Harley Hahn's
Internet Insecurity

Chapter 10...

Protecting Your Stuff: Viruses and Common Sense

Who Needs Special Virus Protection?

In this chapter, I'll show you how to protect your computer from the various types of viruses. I'll deal with each type of virus in turn, and then address the problem of how to avoid trouble. At the end of the chapter, I'll summarize everything into 4 simple rules.

You will find that the precautions you need to take to protect yourself against viruses are actually quite simple. In fact, as I will explain later, there is no need for you to use special software such as an antivirus program (discussed later in the chapter) or a personal firewall (discussed in Chapter 11).

Before we start, I want to take a moment to qualify my advice. What I am about to explain in these two chapters is applicable if you are one person using a single computer or a family with several computers (and, possibly, a small home network). If you use the Internet at work and your computer is connected to a large network, things are different.

As a general rule, a network large enough to require a full-time administrator should have special protection. If you work in such a network, you do need antivirus programs, a firewall, and so on. However, these tools should be installed and maintained by your network administrator.

What if you work in an office, but your network is not large enough to require a full-time expert? Just follow the guidelines in this chapter and Chapter 11, and you will be all right.

Jump to top of page

How Viruses Spread by Sharing Files

As we discussed earlier, a regular virus (as opposed to a worm or a macro virus) spreads by inserting itself into a file that contains a program. When you run the program, the virus becomes active and tries to copy itself to another file. (At the same time, of course, the virus will cause damage if it is programmed to do so.)

In the olden days, before the Web and before the Internet became popular, viruses were more of a problem than they are today, because people shared software freely. In those days, programs with viruses typically spread in one of two ways.

First, many people used BBSs. A BBS, or Bulletin Board System, was an independent service offering file sharing, discussion forums and chatting. Most BBSs were run by one person, and many of them specialized in a particular area of interest, such as games or software. There was a time, before the Web, when BBSs were very popular. In fact, in the first three editions of my Yellow Pages book ( Harley Hahn's Internet Yellow Pages). from 1994-1996, I had a whole section devoted to BBSs.

Each BBS had its own phone number. To access a BBS, you would have your computer dial that BBS's phone number. Once you made the connection, you would log in with a user name and password. You could then use the BBS to upload and download software.

(UPLOAD means to copy a file from your computer to a remote computer. DOWNLOAD means to copy a file from a remote computer to your computer. If you ever get confused, just think of the remote computer as being above you in the sky.)

As you might imagine, BBSs were a common source of viruses. Typically, a virus programmer would deliberately insert a virus into a popular file (such as a game or utility program) — thereby creating a Trojan horse — and start sharing it by uploading it to a BBS. By the time anyone knew that the program contained a virus, it would have already been downloaded and installed by many people. Moreover, as people began to upload the file to other BBSs, all in the spirit of sharing, the virus would spread even faster.

A second way in which people used to share software was to copy a program on a floppy disk and give it to a friend. The friend would take the floppy home and put it in his computer.

Sharing software via floppy disks is risky because it makes it easy for viruses to spread. If a program on a floppy disk contains a virus, and you copy that program to your hard disk, you will be copying the virus at the same time.

However, there is another, more insidious way in which sharing floppy disks can spread viruses. It's a bit technical, so I'll have to explain.

Internally, the raw data on a disk is organized into SECTORS. On every floppy disk, the very first sector, called the BOOT SECTOR, contains a tiny program that is executed automatically if the floppy is in the drive when the computer starts.

The very first PC virus, written in 1986, was designed to take over the boot sector of a floppy disk. This virus was called the Brain virus because it wrote the characters "(c) Brain" on the volume label (an internal label stored on the disk). If you had a floppy that contained this virus, and that floppy was in the drive when the computer started, the virus would become active in your computer's memory. Then later, if you put another floppy in the drive, the virus would copy itself to that disk. In this way, the Brain virus managed to spread extensively.

Later, many other boot sector viruses were created. Two of the more widespread ones were called Michelangelo and Stoned (in case you ever hear of them). To make things worse, most boot sector viruses are designed to spread to hard disks as well as floppy disks. Such viruses can cause a lot of problems, and can be difficult to eradicate.

