Home > readme > Articles

Computer Virus Safety & Tips

This page will help you with general precautions you can take against the constant threat of computer viruses. (If you only use a Mac or a Linux PC, please snicker and ignore this page.)

Essentially, it boils down to: think before you click, and don't believe everything you read.

Think before you click

E-mail viruses arrive in two ways: as file attachments, or in the code of HTML-formatted email. By far the most prevalent are the file attachments. This is great news from our standpoint, because it means it's easier to deal with.

The #1 tip I can give you is: DO NOT click on a file attachment unless you know what it is! A wise rule to follow is to only open a file attachment if you are expecting THAT particular file, AND you know who is sending it. Even wiser is to save the file attachment to your hard drive, scan it with your virus scanner first, and THEN open it. And the wisest request confirmation of the attachment from the sender before opening it!

Don't believe everything you read

There are two reasons for this advice. First, some virus writers are clever and try to entice you to follow a link or click on an attachment, to your ultimate detriment. Second, many e-mail servers will seek to notify you (by e-mail, of course) if they've received a virus from you. That used to be helpful, but times have changed because most e-mail viruses now "spoof" the sender's address, so it appears to be from an innocent (i.e. uninfected) person.

Here's an example. An e-mail virus infects Alison's computer. Alison probably doesn't even know it. The virus looks through Alison's address book, and picks out two email addresses, for Betty and Clark. The virus composes an e-mail (containing a copy of itself, the virus) which *pretends* to be from Betty, and is sent to Clark. Now, there's a savvy e-mail server at Clark's end: it figures out that there's a virus attachment. Clark's e-mail server sends an automated message back to *Betty* because the e-mail appears to be from Betty. Betty receives a notification that a message she sent contains a virus! In fact, it wasn't Betty who sent it, it was Alison, but Alison never gets notified because the virus spoofed, or faked, the sender and implicated Betty. Betty now calls up her sysadmin in a panic because she has a virus, and her sysadmin wearily explains this all to her.

Of course, there may be a time when you receive a notification that you sent out an e-mail virus... and it's true! The best course of action when you receive such a notification is to follow these steps:

  1. Update your antivirus program so that it has the newest virus definitions.
  2. Boot to safe mode (if possible) and scan for viruses on all of your local drives (usually just C:).
  3. If the scan finds no viruses, relax. If it does find any viruses, consider contacting your sysadmin if there's any doubt that it may not have removed all your viruses.

Be Proactive

If you are sending a file attachment, my advice is to include something like the following text: "Bob, please find the attached file, resume.zip. Regards, Dan."

I want to point out three things about the above text:

  1. It addresses the recipient personally. A virus won't.
  2. It states the name of the file explicitly. A virus won't.
  3. It signs your name (not just your email sig). A virus won't.

When you use that approach, you can be reasonably sure that you won't infect others even if you do get a virus. Why? Because they will be used to you being explicit, and if an email arrives from you differently, they will be suspicious.

I mentioned above that the second type of e-mail virus is an HTML-formatted email. I personally discourage the use of HTML-formatted email for three reasons: One, not every e-mail program will display it correctly (or at all), so you run the risk of appearing to send a message in "Klingon" to someone; Two, HTML emails are unnecessarily large (pity the poor non-high speed users who have to download it!); and Three, there are some inherent security risks relating to HTML email. One way to help is to set up your email program to NOT send HTML email.

To stop sending HTML e-mail on a Windows machine, follow these instructions for your mail client:

Outlook: Go to Tools > Options > Mail Format. In the 'Send in this message format' drop-down box, select 'Plain Text'. Make sure the check box is UNchecked in front of 'Use Microsoft Word to edit e-mail messages.

Outlook Express: Go to Tools > Options > Send. In the 'Mail Sending Format' section, select 'Plain Text'. UNcheck 'Reply to messages using the format in which they were sent'.

Eudora: Go to Tools > Options > Styled Text. Under 'When sending mail with styled text (HTML)', select 'Send plain text only'.

Netscape or Mozilla: Go to Edit > Preferences > Mail & Newsgroups. Click 'Send Format' and select 'Convert the message to plain text'.

AOL 9.0: You must do this while you are composing a message. Click in the message area of the Write Mail window. Change the plain text setting: Click the T icon just below the Subject label to toggle the message between plain text and rich text formatting; or open the Format menu and choose Rich Text or Plain Text. AOL will remember this setting for subsequent messages.

Other email program will have different methods, but you can find options to turn off HTML email under Preferences or Options in your email program. A good source for instructions may be found here.

Do you have a virus scanner?

Of course, before anything else, you NEED to have a virus scanning program installed on your computer. MOST viruses come through e-mail, but not all, so even if you are proactive and follow all the other advice I give you, you're not 100% covered!

If you do not have a virus scanner, go get one now. If you don't want to buy one, download AVG Antivirus for free (for home users only). There are other free antivirus products, but I haven't evaluated them. There are also many fine antivirus products available for sale.

Secondly, even if you have an antivirus program installed, you need to update it regularly. (Even though you may buy the newest car, you still have to put gas in it regularly!) Most antivirus programs configure your system by default to update automatically. Of course, you have to be connected to the Internet in order for this to happen. However, you may want to make sure that your antivirus program is set to update at the very minimum once per week. Note also that commercial antivirus programs will expire! They will continue to run and will catch older viruses, but they will not update for the newest viruses. (The free AVG Antivirus which I mentioned above does not expire.)

For more information, here is an excellent online article regarding basic online security.

 

 
[ top of page ]
   This page © 2003 Dan Herrick. Yes, even if it's no good.