|
Back Issues |
|
Computers
& Technology . Communicable
Diseases, An Anti-Virus Primer
In the world of computers, communicable diseases are more commonly known as viruses. But a virus is not the only communicable disease your PC is prey to. So, if you happen to get an e-mail warning you of a virus and telling you delete a file named SULFNBK.EXE -- DON'T ... at least not until you know a bit more. Hundreds of folks in our DownStreet neighborhood, probably more, received an e-mail with precisely those instructions. Unfortunately, some followed the instructions before they knew any better. Fortunately for us, we didn't ... But not because we knew any better, at least not at first. ... The Scenario
It
was from a local non-profit we'd been corresponding with here at the magazine on
and off over the past month or so. We had our anti-virus program running,
but I still felt a little bit of trepidation as I opened the e-mail.
... The first thing I noticed was that DownStreet was only one of nearly four dozen recipients. The opening paragraph explained that the organization had received an e-mail that morning from a 'sister' organization in Canada, in Winnipeg to be precise, with whom they'd been corresponding on a regular basis for some time. It then went on:
The advice warned that if you'd received an e-mail from the sender, then you would have inadvertently been sent a virus file which you'd find on your system, specifically, a file named SULFNBK.EXE. The advice then suggested that you delete the file before June 1st, the date it was supposed to become active. Dutifully, I typed the full file name in and searched my hard drive for the file. But I didn't find it, so I searched again, this time replacing the 'exe' with the wildcard -- '*'. ... Still nothing. So I looked in Windows Explorer just to make sure that I had it set to 'Show Hidden Files and Folders'. Maybe, I thought, the file in question was automatically marked hidden, which you can do with any file or folder on the system very easily. But no go. Explorer was already set to show me everything. ... So I tried one last time, typing *SULF*.* this time. Again nothing. At this point, I became a little curious. ... I re-read the e-mail. The original that had been forwarded to us said it plain enough:
If the Virus Alert was accurate, then supposedly I should've found the file on my system. But I didn't. ... Why? It wasn't an idle curiosity. We depend on our PCs to write, edit and publish the magazine, as well as to house and organize tons of research and photos, not to mention to keep track of all sorts other things. A virus could cause us a considerable bit of grief. So, the next logical step was to go to the web site of any one of the major anti-virus programs and see what I could find. Virus Info Centers I went to McAfee at first and used their advanced search and typed the name of the file in. That's when I found out ...
Just to be clear, it was a hoax in the ordinary sense of that word. But in the world of computer viruses, 'a hoax' actually represents a distinct category. While not a virus per se, it might as well be since it accomplishes much the same thing -- the potential for damage to your system. Inasmuch as hoaxes are not really viruses, there are also two other categories of potentially damaging code out there that can have you end up with the same sorts of results -- Worms and Trojan Horses. Unlike viruses, or even hoaxes, neither worms nor Trojan Horses need direct access to your system. These 'anti-social' software programs, as they are often referred to, use either an existing network, including the internet {worms}, or existing program software {Trojan Horses} to run their routines. Worms live up to their name by actively trying to 'worm' their way through an entire network, infecting all connected systems. Trojan Horses use pirated versions of existing software to embed code so that, when the program is installed, the damage begins. As a practical matter, virus programs can't check such code, since they'd have to disassemble the entire program. But most shareware does have validation code available for checking you version, and there are actually software programs specifically designed for checking what's called Standard Cyclic Redundancy Code. Of course, the safest bet when it comes to Trojan Horses is to be sure of where you software programs comes from in the first place. A
Primer on Computer Viruses Essentially, a virus is a bit of code that's intended to alter your computer system in any of thousands of ways. The basic questions about a virus are relatively few
Does Your System Have a Virus? Without an anti-virus program, you may have a virus infection -- in fact, an infection that has been active for quite some time -- and not even know it. But don't think that just because there are no immediately apparent effects, all is well. When it comes to computer viruses, it rarely is. What Type of
Virus Is It? File-borne viruses, on the other hand, are propagated by any infected file which -- when open, run or executed -- begins its work. Macro viruses, which may be considered a type of file virus, usually depend on a program that handles macros {a set of instructions usually useful for performing a sequence of tasks automatically} as part of its normal operation. Many macro viruses, therefore, targeted Microsoft programs like Word, Excel, etc., which, until more recently, activated macros automatically. But since the advent of such viruses, Microsoft programs now usually prompt to ask if you want to enable the macros for a specific file. Virus hoaxes work in what some consider a more insidious way -- they get you to damage your own system. Most virus hoaxes take the form of e-mail virus alerts or warnings that then direct you to follow a set of instructions which, if not followed, will have dire consequences. The SULFNBK Hoax is one example. Fortunately, even if you followed the instructions for this one, the harm is relatively minimal, and recovery, relatively simple. The file in question is responsible for long file names in Windows 98 and Me {which, since we run Windows 2000,} explains why we didn't find it on our system}. And only if you needed to restore them for some reason would the program be called upon. But such low-grade damage is hardly the rule, even for hoaxes. And to make matters a little more complicated, even though the e-mail message carried the hoax, it is still possible that another real virus could have used your SULFNBK.EXE -- which, in many ways, provides the perfect size and function -- as a vehicle for a very real infection. What
