Viruses are nasty programs written to make trouble. They spread from file to file, and via files from computer to computer. They range in intensity from really nasty, the type that destroy your hard drive and all your valued files to the sort that merely make a nuisance of themselves, send lots of emails and block up your ISP or pop up little messages on your screen. However a large proportion of the viruses you hear about do NOT exist at all, they are hoaxes.
Some pop up annoying messages whenever you try to perform a task. Some delete files. Once upon a time the worst virus listed would 'destroy your hard drive'. In this day and age when it's easy to back up to zip or cdrom, that's not really such a big disaster as it used to be for most people. However many viruses are more subtle than destroying your hard drive or deleting a few files. Some now copy the contents of document files and send them to internet sites, newsgroups or to everyone in your address book. I once got a copy of a letter from a friend of mine applying for a job. It could have been worse, it could have been a letter where she talked about me! Some viruses attack certain types of files, making slight changes inside them, like adding 10% to all totals in a spread sheet or changing dates.
Macro viruses
A macro is an instruction that carries out program commands automatically. Many
common applications (e.g. word processing, spreadsheet, and slide presentation
applications) make use of macros. Macro viruses are macros that self-replicate.
If a user accesses a document containing a viral macro and unwittingly executes
this macro virus, it can then copy itself into that application's startup files.
The computer is now infected--a copy of the macro virus resides on the machine.
Any document on that machine that uses the same application can then become
infected and thus spread the infection when loaded onto another machine and
so on.
Boot sector virus
The boot sector is the first software loaded onto your computer. This program
resides on a disk, and this disk can be either the hard disk or a floppy disk
or a CD. When a computer is switched on, the hardware automatically locates
and runs the boot sector program. This program then loads the rest of the operating
system into memory. Without a boot sector, a computer cannot run software.
A boot sector virus infects computers by changing the contents of the boot sector
program. It replaces the legitimate contents with its own version. This can
then display false error messages making the user believe they need new parts
or change other files etc.
Parasitic viruses
Parasitic viruses attach themselves to programs. When a user launches a program
that has a parasitic virus, the virus is surreptitiously launched first. To
cloak its presence from the user, the virus then triggers the original program
to open. The parasitic virus, because the operating system understands it to
be part of the program, is given the same rights as the program to which the
virus is attached. These rights allow the virus to replicate, install itself
into memory, or release its payload. In the absence of anti-virus software,
only the payload might raise the normal user's suspicions
There are many things you can do to try and protect yourself from viruses.
However let me be quite blunt - the ONLY way to give yourself the best chance of NOT getting caught by a virus is by having a good, up to date and active anti virus program scanning your system.
Simply not opening any email from someone you don't know will NOT protect you! MOST viruses come from people you know. Very few people sit down and send viruses to people they don't know. Your best friend will email you a virus. They won't know they did of course- but neither will you and you'll still open the email if you don't have an antivirus warning won't you?
Besides if you never open emails from addresses you don't recognise how can I ever email you from my home account rather than my 'public' address? *grin*
Email
What's the easiest way to get a virus?
Run a virus infected file, usually from an email attachment.
What's the worst way to THINK you are protecting yourself?
Only open email from those people you know.
Not opening any email from someone you don't know will NOT protect you! MOST
viruses come from people you know. Very few people sit down and send viruses
to people they don't know. Your best friend will email you a virus. They won't
know they did of course- but neither will you and you'll still open the email
if you don't have an antivirus warning won't you?
Besides if you never open emails from addresses you don't recognise how can
I ever email you from my home account rather than my 'public' address? Or how
will I answer your query on a mail list or a web site? be wary of attachments
sent by people you don't know, but ignoring 'stranger's emails won't help.
It used to be said you couldn't get a virus from simply reading an email. We now know that's not true, in certain HTML mail messages, attachments can run automatically if you are not properly protected. However, if you have updated and set things as detailed here, then emails should only be potentially dangerous when you OPEN the attached file.
Program files
Any program file (.exe or .bat) is a potential virus carrier. If you get them
from somewhere else, a disk, another person, or download from a web site, run
the virus scanner over them before opening.
Word Docs
Microsoft Word documents can have mini-programs in them, called 'macros'. These
mini-programs can spread in Word documents. To be safe from macro-viruses, never
open someone else's Word document - have the other person export them into another
format that doesn't include macros. RTF, or Rich Text Format, is a good one
to use.
Downloading.
You can download and save just about anything from the internet. Always scan
whatever you get carefully, and in general only download from trusted sites.
