(No off-color jokes, please!)

Okay, I think I understand the ABCs of viruses and how dangerous it is to open executable files.

But how does a PC get infected with a trojan--by .exe files, or can I get a trojan from just visiting a site? What about from downloading a news article or from opening a simple e-mail?

Are trojans and worms essentialls the same?

Worms work pretty much the same way as viruses, it's just that the goal of the creator is different. A viruses code simply does something to every individual computer that it gets run on, and then e-mails out copies of itself. A worm is created with the goal of using all the infected computers for a certain purpose. For instance, several recent worms attempted to have the infected computers all attack a certain website at a certain date and time.

For the record, there is no way that any form of malicious code can infect a computer just by opening an e-mail or viewing a web page. It can only happen if an executable is run on the machine. However, depending on what operating system you're using, executables might not necessarily always have the .exe extension. One virus a couple years back fooled a lot of people because the name ended with .com, which made people think that they were clicking on a link rather than opening a file.

Broadly defined, a "trojan" is a program that disguises itself as something else. When you open/run the trojan, you think you're viewing a picture or playing a game, but the malicious code goes off and does something you weren't expecting it to.

A program that advertises itself as a virus-checker, but actually formats your hard drive when you run it, would be a trojan. Similarly, a file that you think is a picture of Angelina Jolie naked, but is really a script to send email to everyone in your address book, is also a trojan.

Worms work pretty much the same way as viruses, it's just that the goal of the creator is different. A viruses code simply does something to every individual computer that it gets run on, and then e-mails out copies of itself. A worm is created with the goal of using all the infected computers for a certain purpose.This is not quite right, as I understand it. Of course, my definitions of "worm" vs. "virus" come from 1988 or so, so possibly the usage has changed when I wasn't looking, but, (as I understand it,) the distinction is how the program propagates itself. Something that "does something to every individual computer that it gets run on, and then e-mails out copies of itself" is the very definition of a worm, not a virus.

A software virus, like a biological virus, co-opts other things to distribute itself. A true virus appends itself to other executable files when it is run, and uses them for an infection route to other machines, either over a network or by being copied to a disk and brought into another machine.

If you copy any program from a virus-infected machine, the virus is hidden inside that program, and executes when you run it.

A worm simply pushes copies of itself around, without using other programs as a container.

A program that advertises itself as a virus-checker, but actually formats your hard drive when you run it, would be a trojan.

Good grief! I frequently download free trial programs (mainly utilities) from various sites. Yesterday I downloaded some anti-trojan program that was hell to uninstall. Had to finally go into the registry and terminate it ala Hal 9000.

How can you tell legitimate downloads from the rest?

For the record, there is no way that any form of malicious code can infect a computer just by opening an e-mail or viewing a web page. It can only happen if an executable is run on the machine.Recently there was a malicious code that was executed just by previewing an email message. I think it was one of the BAD viruses, but not sure which one, and not sure how it operated.

Larry Mudd makes some good points. But keep in mind that things are not cut and dried. What one person may call a virus, another person calls a worm, etc.

ITR champion's statement: "For the record, there is no way that any form of malicious code can infect a computer just by opening an e-mail or viewing a web page. " has been proven patently false hundreds of times. No well written and well configured email client or web browser would do this. Unfortunately, no software of any significance is perfect and MS in particular sets many defaults in their software to the worst possible setting. For the last couple months MS has been trying to figure out how to block a hole that allows downloading of malware just by visiting a webpage. The method is so integral to the OS, that just shutting the hole down makes a lot of other stuff break. They might never be able to produce a patch for it. If you don't know of dozens of examples of this ocurring, perhaps posting such information is not the best idea.

In general:

A virus needs to "ride along" with another program to infect things. It doesn't "live" on its own. For old MS-DOS world, command.com, the command line shell, was a frequent target. Every time you loaded command.com, which included startup, the virus attached to it would run, look for other things to infect and so on. If you never run the program that a virus is attached to, the virus will never execute.

