Page One

Campus Computing News

Renew PRAS Accounts for the Summer

Need Statistics for Your Website?

Save a Tree. . . E-mail Your Homework!

Virus Protection Means Never Having to Say You're Sorry

HTML Formatting in GroupWise 5.5

GroupWise Document Management: Checking Documents In and Out

RSS Matters

The Network Connection

List of the Month

WWW@UNT.EDU

Short Courses

IRC News

Staff Activities
    

Virus Protection Means Never Having to Say You're Sorry

By Claudia Lynch, Benchmarks Online Editor

Protecting your computer from viruses just might mean never having to say you're sorry. A lot of people around the world were hit with the ILOVEYOU virus recently, but a lot more weren't because they quickly inoculated their PCs with the latest virus protection files (or someone did it for them).* It is VERY important to make sure you have viral protection software running on the computers that you use, both at home and at work.

Here at UNT the Network Managers are generally responsible for keeping the people in their departments informed about such things, but if you're unsure about the status of such software on your computer, you probably ought to contact your Network Manager and ask. If you're not sure who your Network Manager is, check here http://www.unt.edu/helpdesk/netman.htm.

Curry Searle, the Computing Center's virus protection manager, recently re-vamped the UNT Anti-Virus Resources page (http://www.unt.edu/virus/). This site is accessible to anyone on campus or who comes into campus via the UNT dial-up lines. If you satisfy those requirements, the anti-viral software is available to you from there free-of-charge.Once you have the software it is wise to set it to run every time your computer is re-started (you can always cancel it if you have to re-start several times). You should also set it to automatically update.

Automated VirusScan Updates

Wil Clark, who used to be the campus virus guru, wrote an article on "Automated VirusScan Updates" last October. Here is an edited version of Wil's instructions for setting VirusScan to automatically update:

Remember these features are discussed here primarily to help you with your home computer. You should check with your network administrator before making any changes to your UNT computer as your administrator may have a different mechanism in place for updating it.
 
You will need to have McAfee VirusScan installed on your computer to use these features. UNT students and employees can download a copy of McAfee VirusScan from http://www.unt.edu/virus/. Please note that you must be on the UNT network or connected through UNT's dial-up access to download these files.
 
We will configure VirusScan to update its virus definition (dat) files. You may recall that this is the information that VirusScan uses to identify viruses. McAfee releases new datfiles weekly. We will use McAfee VirusScan Scheduler. Perform the following steps:
 
1.Launch McAfee VirusScan Scheduler (Start -> Programs -> McAfee VirusScan -> McAfee VirusScan Scheduler).
2.Open AutoUpdate properties (Right-click on AutoUpdate then click on Properties).
3.Click Configure… button.
4.Delete existing Update sites (Click on a site then click Delete button; repeat for each site).
5.Add UNT update site (Click Add… button).
6.Type UNT for Site Name.
7.Enable site (click on and ensure a check mark appears in the Enabled box).
8.Choose FTP for Select Transfer Method (click on and ensure a dot appears in the FTP circle).
9.Type ftp.unt.edu/pub/antivirus/datfiles/4.x for the FTP computer name and directory field.
10.Enable Anonymous FTP Login (click on and ensure and check mark appears in the Use anonymous FTP login box).
11.Click OK on the Automatic Update Properties dialog box.
12.Click OK on the Automatic Update dialog box.
13.Click the Schedule tab on the Task Properties dialog box.
14.Enable the automatic update (click on and ensure a check mark appears in the Enable box).
15.Choose a frequency for the update to run (click on one of the choices in the Run section). Note: your computer must be on and connected to the Internet for this to work. It might be useful to choose a more frequent update period to ensure that you get weekly updates.
16.Choose an appropriate Start at time for the frequency you selected.
 
Once this is configured your computer will automatically look for updates to the Datfiles. Your virus scanning software will be updated and you don't have to remember to update it. Each time your dat files are updated. you will be prompted to reboot your computer. This must occur to begin using the new dat files.

Crispen's Six Antivirus Rules

Now that we've got that out of the way, we've satisfied rules #1 and #2 of "Crispen's Six Antivirus Rules." Patrick Douglas Crispen is the author of the Internet TOURBUS. In the Volume 5, Number 89 -- 4 May 2000 issue, Patrick rewrote his virus protection rules. If you follow them you really may never have to say you're sorry, at least about losing data/crashing your computer due to a virus.

Crispen's *SIX* Antivirus Rules -- 4 May 2000
 
In light of the recent "ILoveYou" worm outbreak, I decided to re-rewrite my rules on how to protect yourself from computer viruses, Trojan horses, or worms. Regardless of your operating system, these six rules should protect you from most of the over FORTY-SIX THOUSAND viruses that are currently floating around the Net (including the "ILoveYou" worm).
 
