Date:         Wed, 1 Aug 2001 23:43:08 -0400


Sender:       The Internet TourBus - A virtual tour of cyberspace


From:         Bob Rankin 

Subject:      TOURBUS - 31 Jul 01 - Virus Prevention 102

MIME-Version: 1.0

Content-Type: TEXT/PLAIN; charset=US-ASCII



              TOURBUS Volume 7, Number 03 -- 31 July 2001



    _________ ____________ ________ __________ _____________ ___ _

   /         |            /        |          |             /   | \

  |         LONG DISTANCE CALLS For Just 5 CENTS a Minute  /    |  \

  |__________|__________/__________|__________|___________/_____|   \

 /                                                              |----\

|   Sign up for IDT Long Distance and get long distance calls   |////|

| anywhere in the continental US for just 5 CENTS A MINUTE.     |////|

| All day, every day - not just nights and weekends, like other |////|

| carriers. No other major carrier has a better flat rate plan. |////|

| Not AT&T, not Sprint, not MCI. Sign up now, it only takes two |////|

| minutes.  If you are not satisfied you can cancel anytime.    |////|

|                                                               |////|

|         |////|

|    IDT Long Distance - CLICK for Info                     |////|


       /   \  /   \                                             /   \

       \___/  \___/  T h e   I n t e r n e t   T o u r B u s    \___/

        SIX YEARS of Searchable Archives at !




When I wrote in Virus Prevention 101 that "You CANNOT get a virus just

by opening or reading your email" it unleashed a torrent of emails in

response.  I expected this, because I know that TOURBUS riders are

generally smarter and better-looking than the rest of the population.

Read on for Virus Prevention 102 - even more information on virus



+------------ **FREE* *FREE* **FREE INKJET CARTRIDGES!** ----------+


 Buy 1, Get 1 FREE on all cartridges for your Epson, Canon, HP, or

 Lexmark printer!  100% Guaranteed Quality - Secure Ordering - Fast

 Service!  Free shipping on orders over $25!  Call 1-877-290-0687

 or visit our web site and check out all our new low prices!





+-------------- SAVE YOUR MONEY - GET FREE CDROM's! ---------------+

Scoop up popular Windows SOFTWARE on CDROM for FREE.  You pay ONLY

the shipping and handling for these and 75 other great CD titles:


  - NORTON SYSTEMWORKS 2000 PRO (List: $69.99 - FREE)


  - QUICKEN 2000 DELUXE (List: $59.99 - FREE)


Click Here to Select your FREE CD's Now 







Most of the people who responded to the last issue wrote to tell me

about the K-A-K worm, which slithered onto the Net in 1998, and took

advantage of a problem in some versions of Microsoft Outlook and

Outlook Express.  The K-A-K worm could in fact do its damage when you

opened the message, either by clicking on it, or when it appeared in

the Outlook preview pane. (I've inserted dashes in all the virus names

here to prevent over-zealous email filters from automatically deleting

this article.)


This is the ONLY case I know of where a virus/worm thingie could

affect a computer without relying on unwitting users who open

attachments indiscriminately.  However, a patch for this bug has been

available for over two years!  (See the section later in this article

about Windows Update.)


I did qualify my statement that "you cannot get a virus just by

reading your email" with the importance of keeping your email software

up to date. There is so much unwarranted fear, media hype and

misinformation surrounding the subject of computer viruses and email

attachments. That's why I feel it is important to make people aware

that they are quite safe if they use updated email software and abide

by common sense handling of attachments.



 I'll Have The Caveat, Please.



Honestly, I was afraid that if I made a statement like "in some

circumstances it IS possible to get a virus by opening an email" then

the rest of the message would be lost in the ensuing panic.  Never

mind that this can only happen to people using old, unpatched email

software.  Never mind that the fix for this problem has been available



I will continue to stand by my statement that "you cannot get a virus

just by reading your email" but I'll add the caveat "as long as your

email software is up to date".  I was tempted to say "as long as you

don't use a Microsoft browser or email product" but then Bill Gates

might not invite me to his holiday party.  So I won't say that.  :-)


If you use Netscape's built-in email program, or Eudora, or almost ANY

email software NOT made by Microsoft, you don't have to worry about

this K-A-K problem, and viruses will only get you if you let them.

Hey, that's kind of like the vampire thing -- they can't get you

unless you invite them in.



 Keeping Current



So how do you keep your software updated and make sure all the latest

security patches are applied?  If you use Internet Explorer and/or a

Microsoft email program such as Outlook or Outlook Express, it's

important to use Windows Update regularly and download any Critical

Updates recommended for your system.



