Scambusters
menu icon
search icon
×

Computer Virus Security 101

Virus security

An introduction to computer virus security:
Internet ScamBusters #38

With all of the new viruses, it seemed appropriate to dedicate this month's issue to helping you avoid getting hit by a harmful virus.

To that end, we've asked our friend Paul Myers if we could reprint the part of his article on Data Security 101 that focuses on viruses. Paul's data security article is a bit more technical than we usually publish in Internet ScamBusters. However, the part on viruses is less technical than the rest - and it contains a lot of great information.

So, let's focus on....

Virus Security 101

By Paul Myers <paul@talkbiz.com>
Copyright 2000 Paul Myers. Reprinted with Permission.

If anyone had any doubt about the ability of viruses to wreak havoc, Melissa should have cured that. But, of course, it didn't.

Viruses can do all sorts of interesting things. They can send email to everyone in your address book. They can email your entire address book to someone else. They can make your computer do all manner of odd things. They can wipe out your data files, or even format your hard drive.

They can even plant RATs in your system.

RAT is short for Remote Access Trojan. These nifty little virtual gizmos are the cracker's equivalent of the remote control.

Note: Cracker is the right word. A hacker, despite the media's misuse of the word, is not a malicious person who'll try to abuse strangers. Hacker is a term of respect. Crackers are the creeps who play these nasty games.

So, how does your computer get viruses?

It's amazingly easy, actually. Any time you run code that you got from someone else, you run *some* risk of getting a virus. With commercial software obtained directly from the manufacturer, the risk is minimal. Still there, but minimal.

There are other ways, but these account for the vast majority of cases:

  • Loading files with macros without checking for viruses. This is probably the most common these days. There are thousands of macro viruses out there that are spread through sharing of Word documents, Excel spreadsheets, etc.
  • Downloading and running many games that are distributed through private sites. (The major download sites are usually pretty safe.)
  • Opening infected emails in an HTML capable mail reader without having disabled ActiveX and the like. (Yes, Virginia, you CAN get a virus just from reading an email on a PC. If your system is set up wrong.)
  • Running programs that are sent to you as attachments.
  • Downloading and running pirated software. (If that's how you got it, you deserve it!)
More Scam Reports:  "Brushing" Scam Delivers Unwanted Products

Have you ever done any of those?

So, how do you NOT get viruses? It's pretty easy, actually. Just use some simple, common sense steps.

1. NEVER run programs that are sent to you as attachments, unless you know and trust the sender, AND KNOW THE PROGRAM IS BEING SENT BEFOREHAND. Even then, be suspicious. Your friends won't deliberately send you an infected file, but do you know how secure their system is?

If you weren't told the program was coming, don't run it, no matter who sent it. There are new viruses out all the time that attach themselves to emails as their method of propagation. The "senders" usually don't even know the attachment exists.

2. For Word, Excel, and any other software that uses macros, get paranoid. Go to the Macros menu item, and select the Security option. Set it to high, and refuse to run any macros except from those sources you designate as "Trusted." Mac users should not be smug about this - macro viruses are cross platform.

The vast majority of users won't be affected by this at all. Most of us don't use macros in our documents.

3. Ask people who need to send you documents to use .rtf (Rich Text Format) instead of .doc format. In most cases this will give exactly the same results and appearance. And RTF files can't spread viruses.

If they don't know how to do this, explain it. When they save the file, they simply choose Rich Text Format from the "Save as type" options instead of accepting the default .doc format.

Another advantage is that RTF files are generally readable on any platform. Handy for dealing with people who may not have exactly the same programs that you use.

Oh yeah... Send documents in this format yourself whenever feasible. 😉

More Scam Reports:  809 Area Code Scam

4. Turn off the ability of your HTML capable email software to run ActiveX or other code without asking first. And then only allow it when you know the sender. (Hint: How many people do you know who write email containing ActiveX or other scripting... ?)

5. Get a good anti-virus program. Update it regularly. Run it all the time.

Good anti-virus software is no longer a paranoid's indulgence. It's a necessity.

You'll want to set it to the highest security you can live with. If you get huge amounts of email and have a slow machine, you may not want to tell it to scan every email that's downloaded, but you'll probably want every other option checked.

Yes, it will slow things down a small amount. In most cases, you'll never notice it. If it gets too bad, you can disable the less important options, like scanning inside zip files.

You don't need to scan your drives every time you boot up the machine, of course. But do it occasionally to be safe.

Updating your Anti-Virus (AV) software frequently is a must. There are tens of thousands of viruses out there, and more developed all the time. It does you no good to have the software if it's not current.

Even with the best AV software, you still want to keep other security measures in place. These programs don't work on a virus until the developers know the virus exists. And frequently they don't know until shortly AFTER a major outbreak.

Melissa was a great example of this.

Two of the better anti-virus programs are:

  • Panda Anti-Virus: http://www.pandasoftware.com/
  • Norton Anti-Virus: http://www.symantec.com

I don't recommend McAfee. It's entirely too much trouble when there are more convenient options that provide the same protection.

With any anti-virus software, you can encounter occasional problems. It's an unfortunate but necessary part of the way the programs work. Some legitimate commercial programs may be treated as viruses, some hardware will have trouble, etc.

Usually these programs will mention the potential trouble somewhere in their documentation. If you try installing software from commercially purchased CDs or from trusted download sites and have trouble, try the install after turning off the AV program.

A good anti-virus program is a necessity. (Have I mentioned that yet?)

More Scam Reports:  Cash for Keys Squatters Hold Homes for Ransom

[Editors Note: Using a program other than Microsoft Outlook (or as many people now call it, lookout!) for your email will also help you avoid many virus problems. And thanks to an alert reader... you can now download a security update for Outlook 98 and Outlook 2000 that will protect you against most viruses spread via attachments in email. http://officeupdate.microsoft.com/2000/downloadDetails/Out2ksec.htm]

There's at least one "virus" that can affect your system without you downloading anything, opening any programs, or reading any infected emails. All you need to do is run a computer that's connected to the Internet that has a shared drive which doesn't require a password for write access.

Isn't that fun? Just being connected can be a security risk!

This one scans the Net looking for machines with the right vulnerabilities, and writes itself to the system when it finds one. The effects of this virus sound like something from one of those hoaxes that are forever going around.

  • It spreads without any action on your part.
  • It can delete everything in your C:Windows di
    rectory and sub-directories, and C:.
  • It uses your modem to dial 911....

Yeah. Can you believe that last one? The cretin who wrote this needs to be thrown in jail for life. Tying up emergency services like that could result in deaths.

Fortunately, this is found in a very limited area so far. The only "sightings in the wild" have been in the Houston, TX area. And yes, it's confirmed. See:

  • Symantec confirmation
    http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html
  • Or the FBI's advisory: http://www.nipc.gov/advis00-038.htm

This is the first virus that propagates this way. You can bet it won't be the last. And future ones will exploit more and more obscure weaknesses in common PC setups.

A Final Tip:

If you use Netscape, turn off any type of Scripting in Mail and News.

I hope you find this information useful. Put it to work, and you can save yourself a lot of headaches down the road.

Paul

This article was written for TalkBiz News, a free email newsletter for small business owners. To subscribe, send any email to newsletter@talkbiz.com

[Editors note: This article was excerpted from Data Security 101 For Small Businesses by Paul Myers, and used with permission.]

«
»