dacs.doc electric

WITH THE MELISSA VIRUS a few weeks ago and now the more deadly "ExplorerZip" worm, those using e-mail to the outside world have to take a close look at what the real risks are and how to best protect themselves. The Explorer virus infected major corporations, including Microsoft, Boeing, AT&T, and General Electric, forcing some of them to shut down their e-mail systems in order to deal with virus infection. The ExplorerZip worm not only replicates itself through the e-mail system, but tries to overwrite files on any accessible drives, including network drives, thus potentially destroying documents on the entire network.

Right now, these viruses work through and attack Microsoft products: Outlook, Exchange, Outlook Express, Word, etc. The ExplorerZip worm also attacks Excel spreadsheets, Powerpoint presentation files, and various other types of files. Macro viruses are effective because the structure of Microsoft products requires macros to be contained in and run from documents. Thus if you open a Word file called "word.doc," it can contain and run a virus. The recent viruses have two "innovations" that make them particularly lethal:

• The Melissa virus reads the Outlook address book and sends messages to the first 50 listings (including groups, which are sorted first) so that an e-mail appears to the recipient to come from someone they know or to be a response to an e-mail message they have actually sent. The Explorer virus continues to reply to new e-mail you receive, sending itself out as a reply.
• The ExplorerZip worm ups the ante, destroying files (and potentially all your data), whereas the Melissa virus did no actually damage other than causing a tremendous bottleneck.

WordPerfect Relatively Immune

Current users of WordPerfect have not had to be very concerned about these viruses because WordPerfect has a macro strategy and structure different from that of Word. In WordPerfect, macros exist as freestanding files and cannot be incorporated into or run from documents. While macros can run from WordPerfect templates, these must have a .wpt extension in order to function. It is therefore impossible to disguise a WordPerfect template as something else and fool the recipient into opening it.

However WordPerfect 9, part of the just-released WordPerfect Office 2000 suite, is partially changing this by incorporating Visual Basic into WordPerfect, thus potentially opening WP to Word-type viruses. For the moment, however, the capabilities of the Corel set of Visual Basic commands are limited, restricting the ability of macro viruses to spread. In addition, VB is not installed by default when you install WordPerfect 9. We strongly recommend not installing VB with WP 9 until you are certain that you have adequate virus protection.

What Next?

Things will get worse with Microsoft's Office 2000. At present, you can avoid macro virus damage by not opening any attachments, but only viewing them (macros do not execute when documents are only viewed). However, the "tight integration" of Outlook 2000 with Internet Explorer means that under certain conditions it will be possible to have macros execute when a simple e-mail message is opened, eliminating what from a virus-writer's point of view is a "loophole" through which his potential victims can escape. Thanks, Microsoft!

Are You Safe?

Some may be lulled into a false sense of security by the "fact" that they have an antivirus program on all their PCs. There are two fatal flaws in this logic. First, having such programs do not necessarily protect your server. You also need to be running antivirus software on the server. More important, many people purchase new PCs with antivirus software installed and then never update the software! This means that they are "protected" for (at best) the first week or so after they receive the PC. With the speed at which viruses are being created and spreading, this is basically worthless. Many vendors install antivirus software and never make any provisions to keep it updated, thus in effect leaving their clients helpless in the future.

People using Microsoft products, Word and Outlook in particular, are at serious risk if they do not take aggressive antivirus measures. People using WordPerfect will realize a new benefit to this program: they are not at immediate risk from the current outbreak of macro viruses (of course, this does not obviate the need for up-to-date antivirus programs as well).

Do's and Don'ts

• Don't routinely open e-mail attachments. View each one to make sure it is safe to open. You may want to save it to a specified directory and run antivirus software against it before you open it.
• Do keep your antivirus software up to date for both PCs and the server. This will cost money and time, but what will it cost you if key documents on your server are destroyed?
• Do find out what antivirus protection your ISP (Internet provider) is offering in terms of e-mail. Consider switching to one that will do a virus scan of all your e-mail before you receive it. Companies such as DotOne (800 826-4666) and Allegro Net (800 209-6245) offer such services. Or contact Heckman Consulting at 203 831-0442 or heckman@heckmanco.com for more information (DotOne, my e-mail provider, scans all my mail for viruses).