dacs.doc electric

 

Computer Viruses

Fact vs. Fiction

By Jeffrey A. Setaro

 

SEVERAL YEARS AGO I heard an industry pundit refer to computer viruses as the electronic equivalent of graffiti. This was annoying but not particularly damaging. I wonder what he thinks now? Last year (1999), encounters with malicious software, computer viruses, worms, & Trojan horse programs resulted in approximately $12.1 billion in damages. Certainly not the electronic equivalent of graffiti, this is better described as the cyber equivalent of a car bomb--destructive, indiscriminate, and costly.

Contrary to what's often portrayed in the movies or on the six o'clock news, malicious software has no magical powers, it won't cause you monitor to burst into flames, or gnaw through your keyboard and bite off your fingers. Computer viruses, Trojan Horse programs, and Worms are simply computer programs. In order for one of them to do damage, some type of programmatic code has to be run. In simple terms, the only way malicious software (malware) can infect your computer is if you:

  • Run an infected program (i.e., .COM or .EXE).
  • Boot or attempt to boot from an infected floppy (in the case of a boot sector virus, diskette).
  • Open an infected Microsoft Word document, Excel spreadsheet, Access database, Power Point presentation, or Microsoft Project file.
  • Run an infected Visual Basic Script or Microsoft JScript, including "invisible" ones embedded in Web pages or HTML formatted e-mail or news group postings messages.

Threats

Understanding the threats is half the battle in defending against malicious software. So what is a virus? A worm? A Trojan Horse program? A hoax?

  • Virus. A computer virus is a self-replicating program containing code that explicitly copies itself and that can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus.
  • Worm. A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections).
  • Trojan Horse. A Trojan Horse is a program that does something undocumented that the programmer intended but that some users would not approve of if they knew about it.
  • Hoax. A hoax is warning about a nonexistent, extremely destructive, piece of malware. Hoax warnings are normally distributed as chain letters that ask you to "pass this warning along to everyone you know." Legitimate warnings are not distributed as chain letters and will always include links to the issuer's Website where additional information can be found.

Solutions

How can you defend yourself again malicious software? First, you should invest in a quality antivirus program and keep it up to date. Always remember that antivirus software is a perishable commodity and has to be updated regularly (once a week in most cases) in order to be effective. Second, you should practice Safe Hex religiously. You should never, ever:

  • Open files or e-mail attachments from someone you don't know.
  • Open files or e-mail attachments forwarded to you even if they are from someone you know.
  • Open unsolicited or unexpected e-mail attachments until you've confirmed that the sender actually meant to send them.
  • Open a document with macros enabled, period.
  • Boot from a floppy unless you personally created it, write-protected it, and had it hidden in your sock drawer since then.

Other things you should always do are:

  • Backup your computer regularly (a tape drive is your best bet).
  • Keep your antivirus software up to date (both scanning engine & definition files).
  • Scan e-mail attachments or downloaded files before you open them.
  • In the event disaster does strike, don't panic. Very often users will do more damage with panicked recovery attempts than a virus or Trojan horse would have.

Microsoft Internet Security Settings Dialog.Third if you're using Microsoft Outlook or Outlook Express to read e-mail and news group messages, make sure you install all of the available patches and updates from Microsoft and disable scripting in messages. To disable scripting in Microsoft Outlook & Outlook Express, Open Control Panel|Internet Options|Security and select the "Restricted Sites" zone. Now click "Custom Level" and set every entry to disable except:

  • "Drag and drop or copy and paste files" (Should be Prompt)
  • "Submit non encrypted data" (Should be Prompt)
  • "User Name" ("Login" (Should be Prompt for username and password)

Now click "OK" and answer yes to the "Are you sure you want to do this?" dialog. Click "Apply" and then "OK" to close the Internet Options dialog. Now open Outlook or Outlook Express, select Tools|Options|Security, and change the default security zone to Restricted Sites.

Conclusions

Want to know more about malicious software and how to defend yourself against it? Then attend the July 11 general meeting of the Danbury Area Computer Society 7 p.m. at the Danbury Hospital Auditorium. You may download the audience handout of the presentation from our Web site at http://www.dacs.org.

DACS gemeral meetings are open to the public. For more information about the July meeting or the Special Interest Group meetings that take place during the month, check our Website at or call our Resource Center 203-748-4330. Coming in August: Henry Gil, Voyetra Turtle Beach, Inc., Digital Music.

Handouts

Anti-virus Software Vendors

BackHomeNext