PC Magazine - August 19, 2003
Effective Immunity

By Sheryl Canter

Think a virus checker is all you need to keep your computer safe? Think again. Virus checkers can protect only against known viruses. Even if you regularly update your virus definitions, there's always a lag between when a virus (or a worm or a Trojan horse) appears and when protection against the virus is available. In the interim, your computer can become infected unless you take other steps.

Users tend to call every malicious program a virus, but the dangerous programs encountered these days are rarely viruses in the technical sense. More commonly, they are worms or Trojan horses. The general name for malicious software is malware.

Malware made its first appearance in the 1980s, and the first malware programs were viruses. Computer viruses attach themselves to other programs; when an infected program is run, the virus is run as well, infecting other programs or a computer's boot sector. Today, most programs are distributed on read-only CDs, and virus checkers can protect your PC's boot sector.

A Trojan horse is a destructive program that disguises itself as something else. Unlike viruses and worms, Trojan horses don't replicate themselves; they just do bad things when you run them. In the 1980s, they were often distributed as appealing-sounding games, but today a classic Trojan is rarely seen. More commonly, you'll see blended threats distributed as e-mail attachments whose payloads are worms or viruses. You should never double-click on an executable e-mail attachment, even when you recognize the sender. Executable attachments have the file extensions .com, .exe, or .vbs.

A worm can copy itself to other machines without human interaction. It does this via network security holes. For example, a worm can be implemented as a script embedded in HTML e-mail. You don't have to double-click an attachment to get infected; you just have to view the message in an HTML-enabled e-mail client. Until recently, you couldn't turn off HTML e-mail in Outlook Express. But if you're running Version 6, Service Pack 1 or later, select Tools | Options, go to the Read tab, and check the box labeled Read all messages in plain text.

Beyond Virus Checkers

Even with heuristic scanning, a method for detecting viruses with unknown signatures, virus checkers are basically reactive. Of course, you should install a virus checker and update its engine and virus definitions regularly—but don't stop there. You should also follow the five suggestions listed here:

1. Installing operating system patches is time-consuming but worthwhile. Select Windows Update in your Start menu, or go to http://windowsupdate.microsoft.com and click on the Scan for updates link. A script will figure out exactly what you need and present it in a list. Just select the items you want and click on Install Now.

2. Worms can propagate across network shares if you write-enable shared directories that contain executables or crucial system documents. You should never write-enable a directory that contains anything but end user documents.


Don't Share: Make sure file sharing is not bound to TCP/IP.

3. Binding file sharing to TCP/IP on your Internet-connected device gives anyone on the Internet access to your hard drive. To prevent this, open the Network settings dialog, right-click on your Internet device, and choose Properties. The TCP/IP protocol will be selected. Make sure that the service File and Printer Sharing for Microsoft Networks is not selected.

4. Most malware is spread via e-mail attachments. A personal firewall that quarantines potentially dangerous attachments can keep your system safe and prevent viruses from spreading.

5. Lastly, you should back up regularly. There are more than 500 new viruses discovered each month, so be prepared.


HomeWritingSpeakingWeb DesignGraphic DesignBioBlogContact