A worm propagates itself. The first worm (a good program in this case) was developed at Xerox PARC in the 1970s to find idle machines on PARCs network and do some basic housekeeping. Most of the rapidly spreading stuff on the 'Net in recent years are worms.

The description of a trojan given so far suffices. Keep in mind that it is named after the Trojan Horse.

How do you keep bad stuff off your machine? Don't let anything come near it unless you are 100% absolutely sure that is completely clean. Do not click on any email attachment. Turn off all email previews. Avoid MS products like IE and Outlook as much as humanly possible. (They're the #1 targets and they are badly written.) Use a firewall.

If I need a program off the Net: I check into it's credentials carefully. I Google, get some reviews from respected sites, download only from the official site or its official mirrors. I then run a virus scan on it right then and there. (I keep my virus software up-to-date.) I have been on the 'Net since the 70s, I don't trust people or companies I don't know. Neither should you. I actually have two antivirus programs installed. In case a virus takes one out. I use both AdAware and SpyBot Search and Destroy. I pay close attention to the behavior of my machine. If anything seems the least bit different, I start running all the scanning programs.

If I am visiting a web site I am not sure of, I look at the URL before I click. Make sure your browser displays the actual link when the mouse is over it.

E.g., two weeks ago I get an invite to a special social networking forum from a friend. To join I had to click a link. I didn't do that. I mailed the friend and verified that the email really came from them. I went to the main page of the web site and started snooping (using Opera of course, never IE for a strange site). Two weeks later I decide it's safe and join. BTW, my friend was invited to join previously by the person who co-ordinated the response to the infamous "Morris Worm" in the 80s. Pretty good creds, but I was still very careful.

ITR champion's statement: "For the record, there is no way that any form of malicious code can infect a computer just by opening an e-mail or viewing a web page. " has been proven patently false hundreds of times. No well written and well configured email client or web browser would do this.

True enough. I've been using Pine on a Solaris server for so long that I've forgotten how lousy Outlook is.

Avoid MS products like IE and Outlook as much as humanly possible. (They're the #1 targets and they are badly written.)

Which do you prefer: Mozilla or Opera--and Why? What functions will I lose by switching?

I would say Opera. The last time I used Mozilla, it still had a few issues. Certain html pages get weird formatting, and managing the history file and other features aren't very user-friendly. Opera has lots of conveninet features and the workings are very intuitive. Admittedly I've never used Mozilla firebird, which is said to be better.

Which do you prefer: Mozilla or Opera--and Why? What functions will I lose by switching?I'm Opera all the way.

Very occasionally, there are minor issues with plug-in support, or with sites that unwisely use proprietary MS code that doesn't conform to the HTML spec -- but it's pretty rare, and the benefits are enormous. (Just the benefits that are pretty much specific to the SDMB are too many to name here, quite apart from me being about 30 seconds from sleep.)

I'm a zealot, though so if you're curious you can search for any Opera thread I posted to.

How do you keep bad stuff off your machine? Don't let anything come near it unless you are 100% absolutely sure that is completely clean. Do not click on any email attachment. Turn off all email previews. Avoid MS products like IE and Outlook as much as humanly possible. (They're the #1 targets and they are badly written.) Use a firewall.
A drastic (but very effective) solution is to run a non-Windows OS. Windows gets targeted the most by malware because it's (a) all over the place, and (b) has security holes up the wazoo. If you're running Linux or MacOS X, by comparison, you're already not targeted by most of the malware out there, plus the stricter security architecture of those OSes will make it harder for any future potential virii to wreak any havoc.

Example 1: I'm running MacOS X here, and if -- by some astronomically unlikely chance -- (1) someone sends me a MacOS X trojan, (2) I blindly run it like an idiot, and (3) it tries to install some sneaky stuff in my computer's System folder, I'll get a dialog box that asks me for authorization before it can install anything. I can then cancel the installation and investigate the matter, with no harm done.