Chatting
There are viruses that affect chats like MSN messenger. It can send a file that
looks like it's being sent by the person you are chatting to. It may even look
like they are sending you their photo. When it is opened the virus infects your
computer and begins to send itself to everyone on your contact list. Always
check that the other person intended to send you that file before opening.
Browsing
There are always new developments in viruses, which is another reason to invest
in anti-virus software as it is regularly updated to protect you against new
viruses. One such new development is 'HTML viruses', which infect your computer
if you view them using a web browser (e.g. Internet Explorer). If asked whether
you want to open an e-mail using the web browser or to open it as a regular
message, always choose 'regular message'.
Scripts on some web sites can try to navigate security holes in internet Explorer.
To protect yourself, open your web browser and go to 'Internet Options', where
you can change your security level to high. You may also choose to turn off
Active X which has been found to have holes that malicious scripts may use.
In Internet Explorer go to tools > Internet Options > Security >custom level then disable or rompt each Active X setting. You may get pop up warnings from some sites that you have settings disabled, and some sites won't open properly, generally those with some sort of animation. If you choose you can always turn active x on and reload the site. Modern anti virus programs should be alert for web based viruses.
Firewall programs may also provide some protection from these sort of
viruses. Often they will alert you when the virus tries to send itself out again.
First lets be clear. If your Anti virus software tells you that a file is infected
with a virus it doesn't mean you've GOT a virus on your computer, it merely
means you've have a virus infected file. You must activate the file in some
way, usually by clicking on it or running it. If your AV software recommends
quarantining it, or blocking access or deleting it, go with it. There.. it's
gone, you're safe.
If you ran it, opened it, clicked on it, or with outlook express previewed it
before the AV looked at it then you have probably installed the virus.
Signs that you have been infected
by a virus range from being told by a virus scan to a change in computer performance.
Being emailed and told you are sending out virus infected emails does not ALWAYS
mean you have a virus. Some new viruses can take your email address from other
people's address books and send emails that look like they came from you.
Check your out box, are there messages there you didn't write? Is email sending
much slower than you think it should? Your system may slow down as if it's trying
to do many things at once.
If you suspect your anti virus software
has missed a virus try an online scan to double check. If you think you know
which virus it is hiding on your computer search removal and the virus name,
often there will be a list of 'indicators of infection', such as files it creates
etc.
How do you recognise viruses?
You don't need to be aware of every new virus that has come out to avoid getting them. Some people choose to sign up for the email alerts that some sites offer. Some people set antivirus pages as their home pages so every day they can see the latest news. Keep in mind, there's 60000 of them, and hundreds more every week… individual identification is not necessary, simple precautions and common sense should be all you need.
Follow these instructions and you shouldn't have a virus problem.
1. Install an Anti Virus program (e.g. Norton, AVG, McAfee, etc) There are sites online that rate them and review them and sites that sell them or give them away free. Often it is a matter of user choice. Chose ONE and run it. Do NOT install more than one antivirus. They can and often will see each other as performing virus like behaviour and can disable or interrupt normal functioning.
2. Installing it isn't enough. Set up the program so it updates automatically from the web, or sends you updates on disk, or reminds you when an update is available, or make it the first thing you do every time you go online to go to the site and check for the most recent updates. If you are running a program that was installed more than a month ago without an updated virus definition list then you might as well consider yourself unprotected. Companies vary as to how often they release updates - generally the better places will have updates out within 24 hours of a virus being identified.
3. Now you are protected, but never
totally covered. It takes time for viruses to be identified, for updates to
get out and for you to get the update. In that time you are vulnerable to new
viruses that the AV software just won't see.
The following are small changes you can make to your set up to make computing
safer. Most only need doing once or once every few months, it only takes a few
minutes.
4. Configure Windows to always show
file extensions.
Make sure that your file associations are being properly displayed. By default,
Windows hides file extensions for known file types. Since .VBS is a known file
type, the worm ANNAKOURNIKOVA.JPEG.VBS is displayed as ANNAKOURNIKOVA.JPEG.
We want it to be displayed with the .VBS extension so we recognize it for what
it really is, a VB script, not a JPEG (image file).
- Click START / SETTINGS / FOLDER OPTIONS
- Click the VIEW tab
- Under FILES AND FOLDERS, locate HIDE FILE EXTENSIONS FOR KNOWN FILE TYPES.
- If there is a check mark in the box, remove it and click Apply/ OK. If there
is no check mark, click OK.
