automatically forwarded if Outlook Express is configured properly to send text only. Incidentally the sender and user both save money by sending and receiving much smaller files.
A page showing how to configure Outlook Express correctly is available on this site. (Click here)
Back up files
Always make and keep back-up copies (not on the same disc!) of files, including ‘works in progress’. Imagine loosing all of that PhD thesis while completing the final chapter!
This is also wise practice in case of file loss through hard disc failure (probably more common than major virus damage). But remember that valuable files may be able to be salvaged from a dud disc by an expert.
Users of e-mail often receive warnings about viruses currently on the loose. How one should respond to the warning depends upon whether it is legitimate or a hoax.
Sadly there seem to be a great many hoaxes. These are not harmless practical jokes. While they may not destroy files they do behave like worms by urging the recipients to forward to warning to all in their address lists. These are vicious ‘chain letters’ which prey upon people’s good instincts and, world-wide, cost businesses and individuals millions of dollars in wasted time and even attempts to repair a non-existent problem (with the risk of self-inflicted damage). Some ultra-cautious souls have been know to wipe and reformat their hard discs before re-installing Microsoft Windows and everything else! Hoaxes also exact a high price in anguish.
How to respond to a warning
One’s response usually depends on the actual (rather than supposed) source.
PC users, especially those using the internet, should do a little research into the nature of viruses and how they work. This will make one less fearful and better able to handle the inevitable one that gets through. It will also help one to detect the hoaxes. Most hoaxes, in an attempt to create maximum fear, make frightening claims that are often not possible, or at least quite improbable.
Browse a few PC journals in a library. Search the web. Check some of the sites listed below. Knowing at Christmas that viruses could lurk in seasonal bundles is a cause for caution. Read a few of the general pages on the web and you will learn that Kriz Kringle is dangerous, but that Elf-bowling is harmless.
Responding to a virus
This is simple and straightforward.
- Don’t panic!
- Not all viruses cause damage. Many are just a nuisance or take up space.
- Most virus damage can be repaired fairly easily by competent experts or software (See Symantec Removal Tools below.)
- More damage can be done by over-anxious users or ill-informed and over-zealous technicians whose answer is to destroy everything by reformatting the hard disc and re-installing Windows while leaving the user to re-install everything else!
- Upgrade anti-virus software (AVS).
- Follow instructions from anti-virus software.
- Read about the particular virus.
- Some damage may need repair. Seek help from one’s AVS supplier and Internet Service Provider (ISP). Do not be panicked into too drastic action. The Symantec site listed here has some very useful virus removal tools for some of the most damaging viruses/worms.
There are many places you can find information about viruses and hoaxes. Here are a few.
General sources of information
Learn what viruses can and cannot do. (e.g. Any talk of destroying your hard drive is suspect.) Assess the likelihood that a warning may be a hoax and always check before taking any drastic action. Bookmark a few of the virus/hoax sites that seem helpful and hope you do not need to check them in a hurry one day.