Sort of Damage Can the Virus Do? Unlike viruses in the natural world, computer viruses are intentionally created by people. Rather than random selection and infection, these programmers know how computer systems work -- usually at levels that are invisible to most users -- and use that knowledge to write code for a sequence of events. The first order of business, of course, is infection. Once a system is infected, some virus program are satisfied to let you know that your system has been infected and leave it at that. Unfortunately, such virus programs these days are the exception rather than the rule. Most virus programs instead seek not only to infect your system, but as many others as it can. In this scenario, the virus will have a means for propagating itself from your system to others, usually friends, family, colleagues, and co-workers. In order to accomplish this, the virus programmer will often deliberately keep any ill effects from showing up on your system until it has had time to propagate. How it propagates depends, again, on the type of virus. One virus, for example, propagates to others by searching your Outlook or Windows Address Book and sending e-mails to the users it finds there. Only after it has had time to do that -- usually after one month and a mailing to at least 100 others -- will it next run a routine that brings up a pop-up message with a bit of profanity. After your system has been infected for two months, it next makes your desktop icons move every time you try to place your mouse pointer over them. After three months, the infected file deletes itself. Those effects, however, as irritating and destructive or productivity as they may be, are relatively benign compared with some viruses, which will do nothing less than wipe out your entire hard drive and/or system. Will
Your Anti-Virus Program Recognize It?
The question of settings or configuration usually comes down to a couple of things: First, if your program has both boot sector and 'real time' file checking options available, your safest bet is to have them turned on. As far as the virus definition up-dates, most programs provide monthly downloads of new virus definition files ... which will give you some idea of how may new viruses are being written. Make a habit of downloading and installing the latest definition file each month. This last issue -- the type and nature of the virus -- is a little trickier. Actually, it's a whole lot trickier. ... Part of the allure for many virus programmers is similar to the allure for many hackers or counterfeiters. The basic idea is to outsmart the professionals. Virus programs are constantly being written -- with the latest info about operating systems, security, and the routines that anti-virus programs use -- to find new ways of gaining entry and doing their damage. In this light, there is really no way for any anti-virus program to catch and stop all viruses all the time. Does this mean there's no point in installing anti-virus software on your system? Not at all. ... Most reputable anti-virus companies are damned good at staying on top of things. And that's all most people really need. But what it does mean is that, in addition to making use of a good anti-virus program, you should also check your program's web site for late-breaking news. Take the SULFNBK Hoax as one example. I mentioned that we received that e-mail about a Virus Alert in late May. It was May 29th to be exact, and when we found that it was a hoax, about two hours after we received it, we immediately e-mailed the sender to alert them of the fact. By the time we did, they'd already discovered the same thing. But it didn't end there. The next day, we received another e-mail, this time from a local school with which we'd exchanged e-mails during the month. In this scenario, we weren't one of dozens, but one of hundreds to whom the e-mail had been sent. Since we had the hoax info already, we replied as soon as we received this e-mail. But here, too, by the time we did, this sender had also discovered that it was a hoax. All this, then, was happening in our neighborhood at the end of May. But the earliest report on this 'virus' -- which actually began as a Portuguese e-mail out of Brazil -- was in mid-April. By early May, McAfee and others had posted the necessary info about it, including the fact that it was a hoax and how to replace the file if you'd already deleted it. Not
Always a Virus There's no time here to go into all the possible scenarios and all the possible testing procedures or verifications. Suffice it to say: If you think you may have a virus, or an e-mail or file attachment that you think may contain one, treat it as such. Run your anti-virus software on it, and do the homework on-line to see if it's something new your virus definition file may not be aware of yet. If you've done that, then you may want to research known bugs for software, or, for other problems, possible causes in your system or hardware at any reputable on-line site. Some Basic Precautions Then ...
Remember, then: VIRUS PROTECTION. Don't boot up without it!
... ******* ******* If you would like to submit a feature for our Computers & Tech section, don't hesitate to let us know. Simply e-mail us at comptech@downstreetmagazine.com. The e-mail should contain your name, address, and a phone number where we can reach you. You may also send a copy of your proposed article. The text can either be included in the body of the e-mail, or you can send it as an attachment in just about any word processing format. If your piece is accepted, we will pay a small honorarium for your interest & your time. [See Freelancers Wanted for more details.] ******* ******* If you would like to advertise in this section, or throughout the magazine, please visit our Advertising Info Pages ... or call, write, or e-mail ads@downstreetmagazine.com. ******* *******. |
|
*******
******* ******* ******* For more information, contact DownStreet Magazine by ...
Phone
(802) 453-5124 All
material copyrighted © 2000-2001. All rights
reserved. |
