How can I reduce the risk of virus infection?
by Tom Cumming
The key to effectively protecting yourself against computer viruses is not to preoccupy yourself with just one tactic, such as the use of virus scanning software. This is not to say that virus scanning software is not useful, but to use a little analogy, consider the steps you would take to protect your house from burglery. You have already got a good quality 5-lever lock on the front door, but you still got broken into last week and all your bank books were taken. So do you then go and buy another good quality 5-lever lock to put on the front door? No, it would be much more cost-effective to get yourself a safe to put your bank books in. After all, last time the door was rammed and the frame gave way, so more locks would not have prevented the break-in anyway. Or maybe you could get a nice loud burgler alarm, so that you get woken up and can call the police, and maybe then your house would not be targetted in the first place.
Your first line of defense is the point at which the virus arrives at your computer. Computer viruses normally arrive via email messages, internet downloads and through removable media such as floppy disks. Be careful with how your email address is spread. If your email address is available publicly on the internet in any way, there is the potential for this address to be "harvested" and have a virus sent to it. If you post to usenet newsgroups or web-based forums, it is a good idea to post using a different email address to your "main" address, preferably a web-based one, so if your email address is "harvested" and gets sent a virus, you can delete the file directly off the mail server without it getting anywhere near your PC. Or, if you would like to keep your address completely seperate, post to email@example.com instead. If you have your own website with an email link on it, the same applies. Or alternatively you could remove the email link and replace it with a web-based feedback form, so that people can still send emails but without the email address being visible.
When downloading files from the internet, be careful only to download files from major reputable sites which you can trust, and get into the habit of scanning downloaded files before using them. Similarly, be careful with removable media - do not just shove any disks into your computer without thinking about where they come from. Commercial software disks are generally fine, but if you are sharing disks with other computers, consider whether they are equally clued up about virus protection as you are.
Even if a virus gets past this stage, it is still harmless until it is actually executed. A virus writer will not want to make it not obvious that you are about to run a virus, so this is a bit more taxing than just not double clicking icons marked "nasty-system-trasher-virus.exe"! Some virus programs will disguise themselves as as other file types, by adding extra file extentions. If you call a file (for example) "filename.txt.exe", it is the last extention (the .exe) that actually takes effect, so this is still a program. But, Windows sometimes hides filename extentions under certain configurations, so this example file will be labelled as "filename.txt", and look like an innocent text file, not a program. What you must make sure is that your system is not set up in this way. In Windows XP, this is accessed by going into any folder window and selecting Tools / Folder Options / View, and untick "hide extensions for known file types." In older versions of Windows, this option is under View / Folder Options or View / Options. Another common trick is to use a very long file name with lots of spaces in, so that a file could be called (say) filename.txt[lots of spaces].exe , so that the .exe bit runs off the edge of the screen. So always be careful to scroll onto the end of the filename and read it all before running anything. All of this also applies to email attachments. Additionally, do not ever open email attachments you are not expecting. Email viruses are normally spread by forwarding to names in other peoples' address books, so even if a file looks like it is from someone you know (which it most probably is!), this does not mean that it is safe or that the sender knows anything about it - remember, viruses are programmed to spread automatically without the user knowing. Get into the habit of emailing a friend back with a short email, asking whether they sent you an attachment and what it is. If the answer they give is "no", then warn him/her that he/she has a virus on his/her PC. And obviously, delete the file immediately without running it.
Viruses can also sometimes be hidden in data files as macros, such as Word documents. Most such applications have options built in to ask you before running macros, and it is always a good idea to have these options turned on. In Word 2002, this is found under Tools / Options / Security / Macro Security. For other packages, refer to your documentation for how to do this.
I have also come across one or two viruses that spread through instant messaging services like MSN Messenger. Do be careful if someone sends you a web address to click on - look at what kind of file it is linking to - if it ends in something like ".exe", ".bat", ".com", ".pif" or ".scr", it is an executable program, not a web page. Just because a style of writing looks and sounds like someone you know, do not be fooled - as it may be that person's computer that is infected, and is repeating phrases that the person uses.
