Viruses - Good Computer Hygiene

Viruses – Good Computer Hygiene

Technology with Integrity

 

Tim Torian, Torian Group, Inc.

 

 

The recent spread of the blaster worm, and the SoBig email virus have brought computer viruses into the headlines again. How worried should you be, and what do you need to do to protect yourself?

 

The first theories about the possibility of creating a self-replicating program date back to 1949, and experimental viruses were first programmed and tested in the 1960s. They got their name when a university professor used the term "virus" to describe them in 1984, because like a biological virus, a computer virus is small, makes copies of itself, and cannot exist without a host. There are now so many variations on malicious software that they are collectively referred to as ‘malware’. 

 

Here is a quick rundown on types of malware:

  1. A computer virus is a program that requires a host in order to make copies of itself on computer disks. Viruses may infect (copy to, and spread from), program files, programs in disk sectors, and files that use macros. The ability to self-replicate distinguishes viruses from other programs. All viruses are created by people who know how to write computer programs.  They must be installed and executed on the computer like any other software to have any effect.

 

  1. Worms are similar to viruses, in that they make copies of themselves. The difference is that it does not need to modify the computer. Instead, worms take advantage of things that your computer already does, such as the ability to network, and the ability to send and receive email. Worms use this existing functionality, often by exploiting a bug, to spread to other computers that use the same function.  Email viruses are a particular form of worm that spreads by sending email to every email address it can find on your computer. It may send the email with a bogus reply address. Often you will get warnings back from anti-virus software that caught the email with your reply address, for infected emails sent from someone who had your address.

 

3. Trojan horse programs are named for the giant wooden horse that concealed Greek soldiers who used it to invade the ancient city of Troy. Like that famous trick, a Trojan horse program conceals hidden programming. The hidden function can be anything, but frequently involves giving the writer the ability to connect to your computer and use it for their own purposes.  Trojans, like viruses, must be installed and run on your computer. Although viruses or worms can contain Trojan capabilities, a pure Trojan is spread by downloading and installing interesting software, knowing that some people will run any program that has an interesting file name, or promises to perform a useful function.  Some Trojans are disguised as well known utilities, and have a familiar name.  Be careful where you download files from.

 

4. Adware. These are similar to Trojans, in that they are usually programs that do something useful. They also contain functionality that either reports your activities back to someone for advertising purposes, or downloads and displays unsolicited ads – typically web site ‘pop-ups’.  Some of the most common are hotbar, and gatorsurf.

 

5. Virus hoaxes. Because of the fear of viruses, a whole new category of wasted time has been created by people spreading email warning you that you probably have a virus. Typically the hoax will ask you to delete some file from your computer to protect yourself, and to warn everyone you know immediately.  Hoaxes are tracked by virus vendors, and it is advisable to check the validity of the warning on an anti-virus web site before passing it on.

 

There is a lot of confusion about what can and can’t cause you to get a virus. All malware gets access to your computer either because of a flaw in a program you are running, or because you run it. Malware is like any other computer program – it has to be executed to have any effect.

Since Macros are a simple programming language, viruses have been developed that run as a macro.  Scripting languages, such as vbscript and windows batch files can also be used to create viruses.

Downloading or copying files is the most common way viruses spread. Visiting web sites also gives you the opportunity to download and execute code. Because the web site is displayed by running code on your computer from the web site, it is possible to get a virus simply by visiting a site, or clicking on a web link in an email. The security settings on your web browser determine how vulnerable you are. Some viruses take advantage of bugs in web browser software to run code that would normally be blocked.

Opening an email attachment can cause a program to run. Because some email programs open your mail for you in ‘preview’ mode, it has been possible to get a virus simply by receiving email. Older versions of outlook and outlook express had this problem.

Viruses cannot be spread by simply receiving email, unless there is a flaw in your email software. The only 100 percent safe e-mail file attachment is a deleted e-mail file attachment. 
Some viruses take advantage of flaws in programs that you already have to modify your computer. Because of this, downloading and playing music can also be a source of viruses if your computer has vulnerable (unpatched) media playing software. 

Cookies, which are small text files stored by your web browser when you visit certain sites, are not a source of viruses. The files contain no executable code. Some viruses will scan cookies for email addresses that they can send themselves to.

 

What to do? These 5 things can protect you from most problems:

1. Run anti-virus software, and keep it current. Anti-virus software works by comparing the file being scanned against a database or ‘pattern file’ of known viruses. If you don’t have a current pattern file, it will not detect viruses that came out after your version of the anti-virus software.  Even with current software, there is always a window of time between the release of a virus and the response from anti-virus vendors when you are vulnerable.

 

2. Follow good practices: Don’t open emails from people you don’t know. Especially don’t open email attachments, unless they are expected and from a trusted source. Don’t do anything with your computer you don’t have to do in order to get your work done. Don’t download cute screen savers. Don’t install the neat utilities your friends send you. Don’t download music from unknown sources or file sharing services. Don’t install anything when browsing web sites unless you are sure what it is and where it came from.

 

3. Install a firewall. If you are on a company network, make sure your company is protected by a firewall. If it is your small office or home computer on the internet, use firewall software, or get a personal firewall. Firewall software monitors all incoming Internet or local network traffic and allows only known and trusted computers to connect to your computer. A separate hardware firewall now costs only about $35. Personal firewall software is built in to windows XP. (Don’t install personal firewall software on a company computer – it can cut you off from the network.). Those with a firewall did not get the blaster worm.

 

4. Stay up to date with software patches. Use windows update to keep your windows operating system and browser safe, and stay current with software advisories from vendors of software you use. Various security firms estimated anywhere from 188,000 to 1.4 million unpatched Windows machines have been compromised worldwide.

 

5. Back up your important files, and use a rotation plan for your backups. You need to be able to retrieve a file from last week or last month, since you may not discover a problem right away.

 

Tim Torian has taught computer networking at the College of Sequoias and Cal Poly Extension. He has a BS in Computer Science, and has been consulting on computer networks for the past 18 Years. His industry certifications include: Cisco CCNA and CCNI, Microsoft MCSE, and Novell CNE.  He is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, and custom software development. They can be reached at (559) 733-1940 or on the web at http://www.toriangroup.com