Jump to top of page

What to Do About Regular Viruses

How do you keep from exposing your computer to regular viruses (the type that insert themselves into programs)? It's easy: just don't share software. All you have to remember are two guidelines:

  1. Never use a program that has been on someone else's computer.
  1. Never put a floppy disk into your computer if it has been in another computer.

As I mentioned, in the olden days, a lot of software was shared from one person to another and viruses were a big problem.

Today, there are millions of people using the Internet and the spread of viruses is actually quite small. Why? Because we don't share software much anymore. We tend to get our programs in one of three ways, all of which are safe.

Buying a computer:

When you buy a computer, it comes with a lot of free programs, all of which have been checked for viruses.

Buying brand new software:

It is safe to buy programs that come in a sealed box. However, if a friend has bought a program and offers to share it with you after he has opened the box, should you do it?

If the program comes on floppy diskettes, don't share it. It is possible that there was a virus on his computer, and that virus is now on one of the floppies.

If the program comes on a CD, you don't need to worry. The disc will be a CD-ROM, which is read-only and cannot be modified (see Chapter 3). There is no way for a virus to spread to a CD-ROM disc.

Downloading software from a Web site:

In all the years that I have been using the Internet, I have downloaded and installed more software than I can remember, and I have never even seen a virus. The reason is that, with one exception (which I'll get to in a moment), software distributed over the Web is safe. This is because most programs are distributed by the company or person who created the software, and people who create software make sure that their Web sites do not pass viruses on to their users.

The one exception is that you should avoid downloading programs from a site that is run by people of questionable honesty. For example, if you find a Web site that has PIRATED (stolen) software, don't be surprised if one of the programs has a virus.

True story: I personally know only one person who encountered a virus by downloading software from the Web. He was visiting a secret Web site that distributes tools to make it easy for people to cause trouble, for example, by breaking into other people's computer systems. One of the tools he downloaded contained a virus. When he executed the program, the virus wiped out so much data on his hard disk, that he lost everything and had to completely reinstall Windows. (Need I tell you that this was a teenage boy?)

With respect to sharing software, I want to reinforce one of the guidelines. There are file-sharing services available that allow you to swap files with other people. One well-known system is called Gnutella, but there are others.

Many people use such services to share music files, which is fine (in that music files can't carry viruses). However, there are also people who share programs in this way, and some of those programs have viruses.

So always remember, never run a copy of a program that has already been on someone else's computer. Don't download programs from a file-sharing service, and don't copy programs from your friends.

If a friend tells you about a great program he found on the Net, don't copy the program from him. Go to the official Web site for that program, and download a brand new copy for yourself.

Jump to top of page

How Viruses Spread Through Email

When you send an email message to someone, it is possible to send one or more files along with the message. For example, say that you send a message to your Aunt Beatrice saying that you have a new photo of your cat. Along with your message, you send a file that contains the picture. When your Aunt Beatrice receives the message, she can double-click on the file name to open the file and look at the picture.

When you send a file in this way, we say that you ATTACH it to the message. The file itself is called an ATTACHMENT.

By far, email attachments are the most common vehicle by which viruses spread over the Internet. As I explained in Chapter 9, viruses that spread automatically are called worms. Most of the viruses on the Net today are worms that are designed to use the email system. Here is a typical scenario.

Mortimer Goofus receives an intriguing message from one of his friends. When he looks at the message he notices that it contains an attachment. It happens that his mail program doesn't open the attachment automatically. Instead, it shows him the name of the file, and waits for him to decide what to do. This gives Mortimer a chance to look at the file name and decide if he really wants to open this file.

However, as soon as he sees that he has a file attachment, Mortimer double-clicks on the file name without thinking. (Thinking is not one of Mortimer's strong points.) Double-clicking on the file tells Windows to open the file and, in this case, it happens that the file is actually a worm. As soon as Windows opens the file, the worm starts running.

The first thing that happens is that the worm makes copies in various files on the hard disk. One of the copies is put into the C:Windows\System folder, disguised as an important system file, one that most people would be afraid to delete. The other copies are placed in various folders, to make it as difficult as possible for someone to track them down.

