(No off-color jokes, please!)
Okay, I think I understand the ABCs of viruses and how dangerous it is to open executable files.
But how does a PC get infected with a trojan–by .exe files, or can I get a trojan from just visiting a site? What about from downloading a news article or from opening a simple e-mail?
Are trojans and worms essentialls the same?
Worms work pretty much the same way as viruses, it’s just that the goal of the creator is different. A viruses code simply does something to every individual computer that it gets run on, and then e-mails out copies of itself. A worm is created with the goal of using all the infected computers for a certain purpose. For instance, several recent worms attempted to have the infected computers all attack a certain website at a certain date and time.
For the record, there is no way that any form of malicious code can infect a computer just by opening an e-mail or viewing a web page. It can only happen if an executable is run on the machine. However, depending on what operating system you’re using, executables might not necessarily always have the .exe extension. One virus a couple years back fooled a lot of people because the name ended with .com, which made people think that they were clicking on a link rather than opening a file.
Broadly defined, a “trojan” is a program that disguises itself as something else. When you open/run the trojan, you think you’re viewing a picture or playing a game, but the malicious code goes off and does something you weren’t expecting it to.
A program that advertises itself as a virus-checker, but actually formats your hard drive when you run it, would be a trojan. Similarly, a file that you think is a picture of Angelina Jolie naked, but is really a script to send email to everyone in your address book, is also a trojan.
This is not quite right, as I understand it. Of course, my definitions of “worm” vs. “virus” come from 1988 or so, so possibly the usage has changed when I wasn’t looking, but, (as I understand it,) the distinction is how the program propagates itself. Something that “does something to every individual computer that it gets run on, and then e-mails out copies of itself” is the very definition of a worm, not a virus.
A software virus, like a biological virus, co-opts other things to distribute itself. A true virus appends itself to other executable files when it is run, and uses them for an infection route to other machines, either over a network or by being copied to a disk and brought into another machine.
If you copy any program from a virus-infected machine, the virus is hidden inside that program, and executes when you run it.
A worm simply pushes copies of itself around, without using other programs as a container.
Good grief! I frequently download free trial programs (mainly utilities) from various sites. Yesterday I downloaded some anti-trojan program that was hell to uninstall. Had to finally go into the registry and terminate it ala Hal 9000.
How can you tell legitimate downloads from the rest?
Recently there was a malicious code that was executed just by previewing an email message. I think it was one of the BAD viruses, but not sure which one, and not sure how it operated.
Larry Mudd makes some good points. But keep in mind that things are not cut and dried. What one person may call a virus, another person calls a worm, etc.
ITR champion’s statement: "For the record, there is no way that any form of malicious code can infect a computer just by opening an e-mail or viewing a web page. " has been proven patently false hundreds of times. No well written and well configured email client or web browser would do this. Unfortunately, no software of any significance is perfect and MS in particular sets many defaults in their software to the worst possible setting. For the last couple months MS has been trying to figure out how to block a hole that allows downloading of malware just by visiting a webpage. The method is so integral to the OS, that just shutting the hole down makes a lot of other stuff break. They might never be able to produce a patch for it. If you don’t know of dozens of examples of this ocurring, perhaps posting such information is not the best idea.
In general:
A virus needs to “ride along” with another program to infect things. It doesn’t “live” on its own. For old MS-DOS world, command.com, the command line shell, was a frequent target. Every time you loaded command.com, which included startup, the virus attached to it would run, look for other things to infect and so on. If you never run the program that a virus is attached to, the virus will never execute.
A worm propagates itself. The first worm (a good program in this case) was developed at Xerox PARC in the 1970s to find idle machines on PARCs network and do some basic housekeeping. Most of the rapidly spreading stuff on the 'Net in recent years are worms.
The description of a trojan given so far suffices. Keep in mind that it is named after the Trojan Horse.
How do you keep bad stuff off your machine? Don’t let anything come near it unless you are 100% absolutely sure that is completely clean. Do not click on any email attachment. Turn off all email previews. Avoid MS products like IE and Outlook as much as humanly possible. (They’re the #1 targets and they are badly written.) Use a firewall.
If I need a program off the Net: I check into it’s credentials carefully. I Google, get some reviews from respected sites, download only from the official site or its official mirrors. I then run a virus scan on it right then and there. (I keep my virus software up-to-date.) I have been on the 'Net since the 70s, I don’t trust people or companies I don’t know. Neither should you. I actually have two antivirus programs installed. In case a virus takes one out. I use both AdAware and SpyBot Search and Destroy. I pay close attention to the behavior of my machine. If anything seems the least bit different, I start running all the scanning programs.
If I am visiting a web site I am not sure of, I look at the URL before I click. Make sure your browser displays the actual link when the mouse is over it.
E.g., two weeks ago I get an invite to a special social networking forum from a friend. To join I had to click a link. I didn’t do that. I mailed the friend and verified that the email really came from them. I went to the main page of the web site and started snooping (using Opera of course, never IE for a strange site). Two weeks later I decide it’s safe and join. BTW, my friend was invited to join previously by the person who co-ordinated the response to the infamous “Morris Worm” in the 80s. Pretty good creds, but I was still very careful.
True enough. I’ve been using Pine on a Solaris server for so long that I’ve forgotten how lousy Outlook is.
Which do you prefer: Mozilla or Opera–and Why? What functions will I lose by switching?
