General Virus Information
"If you haven't got up-to-date virus protection, why the hell are YOU on the internet???"
This page is primarily intended to give very general information about viruses, so that the average email user can identify what email to be careful of and thus provide themselves better protection (although an up to date anti-virus program and common sense practices provide far better protection). Secondly it is meant as information to point mailing list subscribers to, rather than promote 'virus warnings' to mailing lists.
It is not not intended to discuss individual. Initially methods of identifying the latest widespread virus were included on this page, but it is now impossible to give a few simple rules to identify the new viruses.
A second page, Basic Virus Information, provides a simplified description of viruses. Those new to computers and viruses should read this page first.
Sections on this page provide details on:
where to find full details on viruses
protection advice
general information
anti-virus programs
links to other related sites
newsletters
hoaxes
personal firewalls
Where to Find Full Details about Viruses
The following URLs (websites) provide full and complete details on viruses (including
how to remove them) and also on virus hoaxes:
http://www.symantec.com/avcenter/
- Norton/Symantec
http://www.mcafee.com/anti-virus/default.asp?
- McAfee
http://www.grisoft.com/ - Grisoft/AVG
http://www.trendmicro.com/en/security/report/overview.htm
- PC-cillin
http://ca.com/virusinfo/ - InoculateIT
Anti-virus programs.
"If you haven't got up-to-date virus protection, why the hell are YOU on the internet???"
The above is the best advice that can be given. Other procedures can give reasonable protection, but in time these will prove to be inadequate. An up-to-date anti-virus program will provide the best security you can get provided it is kept updated and it is set up correctly so that it scans emails as they are received .
Although many new viruses are discovered every day, some are harmless or for some reason do not propagate themselves on the internet. Every few days or so, the anti-virus companies will make available a new update (generally called an updated virus definition) for users to download. When downloaded and installed, your anti-virus program will then be able to detect the new viruses. These updates are available either every few days or earlier if a major threat is found. Each anti-virus provider has different rates that it issues these updates.
The only weakness with a good anti-virus program is a time issue. Firstly, the time taken for the company to be notified of (or discover) a new virus, investigate it, modify its virus definitions to recognise the virus, and to make the new definitions available (which may be as little as a day in the case of severe threats, or 3-4 days for minor viruses) . Secondly, the timing of when you download the latest virus definitions. Some people recommend checking for new virus definitions every day. Any good anti-virus program will automatically check for updated virus definitions whenever you go on-line. Do not buy one that does not do this.
In summary, provided you keep your virus definitions updated regularly (at least twice a week and whenever you receive a warning) or your anti-virus program does this automatically, an anti-virus program will provide a nearly perfect, easy and convenient way of protecting yourself from viruses. Please note that some earlier versions of anti-virus programs are no longer supported by their suppliers and that virus definitions are not kept up-to-date for these versions.
Also look at the section below on personal firewalls.
Other techniques.
Most of the viruses that you will receive on the internet today use one of two techniques of propagating themselves. Either as an attachment in an email or from a doubtful website, as a VBS (Visual Basic Scripting) or an executable HTML code embedded in the email or website.
Attachments:
This is the main way that viruses are transmitted. The subject matter, the text of the
email, the attachment name, and the assumed sender of the email are written to entice the
user to open an attachment in the email you have just received (which contains the virus).
Any attachment that ends in the extension .exe .scr .pif (and a few others) is an
executable program that may contain a virus.
By not opening any attachments sent to you by email, you can protect yourself from the majority of viruses. However sooner or later you will get a virus either because the attachment appears to be relevant or from a friend.
Only people very experienced with computers should even think about whether an attachment of a certain type is safe to open, and even they have been caught.
Some of the attachments have double extensions such as letter.doc.scr which make it appear like a different type of file.
Less experienced users should not open any attachments at al even if they may be missing out on information they desperately need.
Visual Basic Scripts (VBS) and
executable HTML:
When most email programs are installed, the default configuration
generally allows VBS and executable HTML to be run. With this enabled, simply opening an
email will run any VBS/HTML and possibly infect your computer.
Many users also use the preview mode in their email programs. This automatically opens each email, and so effectively the user may be infected by simply downloading email.
