Basic Information

Vendors
By Type

Anti-virus
McAfee
Trend Micro
Microsoft
Norton

Firewall
Zone Labs
Sygate Personal Firewall

Basic Virus Information.

it's private by ChangeDetection

Vindicated!

Designed for 600 X 800 or greater.

We all know there are people out there - very talented people - that choose to use that talent to write programs and scripts that we have come to know as computer viruses or Trojans, which destroy or change files and in some cases, destroy hardware on others machines just for the fun of it. Some of these authors have been caught but generally, most are talented enough to create their viruses with impunity. The unfortunate fact is some of these jokers are more talented than the people trying to locate and stop them.

The second problem we have is our own well-meaning friends passing along virus alerts. This one's fairly simple to control. If you get a virus alert from a friend - DON'T pass it along and become part of the problem. DO ignore it or pass it to a computer professional and ask them to check it out for you. You can check most out yourself at the Dept. of Energy Computer Incident Advisory Capability [CIAC] pages. This page is linked to CIAC Internet Hoax and Chain Letter page, which has recorded every hoax to come over the Internet since Feb, 1995. Following instructions found in a virus alert can have you damage your file system beyond repair or have you remove a needed file that your operating system needs to run properly. As a very minimum, passing along a virus alert uselessly consumes Internet bandwidth, slowing systems. ****The links referencing CIAC above are now dead. The CIAC has now merged into a new Federal Agency US-CERT.

We have a third problem with hackers. These people use their talent to literally break into other peoples - and company's - computer systems. They do it because they can. Generally, they have no idea who the system they have broken into belongs to, that's not important. What's important to them is they can hack their way into your system and they're certainly going to leave their mark. Once access is gained, they will do something spectacular, or at least make it very certain your system has been compromised.

The problem is obvious but the solution, as obvious as it seems to most of us, is a little harder for us to work with. Don't download attachments - period!

"WAITAMINUTE! I have to send files to my colleagues". Of course you do. However, email attachments are NOT the way to do it. Email is for text, not pictures, HTML [Hyper-Text-Markup-Language] and absolutely not for transmitting documents, drawing files or executable files. FTP [File-Transport-Protocol] is for those tasks. Some time ago, software vendors chose to listen to demands of their clients, for the capability to send and receive file attachments within email. Those of us in the industry at that time consistently warned of the dangers in doing this and consider such use of email abuse. This "abuse" of email capabilities is clearly a case of "be careful what you ask for - you may get it". Now, years later and following untold amounts of damaged hardware and lost or corrupted files, Microsoft is taking steps to withdraw it's position on allowing attachments in it's email client products. That capability will no longer be a default setting in the next iteration of Outlook or Outlook Express. Don't know how to turn off HTML E-Mail encoding? Want more information? Click here.

Of special note here is the AOL/Netscape collaboration. The difficulty in turning off HTML messaging for AOL users is directly related to the spyware created by that collaboration. I have warned users to avoid AOL and Netscape [versions 4 and above] for years citing privacy/harvesting issues and systemic problems created with the installation of those programs. In 1999 and 2000, several class-action lawsuits were brought against AOL/Netscape for these issues. Click here to read about those issues. They countered with a request for arbitration to keep it out of the courts and out of the news. They lost that request. They then asked for and received a change of venue to make a second request for arbitration in CA. In October of 2002, they lost that request as well. They are going to have to go to court over the issue. That's the gist of the legal side of this issue. Unfortunately, during these proceedings they have been allowed to continue these practices. Nothing has changed in how they are doing business on your computer.

The basic solution is that each individual user must be responsible for their own systems safety. Each individual user must use the tools available to them to protect themselves from both hackers and virus authors, and more importantly, get into the habit of using them regularly. There are a number of tools available to you - many either free or very low cost - that when used properly, can protect your system when used with a little common sense.

WARNING: Using a "preview" pane to preview email opens that email.

There will always be some security concerns when downloading and executing certain types of binary files.

Those file types include...

Executables [.ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh]
Files found inside of compressed files [the .zip, .arj, .rar extension]

Macros and Trojans found inside of Documents and picture files [the .doc, .xls, .gif, .jpg, .bmp, etc.]

