Column supplement, published at WebLens.org

The recent Nimda virus is an example of the new and ever more malicious ways that virus makers continue to create to infiltrate your computer. The new generation of worms can reproduce independently and mail themselves to users. Even more disturbingly, certain email worms do not even need attachments to spread — they can be activated simply by switching folders or viewing an email in Outlook's preview pane. Nimda has added the Web to its bag of tricks, using ordinary web pages, as well as email, to spread — a development that will likely spawn a whole new generation of web-savvy worms. It is therefore more important than ever to practice safe computing, although it can be tough to find a balance between adequate security and reasonable functionality. Below are some strategies the experts suggest for keeping viruses, hackers and worms out of your computer.

Get a firewall

You can download trial versions from one of these vendor sites. Although not foolproof, firewalls keep hackers out of your computer by placing a barrier between it and the Internet and filtering incoming and outgoing traffic according to certain rules. They also provide added protection against malicious code. Conventional wisdom used to hold that only those with dedicated connections needed this measure. Dial-up users were not vulnerable. Security experts maintain this is no longer true. The dangerous new generation of worms puts all users at risk.

Install good anti-virus software

You can download trial versions from any of these vendor sites. Update your virus definitions weekly, if not daily. I cannot emphasize this point enough. Many people seem to feel that once you have installed anti-virus software, your job is done. Not true. New viruses emerge every day. A lot of people were caught by Nimda because they happened to encounter an infected web page between scheduled updates. It is critical to update your software with the latest virus definitions frequently. Many anti-virus programs provide a facility to automate this task.

Keep Auto-Protect enabled

Enable auto-protect, in both your firewall and your anti-virus software. Once these programs are installed, they will place small icons in your system tray, at the right-hand end of your Windows Taskbar. You can access these programs by double-clicking on their respective icon. Once the program starts up, you should see a message that auto-protect is enabled, along with a “Disable” button. You may need to occasionally disable auto-protect (to install software, for example). Make sure it is re-enabled afterwards, especially when you are online. Configure your anti-virus software to scan all files, not just program files. The slight performance degradation is worth the added security.

Be wary of ALL email attachments

Suspect attachments, even those from trusted friends. Not only do many worms swipe people's address books, sending themselves out under seemingly legitimate names, many also masquerade as harmless documents. The Anna virus, for example, was disguised as a sexy photo of tennis star Anna Kournikova; the Mother's Day virus, as a gift order confirmation. Remember that Word and Excel files are also vulnerable to viruses. Use WordPad or Microsoft's Word Viewer to preview Word documents without opening. Virus scan all attachments before opening. In Eudora, you can do this by right-clicking on the attachment filename and selecting "Scan with (name of your anti-virus software)". First, you must locate the attachment from the File Browser tab on the left of your screen. Attachments are stored in Eudora's attachment folder, which is under the Qualcomm folder in the Program Files directory. It is equally important to scan attachments in Outlook or Outlook Express.

Be especially wary of executable attachments

These are files with an EXE, VBS, or SHS extension. They can include the many entertaining cartoons, games, polls, and other diversions circulating around the Net. Such files are programs that run when you click on them (in some cases, without you even needing to take any action). That amusing Shockwave game could be harmless, but it could also mask a virus or malicious script. NEVER open a file called "readme.exe." It's the Nimda worm; legitimate readme files have a TXT extension. Many experts recommend that you delete any email attachment with an EXE, VBS, or SHS extension, unless it is a file you are expecting. Even then, virus-scan it before opening.

Do not assume any file is safe

A longstanding truism held that certain types of files - TXT, GIFs, JPGs, etc. - were OK to open. This may be true, but virus makers are devious. Windows, by default, hides file extensions. Virus makers can use this feature to disguise their handiwork as something innocuous, tricking unwary users into opening attachments. That is how the Anna virus masqueraded as a harmless photo. The true filename of the virus was AnnaKournikova.jpg.vbs. Users who had their file extensions hidden saw an attachment named AnnaKournikova.jpg. Those who clicked it probably believed it to be a harmless photograph. In fact, it was a nasty Visual Basic script. To prevent such deception, double-click the My Computer icon on your Windows desktop. In the resulting window, click the View menu and select Folder Options. In the Folder Options dialog box, click the View tab, and uncheck "Hide file extensions for known file types." Click OK to confirm your selections. Now you will be able to see complete filenames.

Plug Microsoft Outlook's security holes

Plus Outlook's notorious security gaps, and those in Internet Explorer. Nimda is not the only virus or worm to target Microsoft products. The many security weaknesses in these two programs make users easy prey for virus makers. Microsoft has released several patches that address specific security holes. The patch for the vulnerability that Nimda exploits — actually a weakness in Internet Explorer — is here. If you use Outlook, download and install the latest security patches for your version of the software. Windows 98 and 2000 users can use the Windows Update feature in the Start menu. For more on patching Outlook and IE, see these resources.

Intercept hostile scripts

Many of the newer worms use Windows scripting languages like VBScript, Jscript, or Javascript to wreak their havoc. Scripts can be embedded within HTML email, and — as Nimda has shown — malicious code can also be hidden in web pages. There are a number of things you can do to protect your system against malicious scripts. One measure often recommended is to disable Javascript, although this won't protect against VBScript worms. To disable Javascript in Netscape, click Edit/Preferences. In the Preferences dialog box, click Advanced, and remove the checkmark from beside "Enable Javascript" (there should NEVER be a checkmark beside "Enable Javascript for Mail and News"). In Internet Explorer, the exact procedure varies with version. In IE 5.x, click Tools/Internet Options, and select the Security tab. Click the "Custom Level" button. Scroll down almost to the bottom, til you see "Scripting." Under "Active Scripting," click Disable. Restart your browser.

