How Protected is Your Computer?

by Jacky Vaniotis

Published in the Fall edition of the Maine EMS I/C News, Vol. 9, No. 4

Has your computer ever been infected by a virus or a worm? Have you ever been exposed without getting the virus, much as we can be exposed to an illness but have enough immunity to avoid actually getting sick? Have you ever found yourself worrying about the possibility of exposure/infection, and maybe even avoided getting Internet-connected or using e-mail for fear of “infecting” your computer and files? We’ve all heard of many of the contaminants that have made the news, like Trojan Horse viruses, the Melissa and the I Love You worms, and more recently the NIMDA viruses. (Worms and viruses, by the way, are essentially different in that a worm is an application that executes when it’s run. Unlike a virus, it doesn’t attach itself to your files. The virus is a code that attaches to already-existing files and is only activated when that file is run. It may do nothing more than cause a message to pop up on your screen letting you know it’s there, or it may write itself to others of your files, contaminating them as well, causing further problems. So the biggest difference between a virus and a worm is that a virus spreads by exchanging files (you need to trade floppy disks, or files, or e-mail files to each other) whereas a worm spreads itself by itself. You might need to do something to get a worm to spread (like opening an attachment), but you don’t need to exchange files with someone else, the worm does it itself.)

What can we do to protect ourselves from falling victim? First of all, it is important to realize that the only 100% secure computer is one which is turned off, unplugged, and locked in a safe. But, since you actually want to use your computer, you have to trade off some security.

For the purposes of virus security, there are three types of files, and each has a different level of risk associated with it. The first, pure data files, such as those with the extensions .gif and .jpg, are all safe, i.e., they won’t contain viruses. Animated .gifs and .jpg’s are safe, as well. Also safe are .bmp, .wav, .mp3, .mpg, .avi, .mpeg, .txt, .rtf and many other pure media formats. These files are only text, pictures, sounds, and movies. The rule of thumb is that if the only thing that a format can do is show you something, then it’s obviously safe.

The second type of file is the executable files, or program files. There are two types of executables, those which can be executed directly and those which are executed indirectly. Both can easily contain viruses. Direct executable and script files, like those ending in .com, .exe, and others, like .vbs, .vbe, .wsc, .wsf, .sct, .wsh, .js, .jse, .bat, and .pif, are “executed,” or run, just by double-clicking on them. (The new version of Adobe Acrobat is apparently also including support for macros and scripts in .pdf’s and .fdf’s and a virus therefore is possible with these now too.) Obviously, all these executable files, therefore, are unsafe both in terms of their potential for carrying a virus, and because just double-clicking on them frees the virus to contaminate the computer and do its dirty work.

Indirect executable files, such as those ending in .dll, .ocx, .vbx, .sys, .class, .jar and many others, tend to be pretty obscure. These could contain viruses, but you’d have to follow some really complicated and suspicious instructions to install them. In other words, if you get one of these, you have to be really gullible to get infected by it.

The third type of file is considered mixed: the Microsoft Office formats, .doc, .xls, .ppt, .mdb (Word, Excel, PowerPoint, Access) and their equivalents from other companies, like Corel and others. These can contain both data and macros. Thus, most of the time they contain just data but there’s a chance they could contain viruses. These are perhaps the riskiest in that most people don’t even think of risk when opening these because most often they come from people they know. They may even be files they are expecting, and so they may let down their guard and open them without protecting themselves first.

HTML files (extensions .html, .htm, .asp, .mht, .hta, .htt, .mhtml) are also considered mixed. They mostly just contain data, but, like the Office formats mentioned above, they may also contain macros, and therefore viruses.

Finally, there are RM (RealMedia) and WM (Windows Media) files, which are also mixed files because, while they generally include only video or audio content, they can also contain links to web sites which automatically pop up in the RealPlayer or Windows Media browser. So this is a format to be careful with, but it’s much like the MS Office files in that far more often they will be legitimate than not.

Virus safety is a tradeoff between functionality and security. Since you want to use your computer on the Internet, you trade off some security, but with some common sense you can be both functional and reasonably secure.

First, and probably most important, get antivirus software, but don’t just install it once and forget it. Make it a point to update it regularly (weekly isn’t too often!) With new viruses being developed all the time, you want to make sure you always have the latest protection. If you have to pay at the end of a year to continue getting the full updates, do it. It’s worth it. And set your security settings to moderately high, as well, to prevent unsecure viruses and worms from sneaking through.

Another piece of common sense is to pay attention to what comes into your mailbox. And that goes well beyond saying, “I don’t open anything if it’s from somebody I don’t know.” The way worms work is by attaching themselves to messages in one person’s mailbox and then mailing themselves out to everybody listed in that person’s address book, unbeknownst even to the “sender.” So just knowing (and trusting) the person who sent you an attachment does not necessarily mean it’s safe. Nor does the fact that another person already opened the attachment he received on his computer and suffered no ill effects just before he sent it to you mean that it’s safe.

When you click on your attachment and the box pops up asking you whether you want to open it now or save it to disk, always save it to disk so you can have your antivirus software scan it before opening it. (Remember, just saving a contaminated file won’t make anything bad happen. It has to be run to activate the virus.) Be sure to scan any attachment you receive before opening it. It only takes a few extra seconds and can save you hours of work and lots of aggravation if it’s a contaminated file. Think of it as “Body Substance Isolation” for your computer!

Pay attention to what kind of file is attached to that message you just got, too, and if it’s one of the potentially “dangerous” files as mentioned above, ask yourself if it’s worth the risk of opening it. (By the way, Windows machines by default don’t show file extensions. A file called LookAtMe.doc.vbs will show up as just “LookAtMe.doc” on an e-mail if you haven’t instructed your computer to show extensions. It looks at first glance like it’s a Word file, because your computer isn’t showing you the real extension, which is .vbs. Seeing what appears to be an extension for a Word file, “.doc,” can lull you into a false sense of security, thinking it’s just a Word file. And maybe it’s from somebody you know so you go ahead and open it, not realizing it’s one of those dangerous direct executable files that can wreck havoc by simply double-clicking on them. So set your computer up to see extensions. To do this, go into Windows Explorer, select View, then Folder Options. From there go to the “View” tab, and remove the checkbox on “Hide file extensions for known file types”.)

As an added measure of security, I don’t open any executable files, unless they are something that I have requested from someone myself and scanned upon receipt before opening it. And if I receive an unexpected Word, Excel, or PowerPoint attachment by e-mail from somebody, I don’t open it until I’ve contacted the person who sent it and scanned it. And if I can tell by the title, or the fact that it’s been forwarded a half dozen times before it reaches me, that it’s “chain mail” I just delete it without even bothering to ask! If it was important, the sender will contact me, I’m sure.)

But what if, with all this care you’re taking, you discover that you have been exposed and aren’t yet sure if you’ve become “infected?” Well, if you are connected to the Internet when you make the discovery, immediately disconnect so as to minimize the likelihood that your computer will transmit your the virus/worm to others in your address book. Then follow your virus software directions. When I’ve received viruses and worms I’ve also done complete system scans as soon as I’ve discovered them to be sure that nothing else on my computer has become contaminated.

Just like a human being can be exposed to an illness but have strong enough defense mechanisms to avoid becoming sick, so can your computer be exposed to a virus and not “become sick.” By having your security settings high enough (your computer’s “BSI”), by having your antivirus software set to automatically scan all incoming mail, by manually scanning all new files and disks you put onto your computer before opening them, and by exercising caution in what you open (“scene safety”), you can “build up your resistance” to these viruses.