Means Never Having to Say You're Sorry
By Claudia Lynch,
Benchmarks Online Editor
computer from viruses just might mean never having to say
you're sorry. A lot of people around the world were hit
with the ILOVEYOU virus recently,
but a lot more weren't because they quickly inoculated
their PCs with the latest virus protection files (or
someone did it for them).* It is VERY
important to make sure you have viral protection software
running on the computers that you use, both at home and
Here at UNT the Network Managers are generally
responsible for keeping the people in their departments
informed about such things, but if you're unsure about
the status of such software on your computer, you
probably ought to contact your Network Manager and ask.
If you're not sure who your Network Manager is, check
Curry Searle, the Computing Center's virus protection
manager, recently re-vamped the UNT Anti-Virus Resources
This site is accessible to anyone on campus or who comes
into campus via the UNT dial-up lines. If you satisfy
those requirements, the anti-viral software is available
to you from there free-of-charge.Once you have the
software it is wise to set it to run every time your
computer is re-started (you can always cancel it if you
have to re-start several times). You should also set it
to automatically update.
Automated VirusScan Updates
Wil Clark, who used to be the campus virus guru, wrote
an article on "Automated VirusScan Updates"
Here is an edited version of Wil's instructions for
setting VirusScan to automatically update:
- Remember these features are discussed here
primarily to help you with your home
computer. You should check with your
network administrator before making any changes
to your UNT computer as your administrator may
have a different mechanism in place for updating
- You will need to have McAfee VirusScan installed
on your computer to use these features. UNT
students and employees can download a copy of
McAfee VirusScan from http://www.unt.edu/virus/.
Please note that you must be on the UNT network
or connected through UNT's dial-up access to
download these files.
- We will configure VirusScan to update its virus
definition (dat) files. You may recall
that this is the information that VirusScan uses
to identify viruses. McAfee releases new datfiles
weekly. We will use McAfee VirusScan Scheduler.
Perform the following steps:
- 1.Launch McAfee VirusScan Scheduler (Start ->
Programs -> McAfee VirusScan -> McAfee
- 2.Open AutoUpdate properties (Right-click on
AutoUpdate then click on Properties).
- 3.Click Configure
- 4.Delete existing Update sites (Click on a site
then click Delete button; repeat for each site).
- 5.Add UNT update site (Click Add
- 6.Type UNT for Site Name.
- 7.Enable site (click on and ensure a check mark
appears in the Enabled box).
- 8.Choose FTP for Select Transfer Method (click on
and ensure a dot appears in the FTP circle).
- 9.Type ftp.unt.edu/pub/antivirus/datfiles/4.x
for the FTP computer name and directory
- 10.Enable Anonymous FTP Login (click on and
ensure and check mark appears in the Use
anonymous FTP login box).
- 11.Click OK on the Automatic Update Properties
- 12.Click OK on the Automatic Update dialog box.
- 13.Click the Schedule tab on the Task Properties
- 14.Enable the automatic update (click on and
ensure a check mark appears in the Enable box).
- 15.Choose a frequency for the update to run
(click on one of the choices in the Run section).
Note: your computer must be on and connected to
the Internet for this to work. It might be useful
to choose a more frequent update period to ensure
that you get weekly updates.
- 16.Choose an appropriate Start at time for the
frequency you selected.
- Once this is configured your computer will
automatically look for updates to the Datfiles.
Your virus scanning software will be updated and
you don't have to remember to update it. Each
time your dat files are updated. you will be
prompted to reboot your computer. This must occur
to begin using the new dat files.
Crispen's Six Antivirus Rules
Now that we've got that out of the way, we've
satisfied rules #1 and #2 of "Crispen's Six
Antivirus Rules." Patrick Douglas Crispen is the
author of the Internet
TOURBUS. In the Volume 5, Number 89 -- 4 May 2000
issue, Patrick rewrote his virus protection rules. If you
follow them you really may never have to say you're
sorry, at least about losing data/crashing your computer
due to a virus.
- Crispen's *SIX* Antivirus Rules -- 4 May
- In light of the recent "ILoveYou" worm
outbreak, I decided to re-rewrite my rules on how
to protect yourself from computer viruses, Trojan
horses, or worms. Regardless of your operating
system, these six rules should protect you from
most of the over FORTY-SIX THOUSAND viruses that
are currently floating around the Net (including
the "ILoveYou" worm).
- 1. PURCHASE A GOOD, COMMERCIAL ANTIVIRUS
PROGRAM LIKE NORTON ANTIVIRUS OR MCAFEE
- Most commercial antivirus programs usually cost
between US$40 and US$50 and can be purchased at
almost any computer store in the world. [You can
usually save about US$10 if you purchase the
software online -- visit http://www.shopper.com/
for more information].
- Antivirus program manufacturers also release
minor upgrades every two to three months and
major upgrades every twelve to eighteen months.