Once the worm has created files that contain copies of itself, it inserts a couple of new lines into the registry (see Chapter 4). This has the effect of causing the worm program to be executed automatically each time the computer starts.

The final thing the worm does is to access the list of email addresses in the address book within Mortimer's email program. The worm then sends a copy of the original message to every address on the list. Although Mortimer has no idea what is happening, the messages are sent out under his name. Along with each message is an attachment. The attachment contains — you guessed it — a copy of the worm.

Jump to top of page

What Happens When You Open a File?

In a moment, I'm going to tell you how to avoid trouble with email worms. Before I do, I want to make sure you understand what happens when you "open" a file. This is crucial to understanding how email worms spread.

Within Windows, there are several ways to open a file. If you are using Windows Explorer, you can double-click on the name of a file. If you are looking at icons — say, on your desktop — you can double-click on an icon that represents a file. If you are using a program such as a word processor, you can pull down the File menu, click on Open and then select the file you want. And, if you are reading a mail message that has an attachment, you can open the attachment (which is a file) by double-clicking on its name.

But what actually happens when you open a file? The details are a bit technical, but basically:

  • If the file contains a program, Windows runs it.
  • If the file contains data, Windows passes that data to a program that knows what to do with it. If necessary, Windows will start that program.

For example, say your desktop has an icon that represents your browser program (either Internet Explorer or Netscape). When you double-click on this icon, Windows starts your browser for you.

Now, say you have another icon, one that represents a file containing a Microsoft Word document. When you double-click on this icon, Windows passes the file to the Word program, which knows what to do with it. If Word is not already running, Windows will start it for you.

Thus, to OPEN a file means to indicate to Windows that you want to process the contents of the file in an appropriate manner.

How does Windows know what to do when you tell it to open a file? It looks at the name of the file. As we discussed in Chapter 3, all file names end with a 3- or 4-character extension. By looking at the extension, Windows can tell what is inside the file.

For example, in the name info.html, the extension is html. This tells Windows that the file contains a Web page. In the file name proposal.doc, the extension is doc. This tells Windows that the file contains a Word document.

It is important that you understand file extensions because, as you will see, the way you decide whether or not a particular email attachment is safe to open is by looking at its extension.

With Windows, everything is automatic. When you indicate that you want to open a specific file, Windows starts by looking at the extension. Windows then checks with a special table that contains information about every possible file type. You can look at this table if you want:

  1. Start Windows Explorer.
  2. Pull down the View Menu and select Folder Options.
  3. Click on the File Types tab.

In the box that says "Registered file types" you will see a list of file types. Scroll through the list. (There will be a lot more than you expect.) When you see a file type that looks interesting, click on it. You will then see the file extension that is associated with that type, as well as the name of the program that is used to open it.

Don't change anything.

Jump to top of page

What to Do About Email Viruses

Almost all viruses that spread via email are worms that are programmed to use the email system to send out copies of themselves automatically. If you inadvertently open such a worm, it will attempt to send a copy of itself to everyone in your address book.

Fortunately, this can only happen if you use a Microsoft mail program, such as Outlook or Outlook Express. Both of these programs are designed to give unencumbered access to their address book. Other mail programs won't let this happen. However, because so many people use Microsoft mail programs, email worms are a real problem.

An email virus has two parts: a message and a program. The program will be in the form of an attachment. It is always safe to read the message. However, if you open the attachment (by double-clicking on it), you will start the program running.

You can't control what other people send you. However, it is easy to avoid trouble.

If a worm did nothing more than send a copy of itself to other people behind your back, it would be a nuisance. However, virus programmers purposely design worms to cause trouble. For example, a worm can be programmed to delete files, create new files, or even download and run a program from a remote Web site.

You can't control what other people send you, especially if it is being done automatically without their knowledge. However, it is easy to avoid trouble. When you see that a message has an attachment, look carefully at the name of the file. If you are completely sure that the attachment is safe, you can open it. However, if the attachment contains a program of any type, delete it immediately.