I would say Opera. The last time I used Mozilla, it still had a few issues. Certain html pages get weird formatting, and managing the history file and other features aren’t very user-friendly. Opera has lots of conveninet features and the workings are very intuitive. Admittedly I’ve never used Mozilla firebird, which is said to be better.
I’m Opera all the way.
Very occasionally, there are minor issues with plug-in support, or with sites that unwisely use proprietary MS code that doesn’t conform to the HTML spec – but it’s pretty rare, and the benefits are enormous. (Just the benefits that are pretty much specific to the SDMB are too many to name here, quite apart from me being about 30 seconds from sleep.)
I’m a zealot, though so if you’re curious you can search for any Opera thread I posted to.
A drastic (but very effective) solution is to run a non-Windows OS. Windows gets targeted the most by malware because it’s (a) all over the place, and (b) has security holes up the wazoo. If you’re running Linux or MacOS X, by comparison, you’re already not targeted by most of the malware out there, plus the stricter security architecture of those OSes will make it harder for any future potential virii to wreak any havoc.
Example 1: I’m running MacOS X here, and if – by some astronomically unlikely chance – (1) someone sends me a MacOS X trojan, (2) I blindly run it like an idiot, and (3) it tries to install some sneaky stuff in my computer’s System folder, I’ll get a dialog box that asks me for authorization before it can install anything. I can then cancel the installation and investigate the matter, with no harm done.
Example 2: If you’re running Linux without any sort of special “superuser” privileges, a trojan could at worst only destroy the stuff in your user account space – the rest of your computer would be untouched, thus reducing the damage. Specifics will vary according to what Linux distribution you use and how your account is set up, natch.
Yeah, it’s a drastic step, but if you want true peace of mind, it can’t be beat. I haven’t caught a computer virus, trojan, or spyware in over a decade now, and that’s without spending any money for anti-virus programs, firewalls, or anything else. 
The only time I get affected by a new virus outbreak is when my mailbox gets flooded with virus-generated spam…
I wouldn’t argue with the comments of the folk who have posted previously- they sure know their stuff. However, I have subscribed to an anti virus newsgroup for years and they can’t agree amongst themselves about the best way to go- some say two av programs, others say that is overkill and they will cause conflict.
In the end, what suits me is to use a lot of caution. I have up to date av gear, a firewall, and don’t go to strange sites OR open funny e-mails (of course e-mails are only one vector). And I use IE and OE- it all depends what you are doing.
:rolleyes:
Do you mean two resident real-time anti-virus programs? Conventional wisdom says this is a bad idea.. At the very least, you are taking a big performance hit, and could result in false positive detections, system instability or system crashing. Two AV programs running sumultaneously is overkill in my estimation.
Admitedly, Mozilla displays some pages oddly - but that’s normally because the page is written to exploit the ‘quirks’ of IE. At least, there’s the Bugzilla feedback system, where any such problems can be reported to the Mozilla ‘community’, who will work out if Mozilla is at fault. There’s updates every month or two, which are gradually improving things such as bookmarks and history.
And I’m sorry if it sounds silly, but I could never adjust to having Opera’s adverts in the free version.
Try Mozilla Firefox. It’s free and I’ve been using it as my main browser for a while. There’s also an extension called “View in IE” which adds that option to the context menu, so if you hit a site that won’t work in anything but IE you’re only a click away from firing it up.
The definitions of “virus,” “worm,” and “trojan” are varied and inconsistently applied. For instance, I’ve seen virus vendors define a worm as something that spreads without user intervention, while calling a virus that spreads only if you click on an e-mail attachment (i.e., user intervention) a worm.
Worms tend to propagate themselves over networks, and trojans tend not to send out copies of themselves, but I’m sure there are dozens of exceptions. The term in computer security is “malware,” which covers these and others.
And though viruses are an issue, a bigger issue nowadays is spyware. You probably don’t have a virus on your computer, but it’s certain there’s some sort of spyware on it.
In fact, I never run any anti-virus programs in the background. I keep resident programs to the bare minimum and anti-virus programs just suck resources big time. One of the programs I use doesn’t even have that feature (which is why I like it, I don’t have to turn off the default “run at startup” setting).
That’s just plain foolish. And inconsiderate, if you’re on a network. Good antivirus doesn’t hog memory or cause any appreciable issues, and the day you’re stuck with something and have to clean it off, you’ll be grateful.
There is no excuse for not having antivirus software running on your Windows PC.
Just to keep you informed: I have a PhD in Computer Science, I have published over 40 research papers. My research appears in standard ungraduate Operating Systems textbooks. I know a wee bit about this, okay?
If you run adequate firewall software on your own properly configured PC, there is extremely little threat from others on the network. (I have a single firewall protecting my home network, my work networks have been Unix machines.) Especially if you keep up-to-date on the latest threats. I watch certain Usenet groups and can predict when a major attack is coming a week in advance.
Virus writers are producing new viruses at such a rapid pace that most new viruses have spread worldwide before the signature files get updated. Running virus checkers in the background only gives the illusion of protection. Humans are the root of all security problems. You have to address the human issue first and foremost. (And a memo will never do!)
I know people who have had to clean up huge networks after Blaster-class infections. No antivirus software stopped the virus in time or assisted in the cleanup! It was disconnect all machines, clean them all up one at a time (frequently doing a reformat and reinstall!), etc.
RealityChuck, your are misinformed about the capabilities and quality of antivirus software.