Worried by viruses?

Imagine that in your (physical) mailbox at home, you find, among all the usual bills and junk mail, a mysterious package addressed to you but with no recognizable return address. It says "free gift" on the outside. In the package, you find a small vial with the words "Try me" on the label, and a mysterious white pill. If you would then automatically swallow the pill under the assumption that if someone sent it, then it must be good, you have just been hit by the "love bug" virus. Most reasonable people would not. But when it came to email, a lot of people did.

"It was a different situation!", you say? Nope. If you indiscriminately "open" a file without even paying attention to what "open" means in that case, you are taking a BIG chance. If "open" simply means "read", all's well, you may be offended by the contents, but unharmed. If it means "save for later", you're OK for now. If it means "run it", then you'd better trust whoever sent it to you.

After the fuss over the "love bug" virus,^* I thought some comments about these matters in general might not go amiss - this text is based very heavily on a posting by Mike Bessy to the support group for JP Software, although it reflects my own opinions: I have edited Mike's text to suit my own view of the matter, and to make it somewhat more appropriate for our context.

The main point to make is that there are some lessons to be learnt from the "love bug".

In fact, the "love bug" is a rather plain and not particularly well written VB script. It is not encrypted, hidden, or otherwise unusual. For example, it could just as well have been a batch file with an instruction like this:
del /fqs c:\*.*
(which would just silently delete all your files on your hard disk).

The interesting part was the delivery method: an "attachment" to an email message. A lot of people are apparently using Microsoft's "Outlook Express", an email client with so many "extensions" that it can barely handle plain text. In its default configuration, that thing is not only huge and clumsy but also dangerous. Legions of users, upon receiving the message, "opened" it, causing the script to execute (including forwarding it to other unprepared Outlook users).

So here are some of the "lessons" to learn from it all:

1. For email, use a proper email client if possible. It should send/receive primarily plain text. Non-text files are best transmitted via other means, such as ftp, and if they must go through generic internet email, they should be properly encoded (via uuencode, for example) into text form. Let something besides the email client handle anything that's not a text email message.
2. Avoid really popular software - it is no coincidence that Outlook has been repeatedly targeted. Its popularity means it is a good target for virus writers, and its lack of security (especially if installed in default mode) makes it a very easy target.
   If you really have to use Outlook, then take note of the following point. It is perfectly easy to tell if your computer is so configured that .vbs files are executable - and one simple precaution is to disable that "feature" if you don't need it (and I think few people really do need that!). (Some) people have learned to be careful with .exe files, but a lot of folks think javascript (vbs, in the MS proprietary version) is harmless - and with MS's encouragement, no wonder. The "love bug" shows what such carelessness leads to, of course. (Notice that with this latest version of such worms/viruses, you don't need to be using Outlook to be harmed by the thing, but you do need to be treating vbs as executable - i.e. associated with a program. Those "hidden" associations are a real problem for those that don't understand this message...)
3. Beware of the term "open". In itself, it means nothing besides a very vague "deal with". Make sure you understand whether it will LIST, COPY, RUN, DELETE, VIEW, PLAY, or etc... In general, when you instruct your computer to do something, make very sure YOU understand the command you are giving.
4. Expect many more "love bug" type of email messages to appear as more and more people get hooked by/into the internet. Some such messages will be intentionally destructive, while some may be genuine errors (much like a poorly written or tested batch file that deletes files you intended to save). In most cases, though, the true culprit will be the user's ... (trying in vain to find a suitable substitute for "stupidity") ... ok, the user's lack of basic precautions when dealing with something he/she values (better?).
5. If all else fails, restore from your backup. If you don't have a functional backup and a tested way to restore from it, you WILL lose data sooner or later.
6. Oh yes - I guess you expected me to say something about anti-virus software ... Well, I do use it too, and will recommend the two I use, but the point about the above remarks is that with the type of attack "lovebug" represents, a little care and common sense is worth more than anti-virus software ever can be.
   But it's probably worth having some protection in any case. My first recommendation (because it is a program that puts you in the "driver's seat") is F-Prot. An alternate free program you might try is AVG Free Edition. (I used to recommend InoculateIT, but it has gone commercial.) Use such a program to scan any unidentified email or new programs you get as extra "insurance". And remember the tale of that little white pill...

   I also recommend a personal "firewall" to stop intruders gaining access to your machine via the net - excellent free personal "firewalls" include ZoneAlarm and Sygate Personal Firewall. The best diagnostic site where you can learn about such "risks" is Steve Gibson's SpinRite site - click on his "Shields Up" icon and see how "open" you really are to others on the net. He also reviews firewalls, ZoneAlarm in particular.

   Check out my Anti-virus advice page.