Wired! Philippines

Computer Virus on the Net?

By Rey Carolino rey@inforamp.net

 

E-MAIL VIRUSES

Once in a while, someone will send you an e-mail telling you not to open any e-mail or newsgroup articles with the subject "JOIN THE CREW"," PENPAL GREETINGS", "AOL4FREE", etc. because they contain a virus that will damage your computer. Although it pays to be careful, don't panic! They are false alarms.

It is highly improbable to catch a virus by simply reading an e-mail. The only way for a computer virus to be passed on to someone via e-mail is for it to be sent as an ATTACHMENT to the e-mail and that ATTACHMENT file is opened in your computer. There are some Internet Service Providers (ISPs) that will virus-scan e-mails destined to their subscribers usually for an additional fee. If you belong to those ISPs, you are more or less safe with your e-mails. If you don't, you must get yourself an anti-virus program and scan your e-mail file attachments manually before opening them.

Most e-mail programs do not open a file attachment automatically- it gives you the option of saving the attachment to your disk or, if you are brave enough, to open the attachment without scanning it for viruses. Some e-mail programs like Microsoft Outlook display the attachment as an icon. If the attachment has a virus and you double click on the attachment, you are in effect opening the attachment and triggering the virus. If you are receiving the e-mail from an unknown source, you must first save the attachment file to your disk (by right clicking on the attachment and choosing SAVE AS) and scan it for virus before you open it. If the attachment has a virus, delete the file immediately and completely. Do not attempt to open, view or execute an infected file, as that will activate the virus hiding within that program.

 

ATTACK OF THE LONG FILENAME

Last July, a group of researchers in Finland discovered a serious security flaw in the mail and news programs of both Microsoft and Netscape Communicator when run in Microsoft Windows 3.1, Windows 95, Windows 98 and Windows NT operating systems. A file can be saved with a long filename that can contain a virus code within that long filename. When that file is attached to an e-mail or newsgroup posting and that e-mail or news article is downloaded by your Microsoft or Netscape program, the program will crash and will force your system to run any malicious codes contained in the long filename.

Microsoft Outlook 97 is not affected by this threat but Microsoft Outlook 98 and Outlook Express 4.x versions are all affected. If you are using those programs, you must download a patch from the Microsoft homepage to fix this problem. Links to the patch locations can be found at: http://www.microsoft.com/security/bulletins/ms98-008.asp

Netscape Communicator versions 4.0 to 4.05 (and the 4.5 Preview release) are also affected by this threat. Earlier versions are not affected. Fixes and workarounds for affected versions are available at: http://home.netscape.co m/products/security/resources/bugs/longfile.html Netscape has released a new version (Version 4.06) that fixes the problem.

 

MALICIOUS PROGRAM

Viruses are malicious computer programs that, at their worst, can wipe out all the contents of your hard disk. Some are even said to cause damage to your hardware system. They are written by people who have nothing better to do during their spare time (most probably because they haven't discovered the Internet yet!). A joke in the computer industry is that most viruses are written by people working for anti- virus company in order to jack up the sales of their virus-killer programs.

The most common way in which a computer can get infected with a virus is through a floppy diskette. Viruses are usually hidden inside a seemingly innocent computer program stored in a floppy diskette (like a shareware game that you buy from a sidewalk vendor). Once that disk is loaded in your computer, the virus infects the hard disk. If the virus is a "trojan" like the Friday the 13th virus, it hides in your system and waits for the computer clock to register a Friday the 13th date before it does wonders to your system. While the virus is hiding in your system waiting for the trigger date or a trigger action to occur, it will infect any floppy disk that you will use in your system and propagate itself in all other computers where the infected floppy disk will be used. It is therefore a good idea to run an anti-virus program on a floppy disk before using it in your system.

 

SURFING THE NET- Can you get a Virus?

If you are downloading shareware or freeware software from well-known software developers (such as Microsoft, Netscape, etc.), it is very unlikely that you will get a virus-infected software because these companies run state of the art anti-virus programs on their software. However, if you are getting the software from an unknown source, beware! You may download the file but you must scan the file for virus first before you attempt to install it in your computer. To make it easier for you to install their programs, some software will automatically run its installation process after your download is completed and before you can scan them for a virus. Watch out for that kind of downloads.

Surfing the Net with your browser (like Netscape Navigator or Internet Explorer) is generally a safe practice and should not be a cause for virus concern. While the spread of HTML viruses is theoretically possible, Mike Nichols (Internet Explorer Manager for Microsoft Corp.) believes they pose little danger to today's users. He thinks the announcements of these viruses were made by anti-virus manufacturers to "scare up a few more sales". Microsoft said that such viruses could not infect via Internet Explorer, unless the user changed the Internet security settings manually. In IE Version 4.0, Internet security is set by clicking on the VIEW, INTERNET OPTIONS, SECURITY.

 

Viruses can also be hidden in programs written in Java, JavaScript and Active X, which can be invoked by your web browser. However, while the threat is real, these type of viruses are rare (probably because virus-writers haven't mastered these languages yet) and the few that have been discovered to date do not cause severe damage to your system. As virus-writers become more proficient though with these new programming languages, newer and more destructive viruses will show up in due time. When choosing an anti-virus program therefore, make sure you choose a product that will handle these types of viruses.

 

TERMINATE STAY RESIDENT

Most anti-virus program in the market can be installed as a Terminate Stay Resident (TSR) program. When you turn-on your computer, the anti-virus program will activate itself automatically and check your files for any sign of viruses. After it finishes checking, it terminates itself but stays in the background to guard your system for any incoming viruses while you are working with your computer. This is the recommended setup for an anti-virus program as it gives you non-stop virus protection. It has some drawbacks though. Because it checks for viruses every executable file that your program needs, it slows down your system. For a high-powered Pentium system with plenty of memories, the performance degradation is not noticeable and will hardly matter. But for an old system, or if your system does not have a large memory, you may notice a performance improvement if you disable your virus program. Also, some poorly written software might have problems running when a TSR is loaded.

 

ANTI-VIRUS PROGRAM

When choosing for an anti-virus program, you must ensure that the developer will provide you with periodic updates to the program so that it can detect and kill new viruses that will be identified by them after you have bought their program. You should also verify if the program is capable of scanning compressed files (especially files compressed using the ZIP compression).

Most files you are downloading from the Internet are compressed in order to speed the download process. If your anti-virus program is incapable of scanning compressed files, it will not be able to detect viruses hiding on those files.

Two of the most popular anti-virus programs are the McAfee VirusScan (a $65.00 shareware program available at http://www.mcafee.com/products/virusscan/virusscan.asp) and the Norton AntiVirus. Norton is also a shareware program ($50 value) but it has a DOS version that is available free for personal use. You can order these products at: http://www.symantec.com/region/can/eng/product/nav/.

 


Articles in WIRED! Philippines are copyrighted by the authors.
WIRED! Philippines is a monthly online magazine published and hosted by KabayanCentral.com
Copyright 1998 KabayanCentral.com. All rights reserved.