Tips for Avoiding Computer Viruses and Other Malware

Warren W. Fisher


Overview

Malicious software or "malware" comes in many forms.  Originally, most came in the form of a computer "virus," and that term is consequently often used as a synonym for malware.

A computer virus is directly analogous to the viruses that infect living things including humans.  Living viruses alter a cell's genetic programming, while computer viruses alter program(s) on a computer.  Both have as their primary function to spread.  Living viruses usually also cause some damage to those infected, sometimes including death.  Computer viruses sometimes do nothing except spread, but they sometimes cause damage, which can range from mischief to complete destruction of the files on your computer's hard disk.  More commonly today, viruses are used by thieves to make money.  This can occur by facilitating theft of personal information, leading to identity theft--see the web page Identity Theft and How to Avoid It for more information. Viruses can also help take over computers so they can be used to send "spam ":  unsolicited commercial e-mail.  See the web page on Tips for Avoiding Spam for more information.  Computers that have been hijacked are also often used to attempt to infect other computers and mount other malicious attacks.  Hijacked computers are sometimes called "bots" (short for robots), and groups of them are often controlled and run as "bot armies" or "botnets".

Another common type of malware is the "worm."  This is similar to a virus except that it typically functions as a stand-alone program, i.e., there is no need to infect a pre-existing program.

"Trojan Horse" (or just Trojan) software masquerades as a legitimate program but contains malicious functions.  Often, a Trojan will change security settings to facilitate taking over the computer later.

"Spyware" is malware that functions mainly to collect personal data and/or an individual's computer use including web surfing habits.  The data are then transmitted to a designated location, where they may be used for purposes ranging from targeted marketing to identity theft.  Spyware occurs in many forms including all of the categories listed here.  Spyware may also occur as semi-legitimate programs that a computer user installs unwittingly.  See the section below on "Free" Software for more information.

Billions of dollars are spent each year on preventing and correcting damage from computer viruses and other malware.

E-Mail

Some of the most common malware are those spread by e-mail, mainly as "attached" files or links to infected web pages.  Most often, these arrive with some sort of attention-getting subject line.  Examples include: "check this", "see attached"; "funny jokes"; "returned mail"; "payment cancelled"; "incoming fax"; "warning"; "bad request"; "fake"; "Hi! It's Debbie"; "problem with your account"; "package delivery notice"; many more.  In most cases, you are safe UNLESS you are foolish enough to click on the link or the attached file.  Unfortunately, Microsoft Outlook and Outlook Express e-mail software programs have in the past had defects that could cause you to become infected just by receiving an infected message.  If you have to use Outlook or Outlook Express, keep your software up-to-date using the Windows Update feature as described below. 

Note it used to be the case that certain attached file types were relatively safe, but that is no longer the case, as the virus writers have figured out how to make one file type look and be treated like another.

Solutions:

a.  GET OUT OF THE HABIT OF OPENING EVERY FILE OR CLICKING ON EVERY LINK THAT ARRIVES BY E-MAIL!  In general, you should not open any file unless it is something that you are expecting, and you should not click on a link in an e-mail unless you are absolutely, positively sure that it came from a trusted source.  Tell your friends to send you jokes, etc. by ordinary e-mail and not by attached files.  If you have to send someone a file or link, include enough information (such as personalized comments) in your message so the receiver knows the message came from you.

b.  Remember always that Microsoft does not send out updates by e-mail.  If you get a message claiming to be from Microsoft, it isn't!

c.  Among the common virus carriers are Word document files (file extension of .doc).  Word includes a “macro” language, and virus writers find it easy to use the macro language to create viruses.  Fortunately, Word versions 97 and later include macro virus protection.  Click on (Word 97) Tools, Options, or (Word 2003) Tools, Macro, Security or (Word 2007) Office Button, Word Options, Trust Center, Trust Center Settings or (Word 2010) File, Options, Trust Center, Trust Center Settings to ensure that macro virus protection is enabled.  That, however, is only the first step.  When macro virus protection is on, Word will WARN you if you are attempting to open a file that contains macros (and therefore probably a virus).  If you ever see the warning, do NOT open the file.  Instead, inform the sender that they may have a virus.

d.  Be extra cautious if you use Outlook or Outlook Express.  If so, keep your software up-to-date using the Windows Update feature as described below.  You may wish to use one of the big web-based e-mail sites instead, such as mail.google.com, www.hotmail.com, and www.yahoo.com.   They have built-in virus checking and are generally safer.

e.  Don't assume that files from people you know are safe!  You are actually more likely to get malware from someone you know than from a stranger.  Your friend may have a virus and not be aware that he/she is sending you an infected file.  Also, many recent viruses have spread using the infected computer's e-mail address list, so the message you receive may have been sent by a virus and not by your friend.  Finally, the message may only appear to be from your acquaintance:  virus (and Spam) writers are quite adept at "spoofing" return addresses, i.e., sending messages with someone else's return address.