Sometimes these type of files contain viruses or Trojans. You should use extreme caution and discretion when downloading these types of files, especially if they come to you unsolicited or from an individual or company you do not know. OPEN OR EXECUTE THESE FILES AT YOUR OWN RISK. In many cases, simply viewing an html email can execute these exploits on your system.

WARNING: Using a "preview" pane to preview email opens that email.

At this time, this warning does not apply to the file types .mp3, .mov, .avi, and .mpg but that only means at this time. Try to keep in mind Trojans like Backdoor-G2.svr.gen and Backdoor-Sub7 get updated regularly and are normally distributed disguised as .jpg and .bmp picture files. I have personally dealt with these viruses on a clients infected server. Take my word for it, the result from this Trojan is serious. There are other viruses out there that can literally kill your machine. There are a lot of them but one little honey is W32/Magistr@MM. First discovered in March of 2001, this one DOES damage hardware. KNOW what you're downloading and looking at. Scan, Scan, Scan everything you download or put in your machine. Don't download attachments - period!

What is a virus?

A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:

It must execute itself. It often places its own code in the path of execution of another program.
It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.

The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.

'What is a Trojan horse?

Trojan horses are impostors—files that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves. Trojan horses contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must invite these programs onto your computers; for example, by opening an email attachment or downloading and running a file from the Internet.

'What is a worm?

Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm.

What is a virus hoax?

Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Following are some of the common phrases that are used in these hoaxes:

If you receive an email titled [email virus hoax name here], do not open it!
Delete it immediately!
It contains the [hoax name] virus.
It will delete everything on your hard drive and [extreme and improbable danger specified here].
This virus was announced today by [reputable organization name here].
Forward this warning to everyone you know!

Most virus hoax warnings do not deviate far from this pattern. If you are unsure if a virus warning is legitimate or a hoax, additional information is available at the Symantec Security Response online database.

McAfee AVERT (Anti-Virus Emergency Response Team), the leading anti-virus research organization, gives you current information of all changing viruses and Trojan horses. Each updated profile gives you comprehensive details on virus characteristics and indications of infections. Visit their Recently Updated Viruses page. Added 10/9/2002 Reminder: even the most trusted can appear to have sent you a virus infected file. I received this message this morning [the link opens a .jpg of the message]. Obviously this did not come from McAfee but unsuspecting users may believe it came from them and the attachment is safe.

Although I recommend McAfee Enterprise Anti-Virus software [for enterprise networks] and Sygate [Firewall], the players in the virus protection field are linked at the left. Microsoft Security Essentials is very competent and free. Trend Micro is also very competent and has a REAL-TIME Threat virus map. There are other players in these fields that I haven't listed, like the BlackICE Defender Firewall. I am often admonished by "loyal users" of other anti-virus and firewall products because I don't recommend the product they spent their money on. I don't list these other products because they simply don't work as advertised, on all operating systems or as effectively as others. When I have tested their software and found it working properly, I'll remove this warning.

I'm often heard "knocking" Instant Messenger services from MS, Yahoo, AOL, etc., because to function, it has to have open ports on your system. Those open ports are doorways to your data. It seems others are now recognizing that fact.

Those of you that have heard me comment regarding the Google Toolbar, many of you wanting it on your systems, now have additional information available regarding the problems I claimed it created for the security of your system. At this time, I haven't had time to look at the "fixes" but still caution you regarding using this "toolbar" on your enterprise network systems. Read the latest here. Think you're safe using Firefox?

Is your email Bugging You? It could be. Every message you read could tell the sender if a message is being read and/or forwarded and can disclose information about your system. Web pages you view can do not only the same thing, but even more. Use the link and find out more. No - I really don't just make this stuff up......<G> Your best defense is not to use any preview and don't open email from those you don't know. The side benefit of this is you don't read SPAM.

More Great news regarding who - and how - others are doing business on your machine, and how you may be allowing it. Here's a link to PC World's article on "Phishers", and how they can affect you.

Did I mention not to open attachments?