From: Bob Rankin 
Subject: TOURBUS - 29 Jan 02 - Virus Prevention 102

TODAY'S TOURBUS TOPIC: VIRUS PREVENTION 102

The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved

When I wrote in Virus Prevention 101 that "You CANNOT get a virus just by opening or reading your email" I fully expected it would unleash a torrent of emails in response. I knew this would happen, because TOURBUS riders are generally smarter and better-looking than the rest of the online population. Read on for Virus Prevention 102 -- even more information on virus prevention and the merits of anti-virus software.

Please visit our sponsors, IDT Long Distance and The LangaList. Their support and your clicks keep the Bus rolling!

KAAAAAAAK!

Alert readers will remember that I made this statement in VP101:

> Before you write and tell me that some viruses can be activated
> simply by opening an email, PLEASE remember I said "if you keep
> your email software updated." If you have an old, unpatched
> copy of Microsoft Outlook, then all bets are off.

Nonetheless, the rabid hordes descended wielding spears and axes. Well, maybe that's not a very nice way to put it. Strike that... Let's say the angry masses swarmed in, bearing clubs and torches. Yeah, that sounds more like it...

Most of the people who responded to the last issue wrote to tell me about N-I-M-D-A, the K-A-K worm, or one of its evil cousins that took advantage of a problem in some versions of Microsoft Outlook and Outlook Express. These nasties could in fact do damage when you opened the message, either by clicking on it, or when it appeared in the Outlook preview pane.

(I've inserted dashes in all the virus names here to prevent over- zealous email filters from automatically deleting this article.)

In my extensive research, these are the ONLY cases I know of where a virus/worm thingie could affect a computer without relying on unwitting users who open attachments indiscriminately. However, patches for all of these bugs were available MONTHS (and in some cases YEARS) before the virus writers created the viruses that exploit them. Why is that? Basically, because virus writers are not the type of people who do the research to find security glitches. They exploit known security flaws, hoping to affect people who have not applied the fixes.

"Let Me Make This Perfectly Clear"

I do not know of **ANY** automatic virus/worm/trojan that hasn't been covered by a security fix. None. This includes "html viruses", "malicious javascripts" and "infected hyperlinks". And that wierd virus that your cousin Vinny heard about from his friend who lives next to the police department in a major city. Yup, that one too.

I did qualify my statement that "you cannot get a virus just by reading your email" with the importance of keeping your email software up to date. There is so much unwarranted fear, media hype and misinformation surrounding the subject of computer viruses and email attachments. That's why I feel it is important to make people aware that they are quite safe if they use updated email software and abide by common sense handling of attachments.

I'll Have The Caveat, Please.

Honestly, I was afraid that if I made a statement like "in some circumstances it IS possible to get a virus by opening an email" then the rest of the message would be lost in the ensuing panic. Never mind that this can only happen to people using old, unpatched email software. Never mind that the fix for this problem has been available for months or years. RUN FOR THE HILLS! THE VIRUSES ARE A-COMIN'!!!

I will continue to stand by my statement that "you cannot get a virus just by reading your email" but I'll add the caveat "as long as your email software is up to date". I was tempted to say "as long as you don't use a Microsoft browser or email product" but then Bill Gates might not invite me to his parties anymore. So I won't say that. :-)

If you use Netscape's built-in email program, or Eudora, or almost ANY email software NOT made by Microsoft, you don't have to worry about this problem, and viruses will only get you if you let them. Hey, that's kind of like the vampire thing -- they can't get you unless you invite them in.

Keeping Current

So how do you keep your software updated and make sure all the latest security patches are applied? If you use Internet Explorer and/or a Microsoft email program such as Outlook or Outlook Express, it's important to use Windows Update regularly and download any Critical Updates recommended for your system.

http://windowsupdate.microsoft.com

For most users, Windows Update will automatically notify you when an update is available. But I recommend that you check once a week just to be sure. And for extra safety, download the latest version of your email and web browser software once every six months.

If you use Netscape, Eudora or other Mac Internet software, here are some links to find new versions, upgrades or security patches:

NETSCAPE SMART UPDATE - http://home.netscape.com/smartupdate

EUDORA EMAIL SOFTWARE - http://www.eudora.com

APPLE SOFTWARE UPDATE - http://asu.info.apple.com

Disable Windows Scripting

It's my understanding that you can avoid most Windows-based viruses (including K-A-K, B-u-b-b-l-e-B-o-y, M-e-l-i-s-s-a, I-L-O-V-E-Y-O-U and many others) by disabling a feature called Windows Scripting Host. Some people warn that this will prevent some legitimate uses of Visual Basic Scripting, but I did this two years ago and it's never caused a problem for me. Click below for instructions:

http://www.sophos.com/support/faqs/wsh.html

What About That !000 Trick?

Maybe you've received a chain letter advising you to add a bogus nickname of "!000" to your email address book to prevent viruses from spreading. Read the article below by About.com columnist Mary Landesman to see why it's bad advice.

http://antivirus.about.com/library/weekly/aa082801b.htm

Notes On Revealing Windows Filename Extensions

In my Virus Prevention 101 article, I warned that you should be careful when using the apparent filename of an attachment as a guide to whether or not you can safely open it. I gave instructions on how to make Windows reveal the entire filename, but my very smart friend Uzi Paz says: "Be aware that this doesn't always work." And he explains in much greater detail in his "Security and Filename Extensions" article how Gatus of Borg has deigned to hide certain file extensions even when they are supposed to be unhidden; along with instructions for revealing ALL potentially harmful file extensions, without using run-on sentences or improperly-placed punctuation marks.

http://www.uzipaz.com/eng/safe.html

What About Macs? And Linux?

One thing I didn't mention in Virus Prevention 101 is that there are very few viruses that affect Mac or Linux systems. This isn't because those platforms are inherently safer than Windows PC's, or because it's harder to write a virus for Mac or Linux. The reason has to do with market share. Since Mac and Linux users represent less than 10% of the computing population, virus writers generally choose to ignore them.

If you're an Evil Hacker about to unleash a virus on the world, and you want it to affect the maximum number of people, you'll write a virus that affects Windows-based computers. That's not to say that viruses don't exist outside the Windows world. They do, but they number in the dozens, as opposed to the tens of thousands that potentially threaten Windows users.

So what do I recommend for people who use Macs or Linux? Nothing different, really. Don't open attachments unless you know these three things:

  • Who sent it (confirmed by phone or email)
  • Why they sent it
  • What it is
  • When It DOES Make Sense to use Anti-Virus Software

    My conclusion in Virus Prevention 101 was that anti-virus software is a waste of time and money for most people. I stand by that statement.

    I'm not saying that some horrible new virus won't be invented tomorrow. Let's say an Evil Hacker does exactly that, and the virus exploits a previously undiscovered security hole. Will your anti-virus program protect you? Most likely NOT!

    When a brand new virus hits the Net, it tends to make the rounds very quickly. Tens of thousands of people can be infected worldwide, even if they have dutifully installed A/V software -- because it will take the A/V vendors 24-48 hours to update their software, and maybe another day for your software to receive and apply the updates.

    That is my primary concern with A/V packages. They give people a false sense of security which probably makes them MORE likely to click on just about any attachment because they think they're safe. I also have concerns about A/V software because sometimes they interfere with other legitimate programs or report "false positives".

    However, there are always exceptions to the rule. For some people, it makes a lot of sense to run anti-virus software. If you fall into one of these categories:

  • your job requires you to receive email attachments that
  • contain word processor or spreadsheet files

  • you frequently download new software, or receive files on disks
  • your computer is shared by others (especially children) who are
  • prone to clicking, opening or downloading almost anything, despite repeated warnings, threats and knuckle-whacking

  • you have a nagging suspicion that Cousin Vinny might be right
  • about that wierd virus, or the item above applies to you. :-)

    ...then you SHOULD use an anti-virus program.

    I don't discount the fact that people do make mistakes. If using anti-virus software makes you feel safer, if you understand that it's not a GUARANTEE to keep you safe, if you don't mind spending the money, then maybe it's right for you. You can find a bunch of popular anti-virus packages here:

    http://search.yahoo.com/bin/search?p=anti-virus

    JUMP HIGHER, RUN FASTER WITH THE TOURBUS ARCHIVES CDROM

    Earlier this month we announced availability of the complete Tourbus Archives (1995-2001) on CDROM - with SIX YEARS of Tourbus newsletters, fully searchable and printable. Over 600 issues filled with advice, tips, tricks, and the offbeat humor of your friendly Bus drivers.

    So many of you have written to thank me for making this CD available, and it's nice to see people ordering extra copies for friends. To order your Tourbus Archives CDROM and get your free copy of Doctor Bob's special report "The Best of Everything" click here:

    http://www.internettourbus.com/cdrom.htm

    That's all for now. I'll see you next time! --Bob Rankin

    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
    Copyright © Bob Rankin and Patrick Crispen - All rights reserved
    TOURBUS
    HOME PAGE
    LINUX
    TUTORIAL
    TOURBUS
    ARCHIVES
    Virus Prevention 102, viruses, hoaxes, urban legends, search engines, cookies, cool sites
    TOURBUS Site Search