To decide if an attachment is safe, all you need to do is look at the file extension. The following is a list of common extensions that are always safe:

.gif       (picture)
.jpg (picture)
.mp3 (music)
.txt (plain text)
.wav (sound)

The following are extensions that are not safe because they contain (or may contain) a program. Never open an email attachment that has one of these extensions.

.bat       (batch file)
.chm (compiled HTML file)
.com (program)
.exe (program)
.htm (HTML file)
.html (HTML file)
.js (JScript program)
.jse (encoded JScript program)
.lnk (Windows shortcut [link])
.pif (program information file)
.vbs (VBScript program)
.vbe (encoded VBScript program)
.wsf (Windows Script File program)
.wsh (Windows Scripting Host Settings File)

(If this looks too complicated, don't worry. In the next section, I'll give you a simple rule to follow to make everything easy.)

If you are familiar with creating Web pages, you might be wondering why I advise against opening HTML attachments. HTML (Hypertext Markup Language) is the system used to create Web pages. Every time you look at a Web page you are, essentially, opening an HTML file, so why should it be risky to open an HTML attachment?

The answer is that an HTML file has the capability of running programs on your computer without your knowing it. In fact, the Javascript system was designed by Netscape to make it easy to embed a program inside a Web page.

These capabilities are great for Web designers, because it allows them to build interesting and useful Web sites. However, the same tools also allow virus programmers to create HTML files that can run amok on your computer.

It is possible for an evil programmer to create a Web site with dangerous HTML, but he would have to find a way to get people to visit that site without letting anyone trace the problems back to him. Generally, this doesn't happen. Moreover, if a Web hosting company or ISP receives complaints about a dangerous Web site, they will shut it down immediately.

Email is different. A virus programmer can send out dangerous email in a way that is very difficult to trace. Moreover, although it may be difficult to induce someone to visit a Web site, it is all too easy to get people to click on an attachment called naked-girl.html.

The only reason email worms spread is that people who don't know what they are doing mindlessly click on everything they see. If you know such a person, please try to help him (or her). The general rule is, if you have any doubt whatsoever about an attachment, delete it. Don't open it just to see what happens.

Don't make the mistake of thinking that an attachment is safe just because it was sent by someone you trust. Worms are designed to send out copies of themselves automatically. Moreover, Microsoft mail programs make it possible for a worm to insert the person's name within the message. Thus, a worm can send you what looks like a personalized message, signed by one of your friends, so don't be fooled. If you get a worm, the person whose name is on the message doesn't even know that mail was sent out from his computer or has his name on it.

When it comes to attachments, don't trust anyone.

Jump to top of page

Making Sure Attachments Are Really Gone

With some mail programs, when you delete a message, any attachments it may have are deleted at the same time. However, you must be careful. As I explained in Chapter 4, a deleted message is not really gone. It has simply been moved from your Inbox to another folder. (With Microsoft Outlook, it is the Deleted Items folder. With Netscape Messenger, it is the Trash folder.)

Thus, if you suspect that a message has an email virus, you must be extra careful. After you delete the message, you must open the Deleted Items (or Trash) folder, find the message, and delete it a second time. The message and its attachment will now be gone permanently.

Other mail programs, such as Eudora, handle attachments differently. With Eudora, as soon as an attachment comes in, it is placed in an ATTACHMENT DIRECTORY. (This is a real Windows directory, not an internal mail folder.) In order to delete an attachment, you need to use Windows Explorer to open the attachment directory, and delete the file manually.

Again, I must warn you, as I explained in Chapter 3, when you delete a file with Windows Explorer, the file is simply transferred to the Recycle Bin. To get rid of the file permanently, you must either empty the Recycle Bin or open the Recycle bin and delete the file by hand. (See Chapter 3 for the details.)

Hint: If you hold down the Shift key when you delete a file within Windows Explorer, the file is erased permanently. It is not put into the Recycle Bin.

If you use Eudora, and you are not sure of the name of your attachment directory:

  1. Pull down the Tools menu and select "Options".
  2. Within the Category box, scroll down and click on "Attachments".

You will see a long button with the name of the attachment directory. To change your attachment directory, click on the long button.