1. PURCHASE A GOOD, COMMERCIAL ANTIVIRUS PROGRAM LIKE NORTON ANTIVIRUS OR MCAFEE VIRUSSCAN.
 
Most commercial antivirus programs usually cost between US$40 and US$50 and can be purchased at almost any computer store in the world. [You can usually save about US$10 if you purchase the software online -- visit http://www.shopper.com/ for more information].
 
Antivirus program manufacturers also release minor upgrades every two to three months and major upgrades every twelve to eighteen months. YOU NEED THESE UPGRADES. Minor upgrades are usually free, and major upgrades usually cost anywhere between US$20 and US$40, depending on the manufacturer [think of this as an expected expense -- just as you have to change your car's oil every 3,000 miles, you have to upgrade your antivirus software every year to year-and-a-half].
 
To see if any minor or major upgrades are available for your antivirus program, visit your antivirus program manufacturer's homepage. A list of antivirus manufacturers' homepages can be found at http://www.yahoo.com/ or at AOL keyword "virus."
 
2. UPDATE YOUR VIRUS DEFINITIONS FREQUENTLY (AT LEAST ONCE A WEEK).
 
With over 250 new viruses being discovered each week, if you don't update your definitions frequently you won't be protected from ANY of the new viruses floating around the Net.
 
How do you update your virus definitions? That depends on the antivirus program you use. Norton Antivirus has a "Live Update" button built into the program; click on it, and Norton automatically downloads and installs the latest virus definitions from Net. McAfee VirusScan has a similar update function (go to File --> Update VirusScan).
 
If you are unsure of how to update your virus definitions, visit the homepage of your antivirus software manufacturer and look for their "download," "update," or "technical support" section.
 
3. NEVER DOUBLE-CLICK (OR LAUNCH) *ANY* FILE, ESPECIALLY AN EMAIL ATTACHMENT, REGARDLESS OF WHO THE FILE IS FROM, UNTIL YOU FIRST SCAN THAT FILE WITH YOUR ANTIVIRUS PROGRAM.
 
This is probably the most important rule of them all. There are currently over forty-six thousand viruses out there, there are over 2.8 trillion possible files names out there, and any one of those viruses could be hiding in any one of those file names. A lot of people think that you can protect yourself from a computer virus by being on the lookout for one particular virus or one particular file name (hence all of the virus warnings you have received in your email inbox lately).That's not only silly, that's dangerous. If you want to protect your computer from viruses, you need to ignore ALL of the virus warnings you receive and instead beware of EVERY file you see, especially every file that is attached to an email message.
 
It is important to note that, despite all of the warnings to the contrary, there is no such thing as an email virus. If you are running the most up-to-date version of Windows (see rule #5 below) or if you have a Mac, you can open your emails, regardless of their subject lines, without fear of infecting your computer, provided your email program doesn't automatically open attachments (most don't). It is the files that are ATTACHED to emails that you have to fear.
 
Think of a computer virus as a well-packaged letter bomb. You can move a letter bomb from room to room in your house without any danger. Open the letter bomb, however, and you die. The same is true with computer viruses. You could download a billion virus-infected files from the Internet and receive another billion virus-infected files attached to email messages and your computer still wouldn't be infected with a virus. Open, or double-click on, just ONE of those files, though, and your computer is dead.
 
Remember, to infect your computer with a virus, you have to open (or double-click on) a file that contains a virus. As long as you don't open that file, you really have nothing to fear.
 
How can you scan a file for viruses? That depends on the antivirus program you use. The best bet is to read your antivirus program's instructions or read its online help section. If you use Norton Antivirus or McAfee VirusScan, right-click (or, if you have a Mac, click and hold) on the file in question. A pop-up menu should appear, and one of the choices should be "Scan with ..." and the name of your antivirus program. If that doesn't work, just open your antivirus program and try to scan the file from there.
 
Do you have to scan EVERY file, even if that file is from your friends or coworkers? Yes! The Melissa, WormExplore.Zip, and "ILoveYou" viruses distributed themselves by opening your email program, looking at either your 'friends' list or the list of email addresses in your inbox, and then distributing virus-infected files to everyone on that list.
 
In the world of computer viruses, you can't trust ANYONE (even if they say they love you). :P
 
4. TURN ON MACRO VIRUS PROTECTION IN MICROSOFT WORD, AND BEWARE OF ALL WORD MACROS, ESPECIALLY IF YOU DON'T KNOW WHAT MACROS ARE.
 
Word Macros are saved sequences of commands or keyboard strokes that can be stored and then recalled with a single command or keyboard stroke. They enable advanced Word users to easily accomplish what would otherwise be difficult tasks.They also allow virus writers to do serious damage to your computer. For example, the Melissa virus was actually a Word Macro virus.
 
If you use Word 97, go to Tools --> Options. Click on the "General" tab. Make sure that "Macro virus protection" (at the bottom of the list) is checked.
 
