Tips for Avoiding Computer Viruses

Warren W. Fisher

Overview

A computer virus is directly analogous to the viruses that infect living things including humans.  Living viruses alter a cell's genetic programming, while computer viruses alter program(s) on a computer.  Both have as their primary function to spread.  Living viruses usually also cause some damage to those infected, sometimes including death.  Computer viruses sometimes do nothing except spread; those in that class are often called "worms."  Often, the computer virus causes damage, which can range from mischief to complete destruction of the files on your computer's hard disk.  Billions of dollars are spent each year in preventing and correcting damage from computer viruses.

Note:  there is some similarity between the tactics used to spread computer viruses and those used to spread "spam ":  unsolicited commercial e-mail.  See the web page on Tips for Avoiding Spam for more information.

Caution:  some viruses are used to gather personal information to facilitate identity theft, while others leave your computer open to "pharming" and other identity theft attacks.  See the wep page Identity Theft and How to Avoid It for more information.

E-Mail Viruses

The most common viruses as of this writing are those spread by e-mail, mainly as "attached" files or links to infected web pages.  Most often, these arrive with some sort of attention-getting subject line.  Recent examples include: "check this", "see attached"; "funny jokes"; "returned mail"; "stolen"; "incoming fax"; "warning"; "bad request"; "fake"; many more.  In most cases, you are safe UNLESS you are foolish enough to click on the attached file and open it.  Unfortunately, Microsoft Outlook and Outlook Express e-mail software programs have defects that can cause you to become infected just by receiving an infected message.  If you have to use Outlook or Outlook Express, keep your software up-to-date using the Windows Update feature as described below. 

Note it used to be the case that certain file types were relatively safe, but that is no longer the case, as the virus writers have figured out how to make one file type look and be treated like another.

Solutions:

a.  GET OUT OF THE HABIT OF OPENING EVERY FILE OR CLICKING ON EVERY LINK THAT ARRIVES BY E-MAIL!  In general, you should not open any file unless it is something that you are expecting, and you should not click on a link in an e-mail unless you are absolutely, positively sure that it came from a trusted source.  Tell your friends to send you jokes, etc. by ordinary e-mail and not by attached files.  If you have to send someone a file or link, include enough information (such as personalized comments) in your message so the receiver knows the message came from you.

b.  Remember always that Microsoft does not send out updates by e-mail.  If you get a message claiming to be from Microsoft, it isn't!

c.  Among the common virus carriers are Word document files (file extension of .doc).  Word includes a “macro” language, and virus writers find it easy to use the macro language to create viruses.  Fortunately, Word 97 and later include macro virus protection.  Click on Tools, Options, or Tools, Macro, Security to ensure that macro virus protection is turned ON in your copy of Word.  That, however, is only the first step.  When macro virus protection is on, Word will WARN you if you are attempting to open a file that contains macros (and therefore probably a virus).  If you ever see the warning, do NOT open the file.  Instead, inform the sender that they may have a virus.

d.  Don't use Microsoft Outlook or Outlook Express for e-mail.  Eudora (www.eudora.com ) is free and much safer.  Also, the big web-based e-mail sites, such as www.hotmail.com and www.yahoo.com have built-in virus checking and are generally safe.

e.  Don't assume that files from people you know are safe!  You are actually more likely to get a virus from someone you know than from a stranger.  Your friend may have a virus and not be aware that he/she is sending you an infected file.  Also, many recent viruses have spread using the infected computer's e-mail address list, so the message you receive may have been sent by a virus and not by your friend.  Finally, the message may only appear to be from your acquaintance:  virus (and Spam) writers are quite adept at "spoofing" return addresses, i.e., sending messages with someone else's return address.

Spoofing is also a big problem for businesses.  There have been many occasions of a spammer or virus writer spoofing the return address of a big company.  The result is often that thousands of people become angry at the company when they get the spam or virus-infected messages.  This cannot be prevented with current technology, but your IS staff should be alert to occurrences and take quick steps to inform and reassure customers.

f.  Install anti-virus software and keep it up to date (discussed more fully below ).

g.  Install firewall software and keep it up to date.  This is particularly helpful in defending against defects in Microsoft Windows as described below.

Viruses from Web Pages

One of the most distressing class of viruses is those that can infect your computer by simply visiting an infected web page.  Most of these exploit defects in the Microsoft Internet Explorer (MSIE) web browser.  There are several solutions:

a.  (easiest) Avoid using MSIE for your routing web browsing.  Netscape (version 7.1 or later), Firefox, and several other browsers work well for most (but not all) web pages and have not been the target of this type of virus.  You can download a free copy of Netscape from http://home.netscape.com .  Unfortunately, the file is large; plan for several hours of download time with an ordinary modem unless you know someone who has a copy on disk.  Get assistance if you have never installed downloaded files.

b.  Set MSIE so that "dangerous" activities can only be done with your knowledge and consent.  Procedure:

1.  In MSIE version 6 (the most common version), click on Tools, Internet Options, Security, Internet, Custom Level.  Scroll to near the bottom of the list and change "Active Scripting" and "Allow Paste Operations" from "Enable" to either "Disable" or "Prompt."  If you Disable the settings, you will find that many web sites don't work, so Prompt is more convenient.  The disadvantage of Prompt is that you have to click to allow scripts to work, and you have to be sure to do that ONLY on web sites you trust!  When the settings, are done, click OK to exit.