In this same window, you will see an option "Delete attachments when emptying Trash". If you want to make deleting attachments easier, turn on this option. From now on, whenever you delete a message from the Trash folder, its attachments will be deleted automatically from the attachment directory.

Jump to top of page

Security vs. Convenience

As I mentioned in Chapter 9, there is always a trade-off between security and convenience. You can have more security if you are willing to put up with extra inconvenience. Here is an example.

The biggest virus problem on the Internet comes from worms that are spread by email. Would you like your system to be 100 percent safe? It's easy. Just follow rule number 1:

  1. Delete every attachment that enters your mailbox.

Many people follow this rule, and it works fine. However, you lose the convenience of being able to open useful attachments, such as pictures. So if you are willing to follow a slightly more complicated rule, you will at least be able to look at photos of your niece's new kitten dressed up as Little Red Riding Hood:

  1. Delete every attachment except those with a file extension of gif or jpg.

Notice that, as soon as you increase the convenience, you have to be more careful with security.

Although rule number 2 looks simple, following it can be trickier than you think, because many virus programmers give their attachments misleading names to try to fool people.

From what I explained in the last section, you know better than to open an attachment with an extension of vbs (a Visual Basic program). Indeed, vbs worms are responsible for some of the worst viruses on the Net. So, if you were to get a message with an attachment named kitten.vbs, you would simply delete it.

But what if you saw an attachment named kitten.jpg.vbs? Don't be fooled. This is a vbs file masquerading as a jpg file. In this case, the virus programmer has chosen a name to fool people who are not careful. For this reason, many people — perhaps most people — are better off giving up convenience for security by following rule number 1. Delete all attachments.

If you choose to open some attachments, remember that, when you look at a file name, there is only one extension, the one at the very end of the name. Anything else is irrelevant.

If you are willing to pay a bit more attention to security, we can expand rule 2 to give you even more convenience by letting you open other types of attachments that are safe:

  1. Delete every attachment except those with a file extension of gif, jpg, mp3, txt or wav.

If you know what you are doing, you can add even more extensions to your list of safe attachments, such as zip (compressed) files. However, the more exceptions you make, the more chance there is that you will make a mistake.

Whatever you do, never open an attachment that has an extension you do not recognize. There are some unusual file types that are executable that you have probably never seen before. If you don't know what it is, don't click on it.

Overall, unless you are an extremely careful person who has a lot of experience with Windows, my suggestion is to follow rule number 2. (Rule number 1 is easier, but why miss out on being able to look at pictures of kittens?)

Jump to top of page

Macro Viruses

Macro viruses are a special type of virus that can cause trouble when you share Microsoft Word documents and Excel spreadsheets. However, before I discuss macro viruses, I need to explain a few basic concepts.

Broadly speaking, there are two types of programs: application programs and system programs.

An APPLICATION PROGRAM is one that you use in order to do something creative, interesting or useful. Examples of application programs are word processors, database programs, spreadsheet programs, games, music programs, email programs, browsers, and so on.

A SYSTEM PROGRAM is one whose job is to support the running of the computer in some way. For instance, Windows is a very large system program. Another example is the Scandisk program, which looks for internal errors on a disk by checking how the files and folders are stored. (If your computer does not shut down properly, Windows will run Scandisk automatically when the computer restarts.)

To be philosophical, we can say that the reason system programs even exist is to allow us to run application programs. To be even more philosophical, we can say that a NERD is someone who understands system programs. Indeed, nerds see a computer system as a thing of beauty in its own right, and they love to know why things work the way they do. This is why nerds are so handy when you need help figuring out why your computer is acting in a mysterious way. A nerd may not be able to help you use your word processor to design a newsletter, but he will know what to do when the Scandisk program starts running automatically every day at 10:07 A.M.

The reason for this diversion is so I can introduce you to the idea of application programs, which allows me to talk about macros.

Some application programs are so complex as to have a special built-in facility that enables you to write programs that run only within that environment. Such programs are called MACROS, and are used to automate repetitive tasks. Most database programs, spreadsheet programs and word processors have some type of macro facility.

