A Guide to Virus Protection

Virus writers prey upon people's trust. Assume that the people you trust the most (co-workers, family members) will be the most likely to send you a virus. Forget about your anti-virus software for protection -- all email attachments must pass your HUMAN virus security test.

Viruses can be transmitted a number of ways including sharing floppy disks; email attachments; and downloading them from the web, as well as other ways. Practicing "safe computing" is easy, and adopting a bit of paranoia may keep your system virus free.

Install Anti-Virus Software:

If you are not running Norton/Symantec or Mcafee anti-virus software, you’re crazy. You MUST update your software every time it’s offered (usually daily, sometimes more often). If your copy is more than one week old, it’s useless. Don’t buy off-brand cheap anti-virus software. Don’t run alleged anti-virus patches that others send you.

Email without attachments:

It used to be true that you could not get a virus from email without attachments. This is no longer true. If you are running any email program more than 6 months old, you should immediately visit the Microsoft or Netscape website, click on downloads, and get the latest version. AOL automatically updates systems – so you won’t need to do anything. But also note that AOL has no built-in virus screening. AOL can get infected by the Klez and Bugbear generation of viruses.

Email with attachments: Dos and Don'ts

• NEVER click on an attachment from someone you don't know.
• NEVER click on a link within an attachment if the email is from someone you don't know.
• NEVER trust alleged bounce messages. These are very often viruses.
• NEVER click on an attachment from someone you do know - but aren't expecting. Even me. Even a coworker, Microsoft, your service provider, your partner, mom, son, daughter - nobody! Viruses are usually sent under forged “trusted” names. How do you know it was intentionally sent by who it says it was? Forging an email is as easy as forging a return address on an envelope. The “Klez” virus and its derivatives normally sends out viruses under forged names.
• If you are expecting an attachment, but the cover note sounds weird or out of character, DON'T CLICK ON IT.
• If you ARE expecting an attachment, but it has an odd file extension, don't click on it!
• NEVER open a zip file attachment that you’re not expecting.

Email with "executable" attachments

If an attached file has an “extension” (the last 2-3 letters at the end of a filename) that ends in EXE, COM, BAT, BAS, SHS, VBS, PIF, SCR, it's called an executable file. That means that you have received a program that is most likely a SYSTEM DESTROYER. Never EVER under any conditions or for any reason click on an executable attachment, even if you know the sender, even if the sender is your mom, even if the sender is your computer guru, even if you’re curious, even if it's from Microsoft or your ISP- unless you're familiar with all the aspects of this memo and feel secure that the attachment is safe. In other words, unless you’re a heavy-duty techie.

Email with Word and Excel file attachments

If an attached file has an extension that ends in DOC or XLS, it's a Word or Excel file. If you don't know the sender - don't even think of clicking on it. If you are expecting the file and the accompanying message is in character, AND you are running Norton/Symantec or Mcafee anti-virus software AND it’s been updated THAT DAY, you can consider the file PROBABLY safe.

Email with picture, sound, and video attachments:

Attachments such as GIF, TIF, JPG, BMP, TGA, WAV, AVI, MOV, RA, RAM are multimedia attachments and COULD be safe. If you are expecting the file and the accompanying message is in character, AND you are running Norton/Symantec or Mcafee anti-virus software AND it’s been updated within the last 24 hours, you can consider the file PROBABLY safe.

A note about file extensions:

The letters at the **END** of a filename *after* the final dot is called the file extension. If there are more letters after it, it's not the extension. The file extension of a filename like "harmless.gif.vbs" is VBS, not GIF. If you get one of these in email, you have just received a virus. This was how iluvyou virus was transmitted.

Workplace memos

1. Is it executable? If it is, delete it.
2. Am I expecting this attachment? If not, delete it. You could check with the sender to double check (remember… the telephone?)
3. How sure am I that it came from the listed sender? Anyone can forge email - it's incredibly easy.

Cute screen savers and wallpaper:

Don't even think of installing a cute screen saver or wallpaper UNLESS you are deeply familiar with Microsoft's file extension system and you have purchased it in a computer store as "boxed retail software". Anyway, even the ones that are virus-free will slow down your system.

Virus warning emails:

Warning messages (such as "Join the Crew" or "Penpals" or “Norton doesn’t cover this one”) are all bogus and colossal waste of everyone's time. It's like passing along a message to warn folks about crossing the street without looking both ways. Don't pass these warning messages along. Your computer guru or CNN will let you know if there are any real threats. Historically, no turnkey user has EVER assisted in raising public awareness with passing along 'warning' messages.

Admin/Postmaster/Bounce Emails:

Most say something like “your computer is infected, see the attached for details…” Some imply that a message you sent has bounced. These are viruses!

Viruses that prey on the hopelessly stupid:

One of my favorite viruses isn’t actually a virus at all. It’s an email that instructs you to delete important files on your hard drives – claiming that the top anti-virus companies cannot accomplish that task, i.e. the so-called TeddyBear Virus. Duh. Like little Tommy from Tulsa is smarter than all the experts at Norton and McAfee? Pay no attention to these inane virus alerts.

This reminds me of the “Ethnic” joke virus that says

You have just received the "(Ethnic) VIRUS"!!! As the (ethnic) have no programming experience, this Virus works on the honor system. Please forward this Virus to everyone you know and then manually delete all the files on your hard drive. Thanks for your cooperation.

Viruses from downloads:

Never download executable files from a non-reputable source. A snazzy looking site does not make a company reputable.

Sharing floppy disks:

Just don't do it. Although the viruses passed along by this method are usually fairly innocuous, they're very annoying and potentially destructive. The easiest method to avoid infection is to not use floppies except to transfer files within the office. If you bring in a floppy from outside, you MUST scan it with your anti-virus software and check your system as soon as you' re done. Even then, you cannot be 100% sure that you will be protected.

Virus protection software:

Contrary to the marketing hype, anti-virus software only protects you against known (“old”) viruses. When a new one comes out, your old software is useless. This doesn't mean you shouldn't get a flu shot to decrease your chances of getting the flu - it means that you should be smart, diligent, and a little paranoid. If you are using virus protection software, update it DAILY.

Update your system

Most computer makers, software publishers, and particularly Microsoft are very diligent about posting software fixes on their website. You should update your system regularly, weekly -- or monthly at the very least. Note that AOL automatically updates when you log on.

What to do if you get a suspect email:

Generally, only those with a computer death wish should click on the attachment. If you think you may need the attachment, email your computer consultant a copy (if he/she allows this) and allow a trained software professional to evaluate it. Allowing it to sit on your computer for a few days does not endanger your system, only clicking on it will.

What to do if you get a virus:

1. If you’re on a network or DSL/cable connection, PHYSICALLY UNPLUG yourself from the network, cable, etc. You’re already infected; there’s no point in sharing your virus with your friends and family.
2. Contact your computer guru BY PHONE. If you don’t have a guru, call your computer store. They can clean viruses safely for a reasonable fee (typically about $100)
3. If you have to ask how to clean out infection, you can’t do it. It’s not easy and requires specific skills.

Updated Monday, August 09, 2004

This document is released to the public domain.