Spoofing is also a big problem for businesses.  There have been many occasions of a spammer or virus writer spoofing the return address of a big company.  The result is often that thousands of people become angry at the company when they get the spam or virus-infected messages.  This cannot be prevented with current technology, but your IS staff should be alert to occurrences and take quick steps to inform and reassure customers.

f.  See additional prevention tips below as well as those in the Social Engineering section.

"Your computer is infected!"

Stumble across an infected web page or e-mail, and you may suddenly see a pop-up warning that your computer has been "infected" with one or more viruses, spyware, etc.  You are offered to "click here" to download software that will solve the problem.  If you do, it is most likely that you will cause your computer to become infected!  Everyone should already have anti-malware software installed, which usually includes protection against viruses and other forms of malware.  That software should automatically update itself (open the program and check to be sure).  It is rarely necessary to download and install anything to remove malware, so be suspicious if you see such a notice.


"Free" Software

Download free software or a screen saver from an obscure web site, and there is a pretty good chance that it contains malware.  Spyware in particular is very commonly attached to free software.  Such spyware may actually be legal if the installation program include a license agreement telling you that it is going to be installed if you "agree" to the license terms.  Obviously, it would help to always read license terms, but doing so won't protect you from malware that installs itself without your permission.

A variation on the free software theme occurs in social networking sites.  Someone posts an announcement about a free game or other program, failing to mention that it includes malware.  A further variation requires you to divulge your personal information in order to get the free program, thereby exposing you to the risk of  identity theft.

Recommendation:  stick with software recommended by legitimate download sites.  You can find a few at the WWW Information Sources web page.


Music Sharing

In order to allow subscribers to share music with one another, music sharing programs often open a "port" in Windows.  While that does facilitate the music sharing, the port can also be used by hackers to invade your computer and install malware.  Sometimes, the malware is so invasive that the only solution is to re-format the user's hard drive and re-install Windows.  Programs that have been implicated as having this type of problem include Limewire, Frostwire, Ares, and Kazaa, but others no doubt have the same issues.

Recommendation:  don't participate in sharing files, especially music.

Viruses from Web Pages

One of the most distressing class of viruses is those that can infect your computer by simply visiting an infected web page.  Most of these exploit defects in the Microsoft Internet Explorer (MSIE) web browser.  There are several solutions:

a.  (easiest) Avoid using MSIE for your routine web browsing.  Firefox and several other browsers work well for most (but not all) web pages and have less commonly been the target of this type of virus.  You can download a free copy of Firefox from  http://www.mozilla.com/en-US. Caution:  Firefox also needs periodic updates to stay safe and will notify you when applicable.

b.  Set MSIE so that "dangerous" activities can only be done with your knowledge and consent.  Procedure:

1.  In MSIE, click on Tools, Internet Options, Security, Internet, and adjust the security slider to a level appropriate to your activities.  You can also click Custom Level and change individual settings.  One in particular to watch is "Active Scripting."  In the Custom Level, scroll to near the bottom of the list and change "Active Scripting" from "Enable" to either "Disable" or "Prompt."  Other security settings can be tightened at the same time.  If you Disable settings, you will find that many web sites don't work, so Prompt is more convenient.  The disadvantage of Prompt is that you have to click to allow scripts to work, and you have to be sure to do that ONLY on web sites you trust!  When the settings, are done, click OK to exit.

2.  If you often visit sites that are prevented from working because you have Disabled the settings, or if you get tired of clicking to allow scripts to work on sites you trust, you can add to a list of "Trusted Sites."  Sites on that list will work normally.  To do so, click on Tools, Internet Options, Security, Trusted Sites, Sites.  ADD the name of any sites that you know are OK.  SFA faculty, staff, and students will want to include the mySFA sites:  http://luminis.sfasu.edu and https://luminis.sfasu.edu .  UNCHECK the box for "Require server verification."  Click OK to exit.

c.  See additional prevention tips below.