A typical use for a macro is to carry out a long and tricky procedure. For example, let's say you are using a word processor, and every now and then, you find yourself going through the same long series of keystrokes in order to do something or other. You can automate the process by creating a macro that performs those keystrokes for you. You can then run the macro whenever you want.

Some application programs allow you to go further. They integrate the macro facility with a full programming language, a language that has special features designed for performing tasks related to databases, spreadsheets, documents, and so on. This is the case with the family of Microsoft Office products. You can use a programming language called Visual Basic for Applications (VBA) to write programs that work with the various Office products: Word (word processing), Excel (spreadsheets), Access (databases), Outlook (email and organizing), Powerpoint (presentations), and Frontpage (Web site design).

In particular, within Word and Excel, it is possible to create macros and attach them to a specific file. Once you do so, the macros are contained within that file. This means that if you send a copy of the file to another person, he or she will also get the macros that go along with that file.

Now, it happens that both Word and Excel were designed so that it is possible to create a macro that runs automatically whenever a certain event occurs, such as when you open, save or close the file.

So let's put this all together. You can use VBA to write a powerful macro for Microsoft Word or Excel. You can then attach that macro to a Word document or Excel spreadsheet in such a way that the macro will run automatically as soon as the file is opened (or saved or closed). You can then email the file to someone and wait for the person to open it on their computer.

Eventually, these possibilities were noticed by virus programmers, who started to write MACRO VIRUSES: destructive macros that attach themselves to documents and spreadsheets. Macro viruses are designed to run automatically and cause damage as soon as you open a file. They spread because people share files without knowing that a macro virus is attached.

Jump to top of page

Early Macro Viruses

The idea of a macro virus was first described in 1989 by Harold Highland, an eminent computer security expert. Highland published a paper in which he discussed how the macro facilities of certain application programs made such viruses possible("A Macro Virus", Computers & Security, Vol. 8, 1989, pp. 178-188).

In 1989 and 1990, Highland demonstrated his ideas at various computer conferences, showing rudimentary examples using Lotus 1-2-3 running on a PC under DOS. These examples were Trojan horses in which malicious instructions were inserted into otherwise benign macros. For anything to happen, a user would have to execute the macro deliberately.

It was not until several years later that the first real, self-replicating macro virus was created. That virus, called DMV (Document Macro Virus), was created in the fall of 1994 by a computer security analyst named Joel McNamara.

At the time, McNamara lived in Carnation, Washington, outside of Seattle, not far from Microsoft's global headquarters in Redmond. McNamara was working as a security consultant, evaluating various Microsoft Office products for a client. During his investigations, he discovered that it was possible to use the built-in programming language to create viruses.

As McNamara explained to me, "I found that the nature of Microsoft's implementation of macros opened up the possibility for code to be automatically and transparently run when a document was opened." In particular, McNamara noticed that Microsoft had created a product in which "macros could automatically execute when a document was opened". Moreover, these macros "could perform operating system-type functions, which were well suited to a virus self-replicating and causing mischief".

In November 1994, McNamara created the world's first self-reproducing macro virus, for both Microsoft Word and Excel. He then wrote a paper, "Document Macro Viruses" — with the sub-title "Yes, you can spread a virus with a data file..." — in which he described his ideas and showed an actual macro virus. McNamara's virus, however, was not destructive. It was designed only as a demonstration and it did not spread.

For security reasons, McNamara did not publicize his discovery. He showed it only to other computer security experts as well as a reporter from the Wall Street Journal. However, a year and a half later, someone else followed in McNamara's footsteps. In July 1995, Concept, an unfriendly Microsoft Word virus appeared. Ironically, Concept got an enormous boost when Microsoft distributed a CD-ROM containing the virus. In a fit of damage control, Microsoft sought to downplay the very idea of macro viruses, calling Concept a "prank". (In fact, Microsoft later released a second CD-ROM that contained the virus.)

Within a short time, Concept had spread widely, not only to PCs, but to Macintosh computers, which had their own version of Word. McNamara decided it was time to release his paper. In August 1995, he published it on the Net.

Macro viruses were here to stay.

