NOTE:This advice was written a long time ago, and some details
will seem very old-fashioned: however,
current virus and trojan scares are not different enough to alter the
essence of the advice given, so I have not altered the text. Just
substitute references to the "love bug" virus with whatever is this
year's fashionable virus threat.
Worried by viruses?
I want you to imagine the following situation:
Imagine that in your (physical) mailbox at home, you find, among all the
usual bills and junk mail, a mysterious package addressed to you but
with no recognizable return address. It says "free gift" on the
outside. In the package, you find a small vial with the words "Try me"
on the label, and a mysterious white pill. If you would then
automatically swallow the pill under the assumption that if someone sent
it, then it must be good, you have just been hit by the "love bug"
virus. Most reasonable people would not. But when it came to email, a lot of
people did.
"It was a different situation!", you say? Nope. If you indiscriminately
"open" a file without even paying attention to what "open" means in that
case, you are taking a BIG chance. If "open" simply means "read",
all's well, you may be offended by the contents, but unharmed. If it
means "save for later", you're OK for now. If it means "run it", then
you'd better trust whoever sent it to you.
After the fuss over the "love bug" virus,*
I thought some comments about
these matters in general might not go amiss - this text is
based very heavily on a posting by Mike Bessy to the support group for
JP Software,
although it reflects my own opinions: I have edited
Mike's text to suit my own view of the matter, and to make it somewhat
more appropriate for our context.
The main point to make is that there are some lessons to be learnt
from the "love bug".
In fact, the "love bug" is a rather plain and not
particularly well written VB script. It is not encrypted, hidden, or
otherwise unusual. For example, it could just as well have been a batch
file with an instruction like this:
del /fqs c:\*.*
(which would just silently delete all your files on your hard disk).
The interesting part was the delivery method: an "attachment" to an
email message. A lot of people are apparently using Microsoft's
"Outlook Express", an email client with so many "extensions" that it can
barely handle plain text. In its default configuration, that thing is
not only huge and clumsy but also dangerous. Legions of users, upon
receiving the message, "opened" it, causing the script to execute
(including forwarding it to other unprepared Outlook users).
So here are some of the "lessons" to learn from it all:
- For email, use a proper email client if possible. It should
send/receive primarily plain text. Non-text files are best
transmitted via other means, such as ftp, and if they must go through
generic internet email, they should be properly encoded (via uuencode,
for example) into text form. Let something besides the email client
handle anything that's not a text email message.
- Avoid really popular software - it is no coincidence that
Outlook has been repeatedly targeted. Its popularity means it is a good
target for virus writers, and its lack of security (especially if
installed in default mode) makes it a very easy target.
If you really have to use Outlook, then take note of the following
point. It is perfectly easy to tell if your computer is so configured
that .vbs files are executable - and one simple precaution is to disable
that "feature" if you don't need it (and I think few people really do
need that!). (Some) people have learned to be careful with .exe files,
but a lot of folks think javascript (vbs, in the MS proprietary version)
is harmless - and with MS's encouragement, no wonder. The "love bug"
shows what such carelessness leads to, of course. (Notice that with
this latest version of such worms/viruses, you don't need to be using
Outlook to be harmed by the thing, but you do need to be treating vbs as
executable - i.e. associated with a program. Those "hidden"
associations are a real problem for those that don't understand this
message...)
- Beware of the term "open". In itself, it means nothing besides a
very vague "deal with". Make sure you understand whether it will LIST,
COPY, RUN, DELETE, VIEW, PLAY, or etc... In general, when you
instruct your computer to do something, make very sure YOU
understand the command you are giving.
- Expect many more "love bug" type of email messages to appear as more
and more people get hooked by/into the internet. Some such messages
will be intentionally destructive, while some may be genuine errors
(much like a poorly written or tested batch file that deletes files you
intended to save). In most cases, though, the true culprit will be
the user's ... (trying in vain to find a suitable substitute for
"stupidity") ... ok, the user's lack of basic precautions when dealing
with something he/she values (better?).
- If all else fails, restore from your backup. If you don't have a
functional backup and a tested way to restore from it, you WILL lose
data sooner or later.
- Oh yes - I guess you expected me to say something about
anti-virus software ... Well, I do use it too, and will recommend the
two I use, but the point about the above remarks is that with the type
of attack "lovebug" represents, a little care and common sense is
worth more than anti-virus software ever can be.
But it's probably worth having some protection in any case. My first
recommendation (because it is a program that puts you in the "driver's
seat") is F-Prot. An alternate
free program you might try is AVG Free
Edition. (I used to recommend
InoculateIT, but it has gone commercial.)
Use such a program to scan any unidentified email or new programs you
get as extra "insurance". And remember the tale of that little white pill...
I also recommend a personal "firewall" to stop intruders gaining
access to your machine via the net - excellent free personal "firewalls"
include ZoneAlarm and
Sygate Personal
Firewall. The best diagnostic site where you can learn about such "risks"
is Steve Gibson's SpinRite site - click on
his "Shields Up" icon and see how "open" you really are to others on
the net. He also reviews firewalls, ZoneAlarm in particular.
Check out my Anti-virus advice page.
Acknowledgement:
Thanks to Mike Bessy for the original text.