PDQ Library:  Anti-Virus Rules

The Internet TourBus - 13 December 1999

Patrick Douglas Crispen <crispen@netsquirrel.com>

C r i s p e n ' s   * S I X *   A n t i v i r u s   R u l e s

In light of the recent Bubbleboy and WormExploreZip virus outbreaks, I decided to re-rewrite my rules on how to protect yourself from computer viruses, Trojan horses, or worms. Regardless of your operating system, these six rules should protect you from most of the over FORTY-SIX THOUSAND viruses that are currently floating around the Net.

1. Purchase a good, commercial antivirus program like Norton Antivirus Or Mcafee Virusscan.

Most commercial antivirus programs usually cost between US$40 and US$50 and can be purchased at almost any computer store in the world. [You can usually save about US$10 if you purchase the software online -- visit http://www.shopper.com/ for more information].

Antivirus program manufacturers also release minor upgrades every two to three months and major upgrades every twelve to eighteen months. YOU NEED THESE UPGRADES. Minor upgrades are usually free, and major upgrades usually cost anywhere between US$20 and US$40, depending on the manufacturer [think of this as an expected expense -- just as you have to change your car's oil every 3,000 miles, you have to upgrade your antivirus software every year to year-and-a-half].

To see if any minor or major upgrades are available for your antivirus program, visit your antivirus program manufacturer's homepage. A list of antivirus manufacturers' homepages can be found at http://www.yahoo.com/ or at AOL keyword "virus."

2. Update your virus definitions frequently (at least once a week).

With over 250 new viruses being discovered each week, if you don't update your definitions frequently you won't be protected from ANY of the new viruses floating around the Net.

How do you update your virus definitions? That depends on the antivirus program you use. Norton Antivirus has a "Live Update" button built into the program; click on it, and Norton automatically downloads and installs the latest virus definitions from Net. McAfee VirusScan has a similar update function (go to File --> Update VirusScan).

If you are unsure of how to update your virus definitions, visit the homepage of your antivirus software manufacturer and look for their "download," "update," or "technical support" section.

3. Never double-click (or launch) *any* file, especially an email attachment, regardless of who the file is from, until you first scan that file with your antivirus program.

This is probably the most important rule of them all. There are currently over forty-six thousand viruses out there, there are over 2.8 trillion possible files names out there, and any one of those viruses could be hiding in any one of those file names. A lot of people think that you can protect yourself from a computer virus by being on the lookout for one particular virus or one particular file name (hence all of the virus warnings you have received in your email inbox lately). That's not only silly, that's dangerous. If you want to protect your computer from viruses, you need to ignore ALL of the virus warnings you receive and instead beware of EVERY file you see, especially every file that is attached to an email message.

It is important to note that, despite all of the warnings to the contrary, there is no such thing as an email virus. If you are running the most up-to-date version of Windows (see rule #5 below) or if you have a Mac, you can open your emails, regardless of their subject lines, without fear of infecting your computer, provided your email program doesn't automatically open attachments (most don't). It is the files that are ATTACHED to emails that you have to fear.

Think of a computer virus as a well-packaged letter bomb. You can move a letter bomb from room to room in your house without any danger. Open the letter bomb, however, and you die. The same is true with computer viruses. You could download a billion virus-infected files from the Internet and receive another billion virus-infected files attached to email messages and your computer still wouldn't be infected with a virus. Open, or double-click on, just ONE of those files, though, and your computer is dead.

Remember, to infect your computer with a virus, you have to open (or double-click on) a file that contains a virus. As long as you don't open that file, you really have nothing to fear.

How can you scan a file for viruses? It depends on the antivirus program you use. The best bet is to read your antivirus program's instructions or read its online help section. If you use Norton Antivirus or McAfee VirusScan, right-click (or, if you have a Mac, click and hold) on the file in question. A pop-up menu should appear, and one of the choices should be "Scan with ..." and the name of your antivirus program. If that doesn't work, just open your antivirus program and try to scan the file from there.

Do you have to scan EVERY file, even if that file is from your friends or coworkers? Yes! Both the Melissa and the WormExplore.Zip viruses distributed themselves by opening your email program, looking at either your 'friends' list or the list of email addresses in your inbox, and then distributing virus-infected files to everyone on that list.

In the world of computer viruses, you can't trust ANYONE.

4. Turn on macro virus protection in Microsoft Word, and beware of all Word macros, especially if you don't know what macros are.

Word Macros are saved sequences of commands or keyboard strokes that can be stored and then recalled with a single command or keyboard stroke. They enable advanced Word users to easily accomplish what would otherwise be difficult tasks. They also allow virus writers to do serious damage to your computer. For example, the Melissa virus was actually a Word Macro virus.

If you use Word 97, go to Tools --> Options. Click on the "General" tab. Make sure that "Macro virus protection" (at the bottom of the list) is checked.