2.  If you often visit sites that are prevented from working because you have Disabled the settings, or if you get tired of clicking to allow scripts to work on sites you trust, you can add to a list of "Trusted Sites."  Sites on that list will work normally.  To do so, click on Tools, Internet Options, Security, Trusted Sites, Sites.  ADD the name of any sites that you know are OK.  SFA faculty, staff, and students will want to include the MySFA sites:  http://cp.sfasu.edu and https://cp.sfasu.edu.  UNCHECK the box for "Require server verification."  Click OK to exit.

c.  Run Windows Update frequently.  When defects in Windows XP, MSIE, and other Windows programs are discovered, Microsoft makes "fixes" available for free download through the Windows Update program (Windows 95 and 98 are no longer supported).  Click Start, All Programs, Windows Update.  Unfortunately, the update files are often large; some take several hours of download time with an ordinary modem.  The procedure is simple, however, and you can generally just follow the on-screen instructions.  Always focus first on the "critical" updates; "recommended" updates are much less important.

Note:  the Windows Update feature can also be used to keep Microsoft Office, Outlook, Outlook Express, and other Microsoft software up-to-date.

Also note:  Windows XP can be set to automatically download critical updates for you.  Click Start, Control Panel, (Classic View), System, and set “Automatic Updates” to prompt before installing.  When updates become available, you will automatically be notified to install them, which you can do at your convenience.

d.  Install anti-virus software and keep it up to date (discussed more fully below ).

e.  Install firewall software and keep it up to date.  This is particularly helpful in defending against defects in Microsoft Windows as described below.

Defects in Microsoft Windows--Watch Out!

Unfortunately, a new class of viruses was spawned in summer 2003 that can infect your computer without your doing anything except being connected to the Internet!  These exploit defects in Microsoft Windows, that is, mistakes in the Windows programs that can allow a virus or an unauthorized outsider to access your computer.  The initial wave of attacks was directed primarily at users of Windows XP, but there is no reason to believe that other versions won't become targets.  In many cases, a successful attack results in your computer being used to carry out more attacks !  There are several practical solutions:

a.  Run Windows Update frequently as described above.  This won't eliminate the danger, but the risk will be lessened.

b.  Install "firewall" software.  This type of software is available from several sources and is capable of both preventing intrusion into your computer from outside and preventing your computer from attacking other computers if it should happen to become infected anyway.  One of the easiest to install and use is the firewall software that comes with Windows XP.  To activitate it, click Start, Control Panel (classic view), Network Connections.  Right-click on your network connection and choose Properties.  Click Advanced, then click "Protect my computer...." and OK to exit.  Important:  a firewall will warn you if network activities occur that it isn't sure are safe.  If you get a warning, be careful how you respond!  The Microsoft XP firewall is automatically activated if you install the "Service Pack 2" update.

c.  Install anti-virus software and keep it up to date (discussed more fully below ).

Social Engineering

Virus writers often use "social engineering" to try to coax you into becoming infected.  That is, the virus (usually arriving with an e-mail message) has some sort of information that attempts to make you do something that you shouldn't.  There is no limit to the number of variations, but these are some common ones:

1.  "Phishing":  you receive an e-mail message that appears to come from a financial institution.  Often, it tells you that there is a problem with your account, and you are prompted to click on a link to fix the problem.  Don't!  The link is to a web page that either collects your information to use for fraud or identity theft purposes, or that will infect your computer with a virus!  Real financial institutions will never send you such a message.  Note:  Paypal (used for e-Bay and other Internet transactions) is an extremely common subject of these attacks.

2.  "Pharming":  this refers to one of several techniques to re-direct your attempt to log in to a legitimate site (particularly a bank or other financial institution) to a fake site that looks like the real thing but isn't!  If you fall for the scam, your account, password, and possibly other information will be harvested and used to log into the real site under your name--and steal your money!  Most commonly, these occur when your computer is infected with a virus that modifies your browser favorites to direct you to the fake site.  There have also been cases of DNS (domain name system) servers being infected, resulting in re-direction of everyone whose browser accesses that server (even though their computers are not infected).   Tip:  if you aren't 100% sure whether the site you are entering is actually your financial institution, type in an incorrect account and password.  If you are at a real site, it will tell your information is incorrect.  If you are at a fake site, it will let you in (since it doesn't actually know your account and password).