5. Most of the worms which use e-mail
to propagate use Microsoft Outlook or Outlook Express to spread. If you need
to use Outlook, download and install the latest Outlook security patch from
Microsoft. (other alternatives are Eudora mail, the Bat, Netscape mail, all
of which are available on the web for email. Web based email such as Yahoo,
Hotmail etc generally have built in virus protection, which makes you less vulnerable,
although not invincible.)
Outlook has two major flaws in its default set up.
It can automatically run a file while you are still reading the email it was
attached to and it adds everyone you even think of emailing to your address
book.. Go to the Tools menu then Options and change the following settings.
Click Apply after each change.
Under Read: The most important anti virus change for Outlook. Turn off "Automatically download message when viewing in the preview pane" Click Apply
Under Security: If you check "Do not allow attachments to be saved or opened that potentially be a virus" you will block all program files, screensavers, URLs and viruses sent to you via email. This is a personal choice thing. Some people need to get these type of files via email. Turn on "warn me when other applications try to send mail as me" Click Apply.
Under Send: Un check the "Automatically put people I reply to in my address book" This means you'll have less people for a virus to attack should you get infected.
Go to Outlook Express > View menu, Layout. Turn off preview pane.
6. Internet Explorer is Microsoft's
default browser and is almost a permanent fixture on Windows computers now.
It too has security holes in it. For safety follow these steps.
Go to internet Explorer toolbar - Help, then select the bottom option (about
internet explorer) Note the version number.
Then go to http://www.microsoft.com/windows/ie/download/default.htm This is
a Windows Update page specifically for Internet Explorer and it shows every
critical and recommended update for IE from the past months. Often the new update
overwrites the old so you only need download the latest updates. Click on the
update in which you are interested, and you are taken to page that tells you
more about that particular update. On that page, click on the blue "Download
Now" button, and then follow the on-screen instructions to either run the
update directly from Microsoft or to save the update onto your hard drive so
that you can install it later.
Note: Internet Explorer and Outlook Express are integrally linked. Often updates
apply to both programs. Updates cannot be uninstalled. If you use other programs
with Outlook express like dashboard or even mail merge to your address book
consider carefully before installing some of the patches and make sure you understand
how it will affect the way you use Outlook. Make certain that those add-ins
you have come to rely on will still do the same job for you after you have patched.
7.To disable Windows Scripting Host (VBS or Visual Basic Script is often used to launch email worms. Because of Outlook's easy-to-use programming model, viruses can propagate themselves by using VBS to read the Outlook address books and send new virus-infected messages to everyone found there
- Open the Control Panel -> Click
START, SETTINGS and CONTROL PANEL
-Double-click the icon that reads ADD/REMOVE PROGRAMS
- Click the tab that reads WINDOWS SETUP
- In the components window, click ACCESSORIES
- Scroll to the bottom of the Accessories components window and make
sure that WINDOWS SCRIPTING HOST is not checked. If it is, click the box to
remove the check mark.
- Click OK twice and close Control Panel
1. Before opening any attachments, be sure you know what the attachment is.
It is not enough that the mail came from someone you know. Many viruses spread
precisely because they do originate from a familiar address Any email you weren't
expecting, especially with an attachment should be treated with suspicion, even
if it comes from someone you know. Contact them and find out what the attachment
is before opening. Conversely, if you plan to send an attachment to someone,
email or call them first to tell them to expect it.
2. Be sure your anti virus software is updating regularly. Most paid versions come with a 12 month licence. After that you'll need to either change or pay more to get updates. Out of date protection is not protection at all.
3. Don't overreact to virus reports.
Never remove a file without confirming the validity of the report and the supposed
virus you have. (See hoaxes)
4. Don't post warnings to mail lists. In fact there are few occasions when you really need to pass on a warning at all it only promotes panic. Those who want to know what the latest virus scare is will have subscribed to a reputable email like Symantec for reports. Most mail lists don't allow attachments or html mails so you cannot get or send a virus through the list.
5. Back up your important files on
a regular basis and store the backup copy somewhere other than on your computer.
(Not on the same hard drive) That way destruction of files is not such a blow.
Make sure you have install programs for all your programs stored safely off
the computer too.
6. Use rtf ( Rich Text Format) instead
of DOC files which can harbour viruses. If someone is going to send you a document
ask that they save it as rtf. (go to file > save as > name it and drop
down the save as type box to choose .rtf
7. Before running any downloaded
file check it for viruses. Only download exe or documents from reputable sources
and still check for viruses before running. Do not download from newsgroups.
Many virus writers test their files there.
8. Never open a file with a double
extension e.g. fredsvirus.txt.vbs Avoid .vbs, .shs, .pif extensions at all cost.