Jump to top of page

What to Do About Macro Viruses

It's easy to protect yourself against macro viruses. All you need to do is set an option to tell Word and Excel not to run macros automatically when you open a file.

For Word 2000 and Excel 2000:

  1. Pull down the Tools menu.
  2. Select Macros then click on Security.
  3. Make sure the "Security level" is set to High.
  4. Click on the OK button.

For Word 97 and Excel 97:

  1. Pull down the Tools menu.
  2. Click on Options.
  3. Click on the General tab.
  4. Make sure "Macro virus protection" is turned on.
  5. Click on the OK button.

To make sure you don't get fooled, I want to repeat some advice I gave earlier. Don't assume that a document or spreadsheet is safe just because it was mailed to you by someone you trust. It is common for people to share files without knowing that the files have macro viruses.

Jump to top of page

Antivirus Programs: The Real Truth

An ANTIVIRUS PROGRAM is a tool that helps protect your system against various types of viruses. It works in several ways. First, it scans your computer's memory to see if any viruses are currently running. Next, it checks all the files on your hard disk (or, if you wish, on a floppy disk) to see if any of them might be harboring viruses. If the program finds a corrupted file, it will do its best to extract the virus and save the file. Otherwise, it will delete the file or put it in a special "quarantine" folder.

Once your memory and disk have been checked out, the antivirus program runs in the background, acting as a protective gateway to make sure that no new virus-laden files make it onto your system. To ensure that it carries out its job, the program will start running automatically, in the background, each time you start your computer, and will constantly monitor your activities on the Web and when you use email.

Finally, to make sure that it is up to date, the program may contact its home Web site regularly, checking for updates. If one is available, the program will download it automatically. This allows the program to stay abreast of new viruses.

For most people, antivirus programs are more trouble than they are worth.

In some ways, an antivirus program sounds like a great tool to have working for you, silently protecting your system from dangerous beasts that go bump in the electronic night. However, except in a few special cases, which I'll discuss in a moment, you really don't need an antivirus program. As a matter of fact, for most people, antivirus programs are more trouble than they are worth.

First, antivirus programs are intrusive, even to the point where they can affect the performance of your computer. Many people find it inconvenient to have such programs running continuously in the background.

Second, since virus programmers never stop creating new viruses, antivirus programs need to be kept up to date. As I mentioned, some programs will use your Internet connection to check regularly for new updates. Such updates cost money, however. Most antivirus companies offer free updates for a limited time, but after that, you will have to pay a monthly fee. If you don't pay the fee, you will have no protection against new viruses.

Third, even if you pay the money and keep your antivirus program up to date, it still won't protect you against the very newest viruses. In many cases, new viruses, especially email worms, spread so fast that they can reach you before the antivirus company has a chance to create an update, and your program has a chance to install the update.

Fourth, antivirus programs are far from perfect. No matter what the marketing hype may claim, antivirus programs are not able to detect all viruses, nor are they always able to clean your system completely if they do find a virus.

The real truth is that, if you use a computer over which you have complete control — such as a home computer, even if you have a small home network — you don't need an antivirus program. Antivirus companies do their best to scare people who don't understand computer viruses, so don't let yourself become paranoid. If you follow the guidelines I have explained, you are safe. To make it easy, I have included a handy summary at the end of the chapter.

The biggest problem with antivirus programs is that they can give you a false sense of security. Even if you have an antivirus program installed on your computer, you still need to follow the rules, because no program can protect you against all viruses, especially the very newest email worms. However, if you follow the rules, you don't need an antivirus program!

But, I hear you ask, are there any situations in which you do need an antivirus program? The answer is yes: if you don't have complete control over your computer or your network, you need antivirus protection. This is because other people who don't follow the rules may expose your computer to a virus.

For example, if you use a network at work (or if you bring a laptop computer to work), you never know if someone else on the network will bring in a floppy disk with a virus, or open an email attachment that contains a worm, or install a program that is really a Trojan horse. Once this happens, the virus may spread to other computers on the network including yours. Even if you have a knowledgeable, full-time network administrator, he or she can't provide complete protection against people who do unsafe things.