Example 2: If you're running Linux without any sort of special "superuser" privileges, a trojan could at worst only destroy the stuff in your user account space -- the rest of your computer would be untouched, thus reducing the damage. Specifics will vary according to what Linux distribution you use and how your account is set up, natch.

Yeah, it's a drastic step, but if you want true peace of mind, it can't be beat. I haven't caught a computer virus, trojan, or spyware in over a decade now, and that's without spending any money for anti-virus programs, firewalls, or anything else. :) The only time I get affected by a new virus outbreak is when my mailbox gets flooded with virus-generated spam...

I wouldn't argue with the comments of the folk who have posted previously- they sure know their stuff. However, I have subscribed to an anti virus newsgroup for years and they can't agree amongst themselves about the best way to go- some say two av programs, others say that is overkill and they will cause conflict.

In the end, what suits me is to use a lot of caution. I have up to date av gear, a firewall, and don't go to strange sites OR open funny e-mails (of course e-mails are only one vector). And I use IE and OE- it all depends what you are doing.

:rolleyes:

I actually have two antivirus programs installed. In case a virus takes one out. .Do you mean two resident real-time anti-virus programs? Conventional wisdom says this is a bad idea. (http://www.google.com/search?sourceid=navclient&q=%22two+anti%2Dvirus%22+%22same+time%22). At the very least, you are taking a big performance hit, and could result in false positive detections, system instability or system crashing. Two AV programs running sumultaneously is overkill in my estimation.

I would say Opera. The last time I used Mozilla, it still had a few issues. Certain html pages get weird formatting, and managing the history file and other features aren't very user-friendly. Opera has lots of conveninet features and the workings are very intuitive. Admittedly I've never used Mozilla firebird, which is said to be better.

Admitedly, Mozilla displays some pages oddly - but that's normally because the page is written to exploit the 'quirks' of IE. At least, there's the Bugzilla feedback system, where any such problems can be reported to the Mozilla 'community', who will work out if Mozilla is at fault. There's updates every month or two, which are gradually improving things such as bookmarks and history.

And I'm sorry if it sounds silly, but I could never adjust to having Opera's adverts in the free version.

Try Mozilla Firefox. (http://www.mozilla.org/products/firefox/) It's free and I've been using it as my main browser for a while. There's also an extension called "View in IE" which adds that option to the context menu, so if you hit a site that won't work in anything but IE you're only a click away from firing it up.

The definitions of "virus," "worm," and "trojan" are varied and inconsistently applied. For instance, I've seen virus vendors define a worm as something that spreads without user intervention, while calling a virus that spreads only if you click on an e-mail attachment (i.e., user intervention) a worm.

Worms tend to propagate themselves over networks, and trojans tend not to send out copies of themselves, but I'm sure there are dozens of exceptions. The term in computer security is "malware," which covers these and others.

And though viruses are an issue, a bigger issue nowadays is spyware. You probably don't have a virus on your computer, but it's certain there's some sort of spyware on it.

Do you mean two resident real-time anti-virus programs? Conventional wisdom says this is a bad idea. (http://www.google.com/search?sourceid=navclient&q=%22two+anti%2Dvirus%22+%22same+time%22). At the very least, you are taking a big performance hit, and could result in false positive detections, system instability or system crashing. Two AV programs running sumultaneously is overkill in my estimation.

In fact, I never run any anti-virus programs in the background. I keep resident programs to the bare minimum and anti-virus programs just suck resources big time. One of the programs I use doesn't even have that feature (which is why I like it, I don't have to turn off the default "run at startup" setting).

In fact, I never run any anti-virus programs in the background. I keep resident programs to the bare minimum and anti-virus programs just suck resources big time. One of the programs I use doesn't even have that feature (which is why I like it, I don't have to turn off the default "run at startup" setting).That's just plain foolish. And inconsiderate, if you're on a network. Good antivirus doesn't hog memory or cause any appreciable issues, and the day you're stuck with something and have to clean it off, you'll be grateful.

