Site hosted by Angelfire.com: Build your free website today!
Chapter 31: Network and Internet Security

PreviousChapterContentsGlossaryNext

Protecting Your System from Viruses and Worms

One of the less appealing aspects of the Internet has been security and the potential for becoming the victim of a virus (a program that reproduce by infecting--or copying itself into--other files or computers). More properly, a virus is a self-reproducing program that can infect files on one computer but needs help in order to find other systems to infect (like people sharing programs), while a worm is a self-reproducing program that can send itself to other systems (e-mail viruses are actually worms). Some viruses and worms are just annoying, taking up space on your system or displaying an annoying message, but many others are destructive, deleting or altering files or clogging up Internet e-mail systems with thousands of unwanted messages. The sidebar "How Do Viruses Spread?" contains more information.

John M. Goodman, author of many computer books, says, "If your computer is in good health (with regular backups), a virus is annoying and can waste several days work. If your computer's health is shaky (with irregular or no backups), a virus can kill you."

Types of Virus Files

Viruses and worms can be stored in several types of files:

For a more complete list of file types that might contain viruses, see article Q262631, "Information About the Outlook E-mail Security Update" in Microsoft's Knowledge Base: go to htp://support.microsoft.com and search for the article number.

caution Scraps, a Windows file type created by cut-and-paste operations, can contain executable files (including viruses and worms) that appear to be other types of (harmless) files. An article on this issue is at http://pc-help.org/security/scrap.htm.

How Do Viruses Spread?

The commonly cited psychological reasons for individuals to open suspicious e-mails are fear, greed, and sex. Greed is the least enticing of the dastardly trio. While fear can cause people to open an e-mail to find out how to stop something bad from happening, sex is the most effective motivator.

The notorious Melissa worm by David Smith was started by simply being posted to the alt.sex newsgroup. Smith asked that the file not be circulated, so of course, it was. That single posting to a newsgroup was the only action that Smith performed to spread his worm throughout the world, causing millions of dollars in damages and, in some cases, days of mail server downtime for some major companies.

A new tactic is to appeal to the recipient's ego. The more recent SirCam worm draws in the viewer by asking for sage advice on the "subject" included in the attached "message." The attachment is really the worm in disguise.

So, the moral of the story is: If you receive a message from someone you don't know, or from someone you know but didn't expect to receive a file from, approach it with caution. If it has an attachment, just delete it. If you're not sure, let it sit unopened in your inbox for a few days, while you check the anti-virus and e-mail hoax Web sites. A six- or eight-hour delay in opening the ILOVEYOU virus would have been enough for most people to have heard about the danger of the virus.

Preventing Infection by Viruses

The best prevention for viruses is to avoid getting infected in the first place (practice safe computing). If you do get infected, tools are available to clean your system.

Avoiding Getting Infected

The generally accepted method of preventing viruses from successfully attacking your computer is the use of antivirus software--programs that detect known viruses before they run and infect your computer. Of course, there is the tried-and-true method of not downloading or opening anything that you cannot verify, validate, or otherwise determine the source of.

note The Internet isn't the only way to catch viruses. If you commonly move files from one place to another using removable media (for example, floppy disks, writable CD-ROMs, Zip disks, or Jaz disks) then you need to be careful with these as well. The data on a disk, whether it be from school, office, or library, likely came from the Internet. This simple fact makes it possible for the disk to contain a virus. Office networks are typically more secure, because your LAN administrator has probably installed antivirus software, but don't take that for granted. School networks can be less secure because of insufficient staffing resources. Public access points like ones in libraries, copy shops, or cyber caf0xe9s are a mixed bag. Your best bet is to be wary of any data coming to your computer from the outside. Even commercial software has been known to be a transmission source for viruses. Trust no one. When in doubt, wait at least 24 hours before opening attachments, and check an anti-virus Web site in the meantime. And back up your entire system regularly!

(4)Antivirus Programs

Take our word for it and do not wait until you have contracted a virus to install an antivirus program. An antivirus program can't prevent infection if it's not running. Buying and installing an antivirus application is a small price to pay, compared to losing all of your work for a week, all of your carefully collected bookmarks, the hours that you spent making all of your CDs into MP3 files, your family pictures from last year's picnic in Hawaii--whatever your most treasured files include. Here are some of the most popular and effective antivirus programs:

After you install an antivirus program, make sure that you arrange to get regular updates. Some antivirus programs can update themselves by downloading lists of viruses from the manufacturer's Web site automatically. You can also visit the manufacturer's Web site and download new virus lists yourself. An antivirus program won't protect you from the latest virus if your virus lists are months old.