If you use Word 2000, Double-click on the Tools menu, point to "Macro," and then choose "Security." Select the level of security you want. High security will allow only macros that
have been signed to open. Unsigned macros will be automatically disabled. Medium security always brings up the macro dialog protection box that allows you to disable macros if you are unsure of the macros.
 
With Macro virus protection turned on, Microsoft Word will warn you every time you try to open a Word document that contains a macro. The warning gives you three choices: the option to open the file but disable its macros ("disable macros"), open the file with macros enabled ("enable macros"), or the option to not open the file ("do no open"). Chose the first (default) option: "disable macros."
 
For more information, visit the Macro Virus Protection page at http://officeupdate.microsoft.com/focus/articles/o97mcrod.htm
 
5. RUN WINDOWS UPDATE AT LEAST ONCE A MONTH
 
Windows is aptly named because it is full of holes. There are several, inadvertent 'open doors' (or 'security holes') in the Windows operating system that *COULD* conceivably make your computer vulnerable to outside attack. In specific, a mean-spirited hacker *COULD* 'walk through' one of these open doors on your Windows PC and read any file on your computer, delete specific files or programs, or even completely erase your hard drive.
 
When the folks at Microsoft discover a security hole, they immediately release a software patch to close it. Without the patch -- and there are MANY -- your computer is wide open to outside attack.
 
Fortunately, downloading these patches couldn't be simpler.Built into every 98 PC (and into every version of Microsoft's Internet Explorer since version 4.0)is something called"Windows Update." Windows Update is an easy-to-use tool that helps you ensure that your PC is running the absolute latest Microsoft software patches and drivers.
 
Here is how to use Windows Update to download all of the security patches Microsoft has released since your PC was made:
 
1. Connect (or logon) to the Internet.
 
2. If you have Windows 98, launch Windows Update by going to Start --> Settings --> Windows Update on your PC. You can also launch Windows Update by going to Tools --> Windows Update in either Internet Explorer 4 or 5. Either way will connect you to Microsoft's Windows Update page [ http://windowsupdate.microsoft.com/].
 
By the way, if you don't have Internet Explorer 4 or later, Microsoft's Windows Update page will automatically talk you through the process of downloading and installing the latest version of Internet Explorer.
 
3. On the top left-hand side of the Windows Update page, click on the "Product Updates" link (it is the one with the hand and the red *)
 
4. A pop-up window will appear, telling you to wait while your computer DOESN'T send any information to Microsoft (well, that's what it says!)
 
5. Eventually, you'll see a page that says "Select Software." When Microsoft releases an essential update or patch to close a security hole in Windows, they put it in this page's "Critical Updates" section. Select (or click on) EVERYTHING in the "Critical Updates" section -- you need *ALL* of the critical updates -- and then click on the big, gray "Download" arrow in the top right hand corner of the page.
 
6. Follow the on-screen prompts. That's it! :)
 
New security holes are found in Windows every week or two, so it is a good idea to run Windows Update at least once a month. The first time you run it, expect to see a MESS of critical updates. After that, though, there should only be one or two critical updates you'll have to download every month.
 
6. IF SOMEONE UNEXPECTEDLY SENDS YOU AN EXECUTABLE FILE OR VISUAL BASIC SCRIPT FILE -- IN OTHER WORDS, A FILE THAT ENDS IN .EXE OR .VBS -- THROW IT OUT.
 
Most of the forty-six thousand viruses that are floating around the Net right now are hiding in executable files. Some of the most vicious, new viruses are hiding in Visual Basic script files. If someone, even a close personal friend, unexpectedly sends you a file that ends in .exe or .vbs -- or if they unexpectedly send you a zipped file that contains a file or files that end in .exe or .vbs -- your safest bet is to delete the file without opening it.
 
The key word here is "unexpectedly." If you are expecting a friend to send you an executable file, you certainly don't need to delete that file -- just virus scan it first before you open it.
 
However, if you are in an environment (like a home) where you don't often receive ANY files attached to your incoming email messages, a better rule would be: "When in doubt, throw it out... and doubt EVERYTHING."
 
How well will these six rules protect your computer from becoming infected with a virus, Trojan horse, or worm? Take a look at the following questions, and decide for yourself. How many people whose computers were infected with the "ILoveYou" virus ignored at least one of these rules? ALL OF THEM! How many people who followed these six rules had their computers infected by "ILoveYou?" NONE OF THEM! How many people whose computers were infected with the WormExplore.Zip virus ignored at least one of these rules? ALL OF THEM! How many people who followed these six rules had their computers infected by the WormExplore.Zip virus? NONE OF THEM!
 
These six rules will not protect you from every computer virus, Trojan horse, or worm, but they will so significantly decrease your computer's chances of becoming infected that you can all but forget about the next virus scare and all the ones that will follow.

*Of course if you were using a Mac or weren't running the Windows Operating Environment, you couldn't have gotten the virus anyway, it was/is Windows-based.

Other articles in this issue also address the topic of viruses and computer security: