Internet Safety
From HOL Wiki
We do encourage everyone in HOL to read this essay about safety precautions on the internet, written by Prof. Emerald Dybendahl in 2003. The original essay is located here.
Contents |
Viruses
What Is A Virus?
A virus is a program that reproduces its own code by attaching itself to other executable files, so virus code will run when the attached file is executed. In general terms, they have an infection phase (when they reproduce widely) and an attack phase (when they do whatever damage they are programmed to do). There are a large number of virus types.
What Are Executable Files?
An executable file is a computer file containing step-by-step instructions in a form that the computer can follow. By contrast, data files contain just text or pictures which are not executable. Executable files are essential to using computers, but when one arrives by e-mail, be careful!
Never execute ("open") executable attachments received in unsolicited e-mail. Just because your virus scanner doesn't flag it does not guarantee that it is safe--it could mean that the virus is newer than your virus data file. Just because it apparently came from a trusted friend doesn't mean that it's safe--it could mean that your friend's computer was infected without his/her knowledge, or it could mean that your friend's address was forged by a third-party sender. (The Klez virus forges the "From:" address when sending copies of itself.)
You can't use a computer without opening executable files. Every application you run, whether it's your e-mail reader, your web browser, your word processor, or your spreadsheet, begins with an executable file. One of the hardest things for a novice to figure out is which files are executable and which are just data. In an MS-Windows computer, many but not all executable files end in the extension .EXE. Some end in .COM, .BAT, .PIF, .VBS, .VBE, .SCR, .JS, .JSE, .WSF, .WSH and a few others.
Some Windows systems are set to hide the extension, which makes it even harder to recognize an executable file. (To fix the latter, in Explorer, click on View, Folder Options, View. Un-check "Remember each folder's view settings" and un-check "Hide file extensions for known file types." Then click on "Like Current Folder.") It is HIGHLY RECOMMENDED that you fix this on your system, because virus writers frequently name their executable file with a false extension, which looks like the real extension if the operating system hides the real extension. For example, "picture.jpg.vbs" is an executable file, but it will look like an image file (picture.jpg) if its real extension (.vbs) is hidden.
In another insidious trick, virus writers sometimes name their executable file to resemble a popular web site. For example, "yahoo.com" is a popular internet domain, but it could also be the name of an executable file. The ".com" extension has denoted executable files since the early days of IBM PC DOS. Its other use, to indicate commercial internet domains, is an unfortunately confusing coincidence. It is important to distinguish between a file name and an internet address.
Further, some applications will execute code contained in their data files. For example, Microsoft Excel spreadsheets (.XLS), Microsoft Word documents (.DOC) and templates (.DOT) may contain macros, small segments of executable code. It is a good idea to configure such applications to not automatically run macros embedded in a file when opening it.
Bottom line: Remember, whenever you "open" any executable file, whether received as an e-mail attachment or otherwise, means to surrender complete control of your computer system to its distant (and unknown) author. Even if you know and trust the person who apparently sent it to you, please consider that his system may have been infected by a virus.
Where to get help?
Hoaxes (chain letters)
Hoaxes are messages that claim to be warnings of real virus threats. There are even hoaxes that warn of other hoaxes being infected by viruses. Computer virus hoaxes have been around for nearly as long as the first virus. The fact is, hoaxes have only one purpose in life and that is to spread to as many people as possible. Quite the same goal as viruses, some might say.
Hoax messages generally include to admonishment to "forward this to everyone you know" and may even reference a seemingly legitimate source. An individual, already embarrassed once for naively believing in a hoax, is much less likely to accept a valid virus warning as being true. So what should you do when a hoax message is received? Don't fall into the "just-in-case" trap. Do not forward the email to everyone in your address book, despite your doubt, just in case it might be true.
- If the e-mail sounds like a hoax, it probably is. Do not instantly react to save the world. You can be certain, if it's a real threat, the news media and legitimate antivirus sources will publish all the necessary alerts.
- Check out the facts. There are many good resources on the internet, e.g. from F-Secure, McAfee, Symantec/Norton or about.com
- When in doubt, don't sent it out!
- If you've received a report of a legitimate virus, you still should not forward it. Instead, take a few moments to find a valid link on an antivirus or security site and send the link instead. You'll be doing yourself, and the entire Internet, a favor.
If you still need further reason to refrain from forwarding these fakes, consider this: hoax forwarding is the trademark behavior of a new and inexperienced computer user. Is that really how you want to be perceived by your friends and colleagues? And, finally, neither Bill Gates, nor Outback Steakhouse, nor anyone else is going to give you money for forwarding emails. This most definitely falls in the realm of "too good to be true".
Worms (email worms)
A computer program that replicates independently by sending itself to other computers (in local networks, or most commonly over the internet). Here are some tips on avoiding computer worms (taken from the F-Secure website):
Most of the worms which use e-mail to propagate use Microsoft Outlook or Outlook Express to spread. It is recommended NOT to use Microsoft Outlook, but if you need to use Outlook, download and install the latest Outlook security patch from Microsoft, which can be found here.