There is no excuse for not having antivirus software running on your Windows PC.

That's just plain foolish. And inconsiderate, if you're on a network. Good antivirus doesn't hog memory or cause any appreciable issues, and the day you're stuck with something and have to clean it off, you'll be grateful.

There is no excuse for not having antivirus software running on your Windows PC.

Just to keep you informed: I have a PhD in Computer Science, I have published over 40 research papers. My research appears in standard ungraduate Operating Systems textbooks. I know a wee bit about this, okay?

If you run adequate firewall software on your own properly configured PC, there is extremely little threat from others on the network. (I have a single firewall protecting my home network, my work networks have been Unix machines.) Especially if you keep up-to-date on the latest threats. I watch certain Usenet groups and can predict when a major attack is coming a week in advance.

Virus writers are producing new viruses at such a rapid pace that most new viruses have spread worldwide before the signature files get updated. Running virus checkers in the background only gives the illusion of protection. Humans are the root of all security problems. You have to address the human issue first and foremost. (And a memo will never do!)

I know people who have had to clean up huge networks after Blaster-class infections. No antivirus software stopped the virus in time or assisted in the cleanup! It was disconnect all machines, clean them all up one at a time (frequently doing a reformat and reinstall!), etc.

RealityChuck, your are misinformed about the capabilities and quality of antivirus software.

I know people who have had to clean up huge networks after Blaster-class infections. No antivirus software stopped the virus in time or assisted in the cleanup! It was disconnect all machines, clean them all up one at a time (frequently doing a reformat and reinstall!), etc.Of course, since you hold a PhD in Computer Science and have published 40 research papers, you know that the Blaster worm was pretty unique in that it did not spread via email. The fact that one virus and a small group variants evade conventional virus protection in no way invalidates virus protection programs that are effective against over 100,000 other email-borne viruses in the wild today. The fact is that resident anti-virus programs, while not perfect, stop hundreds of thousands (if not millions) of virus laden emails every day. If computer academics such as yourself think that telling people to just be more careful is going to be an improvement over resident AV programs, you are sadly misguided regarding the intelligence of the average computer user.

If computer academics such as yourself think that telling people to just be more careful is going to be an improvement over resident AV programs, you are sadly misguided regarding the intelligence of the average computer user.I don't think ftg is saying that at all. He was responding the RealityChuck's comment that "There is no excuse for not having antivirus software running on your Windows PC."

Nobody's saying that TSR anti-virus scanners aren't useful for naive users -- just that once you have a basic understanding of network security, resident scanning utilities present more problems that added security. By the time definitions are included for new threats, your average nerd has already read the security bulletins.

I don't keep a virus scanner running in the background on my system, either-- because it would be totally redundant in combination with security measures already in place, and I'd rather have the free resources and absence of conflicts with other software. I open a scanner and manually check any file that I have reason to be suspicious of, and don't use software with notoriously lax security. If an executable runs on my system, you can be sure that I'm confident it's benign and want it to run. Having a virus scanner running 24/7 would be a waste of cycles, period.

At the same time, I usually make sure that friends and acquaintances that I find myself (as designated nerd) giving IT support to have background virus scanners installed -- even when they have less resources to spare than I do. It's just easier than trying to give them a crash course in network security and asking them to stay up to date on the latest threats. Hell, I have one friend who's running Norton AV 2004 on a Pentium 133. Their computer runs noticeably slower all the time and they have to disable it temporarily to get some things to work at all, but the security it provides, (while not being effective as wetware-based paranoia,) is well worth it. For them.

Someone who reads the latest security bulletins, uses relatively secure software, and has no resident AVP is much better protected than someone who installs anti-virus software and thinks no more about it. And someone who installs anti-virus software and thinks no more about it (providing it downloads new definitions automatically) is better protected than someone who takes no precautions at all.

No need to argue about it. :) Happy, happy, joy, joy!