Precautions can keep you safe from viruses
By JULES ALLEN
© St. Petersburg Times, published April 12, 1999
Computer viruses: They're not just for nerds anymore.
The recent publicity about the Melissa virus had everyone from hard-core techies to National Public Radio talking, dissecting Melissa and offering advice about how to protect your Windows computer. (While Macs can get infected, virus writers want to reach the maximum audience and generally write for Windows 95, 98 or NT.)
Users who take the attitude of "Oh, it can't happen to me" could be in for a surprise as the use of e-mail to spread this malicious mischief increases.
Hey, you don't leave your house unlocked, do you? Trusting your computer's good health to chance is also foolish. If you haven't installed virus protection, now is a good time to do it. Your favorite search engine will dredge up many references to commercial virus scanners. Yahoo! might be a good starting point as vendors are clearly grouped.
Here are some things to look for in the the latest and greatest software protection, as well as a few other tips for the virus-wary:
* A decent virus scanner will load into your computer's memory when your system starts up. Then, like a tollbooth on a bridge, it will filter programs for viruses as they are launched.
* If you leave your computer on all the time, you should make sure to schedule a virus scan when you're not likely to be using the computer.
* Update your browser often. There have been some serious bugs discovered in older versions of both Netscape Communicator and Microsoft's Internet Explorer. Communicator is at version 4.51 and Internet Explorer is at version 5. If you have to stay with version 3 or 4 of either program, make sure you've got the latest minor revision. Still, seriously consider upgrading to the latest major version.
* Windows 95 and Windows NT come with a program called Wordpad, which is ideal for reading Microsoft Word documents from untrusted sources. WordPad doesn't have any of the scripting functions that big brother Word does. Therefore, it cannot execute embedded scripts that could hurt your computer.
* To remain fresh and disinfected, keep your virus scanning software updated with the latest virus definition files. My software automatically checks for updates through the Internet once a day and auto-installs them if it finds something new.
* Tempting as it is, don't run those joke files e-mailed from well-meaning friends -- anything that ends in .exe, .com or .bat is out of bounds, virus scanner or not. Tech Times editor Dave Gussow had a run-in with a program called happy99.exe that was making the rounds a few weeks ago. Thankfully he caught it before it could do the macarena on his hard disk.
* If your job involves receiving files and documents that could contain damaging scripts, you need to know how to disable them. The most up-to-date versions of Microsoft Word and Excel will warn you if a document contains automation scripts, or macros, and ask you if you want to disable them. Older versions, however, do not. Vendor Web sites are a great start, and for a good example see officeupdate.microsoft.com/articles/macroalert.htm.
* * *
If you work at a company with a dedicated information technology or system administration staff, consult them for specific details.
* If you are a Windows user, make sure your virus scanner checks both ActiveX and regular Windows programs. Just scanning the disk at regular intervals isn't enough.
ActiveX is a Windows-only technology that runs the equivalent of a Windows program, such as the Notepad application, within your browser. All trustworthy ActiveX controls are digitally signed by their originator. When someone wants to digitally sign a file, he registers with a trusted third party and obtains a digital certificate. Think of this certificate as a rubber stamp. For example, if you visit www.Macromedia.com using Internet Explorer and click to install the Flash player, you'll be asked if you'd like to install and run the program. Both the name of the software vendor and the trusted third party who has verified the vendor's identity are presented for your review. The two most common third-party verification services are from VeriSign and GTE/BBN.
If you remember nothing else from this article, do not run an ActiveX control from an untrusted source. Ever. If somebody runs over your mailbox and you don't get the car's tag number, you'll have no idea who hit it. A signed ActiveX control is the equivalent of a car's tag number. The car may have flattened your mailbox but at least you've got the tag number to find out who did it.
In the world of Java applets, there aren't any cars in the first place. An applet runs in what is colloquially called the sandbox. It can play to its heart's content in the sandbox but it can't touch anything outside of its Internet-centric world. An applet can communicate with the server from which you downloaded it but it cannot talk to other servers or touch your hard disk.
Java applets are mostly safe but some flaws have been found in older versions. Keeping your browser current avoids these theoretical holes. It should come as no great shock to learn that large, sprawling programs have holes so big that a hacker can drive a bus through them, and Java is a very large program. Applets go a long way to solve the malicious code problems but are not perfect.