One Step Behind: Dealing with new virus threats
(updated from original article ©2004 Mitch Garvis)
Occasionally I publish articles I have written regarding various aspects of computer threats to the people on my contact list. I do this because as a computer consultant I feel it is my duty to keep my clients, colleagues, friends, and family informed of real threats to their computer security. Not too long ago I sent an e-mail regarding virus hoaxes, and how they clog up the Internet. Unfortunately this e-mail is the opposite. In my lectures, seminars, and consultations I am often asked ‘how can we beat the bad guys?’ why can't we install a program that will once and for all eliminate the threat of viruses, intrusions, and other threats to our systems and data. The answer is that there is no magic pill, and the greatest weapon we have against the bad guys is our constant vigilance. I also answer that unfortunately the good guys will always be playing catch-up; we will always be one step behind the hackers and virus writers. It is not because they are smarter than we are, rather because the complexities and constant evolution of computers and operating systems make it easy for intruders to find a new unguarded door every time the programmers close the last one. Thankfully there are some very smart people working on the side of the just: the team at the Symantec Anti-Virus Research Center; the anti-virus teams of Trend Micro, McAfee, F-Secure, Panda, Sophos, Kaspersky Labs, Computer Associates, EICAR (European Institute for Anti-virus Research), Hauri, and a hundred others, teams that are dedicated to making the vigilance easier on the end-user. These resources, for a small cost, will make your computer safe, secure, and available. Unfortunately many of us have begun to rely too closely on these programs, and have developed a false sense of security. Often a perfect example of the situation I mentioned earlier will arise, and we the public again find ourselves one step behind the bad guys. Virus writers attach assuring messages to the bottom of their e-mails stating that the e-mail has been checked and cleared by McAfee, Symantec, or other anti-virus software. This is the cyberspace equivalence of a bottle of poison bearing the label ‘safe to drink.’ DO NOT OPEN THESE E-MAILS. Now some of you are saying ‘well I know what Mitch said, but I have the latest anti-virus software protecting my computer, so I should be safe.’ This is only party true. I know that I take every reasonable precaution to prevent virus infection in my computer, including having infected files stripped from the e-mail before it even reaches my computer. However the one precaution that I as an expert in the field consider more valuable than any other is my own common sense. If something does not look right, I do not open it. Recently I received the first of a new strain of virus in my Inbox, and though it did not say ‘open me I’m a virus’ I still saw it as suspicious, and wondered why my three levels of virus-protection did not strip the file. It also bore the reassuring tag: X-Attachment-Type: document; X-Attachment-Status: no virus found; Powered by the new MCAfee OnlineAntiVirus. As I found it suspicious, I verified with one of the online sources I named, and sure enough a new strain of virus had come out the day before, where my virus definitions were three days old. I downloaded and installed the newer definitions, rescanned the suspicious e-mail, and sure enough it was infected. Now here is the good news: until you open an e-mail attachment your computer will not be infected by the virus. This includes attached links to web pages that infect your computer through scripting, meaning that just because you have received a virus does not mean that your system has been infected by it. Delete the e-mail, and then delete it from your deleted items folder. If you want to be a small part of the solution, you can forward the infected file to one of the anti-virus organizations mentioned earlier in this article. Check their home pages for the appropriate links. Most importantly do not pirate anti-virus software. By purchasing the programs and paying the small yearly subscription fees you are helping to ensure that the companies who are trying to keep your computers safe can continue to do so in the future.
Viruses are a very real and a very scary threat. However with the proper tools – software and common sense – you can be pretty sure that your environment is safe.