The Internet -- Preventive Medicine for Your Computer

Aug. 28, 2001

by Jeffrey B. Dalin, DDS, FACD, FAGD, FICD

You have heard the horror stories:

 It is late at night. You begin downloading a very large file. You are tired, so you go on to bed and leave your computer connected online in order to complete your download. The next day, you find that a hacker has accessed your computer and renegade programs have been placed onto your hard drive. Files have been stolen and your hard drive has been damaged.

 You receive email from a friend. You find a program attached to this email. You assume it is some sort of fun picture or game, so you open the file. Your computer then starts to exhibit bizarre behavior. A virus has attacked your computer.

 Youve downloaded and installed a new accelerator utility that promises to give you cable-access speeds with an ordinary 56k modem connection. You go to restart your computer and Windows will not load and you can no longer access your hard drive. A nasty new Trojan virus has masqueraded as a program and taken over your computer.

Remember these names: Melissa, I Love You, Code Red, Code Red II, Win32, BadTrans, Kakworm, Anna Kournikova? These words strike fear into any Internet user. These viruses, worms, and Trojan-Horse programs love to spread via a computer users address book. You can now get a virus by email from friends, only to find out later that they had no knowledge of what was being sent out from their computer.

Hackers come in all sorts of varieties. Some are young kids who are just curious about how computers work and are merely playing with different programs. Others are malicious. They are out to steal information or "melt down" your computer. Rarely will a hacker attack a personal PC. Their targets tend to be computer networks of large companies.

Viruses attack personal PCs more often. You have seen the stories on the news  you have read stories about these large-scale virus outbreaks online or in the print media. For most of us, changing a few security settings on your computer, installing a good firewall program, maintaining and using a good anti-virus program, and using common sense will provide you with most of the protection you will ever need.

One of the first things you can do to protect yourself and your computer is to visit the Microsoft Web Site at www.microsoft.com and download any security updates listed on that site. Another method of defense is to open the control panel of your computer and remove "file and printer sharing for Microsoft networks" under the network control panel. Exercise caution whenever you open email attachments. If you have any questions about what someone is sending you, delete it and have them resend it to you after you confirm what it is. But most of all, be sure to use up-to-date anti-virus software and personal firewall software.

While there is no widely accepted definition of the term "computer virus," I define it as an executable code that when run by someone, infects or attaches itself to other executable codes in a computer in order to reproduce itself. Some of these viruses are malicious and will erase files or lock up systems. Others merely present problems by infecting other codes. In either case, you need to take these problems very seriously. There are well over 50,000 known viruses in existence, according to Symantec Corporation, maker of Norton Anti-Virus Program. In the past, users unwittingly infected each others systems when they exchanged floppy discs. Today, online computing allow much more rapid and widespread transmission of viruses.

Closely related to viruses are Trojan Horses and worms. Trojan Horses are programs that perform an undesired, yet intended, action while pretending to do something else. One example of such a phenomenon is a fake login program. Another is a disk-defragging program that erases files rather than reorganizes them. A Trojan Horse differs from a virus in that the former does not attempt to reproduce itself. A worm is a self-propagating virus. These tend to damage or destroy data and memory. They originally spread between machines by exploiting operating-system bugs. They tend to spread through e-mail and IRC.

Viruses come in many shapes and sizes. They include:

1) File Infectors which attach themselves to regular programs such as COM or EXE files under DOS; thus, they are invoked each time the infected program is run.

2) Cluster Infectors that modify file systems so that they are run prior to other programs. Cluster infectors do not attach themselves to programs.

3) Macro Viruses are viruses present in word-processing documents. They utilize the auto-execution macro capabilities in products such as Microsoft Word. When you open a document, the virus is spread.

4) System Infectors store themselves in the boot sector on a floppy disk or in the master boot record on your hard drive.

5) Encrypted Viruses use code in order to hinder detection. They will change or encrypt the code or data in a system.

Merely receiving an infected email or downloading an infected file does not infect your system. Someone must execute a virus in order for it to spread. Period. Data files such as .jpg, .gif, or .bmp images; .wav or mp3 sound files; or .txt files are generally immune from virus attack.

Files with the following extensions are usually regarded as being the most vulnerable to infections:

.arc = macro/script files

.arj = compressed archive files

.asp = macro/script files for Microsoft active server pages

.bat = program DOS batch files

.cab = Windows compressed application binary files

.cdr = Corel Draw document macro files

.cla = java program class file

.com = command/binary image files

.csc = Corel script/macro files

.dll = dynamic link library file

.doc = Microsoft Word document macro files

.dot = Microsoft Word document template files

.exe = executable program files

.gms = Corel global macro storage files

.hlp = Windows help files

.htm = hyper text markup language and related files

.ini = Windows initialization files

.lzh = LHARC compressed files

.mpp = Microsoft project files

.mpt = Microsoft project template files

.msg = Microsoft Mail, Exchange, and Outlook message files

.mso = macro Microsoft Office 2000 files

.ocx = Microsoft object linking and embedding custom controls

.ole = Microsoft object linking and embedding object files

.ovl = overlay program files

.rar = RAR compressed archives

.rtf = rich text format files

.scr = Windows screen saver files

.shs = Windows shell script files

.smm = lotus amipro spreadsheet files

.sys = DOS or Windows system files and device drivers

.tar = UNIX tape archive files

.vbs = virtual basic script files

.vxd = Windows virtual device drivers

.wbk = Microsoft Word backup files

.wpd = Corel Word Perfect document files

.xls = Microsoft Excel worksheet

.xml = extensible markup language files

.zip = winzip and pkzip compressed archive files

This list is by no means complete. New viruses are being designed and sent out on an almost daily basis.

These infectious programs do not just appear and do their damage. If you delete attachments or programs before opening them or executing them, they will not affect your computer. Many viruses are picked up by booting from an infected floppy disk, running an infected program, or opening up an attachment with email that is an executable file or document that is infected. The way to avoid these is to know who is sending you programs or documents and run an anti-virus program on your system at all times. Delete messages of unknown origin. Dont open up attachments, even from people you know, without becoming convinced that these files are "clean." Be careful what you add to your hard drive. People get these viruses on their computers unknowingly and can pass them along to you without malice or intention.

Virus attacks can cripple applications and damage your data. Even though anti-virus software can recognize and neutralize a virus, it cannot restore files that have been damaged or deleted. Backing up files will help protect you from the effects of a virus attack.

Yes, I have been hit by a virus  the dreaded Happy 99 ska Trojan Horse virus. It came along with some email as an attachment from someone I knew. It was not a malicious infection. It did not "melt down" my hard drive or cause my computer to crash. It merely became a nuisance. And there is a happy ending to this story: my anti-virus program caught it and took care of the problem.

How do you know that your system has been exposed to a virus? No matter how many precautions you take, it is possible for an infected file to still slip through and infect your system. Some viruses announce their presence with text messages. Others replicate on your system and try to spread to other systems. Their activity is hidden until the damage has been done. Watch for the following warning signs:

 Your anti-virus software alerts you. Many programs will alert you if a virus is attached to an email or is in an executable file.

 An odd text message appears. If you notice these messages, the virus already has done its damage and has infected your system.

 Programs or data files are damaged or deleted.

 Programs access more than one drive where they did not do so before.

 Available RAM decreases unexpectedly. Some viruses load into memory and will use up your available RAM.

 File characteristics change unexpectedly.

 Large numbers of unknown files begin to appear.

 Your PC starts acting strangely. Applications may freeze, crash, or produce unusual error messages.

 The PC wont boot and you cannot access your C drive.

When a virus strikes, it can be subtle or catastrophic. Immediately run your anti-virus software and see if it can quarantine or remove the virus from your system and fix damaged files or programs.

Many of the commercially available anti-virus programs have Web sites that will help you learn about viruses and separate fact from fiction when the alarms are being sounded. These companies do want to sell you their product as well, but they also have excellent information to share with you. Some of these are:

 J & A Virus Information: www.bocklabs.wisc.edu/~janda

 IBM: www.researchweb.watson.ibm.com/antivirus/SciPapers.htm

 Symantec: www.symantec.com/avcenter

 McAfee: www.mcafee.com/anti-virus/default.asp?

Wild List: www.wildlist.org

There are two other sites to visit that will help you differentiate the real virus threats from the hoaxes. These are not maintained by any of the manufacturers of the anti-virus programs, so you will not have to worry about any of the commercial hype:

1) Doug Muths Help Page: www.claws-and-paws.com/virus

2) Vmyths.com: www.vmyths.com

Computer users can install a personal firewall as another means of security. A firewall allows users to monitor information that is going in and going out of their computer. These programs will alert you to unwanted intrusions and block applications from sending out personal information and data without your permission. Some of the better personal firewall programs are Symantec Norton Personal Firewall, McAfee Personal Firewall, Zone Labs Zone Alarm, Network ICE BlackICE, and Sybergen Networks Secure Desktop. To decide which program you should purchase, evaluate user-friendliness, ability to work with software on your system, and the programs ability to repel hackers.

So be smart:

make small programming changes to your computer

 install anti-virus and firewall programs on your computer

 scan emails and downloads aggressively

 get updates from the manufacturers on a weekly basis

 run the programs on a daily basis.

Be sure to periodically back up your data files. This is a good practice to do on a regular basis. A virus is as likely to destroy a hard drive as a power surge is. It seems like a hassle to take all of these preventive measures, but it is well worth the effort. Then, if do pick up a virus, you can eradicate it before it can do any damage to your computer.

Even with all of these defenses, things can still go wrong. As fast as vaccines are produced for one virus, another new one appears. You can only try to protect yourself to the best of your ability. But by taking these preventive measures, you have greatly lessened your vulnerability to a virus attack.

Jeffrey B. Dalin, DDS, FACD, FAGD, FICD, practices general dentistry in St. Louis. He also is the editor of St. Louis Dentistry magazine and spokesman and critical-issue-response-team chairman for the Greater St. Louis Dental Society. His address on the Internet is www.dfdasmiles.com. Contact him by email at [email protected], by phone at (314) 567-5612, or by fax at (314) 567-9047.