There are also many viruses in existence that spread and cause damage by exploiting bugs and weaknesses in the computer's operating system. It is very important to make sure your operating system is kept up to date. For Windows machines, visit the Windows update site regulary, HERE to check if your machine needs any updates or patches installing. If you are using Windows XP, make sure you have Service Pack 2 installed. To find out if you have it installed, right-click on the "My Computer" icon on the start menu, and select properties. If you do not see the words "Service Pack 2" in the window that appears, you need to install it. You can install it via Windows update, or you can order it on a CD from Microsoft: HERE
It is also extremely important to have a firewall running on your machine. If you have Windows XP service pack 2, you will already have one as part of the update. For previous versions of Windows, I recommend Sygate Personal Firewall: HERE
When chosing a virus scanner, always make sure it is certified to work with your operating system. So if you have Windows XP, make sure you have a program that says on the box it works with Windows XP. Do not buy something that is for Windows 98 but seems to work OK because you don't get any error messages - you won't know if it is really working properly until you get your first virus! It is advisable always to have the latest version of whichever package you are using, as the newer ones will have benefited from more years of research and development and so will be more effective.
Remember also to keep it up-to-date: the program will only look for viruses that are in its database of known viruses, so is unlikely to detect viruses that are newer than the program's data files. All virus scanners have an option to update their data files (and sometimes the scan engine as well) by downloading a file from the internet. Do this as often as possible - most of the manufacturers release new data files every day. After a certain length of time after purchase, you may well have to pay a subscription to the software manufacturer to keep receiving updates.
Most virus scanners have two parts: an on-access scanner and an on-demand scanner. An on-access scanner scans files as you use them, whereas an on-demand scanner scans files when you tell it to. Do not be tempted to disable the on-access bit: it may slow your PC down very slightly, but it is a price worth paying, because every time you run a program, the system automatically scans it before it runs it, and does not run it if it finds anything suspicious.
Even if your virus scanner fails to pick up a virus and it gets run, there are still a few things you can do to minimise the damage it might cause. If you are using Windows XP, 2000 or NT, make sure you do not use an admistrator account for your day-to-day work - a virus can do far more damage in an administrator account because Windows will not prevent it from modifying certain parts of the system configuration. Set yourself up a "limited" user account, and then only use the administrator account when you have to install software or make modifications to the system configuration.
The important thing to remember here is that most viruses are written to be as small as possible, so that they go unnoticed. So, the code they use tends to be quite primitive, make certain assumptions about the computer it is being run on, simply by how most PCs are set up. You can reduce a lot of risk by making your system a bit atypical. Imagine you are in the mindset of writing a virus to cause computer chaos around the world - would you write a virus that trashes Acorn RISC-OS systems? Of course not - not enough people them for it to cause any significant chaos. (If you are wondering what on earth an Acorn RISC-OS system is, well, that is precisely my point.)
Do you use Outlook Express to read your emails? Yes? Well, so do most people. So, many recent email viruses have been designed to exploit security flaws in Outlook Express. Consider using something a bit more unusual, for which a virus writer would have less insentive to write a virus for. If that is a bit radical for you, then at least make sure that you use Windows Update regularly to insure you have all the latest security updates for Outlook Express.
What drive and folder do you have Windows installed to? C:\Windows? So if a virus scanner wants to do some damage to a Windows core file, it knows to find it in C:\Windows? How about having Windows installed somewhere else instead? C:\Win, perhaps? This does require you to reinstall Windows, and I would not suggest you do it just for this reason, but it is a good idea to consider if you ever have to reinstall Windows for some other reason.
Some viruses are now in the form of Windows Script files instead of normal executable files. If you do not use Script files for any of your normal PC usage (and you would know about it if you did, believe me!) then you can disable Windows Scripting Host to prevent these files from running. This does not apply to all versions of Windows, but for those that it does, goto start / settings / control panel / add&remove programs / windows setup tab. In one of the categories you will find an item "windows scripting host" - the location varies according to Windows version. Click on a category and click "details" to get the category lists up, and then when you find "windows scripting host", untick it and click on OK.
That is about it, apart from one last issue: hoaxes. There are some people in this world that want to have the satisfaction of trashing the world's computers, but do not have the technical knowledge to do so. So, they make up fake virus warnings and spread them via email, encouraging others to forward it to everyone in their addressbook, and possibly giving some removal instructions. For "removal instructions", read "computer-trashing instructions". So, if you ever get an email warning you about a virus, before doing anything it says, have a look at the websites of a few of the big anti-virus software companies, seeing if they have heard anything about this email, and whether they know it to be true or not. You need to tread a little carefully here, because such messages could genuine and cannot be dismissed out of hand. If you cannot find any information about the message, then have a read through the instructions and see if they sound plausible. If it instructs you to delete a file, put the name of this file into an internet search engine and see what you can find out about it. You may find that it is a virus, or you may find it is a vital file without which your computer will not work properly.
Copyright © 2001-2006 © Copyright Karl Davis.
No part of this site may be reproduced in any format.All documents author acknowledged are copyright retained by the author.
Dead links or Errors ? Please email the Webmaster