3.  Fake electronic greeting card.  It works like this:  you get an e-mail telling you to click on a link to receive an e-card sent by someone you know.  Unfortunately, the link actually takes you to the virus site, or sometimes the site of an undesirable advertising company. You will be notified that you have to install an "ActiveX" control in order to view the card.  If you are foolish enough to bite, a "EULA" (End User License Agreement) pops up. It is very long, and you will probably not read it. They're counting on that. When you scroll to the bottom of it and click "Accept," you have agreed to the terms of the EULA.

Part of what you will have agreed to is to have monitoring/spyware software installed on your computer which will periodically report a vast array of data back to the card company.  The other part that you've agreed to is to have the software send mail to every address in your address-book (if you are using Outlook or Outlook Express).  Your friends will then get the same virus that you have.  This can be distressing, since these often link to porn sites!  The following have been reported to send such cards, so be wary of anything you receive from them:  friend-card.com, friend-card.net, friend-cards.com, cool-downloads.com, cool-downloads.net, friend-greet.com, friend-greeting.com, friend-greeting.net, friend-greetings.com, friend-greetings.net, friend-cards.net, laugh-mail.com.  There are surely more--see tips below for how to avoid.

4.  Fake "returned" mail.  You receive a message that looks like you sent it, but it was returned.  The message includes a web link or a file.  If you are foolish enough to click on it, you get a virus or very undesirable advertising (often porn).

5.  E-mail allegedly sending you a "patch" for Windows (i.e., a program to repair incorrect Windows files) or a program to get rid of a virus.  In fact, the patch or program is almost certainly a virus itself!  See tips below.

6.  Forged return addresses, making e-mail appear to have been sent from someone you know even though it wasn't (forging a return address is sometimes called "spoofing").

Tips:

a.  If you receive an obscure message with an attached file (any type of file, including HTM or HTML) or link that you are not expecting, DELETE the message, no matter who the return address is from.

b.  Do NOT SEND obscure messages with attached files!  If you need to send someone an attached file, let them know ahead of time, then include a personal narrative that will make it clear to the recipient that YOU sent the file and not a virus or "spam" writer.

c.  NEVER click "OK" to download, install, or run anything that you did not specifically request.  Make a habit of doing that, and you WILL get burned eventually.

d.  Install anti-virus software and keep it up to date (discussed more fully below ).
 

Hoaxes

As computer viruses became widespread in the last decade, so did hoaxes.  Whether well-meaning or malicious, hoaxes are nearly as damaging as real computer viruses, since they waste time and sometimes coax the user into erasing vital files.  Typically, these spread by e-mail and have one or more of the following themes:

a.  The “virus” arrives as an e-mail telling you not to open any e-mail message with a particular subject.   One of the most famous is the “Good Times” virus, which warns against messages with a subject of  “Good Times.”

b.  (most dangerous) The “virus” arrives as an e-mail telling you to check for the presence of an obscure file on your computer, and erase it if you find it.  A common version refers to a file named sulfnbk.exe .  In actuality, the file referred to is a normal component of Windows, and erasing it damages your system!

c.  Chain letters.  Like the old fashioned snail mail chain letters, these either promise you a reward if you send the letter on to more recipients, or claim that you will suffer bad luck if you “break” the chain.  Some common ones indicate that you will win $1000 or some other valuable prize.  There is, of course, no prize.  New twist:  current chain letters often have built-in means of harvesting the e-mail addresses to which the message is sent, then sending the addresses to organizations that send spam !  Send on a chain letter, and everyone on the list may become an immediate spam target!

Solution for all virus hoaxes is simple:  ignore them.  If you aren’t sure whether a message is a hoax, check any of the big anti-virus software sites, such as www.mcafee.com .  There are also dedicated hoax sites, such as http://hoaxbusters.ciac.org/ .

Anti-Virus Software

One of the standard ways of preventing virus infection is to use anti-virus software, such as that sold by Mcafee (McAfee Anti-Virus) and Symantec (Symantec Anti-Virus, previously called Norton Anti-Virus--SFA faculty, staff, and students can download this for free through MySFA).  There are two big deficiencies:  (1) hoaxes are rarely detected, and (2) new viruses come out every day.  To combat the new viruses, all good anti-virus software has an update mechanism whereby you can get your copy updated to cover the latest viruses.  Unfortunately, these are large downloads, often taking an hour or longer to download with an ordinary modem.  Further, you should download frequently to have the best protection (most programs have weekly updates).  And, the newest viruses are never included, since new ones will have come out since the last update.  Recommendation:  use anti-virus software and keep it up-to-date, but don't depend on it to keep your system safe (see other tips above).

Other Resources


 
Note: our server is Unix-based, so all url's are case sensitive.
Send comments and corrections concerning this page to:
wfisher@sfasu.edu
Last updated October 22, 2006