Users are strongly encouraged to configure their email programs to disable the preview mode and to prevent VBS and executable HTML from automatically running. Unfortunately because to the number of email programs and their different versions, it is impossible to give explicit instructions on how to do this on this page. Users should consult their help function, or the Links section below may provide some tips.
Adding false email addresses to your address
book:
The following will not protect you from getting a virus, but may alert you to
the fact that something is trying to send email to all addresses in your address book.
Add the following nicknames/aliases (whatever your email program calls them) to your
address book;
!0000 (i.e. zeroes not the letter O) with no actual address. Some email programs will halt
if there is no valid address.
!0001 with an address something like "ive.just.sent@virus.yuk".
If a virus attempts to send an email to an invalid address, it should bounce back to you.
The reason !0000 and !0001 are used is so that it they are placed at the top of most address books.
Remember, the above will not stop you getting a virus but may alert you that something is emailing all addresses in your address book, either by failing when it tries to send an email to a nickname with no address, or at the minimum, bouncing the invalid email address and alerting you that emails have been sent. In some viruses, addresses are gleaned from other sources such as stored webpages, and this technique will not work in these cases.
Summary:
From the above, it can be seen that some protection can be gained by use
of the above techniques, but at a risk and an inconvenience. The less experienced the
user, the greater the risk.
Personally I use an anti-virus program and all the above technique and suggest that anybody doing anything less is placing themselves, their friends and others at risk. Passing on a virus is one way to be remembered, but not the way I would choose.
Years ago, the most likely way to catch a virus was from a floppy disk. Now it is via the internet, either from an email, by downloading information from 'doubtful' websites, or by newsgroups. But please remember that an anti-virus program will also protect you from viruses that are transmitted by floppy disks.
A few viruses are somewhat harmless in that they may just display a screen when the user is first infected. Others are much more dangerous in that they can delete or corrupt files on a computer making it inoperable (and costing money to have rebuilt), they may also send personal information (e.g. password, bank/credit card details to others), or may send pornographic attachments to friends and family.
Regardless of what email program use, you can still catch a virus. Viruses consist of
two parts, firstly a means of propagation, and a payload. As Microsoft Outlook Express is
the most common email program used (because it is free with Windows), and MS Outlook to a
lesser degree, most of the viruses use the MS Outlook address book to propagate
themselves. However the payload they deliver (e.g. corrupting/deleting computer files) is
most likely just as damaging for those using other email programs. People who
use a version of Outlook earlier than version 6 are highly susceptible to
infection. These people should upgrade to the latest version and keep it updated
via the Microsoft update website at
http://v4.windowsupdate.microsoft.com/en/default.asp
One common fallacy is that it is safe to open attachments from friends/family or from people one has been in contact with before. Chances are that you are included in the email address books of friends and family or that email of yours is still sitting in someone else's in or out tray. If that friend/family/person becomes infected, there is a strong chance that you will receive an infected email. So any unexpected attachment that you receive from a friend/family/contact should be questioned and perhaps an email sent back to verify that the person sent you an email.
One other common fallacy to be dispelled is that you can catch a virus from a Rootsweb mailing list. This is totally incorrect. No virus has ever been transmitted through a Rootsweb mailing list. The only attachments that may be received though a Rootsweb mailing list (and this is uncommon) is a small attachment which is too small to contain a virus, such as a vcf attachment (business card), which cannot contain a virus. However two points need to been mentioned here. Firstly, the more someone is active on mailing lists, the more the chances are that you are in somebody's address book or that your email is sitting someone else's in-tray and hence a target for viruses. Secondly, some of the viruses hide their sending address making its impossible to track by most recipients, or by using an address in the infected person's address book, thus making it look like it came from a third address. As such if the infected person has a Rootsweb address in their address book, or an unopened Rootsweb email, the infected email may then appear to come from Rootsweb. By examining the full details of the header (which may require extra steps, depending on the email program), it is generally possible to prove that it did not come from Rootsweb or via a Rootsweb mailing. As I am not on any non-Rootsweb mailing lists, I cannot make any claims about other mailing lists.
One thing that is guaranteed is that passing on a virus will not widen your circle of friends or enhance your reputation.