Defects in Microsoft Windows

Unfortunately, a new class of viruses was spawned in summer 2003 that can infect your computer without your doing anything except being connected to the Internet!  These exploit defects in Microsoft Windows, that is, mistakes in the Windows programs that can allow a virus or an unauthorized outsider to access your computer.  The initial wave of attacks was directed primarily at users of Windows XP, but there is no reason to believe that other versions won't become targets.  In many cases, a successful attack results in your computer being used to carry out more attacks !  See the prevention tips below for the best protection.


Social Engineering

Virus writers often use "social engineering" to try to coax you into becoming infected.  That is, the virus (usually arriving with an e-mail or social networking message) has some sort of information that attempts to make you do something that you shouldn't.  There is no limit to the number of variations, and several of the other sections in this document describe activities that could be considered social engineering.  Here are some more:

1.  "Phishing":  you receive an e-mail message that appears to come from a financial institution or e-mail provider.  Often, it tells you that there is a problem with your account, and you are prompted to click on a link to fix the problem.  Don't!  The link is to a web page that either collects your information to use for fraud or identity theft purposes, or that will infect your computer with a virus!  Real financial institutions will never send you such a message.  Note:  Paypal (used for e-Bay and other Internet transactions) is an extremely common subject of these attacks.

2.  "Spear phishing" is a more sophisticated approach.  Phishing messages are generally sent out like spam to many people, but a spear phishing message is directed to a specific individual.  Using information that may be gleaned from social networking sites, the message convinces you that it is legitimate and persuades you to do something foolish (open an infected file, click a link to an infected web page, install infected software, etc.).

3.  You receive an e-mail from a friend on Facebook, MySpace, or another social network site inviting you to view a video, but when you click the link, you are told that you must update your software.  If you do, you will very likely infect your computer.  Messages that you see when you are actually logged into your social network account are safer, but even those can be dangerous.

4.  Fake electronic greeting card:  you get an e-mail telling you to click on a link to receive an e-card sent by someone you know.  Unfortunately, the link actually takes you to the virus site, or sometimes the site of an undesirable advertising company.  You will be notified that you have to install an "ActiveX" control in order to view the card.  If you are foolish enough to bite, your computer will become infected.

5.  Fake "returned" mail.  You receive a message that looks like you sent it, but it was returned.  The message includes a web link or a file.  If you are foolish enough to click on it, you get a virus or very undesirable advertising (often porn).

6.  Fake package delivery notice.  You receive a message about a package and are asked to click on a link or install a file to get more information.  If you do, you become infected with some form of malware.

7.  E-mail allegedly sending you a "patch" for Windows (i.e., a program to repair incorrect Windows files) or a program to get rid of a virus.  In fact, the patch or program is almost certainly a virus itself!  See tips below.

8.  "Pharming":  this refers to one of several techniques to re-direct your attempt to log in to a legitimate site (particularly a bank or other financial institution) to a fake site that looks like the real thing but isn't!  If you fall for the scam, your account, password, and possibly other information will be harvested and used to log into the real site under your name--and steal your money!  Most commonly, these occur when your computer is infected with a virus that modifies your browser favorites to direct you to the fake site.  There have also been cases of DNS (domain name system) servers being infected, resulting in re-direction of everyone whose browser accesses that server (even though their computers are not infected).   Tip:  if you aren't 100% sure whether the site you are entering is actually your financial institution, type in an incorrect account and password.  If you are at a real site, it will tell your information is incorrect.  If you are at a fake site, it will probably let you in (since it doesn't actually know your account and password).

See the prevention tips below for the best protection. 


Infected CDs and Flash Drives

CDs and flash drives can and often do include a program that runs as soon as the device is inserted.  This is handy for software CDs, since the installation program runs automatically.  Unfortunately, such a program can be used to launch malware.  Solutions:

a.  Be cautious about what data devices you insert into your computer.  Only use CDs and flash drives from sources you trust.

b.  If you often have to use suspect media, disable the autorun function.  This can be done for a specific disk/drive by holding down the shift key when the device is inserted.  Other solutions are rather techincal.  The following links explain alternatives:  http://msdn.microsoft.com/en-us/library/cc144204.aspx .  You can also search "disable autorun".  It can also help to disable autoplay, which is not the same thing.  Autoplay settings in Windows 7 are under Control Panel, Hardware and Sound.

c.  So far as possible, use your computer with a Windows account that does not have "administrator" privileges.  See more in the Windows Account Settings recommendation below.