If you want to be more safe, do not use Outlook if not needed, almost all e-mail viruses and worms are written for Outlook because it is the by far most widespread e-mail client, and therefore guarantees the fastest distribution of the virus/worm. I recommend an alternative e-mail client, such as Mozilla's Thunderbird. It is free, has all the Outlook features, and you can download it here. In general, keep your operating system and applications up-to-date and apply the latest patches when they become available. Be sure to get the updates directly from the vendor.
When possible, avoid e-mail attachments both when sending and receiving e-mail. Make sure to NEVER open e-mail attachments with the file extensions VBS, SHS or PIF. These extensions are almost never used in normal attachments but they are frequently used by viruses and worms. Also NEVER open attachments with double file extensions such as NAME.BMP.EXE or NAME.TXT.VBS. -- If you feel that an e-mail you get from a friend is somehow strange - if it is in a foreign language or if it just says odd things, double-check with the friend before opening any attachments. When you receive e-mail advertisements or other unsolicited e-mail, do not open attachments in them or follow web links quoted in them.
All these rules are not only valid for e-mail attachments, but for all ways of getting executable files on your computer. Make sure you do not carelessly ignore these rules when you get or download executable files from chat systems as IRC, ICQ, AIM or MSN, from file-sharing networks such as Kazaa, or if you download them from public or private FTP servers, websites or newsgroups (Usenet)! Especially avoid downloading files from public newsgroups (Usenet news). These are often used by virus writers to distribute their new viruses. In general, never accept attachments from strangers online!
Anti-Virus Tools
Virus Scanners: The major advantage of scanners is that they allow you to check programs before they are executed. Scanners provide the easiest way to check new software for known or suspected viruses. Once a virus has been detected, it is possible to write scanning programs that look for telltale code (signature strings) characteristic of the virus. If the scanner finds a match, it announces that it has found a virus. This obviously detects only known, pre-existing, viruses. Many so-called "virus writers" create "new" viruses by modifying existing viruses. This takes only a few minutes but creates what appears to be a new virus.
What scanner should you choose? Well, it is very dangerous to depend upon an old scanner! With the dramatic increase in the number of viruses appearing, it's risky to depend upon anything other than the most current scanner. Even that scanner is necessarily a step behind the latest crop of viruses since there's a lot that has to happen before the scanner is ready: The virus has to be detected somehow to begin with. Since the existing scanners won't detect the new virus, it will have some time to spread before someone detects it by other means. The newly-discovered virus must be sent to programmers to analyze and extract a suitable signature string or detection algorithm. This must then be tested for false positives on legitimate programs. The "string" must then be incorporated into the next release of the virus scanner and the scanner or detection database must be distributed to the customer.
An anti-virus software whose makers do not react rapidly to new virus threats is useless. Therefore I recommend to only use well-established software such as Norton, McAfee or F-Secure. New virus definitions and updates should be loaded by the software automatically, this is the most important feature your software should have. If the virus database in your scanner is not up-to-date, your computer is not protected and your software is useless. New viruses spread rapidly within a few days, a two-weeks-old scanner is as useful as having no scanner at all. Do not use a free or shareware program that claims to do its job, it is unlikely that a free software can generate enough resources (money) to allow its makers to keep the product in the top league. It's not the best idea to save money on your own safety, especially if you have sensitive data on your hard disk and/or depend on your computer for work/school purposes.
Make Backups! Don't be lazy! Backup your important data regularly! This is not only a safety measure for a potential virus damage, a simple power outage can do harm to your data or even destroy your hard drive. A computer is just another technical device, like your radio or dvd player, it can fail, crash, get damaged, stop working for lots of reasons that you have no control over. It is always a good advice to backup all the files you can not restore from installation disks, CDs, a second hard drive etc. - especially files you have generated. I recommend to make backups at least once a week.
Too many people wait for a problem to happen or a virus to attack their PC before they take any action. Once a virus reveals its presence on your PC, it may be too late to recover damaged files. There are many viruses that cannot be successfully removed due to the way the virus infects the program. It's absolutely vital to have protection before the virus strikes. If you wait until you notice that your hard disk is losing data, you may already have hundreds of damaged files. It's rare to find any PC that does not have some type of important data stored on it (why would you store it if you at least didn't feel it was important at the time?).
File-Sharing-Networks (Morpheus, KaZaa, etc.)
First of all, everything you've just read about viruses and worms that you can get by email is also valid for any other source for obtaining files. It does not matter if a virus is sent by email or downloaded from KaZaa or IRC.