Normally you should not need to receive these. Do not trust the icons shown,
always look at the full details of the file name.
9. Never have emails set to auto
send. That way you can see how many messages are sending when you choose to
send them.
10. Do not follow web links in unsolicited
email. It may be an infected site.
Viruses have become increasingly complex and virus infections involve more system
elements than ever before. Symantec Security Response (Norton) has developed
tools to automatically conduct what would often amount to extensive and tedious
manual removal tasks. Many virus sites have detailed instructions for removal.
Once the virus is identified, a simple search for "virus name removal"
usually shows a choice of 'how to remove' messages.
Paid Protection
Norton, McAfee and Vet are the three that spring to mind here. Check shops for the latest versions and check magazines for special prices. Generally you get a year's worth of free updates with each purchase.
Download the program or buy the CD, install the program, connect to the web site, register your program and download your updates.
Free Protection
Not everything that is free is worthless. Some companies offer a very decent free antivirus program.
AVG http://www.grisoft.com/html/us_index.htm
(very easy, but Win 98 only), and AntiVir http://www.free-av.com/eula.htm are
a few that I've heard good things about. Free program downloaded from the site,
with free updates.
Free Anti virus programs http://www.thefreesite.com/Free_Software/Anti_virus_freeware/index.html
Online Virus Protection
Several sites offer this kind of service, mostly for a fee.
http://housecall.antivirus.com/
A free online scan, good as a backup if you think you may have a virus on your
computer.
Magazines with free CDs often contain trial versions of virus programs.
Probably the first thing you should notice about a warning is the request to
"send this to everyone you know" or some variant of that statement.
This should raise a red flag that the warning is probably a hoax. No real warning
message from a credible source will tell you to send this to everyone you know.
There are two known factors that make a successful hoax, the first is technical
sounding language. This is easy to fake to the average user who doesn't know
much about computer programming anyway (and even techno savvy individuals can
get caught). For example one virus hoax says the 'virus' will put the computer
into a binary loop. Most computers are performing loop programs all the time
without dire results. But worded in a warning it sounds terrible.
The second successful hoax factor is credibility by association. If it's send
by an employee of a big company, it has more credibility than if it's send by
your brother in law, even if that person only sweeps the floors there. If it
says it's sent by the manager of a company, that's two credibility points.
It is important to remember that even if it says it is sent by person x, person
x may never have even seen it, even if their email is on it. It's not always
practical to email the supposed original sender, ad the links to the virus info
site may even look valid (many hoax emails include links to sites like Symantec),
although if you search further you won't find the virus there.
Lets face it, with the number of email hoaxes out there, the chances anyone
here is going to get a NEW one is pretty low. So before you panic, or send it
on to panic someone else first check it out. You can either visit one of the
sites listed below and search for a key word or phrase from the email, or insert
that key phrase into any search engine, such as google.com. If it's a hoax chances
are there will be dozens of pages come up debunking it.
Hoaxbusters - http://hoaxbusters.ciac.org/
McAfee Virus Information Library - http://vil.nai.com/vil/default.asp
Symantec AV Centre - http://www.symantec.com/avcenter/
Other Anti Hoax pages - http://hoaxbusters.ciac.org/HBOtherHoaxPages.html
Snopes.com Urban Legends - http://www.snopes2.com/ (especially useful for debunking the dying child/ cancer donation etc type emails.)
If you can't authenticate it, or
identify it as a hoax, send it to your ISP and ask them before you send it on.
When in Doubt, Don't Send It Out.
Why not just send it on, just
in case it's real?
Probably the biggest risk for hoax messages is their ability to multiply. Most
people send on the hoax messages to everyone in their address books. If each
address book held only 10 names, and each person sends it on to 10 more, then
by the 6th generation of recipients, the message would already have been sent
a million times. It's the users that pay for servers that have to have the capacity
to handle many more messages than are actually valid. Or, if the server can't
handle it, then it will slow down or crash. Reportedly more damage was done
by crashed servers due to the number of warning emails sent about the Melissa
virus than was done by the virus itself. And those emails were about a real
virus, imagine if they'd been about a fake one.
There have been suspicions that spammers
(bulk mailers of unsolicited mail) harvesting e-mail addresses from hoaxes and
chain letters. There is also the possibility that spammers are deliberately
starting hoaxes and chain letters to gather e-mail addresses. Imagine an email
being forwarded to hundreds of people, and then on and on, and noone ever stops
to clean up all the addresses in it - sounds like a spammer's idea of paradise.
