Dangerous Virus Misconceptions

It seems that just about every month we read about a new computer virus that's causing havoc across the Internet. While we have all heard advice on how to avoid contracting specific viruses, thousands are still infected every time a new strain is released.

If you're ready to avoid being the victim of the next virus threat, and of those that will inevitably follow, then you need to understand the common misconceptions that result in continued infections.

  1. We Hear About the Real Threats What many do not realize is that a handful of new viruses are actually discovered on a daily basis. Because only a small percentage of these capture the media's attention, and are then widely reported, the risk of infection and damage to your system is actually much greater than most realize.

    Focusing your attention on how to avoid just these well-reported viruses is like worrying about the tip of the iceberg, and actually may distract your attention from the greater number of threats that exist. Protecting yourself from future infection requires a better understanding of virus methodology in general, and not simply concentrating of the specifics of a few well-known threats.

  2. All Systems Are Equally Vulnerable. A quick review of news headlines and virus reporting web sites should make it abundantly clear that nearly all of today's computer viruses specifically attack and exploit weaknesses in just two common email software programs: Microsoft Outlook and Microsoft Outlook Express.

    The reasons provided for this trend of attack vary from "These are the most security-flawed programs," to "They are attacked most frequently because they are most popular," and "The type of people who write viruses are also those who tend to actively dislike Microsoft."

    Regardless of which reason might be the most accurate, (all three are likely true to some extent) the fact remains that users of Outlook and Outlook Express are the most vulnerable to both current and future virus threats.

    Use of either of these programs greatly increases your risk of eventually becoming infected, despite your best efforts to protect yourself. Users of these programs can actually become infected by some viruses even without executing the attached files that carry virus codes.

    Worse yet, your system may then be used to harm others, as it has become common practice for viruses to use the email addresses stored in these programs to send infected files to all of your friends, customer and clients.

    While consumers may not have much mission critical data at risk on their home computers, business users will be substantially safer by choosing to use alternative email software programs.

    Whether you decide to use the email capabilities that are included with most contact managers (such as ACT!, Goldmine or On Line Agent) or opt for alternative stand-alone email programs (Eudora or Pegasus are popular options) is a matter of preference. What is important for security reasons, is that you choose something other than the most "attacked and hacked" targets of today's virus writers.

    Additionally, you should review your email software's documentation to ensure that you have configured the program so that it will not allow executable HTML code, as this can substantially increase the vulnerability of any email program.

  3. All Email Attachments Are Threats. The common advice regarding caution with email attachments has unfortunately created a level of hysteria among many users that causes unnecessary stress while compromising their ability to effectively communicate in today's electronic business environment.

    It's important to realize that not all attachments are capable of transmitting viruses, and that certain types of files are much more likely to be viruses than others.

    For the most part, files that end with JPG, TXT, GIF, PDF, MP3, AVI, and MPEG are generally considered "safe" and thus should be used whenever possible in order to both send and receive information through the Internet.

    Files created by Microsoft Office products, such as XLS, DOC, and PPT can carry damaging code, and these were once quite popular formats for virus writers. Recently, however, they have somewhat fallen out of favor. This is most likely because the recipient of such a file would need to own the corresponding Microsoft Office software in order to become infected, so most virus writers have opted for file formats that can infect a greater percentage of users.

    If you receive a file with such an extension, particularly from someone you know, it's probably not a virus, but these files can transmit damaging code so caution is certainly advised.

    On the other hand, virus writers currently rely heavily on the EXE, SCR, PIF, BAT, VBS and a handful of other file formats that can not only carry virus code, but can infect the majority of computer users, regardless of the particular software installed on their systems.

    When you receive a file in any of these formats, it is almost certainly a virus and should simply be deleted. The lone exception is the EXE format, which "might" be a legitimate file but which warrants great caution and probably contact with the sender to verify exactly what the program they've sent to you really is, and why they have sent it as well.