YOU NEED THESE UPGRADES. Minor upgrades are
usually free, and major upgrades usually cost
anywhere between US$20 and US$40, depending on
the manufacturer [think of this as an expected
expense -- just as you have to change your car's
oil every 3,000 miles, you have to upgrade your
antivirus software every year to
- To see if any minor or major upgrades are
available for your antivirus program, visit your
antivirus program manufacturer's homepage. A list
of antivirus manufacturers' homepages can be
found at http://www.yahoo.com/
or at AOL keyword "virus."
- 2. UPDATE YOUR VIRUS DEFINITIONS
FREQUENTLY (AT LEAST ONCE A WEEK).
- With over 250 new viruses being discovered each
week, if you don't update your definitions
frequently you won't be protected from ANY of the
new viruses floating around the Net.
- How do you update your virus definitions? That
depends on the antivirus program you use. Norton
Antivirus has a "Live Update" button
built into the program; click on it, and Norton
automatically downloads and installs the latest
virus definitions from Net. McAfee VirusScan has
a similar update function (go to File -->
- If you are unsure of how to update your virus
definitions, visit the homepage of your antivirus
software manufacturer and look for their
"download," "update," or
"technical support" section.
- 3. NEVER DOUBLE-CLICK (OR LAUNCH) *ANY*
FILE, ESPECIALLY AN EMAIL ATTACHMENT, REGARDLESS
OF WHO THE FILE IS FROM, UNTIL YOU FIRST SCAN
THAT FILE WITH YOUR ANTIVIRUS PROGRAM.
- This is probably the most important rule of them
all. There are currently over forty-six thousand
viruses out there, there are over 2.8 trillion
possible files names out there, and any one of
those viruses could be hiding in any one of those
file names. A lot of people think that you can
protect yourself from a computer virus by being
on the lookout for one particular virus or one
particular file name (hence all of the virus
warnings you have received in your email inbox
lately).That's not only silly, that's dangerous.
If you want to protect your computer from
viruses, you need to ignore ALL of the virus
warnings you receive and instead beware of EVERY
file you see, especially every file that is
attached to an email message.
- It is important to note that, despite all of the
warnings to the contrary, there is no such thing
as an email virus. If you are running the most
up-to-date version of Windows (see rule #5 below)
or if you have a Mac, you can open your emails,
regardless of their subject lines, without fear
of infecting your computer, provided your email
program doesn't automatically open attachments
(most don't). It is the files that are ATTACHED
to emails that you have to fear.
- Think of a computer virus as a well-packaged
letter bomb. You can move a letter bomb from room
to room in your house without any danger. Open
the letter bomb, however, and you die. The same
is true with computer viruses. You could download
a billion virus-infected files from the Internet
and receive another billion virus-infected files
attached to email messages and your computer
still wouldn't be infected with a virus. Open, or
double-click on, just ONE of those files, though,
and your computer is dead.
- Remember, to infect your computer with a virus,
you have to open (or double-click on) a file that
contains a virus. As long as you don't open that
file, you really have nothing to fear.
- How can you scan a file for viruses? That depends
on the antivirus program you use. The best bet is
to read your antivirus program's instructions or
read its online help section. If you use Norton
Antivirus or McAfee VirusScan, right-click (or,
if you have a Mac, click and hold) on the file in
question. A pop-up menu should appear, and one of
the choices should be "Scan with ..."
and the name of your antivirus program. If that
doesn't work, just open your antivirus program
and try to scan the file from there.
- Do you have to scan EVERY file, even if that file
is from your friends or coworkers? Yes! The
Melissa, WormExplore.Zip, and
"ILoveYou" viruses distributed
themselves by opening your email program, looking
at either your 'friends' list or the list of
email addresses in your inbox, and then
distributing virus-infected files to everyone on
- In the world of computer viruses, you can't trust
ANYONE (even if they say they love you). :P
- 4. TURN ON MACRO VIRUS PROTECTION IN
MICROSOFT WORD, AND BEWARE OF ALL WORD MACROS,
ESPECIALLY IF YOU DON'T KNOW WHAT MACROS ARE.
- Word Macros are saved sequences of commands or
keyboard strokes that can be stored and then
recalled with a single command or keyboard
stroke. They enable advanced Word users to easily
accomplish what would otherwise be difficult
tasks.They also allow virus writers to do serious
damage to your computer. For example, the Melissa
virus was actually a Word Macro virus.
- If you use Word 97, go to Tools --> Options.
Click on the "General" tab. Make sure
that "Macro virus protection" (at the
bottom of the list) is checked.