If you use Netscape, Eudora or other Mac Internet software, here are

some links to find new versions, upgrades or security patches:











It's my understanding that you can avoid most Windows-based viruses

(including K-A-K, B-u-b-b-l-e-B-o-y, M-e-l-i-s-s-a, I-L-O-V-E-Y-O-U

and many others) by disabling a feature called Windows Scripting Host.

To do so click Start / Find / Files and type in WSCRIPT. Set "Look in"

to your C: drive.  Click Find Now, then delete or rename any files

that begin with WSCRIPT.  Repeat this process using CSCRIPT instead of

WSCRIPT.  Some people warn that this will prevent some legitimate uses

of Visual Basic Scripting, but I did this two years ago and it's never

caused a problem for me.



 Notes On Revealing Windows Filename Extensions



In my Virus Prevention 101 article, I warned that you should be

careful when using the apparent filename of an attachment as a guide

to whether or not you can safely open it.


> The standard behavior of Windows is to hide the file extension

> (the last three characters) when filenames are displayed.  Some

> virus writers take advantage of this and create files with names

> such as HAPPY.JPG.SCR, which will display as HAPPY.JPG.  It

> appears to be a harmless JPG (photo) file, but is really a nasty

> virus. To force Windows to display the entire filename, open

> Windows Explorer, click on View / Folder Options / View, then

> UNcheck the "Hide file extensions for known file types" option.


Several readers mentioned that they had to use View / Tools instead of

View / Folder Options, so if you had trouble finding this option, try

that route instead.


More importantly, I got a note about this from Uzi Paz.  Whenever Uzi

writes to me I pay attention, because he is a Very Smart Person and

Doer of Good Net Deeds.  Also, his name is UZI.  :-)


Uzi says: "Be aware that this doesn't always work."  And he explains

in much greater detail in his "Security and Filename Extensions"

article how Gatus of Borg has deigned to hide certain file extensions

even when they are supposed to be unhidden; along with instructions

for revealing ALL potentially harmful file extensions, without using

run-on sentences or improperly-placed punctuation marks.


 Quick View Plus



Tourbus rider Nat had this suggestion about pre-viewing attached



 "I always view attachments first with Quick View Plus.  I can

 view most documents I receive without opening them and risking

 virus infection.  After that I only have to worry about the ones

 I can't view with Quick View.  Everything else either gets

 discarded, scanned with my virus scanner prior to opening, or

 confirmation from the sender."


According the manufacturer, Quick View Plus will "view email

attachments (graphics, documents, spreadsheets, databases,

presentations, zip files, and more) instantly, whether you have the

original application or not."  Quick View insulates you from

potentially harmful macro viruses that can hide in word processor or

spreadsheet files.  A free 30-day evaluation copy of Quick View Plus

is available for download from the JASC site below.




 What About Macs?  And Linux?



One thing I didn't mention in Virus Prevention 101 is that there are

very few viruses that affect Mac or Linux systems.  This isn't because

those platforms are inherently safer than Windows PC's, or because

it's harder to write a virus for Mac or Linux.  The reason has to do

with market share.  Since Mac and Linux users represent less than 10%

of the computing population, virus writers generally choose to ignore



If you're an Evil Hacker about to unleash a virus on the world, and

you want it to affect the maximum number of people, you'll write a

virus that affects Windows-based computers.  That's not to say that

viruses don't exist outside the Windows world.  They do, but they

number in the dozens, as opposed to the tens of thousands that

potentially threaten Windows users.


So what do I recommend for people who use Macs or Linux?  Nothing

different, really.  Don't open attachments unless you know these three



        - Who sent it (confirmed by phone or email)

        - Why they sent it

        - What it is



 When It DOES Make Sense to use Anti-Virus Software



My conclusion in Virus Prevention 101 was that anti-virus software is

a waste of time and money for most people.  I stand by that statement.

However, if your job requires you to receive email attachments that

contain word processor or spreadsheet files, or you frequently

download new software, or you receive files on portable disks, then to

be absolutely safe you SHOULD use an anti-virus program.  You can find

a bunch of popular ones here:



That's all for now.  I'll see you next time!  --Bob Rankin


=====================[ Tourbus Rider Information ===================

   The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238

     Copyright 1995-2001, Rankin & Crispen - All rights reserved


        -+- LONG DISTANCE CALLS For Just 5 CENTS a Minute -+-



      Subscribe, Signoff, Archives, Free Stuff and More at the

              Tourbus Website -


TOURBUS - 31 JUL 01 - Virus Prevention 102, viruses, hoaxes, urban legends, search engines, cookies, cool sites
TOURBUS Site Search