  4. Attachments Are What They Say They Are As more people became aware that certain file formats such as JPG were safe, that EXE might not be and that VBS files definitely are not, virus writers realized that they could use "double extensions" to trick many users into running infected attachments.

    The implementation of "double-extensions" is simple, just take virus carrying files such "readme.exe" or "photo.vbs" (which many users would know better than to launch) and rename them as "readme.TXT.exe" and "photo.JPG.vbs" before emailing them to others.

    The disastrous effect of this simple trick is that upon first glance, many users will assume that the file names above are for TXT and JPG files, (which are safe) and will then willing execute them, even though they are really EXE and VBS files, which are quite dangerous. Using capital letters to emphasize the first (and false) extension further enhances both the deception and effectiveness of this trick.

    The initial lesson here is that you need to carefully review the full name and extension of any files that you receive, either though email or from an Internet download. Always remember that the last three characters of the file's name actually define the file type and what your computer will do with it when the file is launched.

    Unfortunately, for many users this is not easy to do as there is a setting within Windows that will "Hide file extensions for known file types." If this option is selected then it becomes very difficult for the average user to realize the true nature of "double extension" files.

    I've heard from many people who honestly believe that JPG or MP3 files have infected their systems, when this is not the case. The actual files they received, and executed, ended with VBS but their computer hid that extension from their view because of the "Hide file extensions" setting on their system.

    This means that in order to truly understand the nature of files that you may receive, you must be able to see their entire file names. Further, if you ever receive a file that has such a "double-extension" delete it immediately as there is absolutely no legitimate reason for such file naming, other than to trick you into executing a file that you shouldn't.

    If your system is not showing you full file names, then detailed instructions for accomplishing this can be quickly found by looking up the word "Extensions" in the Windows Help menu.

  5. Anti-Virus Software Will Protect You Users who have purchased Anti-Virus Software (AVS) often come to rely too heavily on these programs for the protection of their systems, and then become infected as a result.

    It's a very common misconception to assume that email attachments you receive are safe as long as your AVS has scanned them first.

    The problem with relying on such software unconditionally is that whenever a new virus (or sometimes just a new variation) appears you are generally vulnerable until:

    • Other users become infected
    • The virus is reported to your AVS vendor
    • This company verifies the virus
    • And, then updates their "virus definition" files
    • You download and install these updated virus protection files to your computer

    While this process usually doesn't take an unreasonable amount of time, it obviously takes much longer than the time needed for modern viruses to spread, and your computer is vulnerable in the meantime.

    Significantly, several recent viruses have begun to specifically attack the most popular AVS programs themselves. If any of these viruses reach your computer before the AVS vendor's updates do, then your system may be left without any virus protection at all, though you will not be aware of this rather important fact.

    In summary, even those with the best AVS and most regular updating practices cannot be assured that they will not be infected simply as a result of installing anti-virus software programs.

    While AVS software is a necessity in today's email environment, it should be considered your last defense, not your first.

Best Practices for Avoiding Infection

While all of this might sound overwhelming at first, avoiding viruses can be best achieved by following just four steps:

  1. Send and receive your email with any program other than Outlook or Outlook Express, and disable "executable HTML" within the software you use.
  2. Recognize which types of files are likely to pose the greatest risks and simply delete them
  3. Understand the real nature of file extensions so that you're not fooled by the use of "double-extensions"
  4. Use a frequently updated AVS program to scan just the attachments that you haven't already identified and deleted yourself

Being "virus free" is actually easier that even this may sound as you only have to implement the first step once and you'll soon realize that following the second and third steps will almost (but not quite) eliminate the need for scanning files with your AVS at all.

The fact is that once you know what to look for, and how to avoid the tricks, you'll be pleasantly surprised at just how easily you will be able to identify and delete the emails that may have once threatened your system and caused you great stress.

Stephen M. Canale
Contact Stephen

Preparing Professionals for Competition in Tomorrow's Marketplace
Copyright©1995-2005 Stephen M. Canale