If you use Word 2000, Double-click on the Tools menu, point to "Macro," and then choose "Security." Select the level of security you want. High security will allow only macros that have been signed to open. Unsigned macros will be automatically disabled. Medium security always brings up the macro dialog protection box that allows you to disable macros if you are unsure of the macros.

With Macro virus protection turned on, Microsoft Word will warn you every time you try to open a Word document that contains a macro. The warning gives you three choices: the option to open the file but disable its macros ("disable macros"), open the file with macros enabled ("enable macros"), or the option to not open the file ("do no open"). Chose the first (default) option: "disable macros."

For more information, visit the Macro Virus Protection page at http://officeupdate.microsoft.com/focus/articles/o97mcrod.htm

5. Run Windows update at least once a month.

Windows is aptly named because it is full of holes. There are several, inadvertent 'open doors' (or 'security holes') in the Windows operating system that *COULD* conceivably make your computer vulnerable to outside attack. In specific, a mean-spirited hacker *COULD* 'walk through' one of these open doors on your Windows PC and read any file on your computer, delete specific files or programs, or even completely erase your hard drive.

When the folks at Microsoft discover a security hole, they immediately release a software patch to close it. Without the patch -- and there are MANY -- your computer is wide open to outside attack.

Fortunately, downloading these patches couldn't be simpler. Built into every Windows 95 and Windows 98 PC is something called "Windows Update." Windows Update is completely free, but there is one catch: you have to have Internet Explorer 5 to be able to use it. :(

Here is how to use Windows Update to download all of the security patches Microsoft has released since your PC was made:

  1. Connect (or logon) to the Internet.
  2. Go to Start --> Settings --> Windows Update on your PC. This launches Internet Explorer and connects you to Microsoft's Windows Update page [ http://windowsupdate.microsoft.com/ ]. If you don't have Internet Explorer 5 (IE5), Microsoft's Windows Update page will talk you through the process of downloading IE5. If you already have IE5, keep reading.
  3. On the top left-hand side of the Windows Update page, click on the "Product Updates" link (it is the one with the hand and the red *)
  4. A pop-up window will appear, telling you to wait while your computer DOESN'T send any information to Microsoft (well, that's what it says!)
  5. Eventually, you'll see a page that says "Select Software." When Microsoft releases an essential update or patch to close a security hole in Windows, they put it in this page's "Critical Updates" section. Select (or click on) EVERYTHING in the "Critical Updates" section -- you need *ALL* of the critical updates -- and then click on the big, gray "Download" arrow in the top right hand corner of the page.
  6. Follow the on-screen prompts. That's it! :)

New security holes are found in Windows every week or two, so it is a good idea to run Windows Update at least once a month. The first time you run it, expect to see a MESS of critical updates. After that, though, there should only be one or two critical updates you'll have to download every month.

6. If someone unexpectedly sends you an executable file -- in other words, a file that ends in .EXE -- throw it out.

Most of the forty-six thousand viruses that are floating around the Net right now are hiding in executable files. If someone, even a close personal friend, unexpectedly sends you a file that ends in .exe -- or if they unexpectedly send you a zipped file that contains a file or files that end in .exe --your safest bet is to delete the file without opening it.

The key word here is "unexpectedly." If you are expecting a friend to send you an executable file, you certainly don't need to delete that file -- just virus scan it first before you open it.

However, if you are in an environment (like a home) where you don't often receive ANY files attached to your incoming email messages, a better rule would be: "When in doubt, throw it out... and doubt EVERYTHING."

How well will these six rules protect your computer from becoming infected with a virus, Trojan horse, or worm? Take a look at the following questions, and decide for yourself. How many people whose computers were infected with the Melissa virus ignored at least one of these rules? ALL OF THEM! How many people who followed these six rules had their computers infected by Melissa? NONE OF THEM! How many people whose computers were infected with the WormExplore.Zip virus ignored at least one of these rules? ALL OF THEM! How many people who followed these six rules had their computers infected by the WormExplore.Zip virus? NONE OF THEM!

These six rules will not protect you from every computer virus, Trojan horse, or worm, but they will so significantly decrease your computer's chances of becoming infected that you can all but forget about the next virus scare and all the ones that will follow.

[ Tourbus Rider Information ]
The Internet Tourbus - U.S. Library of Congress
ISSN #1094-2238
Copyright 1995-99, Rankin & Crispen - All rights reserved
Archives on the Web at www.InternetTourbus.com
Do You Like Tourbus?
Recommend It and You Could Win a Palm Pilot!

Send this copy to 3 friends and tell them to hop on the Bus!

   .~~~.  ))
  (\__/)  .'     )  ))  Patrick Douglas Crispen
  /o o  \/     .~
 {o_,    \    {        crispen@netsquirrel.com
   / ,  , )    \          http://www.netsquirrel.com/
   `~  '-' \    } ))    AOL Instant Messenger: Squirrel2K
  _(    (   )_.'
'---..{____}            Warning: squirrels.
TOP back