By Dr. Philip Baczewski, Associate Director of Academic Computing

Just When You Thought it was Safe...

Just when you thought it was safe to go back onto the Internet, catastrophe strikes! The Melissa virus in unleashed upon the world creating havoc for all Internet users! No hard drive is safe! Reading mail is now a high-risk activity akin to scuba and sky diving! No E-mail box is unaffected! If you listened to some media reports, you might think the preceding to be true. While it is true that an estimated 100,000 computers were affected by the Melissa virus, if you received a copy or even know someone who did, you are probably in the minority.

You can't ignore the Melissa virus or pretend that a threat does not exist, however, a bit of perspective can be applied to truly understand its impact and measure the threat to your Internet E-mail box from similar occurrences. Once again, what was a minor Internet incident was blown up to the proportions of a major catastrophe by U.S. news media outlets. This is not to say that we must shoot the messenger, but it illustrates that listening exclusively to a computing-undereducated media can provide a false view of what might be a real problem.

Shades of Michelangelo

If you are old enough, you might remember way back in 1992, when the computing world was to come to an end as of March 6, Michelangelo's birthday. At that time, news outlets published and broadcast predictions that as many as 5 million computers would be affected. The real numbers were much smaller, around 10,000-20,000, and today the incident is a distant memory for most people (see http://www.kumite.com/myths/fas/fas-mich.htm for more information).

The current Melissa scare developed quite similarly to the Michelangelo uproar, with the exception that most of the reporting happened after the virus had acted on some computers. In the case of the Michelangelo incident, there was a deadline to which the media could point with dreadful anticipation, an anticipation that seemed to be partially orchestrated by some people who stood to gain by selling lots of copies of virus protection software. Reporting on the Melissa virus was an overreaction to an event which had quite a negative affect on a few large companies running a specific combination of software. Responsible reporting would have identified those particularly at risk, but for the most part, what was reported were sweeping and often inaccurate generalizations.

Don't Believe Everything You Hear...

Several of the generalizations heard about the Melissa virus are easily debunked. Doing so will perhaps give you a better idea of what kind of risk there really was and to what extent your computer was/is vulnerable.

1. Any computer on the Internet is automatically vulnerable.

FALSE. Only computers with the ability to store a Microsoft Word format document and run Microsoft Word to display that document would be affected. If you don't have any of the Microsoft Office applications installed on your computer, then Melissa won't affect you.

2. Reading the E-mail will infect your computer.

FALSE. The E-mail message itself cannot do any harm to your computer. The offending virus is actually contained in an E-mail attachment, a Word-format file. Within the Word file, the virus is in the form of a Word Macro which has the ability to store itself within your Word software and infect other files you might edit with Word. But, if you don't ever open or save and edit the attachment, you won't infect your computer.

3. Accidentally infecting any computer with Melissa will automatically cause it to spread itself via E-mail to 50 other people.

FALSE. Infecting your computer with Melissa will cause it to spread to any other documents you edit in word, however, only computers with the Microsoft Outlook E-mail program in use have the potential to spread the virus via E-mail messages. The virus does so by sending messages to the first 50 people in your Outlook global address book. If you have no names in your Outlook address book, the virus will not replicate itself in this manner.

4. The Melissa virus will erase your hard drive.

FALSE. In spite of some reports, Melissa will not erase your hard drive (I actually heard an "expert" on a radio broadcast say something like "You never know about these viruses, and it might erase your hard drive at some point....")

5. You shouldn't open any E-mail attachments.

DUMB. The point of E-mail is to easily exchange information. If you take steps to protect yourself from viruses and are reasonably suspicious of attachments from unknown sources, there is no reason to paralyze your ability to use E-mail effectively by being afraid of any attachment you might receive.

What's a Computer to Do?

If you are worried about Melissa and her kin, there are a few good pieces of advice to follow.

1. Install a current virus protection software package (UNT licenses software from Network Associates for this purpose. See http://www.unt.edu/virus/a-vtools.html).

2. Keep current on the virus information used by your virus program and available from the software vendor or from a local distribution site.

3. Turn on "Macro Protection" in your Microsoft Word software.

4. Don't use Word as the default editor for Outlook or other E-mail programs.

5. Keep educated on real versus bogus virus threats by monitoring web pages like http://www.avertlabs.com/ and http://www.kumite.com/myths/ .

By now, it's almost impossible to find any stories about the Melissa virus in the popular press. Broadcast outlets have ceased talking about it as well. It was an entertaining story for news outlets while it was fresh, but the novelty which made it such an attractive story has warn off and there has been little follow-up to see what the actual impact was. This illustrates that "The News" is not the place to find out about viruses. Being proactive about your virus protection is your best defense. By protecting your computer you can apply the proper level of concern and not be paralyzed with fear every time you are faced with opening your E-mail.

Comments, Questions? Send them to Philip Baczewski.