Similarly, if you have a home computer and you can't get your children or your spouse to follow the rules, you should consider getting an antivirus program. At least you will have some protection (but don't depend on it).

If you do want an antivirus program, here are the Web sites of a few antivirus companies. When you visit these sites, you will notice that they put a lot of effort into scaring you, so don't be surprised: it's their business to scare you.

In most cases, you can download an antivirus program to use for free for a limited time. After the time expires, if you want to keep using the program, you must pay to register it. Some of these companies do not make it easy to find the Web page with the free trial program; you may have to spend a few minutes looking for it. They would rather that you buy the program outright, especially if you think there is a virus on your system and you are scared.

Most of these programs cost money. However, be sure to look at more than the initial price. Don't buy a program until you know the cost of the updates. That is where the antivirus companies make a large portion of their money.

One last point. If your brand new computer comes with a free antivirus program installed, should you use it? The answer is: unless you have a special need (as I explained above), you do not need the program. Feel free to uninstall it.

Let's be realistic here. No one makes money giving away free software. The antivirus program that was pre-installed on your computer is a marketing tool. The antivirus company hopes you will register for their service and pay for regular upgrades. They are counting on the fact that most people will not want to uninstall a built-in antivirus program.

What they aren't counting on is that you have this book.

Jump to top of page

What Should You Do If You Get
a Virus on Your Computer?

If you do get a virus on your computer, terminate all the programs that are running, especially your email program. Now disconnect your computer from the Internet. If you are on a network, or if you have DSL or a cable modem, disconnect the network plug. Shut down your computer.

Now stop and think. Don't panic.

If you are at work, call your network administrator. Let him or her handle the problem.

If you are at home, or if you work in an office that doesn't have a network administrator, the very best thing to do is to call in a nerd. Everyone should know at least one computer nerd for times like this. (I am serious.) If you don't know what you are doing, you are much better off having a nerd solve your problem.

If you have no one to help you, you will have to figure things out for yourself. Start by asking, how did your computer get exposed to the virus? Did you open an email attachment? Did you run a program that came from someone else's computer? If you know where the virus came from, it can help you find the information you need to remove it from your system.

Turn on your computer. After it starts, look for any programs that may have started automatically and terminate them. Now, reconnect your machine to the Net.

If you know how you got the virus, check with one of the following virus information sites. You goal should be:

  1. Make sure your computer has a virus. (It is easy to have a false alarm.)
  2. Identify the virus.
  3. Find instructions on what to do for that particular virus.

If you really have a virus and all else fails, get yourself an antivirus program (see the previous section for Web addresses). If you are really stuck and you can't download a program, you will have to buy one at the store. In this case, it is worth it.

Jump to top of page

How to Be Safe: 4 Simple Rules

Once you know what you are doing, it is easy to protect your computer system against viruses. All you need to do is follow 4 simple rules.

To protect against email worms:

  1. Delete all email attachments except those with a file extension of gif, jpg, mp3, txt or wav.

To protect against regular viruses:

  1. Never use a program that has been on someone else's computer. Don't share software unless it comes on a CD-ROM.


  1. Never put a floppy disk into your computer if it has been in another computer.

To protect against macro viruses (if you use Microsoft Word or Excel):

  1. Turn on the built-in macro security.

(With Word 2000 and Excel 2000, set the macro security level to "High". With Word 97 and Excel 97, make sure that "Macro virus protection" is turned on.)

Jump to top of page

Quick Diversion: The Solution

At the end of Chapter 9, I showed you a short puzzle. The puzzle was to look at the following sequence of five numbers and figure out which number comes next:

1 11 21 1211 111221

To see the solution to this puzzle, all you have to do is interpret each number as describing the previous number.

The first number is simply 1. The second number (11) shows that the first number consists of one 1.

The third number (21) shows that the second number consists of two 1s.

The fourth number (1211) shows that the third number consists of one 2 and one 1.

The fifth number (111221) shows that the fourth number consists of one 1, one 2, and two 1s.

Once you see the numbers in this way, it's easy to figure out what comes next:


and so on.

Jump to top of page