Hoaxes

As computer viruses became widespread in the last decade, so did hoaxes.  Whether well-meaning or malicious, hoaxes are nearly as damaging as real computer viruses, since they waste time and sometimes coax the user into erasing vital files.  Typically, these spread by e-mail and may have one or more of the following themes:

a.  The “virus” arrives as an e-mail telling you not to open any e-mail message with a particular subject.   One of the most famous is the “Good Times” virus, which warns against messages with a subject of  “Good Times.”

b.  (most dangerous) The “virus” arrives as an e-mail telling you to check for the presence of an obscure file on your computer, and erase it if you find it.  In actuality, the file referred to is a normal component of Windows, and erasing it damages your system!

c.  Chain letters.  Like the old fashioned snail mail chain letters, these either promise you a reward if you send the letter on to more recipients, or claim that you will suffer bad luck if you “break” the chain.  Some common ones indicate that you will win $1000 or some other valuable prize.  There is, of course, no prize.  New twist:  current chain letters often have built-in means of harvesting the e-mail addresses to which the message is sent, then sending the addresses to organizations that send spam !  Send on a chain letter, and everyone on the list may become an immediate spam target!

Solution for all virus hoaxes is simple:  ignore them.  If you aren’t sure whether a message is a hoax, check any of the big anti-virus software sites, such as www.mcafee.com .  There are also dedicated hoax sites, such as http://www.hoaxbusters.org/ .


Prevention

Anti-Malware Software
One of the standard ways of preventing malware infection is to use anti-malware software, such as that sold by Mcafee and Symantec (SFA faculty, staff, and students can download a version of Symantec for free through mySFA).  These and most other major programs will also fight spyware infection.  A few common dedicated anti-spyware programs are listed on the WWW Information Sources web page.

There are two big deficiencies:  (1) hoaxes are rarely detected, and (2) new viruses come out every day.  To combat the new viruses, all good anti-virus software has an update mechanism whereby you can get your copy updated to cover the latest viruses.  The best do updates every few minutes.  Even so, new malware may reach you before your protective software gets updated. 

Firewalls
Every computer connected to the Internet needs "firewall" software.  This type of software is available from several sources and is capable of both preventing intrusion into your computer from outside and preventing your computer from attacking other computers if it should happen to become infected anyway.  One of the easiest to install and use is the firewall software that comes with Windows XP or later.  The Microsoft firewall is automatically activated when you connect to the Internet (XP activates it with the "Service Pack 2" update).  To verify settings in Windows 7, click Start, Control Panel, System and Security, Windows Firewall.  In XP, click Start, Control Panel (classic view), Network Connections, then right-click on your network connection and choose Properties, then click Advanced, then click "Protect my computer...." and OK to exit.  Important:  a firewall will warn you if network activities occur that it isn't sure are safe.  If you get a warning, be careful how you respond!

Social Network Site Privacy
The more information attackers know about you, the easier it is to break into your system (see especially "spear phishing" above).  Always limit what you put on the sites and who can see it.  See Staying Safe on Social Networking Sites for more information.

Windows Account Settings
Avoid using your computer with an account that has "administrator" privileges.  An administrator account is necessary to install software and change most Windows settings, but you can normally get by with (in Windows Vista or Windows 7) a "standard user" account or (in Windows XP) a "limited" account.  You can add an account and change its settings under Control Panel, User Accounts.  If you are not using an administrator account and stumble across an infected device, file, or web page, Windows will prompt you for permission to run the malware program.  Unless you are intentionally installing software, you should obviously say no!

Windows Update
Run Windows Update frequently.  When defects in Windows itself, MSIE, and other Windows programs are discovered, Microsoft makes "fixes" available for free download through the Windows Update program.  Click Start, All Programs, Windows Update.  The procedure is simple, and you can generally just follow the on-screen instructions.  Always focus first on the "critical" or "important" updates; "recommended" updates are much less important.

Note:  the "Microsoft Update" option in Windows Update will also keep Microsoft Office, Outlook, Outlook Express, and other Microsoft software up-to-date.

Also note:  Windows should be set to automatically download critical updates for you.  In Windows 7, click Start, Control Panel, System and Security, Windows Update.  In Windows XP, click Start, Control Panel, (Classic View), System, Automatic Updates.  In both cases, it is recommended to let Windows download updates but you choose whether/when to install them (that way an unexpected update doesn't interfere with something else you may be doing).

Overall Recommendation: 
Use anti-malware software, keep it up-to-date, use a firewall, and use a non-administrator account for most of your computer work, but don't depend on those actions to keep your system safe.  Think!

Other Resources


Note: our server is Unix-based, so all url's are case sensitive.
Send comments and corrections concerning this page to:
wfisher@sfasu.edu
Last updated October 17, 2011