If the forwarded email is a hoax, send the URL of the hoax page to the person
you forwarded the mail to you letting them know. If this doesn't stop them sending
on hoax messages over and over, it may eventually get them annoyed enough to
at least stop sending them to you!
Helpful Hoaxes
Not only do virus hoax emails cause a lot of damage themselves, but we are now
encountering a new generation of emails which will "help' you get rid of
a virus you don't have by showing you where it is and telling you to delete
it, or giving you a program file to run to remove it.
Recently we've been subjected to
the sulfnbk.exe hoax, which told you that if you had this file, then it proved
you had a virus and you should delete it before it activated. Of course if you
did have the file all it proved was you had a version of Windows, the file is
part of the standard operating system and had the ability to muck things up
if it was deleted. and the user then tried to use a longer than 8 character
file name.
Recently a new version has arisen, warning of a virus file JDBGMGR.EXE, which
you will also find on your computer as it's a java debugger for Microsoft. It
is not a virus. In both cases the plea to send it to everyone you know is there.
Real virus alerts don't ask you to do this.
Then there's the 'Microsoft Security Update' email which may look as if its coming from someone else which says it's from Microsoft and that it contains an .exe file that will supposedly stop you getting a virus. Often if you run it appears not to work. Too late, you've probably already installed the virus it was carrying. Microsoft do NOT send out updates, they make you go to them.
The really clever one is the Klez
worm which comes with this message:
"Klez.E is the most common world-wide spreading worm. It's very dangerous
by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV
software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your
PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor
maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me."
Not only does it want you t run the file to give yourself the virus, it tells
you to override your anti virus software should it object.
Be smart. Even if you trust the person you think sent this one, the sender is simply an address taken from someone else's infected address book. You have to search far inside the headers to determine the real sender of this worm. Check it out on the web before you blindly install anything sent to you by email.
McAfee Virus Information Library - http://vil.nai.com/vil/default.asp
Symantec AV Centre - http://www.symantec.com/avcenter/
Symantec Removal Tools http://securityresponse.symantec.com/avcenter/tools.list.html
F-Secure - http://www.datafellows.com/virus-info/
CIAC - http://www.ciac.org/ciac/
Vmyths does exactly one thing - fight computer security hysteria. A comprehensive A-Z list of popular virus hoaxes, persistent virus myths and misconceptions about real viruses. http://vmyths.com/
Hoaxbusters - http://hoaxbusters.ciac.org/
Other Anti Hoax pages - http://hoaxbusters.ciac.org/HBOtherHoaxPages.html
Snopes.com Urban Legends - http://www.snopes2.com/ (especially useful for debunking the dying child/ cancer donation etc type emails.)
http://www.tourbus.com - well worth signing up for the free weekly email. The bus drivers talk in clear everyday language about the best and worst of the net, often with solutions for security holes or virus warnings as well as a lot of great sites along the way.
There are several virus sites, many virus programs and lots of choices. The ones mentioned here are merely the one's I'm aware of at this time and imply no recommendation or guarantee whatsoever. The best way to find a good virus protection program is to ask around and find out what people are using at the time and what they are happy with.
Never
have more than one Anti virus
program running on your computer. Often a virus program will consider the other
program trying to probe files as a virus like behaviour. The conflicts and problems
just aren't worth it.
There are about 49,000 viruses. Of these about 1000 have ever been mentioned in an email and there are about 600 million emails out there warning of viruses. (Okay so I made the second and third figures up, but they can't be far from the truth.;-)
Far more problems HAVE been caused by the number of emails warning people about viruses and hoaxes than have ever been caused by the actual viruses. A mass email surge can cause servers to overload and sites to disappear offline while repairs are made - far more disruption than if they had received the actual virus. When the Melissa virus hit most companies had virus protection which caught the virus, but had to spend valuable time restoring overloaded servers after every second person sent out 100s of emails warning about this 'dangerous' virus.
When you get a virus warning, the
first altruistic instinct is to tell everyone you know.
Squash it! ;-)
First please consider the following:
Most warnings are fakes!
Even if the warning comes from a reliable source, most warnings are fakes (reliable doesn't mean infallible)
If it is a real virus, consider that most of the people you will email probably have updated virus protection in place which will catch the virus anyway.
Many of the people who you send it to have probably already seen it from the same source (Like auto alerts from some companies)
Consider that the warning is only for one virus of the hundreds that emerge every month.
If you still want to warn everyone you know - please check some of the sites below to see that it is not a hoax.
Hoax busters / Urban Legends / Stiller Hoax News
Plus these sites contain both virus and hoax information.
Now that you are safe, return to Tutorial 4 ;-)
Back to the Tutorials