For those that want to exchange details or ask questions about viruses, there is a
VIRUS-DISCUSSION mailing list. See the following URL for its archive address and how to
subscribe:
http://lists.rootsweb.com/index/other/Internet_Help/VIRUS-DISCUSSION.html
Article about the problem that Outlook Express people face:
http://antivirus.about.com/compute/antivirus/library/weekly/aa040201a.htm
Article about how to tighten IE/OE defences Email Help Center:
http://antivirus.about.com/compute/antivirus/library/blemail.htm
Links on general internet safety measures Free Prevention Center:
http://antivirus.about.com/compute/antivirus/library/blprevent.htm
A similar website to this but with different emphasis is:
http://www.wvi.com/~wb/VirusHelp.html
Commercial
http://www.symantec.com/product/home-is.html
- Norton/Symantec anti-virus and personal firewalls
http://us.mcafee.com/default.asp
- McAfee anti-virus and personal firewalls
http://www.antivirus.com/pc-cillin/
- PC-cillin anti-virus
- Use Google to find other respectable anti-virus programs such as F-Prot, Nod32, Kaspersky, Sophos, Vet, etc.
Free
http://www.grisoft.com/
- AVG
From the commercial list I recommend Norton/Symantec, but that is a personal choice (having used their products for many years), but the other commercial ones may be equally as good. Both Norton and McAfee have personal firewalls that integrate with their anti-virus programs.
Personally I have trouble accepting that free ant-virus programs offer the same level of coverage and support as the commercial programs (but others believe they are equally as good). From what I have seen AVG appears to be the better choice of the free programs.
Many of the above sites have newsletters that you can subscribe to, and receive information about the latest viruses. The best two that I have found (based mainly on frequency of the newsletter) are the ones obtainable from the Grisoft and PC-cillin sites (see URLs above).
Most mailing lists do not want people to post virus warnings to the list, because in many of the cases it is an inexperienced user that has fallen for a hoax and accidentally try to propagate the hoax.
If someone believes that they have just found out about a virus, please do not inflict your zeal on the other list members, but write to the list admin first, who hopefully has a better idea of whether it is valid.
Most anti-virus manufacturers have pages devoted solely to hoaxes. Some of
the major ones are:
http://www.symantec.com/avcenter/hoax.html
http://hoaxbusters.ciac.org/
vil.mcafee.com/hoax.asp
http://www.vmyths.com/
http://www.stiller.com/hoaxes.htm
Most of this page has discussed viruses that can be received from the internet and why an anti-virus program is the best alternative of protecting yourself from these risks.
However, another danger that exists on the internet is the possibility of 'hacking'. Users are possibly aware of seeing film and TV shows showing fancy stories of hackers breaking into national computer systems e.g. governments and banks. The reality is that hacking on a smaller scale is not uncommon. Firewalls on company's internet systems have become common (perhaps essential) so hackers appear to be attacking the smaller individual who is generally unaware of their exposure.
Each time a user logs on to the internet, whether to browse the web or to receive emails, they are temporarily granted a DNS (Domain Name Server) number (i.e. the 12 digit number that you sometimes see for websites e.g. 123.456.789.098). Hackers have programs that randomly probe DNSs to see if anybody is connected to it. If they find one, they then have complete access to that computer while it is logged on.
Once found, the hacker can do a number of things. They can download programs to your computer to let them them know your DNS each time you log on, they can investigate and upload personal files from your computer, delete files from your computer, or use your computer to send spam and pornographic emails.
A personal firewall program prevents hackers from finding a computer at the DNS you are currently logged on to.
If you are logged on to the internet by a cable connection (i.e. 100% of the time), then you are vulnerable 100% of the time. The less you are logged on, the less vulnerable you are. But it is like insurance. Do you want to take the risk. the use of a personal firewall for all users is also recommended
Both Symantec/Norton and McAfee have personal firewalls for sale, and if bought as a package are cheaper than buying them individually (see above for their website addresses). A free personal firewall (ZoneAlarm) is obtainable from http://www.zonelabs.com/
This page has been prepared by Peter Lakeman who can be emailed on surreal@netspace.net.au
You are our 5258 visitor since 24th May 2001.
Last updated on 27 February 2004