KaZaa: (Morpheus, and all other file-sharing networks) - CONSTANT VIGILANCE! - The more people are using a system, the more attractive it gets for virus programmers to use it for distributing new viruses. You NEED to scan all executable files you've downloaded from file-sharing networks for viruses before you open these! This also includes all executable files that are stored in archives (.ZIP etc.) you've downloaded. Never ever ever open or run anything you got from KaZaa and alike without scanning it for viruses, if you want to be safe - do NOT download anything else other than plain data files (text, music, images).
To give you an idea of how serious this threat is: The music industry and also the film industry have officially threatened multiple times to use file-sharing networks such as KaZaa to distribute viruses, in order to scare away users from sharing copyrighted files on these systems. Both industries are suspected to be responsible for a large number of viruses that are around, because it is in their vital interest to discourage the distribution of music and video files over the internet.
You also should share no more than one or two folders on your own hard drive, when using a file-sharing network. You do not want millions of strangers to being able to access your personal files on your hard drive, right? Always keep in mind, on file-sharing networks you are exchanging files with complete strangers, and you know nothing about their intentions, nothing about the actual content of the file you just downloaded, so please be careful for your own safety.
SpyWare, AdWare
Spybots and Spyware do a number of things. Some of them track what web sites you like to go to, looking for patterns in your surfing behavior or shopping preferences. Others put a program on your computer that will run automatically at startup. This program might lay dormant until you're not around, at which point your computer can be hi-jacked and used as a hacking zombie. Almost as bad, the sneaky program which was put there without your permission could be using up valuable resources, RAM and bandwidth. This would show up in decreased computer performance: programs opening or running slowly, slow surfing or lots of PC crashes.
If you have anti virus software like Norton Antivirus or McAfee, don't be lulled into a false sense of security. Spyware isn't a computer virus or worm, and isn't treated like one. If you download and install, for example, something like Gator to track your passwords, it is also keeping track of you against your knowledge. Norton Anti Virus won't care. Or, if you download and install some programs like Netscape Navigator or Netscape Communicator, sometimes a small piggyback program called Comet Cursor is installed with it. This is loaded automatically at startup and sucks up your valuable computer resources. You unwittingly gave Comet Cursor permission to be on your PC, and now it's there to stay.
Chances are, your computer is filled with spyware that you were clueless about. There are probably ad-tracking cookies that know your every move. There are bots that are "phoning home" to let the mothership know what you like to do. There are possibly even holes in your security, where maybe someone can get their grubby hands on your personal information like address, banking or credit card info. So, what to do? Luckily, there are a number of software solutions.
We recommend you download a program such as Adaware or Spybot Search & Destroy. The latter is free software and received "PC Magazine's Editors' Choice Award" in April 2003. You will be surprised how many spyware programs and cookies reside on your system that you had no idea existed.
Data Loss (not Virus-related)
Before you panic about having caught a virus on your system, check these causes of data problems, they are much more common, and it is just a matter of time before YOUR computer will run into one of them. Again: MAKE BACKUPS!
Power Faults: Your PC is busy writing data to the disk and the lights go out! "Arghhhh!" Is everything OK? Maybe so, maybe not; it's vital to know for sure if anything was damaged. Other power problems of a similar nature would include brownouts, voltage spikes, and frequency shifts. All power faults can cause data problems, particularly if they occur when data is being written to disk (data in memory generally does not get corrupted by power problems; it just gets erased if the problems are serious enough).
Age: Electronic components are stressed over time as they heat up and cool down. Mechanical components simply wear out. Some of these failures will be dramatic; something will just stop working. Some, however, can be slow and not obvious. Regrettably, it's not a question of "if", but "when" in regard to equipment failure.
Software Problems: Software Problems account for more damage to programs and data than any other. We're talking about non-malicious software problems here, not viruses. Software conflicts, by themselves, are much more likely threats to your PC than virus attacks. There are many resident programs (e.g., anti-virus, video drivers) running simultaneously with various versions of Windows, DOS, BIOS, and device drivers. All these programs execute at the same time, share data, and are vulnerable to unforeseen interactions between each other. Any time a program crashes, there's the risk it may damage information on disk. You can not do much about this threat, so MAKE BACKUPS!
Common Mistakes
"I tried to open an e-mail attachment but lucky for me it failed"
Don't breathe that sigh of relief yet! Your attempt to open the attachment is likely to have infected your computer with a virus, even if you had no evidence of success in opening them. Virus writers often include a confusing, bogus failure message of some kind in order to give their victims a false belief that they were not infected.
"If I had a virus here, it has not done anything."
The absence of symptoms does not prove you're not infected. Most viruses are stealthy, doing their dirty work without obvious symptoms... at least not until severe damage has already been done.
"I did not have the suspicious message on the computer when I wrote others so, if was a virus, I didn't pass it on."
A virus can infect your operating system the very moment you first open it, after which it doesn't matter if you delete the message via which it arrived; your system is still contagious. And it doesn't require you to personally launch e-mail for it to spread to your correspondents; it can be busily sending out copies of itself while you're asleep.