Once you have an antivirus program installed, configured, and running according to the documentation that came with the program, the antivirus program scans all incoming files (via e-mail and Web) for viruses. For example, the antivirus program might display a dialog box while you are retrieving your e-mail, reporting that a message contains the SirCam worm and offering to delete it for you. Some antivirus programs also scan your hard disk regularly to look for viruses that might have sneaked through. If the program sees a virus, it displays a message telling you what to do.

(4)Practicing Safe Computing Online

Here's a brief list of ways to protect yourself when you're online:

(4)Avoiding Outlook and Outlook Express

Many people believe that your computer can't get infected by a virus simply by opening an e-mail message that has no attachments. This used to be true, but is no longer. Formatted e-mail messages can carry viruses, too, because some versions of Outlook and Outlook Express automatically open and display attachments. Many viruses have been written specifically to exploit security holes in Outlook and Outlook Express. Microsoft has issued several security patches to close these security holes. As Microsoft finds new security problems, they usually respond quickly with patches. Be sure to use Windows Automatic Updates to download and install these patches.

tip One simple solution to this and many other worms is not to use older versions of Outlook or Outlook Express. The most recent versions, Outlook 2002 and Outlook Express 6, respectively, have vastly improved handling of known viruses. If you use Eudora, an excellent and widely-used e-mail program from Qualcomm, Inc. (at http://www.eudora.com), you can avoid most viruses by not opening attached files.

(4)Knowing When You're Infected

You may find out that your system is infected when you see a strange message telling you that you're a victim. Some other ways of telling are as follows (although all but the last can be signs of other Windows problems):

Dealing with an Infected Windows System

If you have already been infected with a virus, follow these steps:

  1. If an unfamiliar dialog box, error message, or something else unfamiliar appears, make a note of the message or other symptom. Unplug the modem or network cable, and then shut down the computer. Continuing to use an infected computer is a bad idea for several reasons. Depending on what type of virus or worm you have, additional damage can be done. With the speed of today's systems, a virus or worm can delete or write over gigabytes of data in a matter of minutes. Also, some viruses exploit functions in Microsoft Outlook and Outlook Express that can cause your computer to forward a copy of the virus to all entries in your address book.
  2. Do not try to repair or otherwise contain the damage or effects of a virus or worm using software that was not specifically designed to do so. In other words, don't run Norton Speed Disk to try and solve the problem.
  3. Do not install antivirus software after you discover a virus or worm. Unless you are sure that the virus is nondestructive, leave the computer turned off until you find out how to get rid of the specific virus that your system has contracted.
  4. Locate a computer that is not infected. Go to a virus resource Web site and find out how to fix it. Try the Web site of one of the most popular antivirus programs (listed in a previous section), or one of the virus information sites listed in the next section. Look for step-by-step instructions for removing the virus. Companies like Symantec and McAfee often develop scripts that aid in the removal of recently discovered viruses and publish of the details about what that virus has done or can do, so that they can be safely removed.
  5. Once you know which virus you have, follow the steps to disinfect your system (that is, remove the virus). If the virus has deleted or overwritten files, it might not be possible to get the files back, but you can at least prevent further damage to your system and infection of other systems.
  6. If you can't find identify the virus or find a procedure for getting rid of it, call technical support for your computer (or your local technical support person). Explain to them what happened and that you would like some assistance in removing the virus, or at least in taking steps to minimize the damage.
  7. Once you are sure that the virus is gone, buy and install an antivirus program. Don't make the same mistake twice!

Another approach is to back up all your data files (but none of your programs), reformat your hard disk, reinstall Windows and your applications, restore your data files, and buy and install an antivirus program to prevent reinfection. However, leaving your computer running while you make the backups can give the virus time to delete more files.

tip After you have cleaned up a virus, back up, reformat, and reinstall your system. Many viruses and the resulting repairs leave your system unstable, and parts of virus files may still be lying around.

If you make regular backups, check the backups that you made within at least 72 hours of discovering the infection. Your system may have been infected for days (or longer) before you realized it.

Sources of Antivirus Information

Here is a quick list of applications and sites that you should investigate long before you need them:

Please take our advice and make sure you're covered.

PreviousChapterContentsGlossaryNext