Consider alternatives to disabling Javascript

Disabling Javascript can have both positive and negative implications. You will no longer have to endure those annoying pop-up windows and you'll be freed from sites that trap the back key, leaving you no way to escape. On the other hand, many necessary site functions are achieved with Javascript. Mouse rollovers, for example, won't work and forms will no longer calculate correctly. While you certainly don't want it in your email, you may find that disabling Javascript in your browser impairs site functionality beyond acceptable limits. One alternative is to configure this security setting to prompt you every time your browser encounters Javascript, although this can quickly become annoying. Personally, I have chosen to risk leaving Javascript enabled. Instead, I update my firewall and anti-virus software daily, and rely on the measures already discussed, as well as these, to protect against malicious scripts:

• Use plain text email. Many people choose to send their email messages as HTML-formatted rather than plain text. This option essentially endows email messages with certain Web traits, such as sophisticated layouts, live links, fancy fonts, graphics, sound, animation and interactivity. But HTML messages are larger and take longer to transmit. Not all email software can read or display such messages, in which case they come across as gibberish. Most importantly, these messages can contain Javascript, VBScript, or other malicious code. Many email software programs use Internet Explorer to display HTML-formatted email, and Explorer has known weaknesses that worms can exploit. At the very least, disable executables in HTML email and do not use Explorer as your mail viewer. In Eudora, both features can be accessed through the Tools/Options/Viewing Mail dialog box. Make sure there is no checkmark beside "Allow executables in HTML content" or next to "Use Microsoft's viewer." You won't have quite as much email functionality (you won't see animated GIFs, for example), but your system will be more secure.
• Tweak your Internet Explorer security settings. Many people recommend you use IE's maximum setting. Anti-virus software manufacturer Symantec, for example, suggests you use the settings shown here. However, setting IE's security to maximum will disable just about everything. A more reasonable compromise may be to set IE's Internet Zone security settings to at least Medium. This will cause your browser to prompt you before running potentially unsafe content. To do this, click Tools/Internet Options, and select the Security tab. Click the "Custom Level" button. From the pop-down at the bottom of the dialog box, select "Medium". This will reconfigure all of the settings listed in the box at the top of the screen to an acceptable compromise between security and functionality. You can also customize each setting, requiring your browser to prompt you when it encounters cookies, ActiveX controls, Java applets, Javascript, and so on — or disabling these functions entirely. It will take a bit of experimentation to find a balance you can live with.
• Tweak your Outlook security settings. Even Outlook uses Internet Explorer to render HTML-formatted email. If you use Outlook, set its security settings to match Internet Explorer's Restricted Zone. To do this, click the Tools menu, select Options and click the Security tab. In the top of this panel, set Outlook to use IE's "Restricted Sites Zone". This zone should be using the highest security settings. To check in Explorer, click Tools/Internet Options/Security, select "Restricted Sites" and click the "Custom Level" button. The popdown at the botton should indicate "High". If not, change it to do so. Configuring Outlook to use these settings will disable ActiveX controls and prompt you before executing other kinds of code within your email.
• Don't preview emails. Because some worms are executed by merely previewing email or switching folders, some people suggest that you disable Outlook's preview pane. In Outlook Express 5.5, you can do this through the View/Layout menu. Uncheck "Show preview pane." You can right-click on a message and select Properties/Details to identify the source of a suspect message.
• Cripple hostile scripts. Some experts recommend disabling the Windows Scripting Host (WSH) to protect against certain worms (KakWorm, Loveletter) and other hostile scripts. The Windows Scripting Host is a feature of the Windows operating systems that enables VBS files to run under Windows 95, 98, NT 4.0, and Windows 2000. It enables users to automate tasks in Windows by providing access to the Windows shell, file system, registry, and more. However, it also enables virus writers to automate certain actions without your intervention. Because it is unlikely most users will ever need to create VBScripts, many people suggest disabling this feature entirely. Doing so will not interfere with Word macros, though it could affect some web sites. The Symantec web site provides instructions for disabling the WSH, as well as a downloadable utility (Noscript.exe) that will disable and re-enable it on the fly.

Back up your data and system configuration files

Too many of us learn the hard way. Implement a daily or weekly backup routine. Most anti-virus software programs let you make a rescue disk you can use to recover from a disaster. Do it. Back up your registry and the Wsock32.dll file as well. Both are frequent virus targets. Symantec provides instructions for backing up your registry.

Learn to identify virus hoaxes and avoid spreading them

For some unknown reason, some people like to spread false virus rumours via email. Fortunately, hoaxes are usually easy to spot. They are characterized by an urgent tone; an abundance of capital letters and/or exclamation marks; liberal references to Microsoft, AOL or other prominent IT companies; and the exhortation to forward the message to everyone you know. If you believe a message is a hoax, check this hoax list to confirm your suspicions.

Finally, if you're a Mac user, don't get too smug

While it is true that the majority of viruses target Windows (over 55,000, at last count), at least 40 viruses are known to target the Mac operating system according to the Viruses and the Mac FAQ. Moreoever, according to SolveNet, many of the thousands of macro viruses created for Windows versions of Word will infect a Mac with equal vigour.

Please feel free to print and distribute this document to friends and colleagues. Blackstone Marketing extends full permission for you to photocopy and disseminate this page as you wish, provided our copyright message remains visible.