WITH THE MELISSA VIRUS a few weeks ago and now the more deadly "ExplorerZip" worm, those using e-mail to the outside world have to take a close look at what the real risks are and how to best protect themselves. The Explorer virus infected major corporations, including Microsoft, Boeing, AT&T, and General Electric, forcing some of them to shut down their e-mail systems in order to deal with virus infection. The ExplorerZip worm not only replicates itself through the e-mail system, but tries to overwrite files on any accessible drives, including network drives, thus potentially destroying documents on the entire network. Right now, these viruses work through and attack Microsoft products: Outlook, Exchange, Outlook Express, Word, etc. The ExplorerZip worm also attacks Excel spreadsheets, Powerpoint presentation files, and various other types of files. Macro viruses are effective because the structure of Microsoft products requires macros to be contained in and run from documents. Thus if you open a Word file called "word.doc," it can contain and run a virus. The recent viruses have two "innovations" that make them particularly lethal:
WordPerfect Relatively ImmuneCurrent users of WordPerfect have not had to be very concerned about these viruses because WordPerfect has a macro strategy and structure different from that of Word. In WordPerfect, macros exist as freestanding files and cannot be incorporated into or run from documents. While macros can run from WordPerfect templates, these must have a .wpt extension in order to function. It is therefore impossible to disguise a WordPerfect template as something else and fool the recipient into opening it. However WordPerfect 9, part of the just-released WordPerfect Office 2000 suite, is partially changing this by incorporating Visual Basic into WordPerfect, thus potentially opening WP to Word-type viruses. For the moment, however, the capabilities of the Corel set of Visual Basic commands are limited, restricting the ability of macro viruses to spread. In addition, VB is not installed by default when you install WordPerfect 9. We strongly recommend not installing VB with WP 9 until you are certain that you have adequate virus protection. What Next?Things will get worse with Microsoft's Office 2000. At present, you can avoid macro virus damage by not opening any attachments, but only viewing them (macros do not execute when documents are only viewed). However, the "tight integration" of Outlook 2000 with Internet Explorer means that under certain conditions it will be possible to have macros execute when a simple e-mail message is opened, eliminating what from a virus-writer's point of view is a "loophole" through which his potential victims can escape. Thanks, Microsoft! Are You Safe?Some may be lulled into a false
sense of security by the "fact" that they have an antivirus
program on all their PCs. There are two fatal flaws in this logic.
First, having such programs do not necessarily protect your server.
You also need to be running antivirus software on the server.
More important, many people purchase new PCs with antivirus software
installed and then never update the software! This means that
they are "protected" for (at best) the first week or
so after they receive the PC. With the speed at which viruses
are being created and spreading, this is basically worthless.
Many vendors install antivirus software and never make any provisions
to keep it updated, thus in effect leaving their clients helpless
in the future. Do's and Don'ts
|
John Heckman is president of Heckman Consulting, specializing in software integration for law firms, and a frequent contributor to dacs.doc. |