- If you use Word 2000, Double-click on the Tools
menu, point to "Macro," and then choose
"Security." Select the level of
security you want. High security will allow only
- have been signed to open. Unsigned macros will be
automatically disabled. Medium security always
brings up the macro dialog protection box that
allows you to disable macros if you are unsure of
- With Macro virus protection turned on, Microsoft
Word will warn you every time you try to open a
Word document that contains a macro. The warning
gives you three choices: the option to open the
file but disable its macros ("disable
macros"), open the file with macros enabled
("enable macros"), or the option to not
open the file ("do no open"). Chose the
first (default) option: "disable
- For more information, visit the Macro Virus
Protection page at http://officeupdate.microsoft.com/focus/articles/o97mcrod.htm
- 5. RUN WINDOWS UPDATE AT LEAST ONCE A
- Windows is aptly named because it is full of
holes. There are several, inadvertent 'open
doors' (or 'security holes') in the Windows
operating system that *COULD* conceivably make
your computer vulnerable to outside attack. In
specific, a mean-spirited hacker *COULD* 'walk
through' one of these open doors on your Windows
PC and read any file on your computer, delete
specific files or programs, or even completely
erase your hard drive.
- When the folks at Microsoft discover a security
hole, they immediately release a software patch
to close it. Without the patch -- and there are
MANY -- your computer is wide open to outside
- Fortunately, downloading these patches couldn't
be simpler.Built into every 98 PC (and into every
version of Microsoft's Internet Explorer since
version 4.0)is something called"Windows
Update." Windows Update is an easy-to-use
tool that helps you ensure that your PC is
running the absolute latest Microsoft software
patches and drivers.
- Here is how to use Windows Update to download all
of the security patches Microsoft has released
since your PC was made:
- 1. Connect (or logon) to the Internet.
- 2. If you have Windows 98, launch Windows Update
by going to Start --> Settings --> Windows
Update on your PC. You can also launch Windows
Update by going to Tools --> Windows Update in
either Internet Explorer 4 or 5. Either way will
connect you to Microsoft's Windows Update page [ http://windowsupdate.microsoft.com/].
- By the way, if you don't have Internet Explorer 4
or later, Microsoft's Windows Update page will
automatically talk you through the process of
downloading and installing the latest version of
- 3. On the top left-hand side of the Windows
Update page, click on the "Product
Updates" link (it is the one with the hand
and the red *)
- 4. A pop-up window will appear, telling you to
wait while your computer DOESN'T send any
information to Microsoft (well, that's what it
- 5. Eventually, you'll see a page that says
"Select Software." When Microsoft
releases an essential update or patch to close a
security hole in Windows, they put it in this
page's "Critical Updates" section.
Select (or click on) EVERYTHING in the
"Critical Updates" section -- you need
*ALL* of the critical updates -- and then click
on the big, gray "Download" arrow in
the top right hand corner of the page.
- 6. Follow the on-screen prompts. That's it! :)
- New security holes are found in Windows every
week or two, so it is a good idea to run Windows
Update at least once a month. The first time you
run it, expect to see a MESS of critical updates.
After that, though, there should only be one or
two critical updates you'll have to download
- 6. IF SOMEONE UNEXPECTEDLY SENDS YOU AN
EXECUTABLE FILE OR VISUAL BASIC SCRIPT FILE -- IN
OTHER WORDS, A FILE THAT ENDS IN .EXE OR .VBS --
THROW IT OUT.
- Most of the forty-six thousand viruses that are
floating around the Net right now are hiding in
executable files. Some of the most vicious, new
viruses are hiding in Visual Basic script files.
If someone, even a close personal friend,
unexpectedly sends you a file that ends in .exe
or .vbs -- or if they unexpectedly send you a
zipped file that contains a file or files that
end in .exe or .vbs -- your safest bet is to
delete the file without opening it.
- The key word here is "unexpectedly." If
you are expecting a friend to send you an
executable file, you certainly don't need to
delete that file -- just virus scan it first
before you open it.
- However, if you are in an environment (like a
home) where you don't often receive ANY files
attached to your incoming email messages, a
better rule would be: "When in doubt, throw
it out... and doubt EVERYTHING."
- How well will these six rules protect your
computer from becoming infected with a virus,
Trojan horse, or worm? Take a look at the
following questions, and decide for yourself. How
many people whose computers were infected with
the "ILoveYou" virus ignored at least
one of these rules? ALL OF THEM! How many people
who followed these six rules had their computers
infected by "ILoveYou?" NONE OF THEM!
How many people whose computers were infected
with the WormExplore.Zip virus ignored at least
one of these rules? ALL OF THEM! How many people
who followed these six rules had their computers
infected by the WormExplore.Zip virus? NONE OF
- These six rules will not protect you from every
computer virus, Trojan horse, or worm, but they
will so significantly decrease your computer's
chances of becoming infected that you can all but
forget about the next virus scare and all the
ones that will follow.
*Of course if you were using a Mac or
weren't running the Windows Operating Environment, you
couldn't have gotten the virus anyway, it was/is
Other articles in this issue also address the topic of
viruses and computer security: