I have McAfee ActiveShield SW. I’ve heard that some viruses/trojans can still sneak through.
In order for a virus or worm to infect your computer, some code has to be run. This means that pure data is safe. However, some programs will run macros on documents or email which is a danger.
In general, you have to voluntarily run something to get a virus. It is theoretically possible to take advantage of a buffer overflow in a program which may cause data to be interpreted as instructions, which could open the door for a virus. But that’s quite unlikely, and it would have to be tailored to the particular version of that program that you are using. Web-surfing is safe unless you have some scripting capabilities (specifically VBscript, and Active anything) in IE turned on. IE is a security nightmare.
Unless you have your mail reader set to run macros or automatically open attachments, you can’t get infected just by reading mail. If you are using Outlook, you need to be very careful that all those settings are off. Outlook is another security nightmare.
I don’t have any sort of antivirus software on my windows system, and I’ve never had a problem with viruses. You just have to not run any untrusted code.
Appropriate handle, Nerd! Thank you. I barely got through you post, I ain’t terribly knowledgeble. It did give me almost all the answers, though. Just a few questions, if I may. Let’s pretend that I’m 12 yo. So:
“…some code has to be run.” what is code?
I use this BB VBscript, like**, *, etc. I noticed ActiveX on my PC but thought it came with WMe. I never touched it.
Your last sentence, about untrusted code: I do not know yet what a code is, what’s “untrusted” mean"?
[QUOTE]
*Originally posted by peace *
"…some code has to be run." what is code?
A program. Most noted in Windows as a file that ends in .exe
I noticed ActiveX on my PC but thought it came with WMe. I never touched it.
Yes. It’s in there. Not to worry about too much unless you use IE as a browser. You might want to consider turning off “Windows Scripting Host” which allows a VB Script free run of your computer.
A VB Script, in simple terms, is a small “program” which allows things to be done to your computer. Think of it this way. Let’s say everytime you turned on your computer you wanted it to log into the internet and check your e-mail automaticly. This can be done with a VB Script. When you boot your computer the script runs and says “log in” then “open email” then “check for new mail”. Pretty simple.
But, some people write nasty scripts that say “When I am run I will rename every .doc file to .pig. Then I’ll find every file that ends in .wav and delete it. Then I’ll,…etc.etc.”
To turn Windows Scripting Host off, go into Add/Remove Programs in the Control Panel. You’ll fine it under Accessories. Uncheck it.
**Your last sentence, about untrusted code: I do not know yet what a code is, what’s “untrusted” mean"? **
What he means by that is dont run every program that is e-mailed or you find on the Internet. There are several programs out there that when you run them do other things then what you think they should do. There was a small program floating around the web and email which when you downloaded it and ran it, it would open a windows with fireworks going off. I think it would say happy new year. But, in the background when you were watching the fireworks, it was messing up files on your computer.
If you aren’t sure about the program, don’t run it. Watching little fireworks is nothing to loose your data over. 
Peace, this may not be helpful, but WTF…
I have always had AV software running… (MacAfee for awhile, until they pissed me off, then Norton), and in the past 5 years that I have been online (downloading the *uck out of everything I could get my hands on to play with), I have NEVER had any hint of a virus! The only time I have even seen a virus was when the fiancee brought a disk from work to look at (and MacAfee caught it and fixed it with no problems…)…
My opinion is that viruses are a bit over played…
prepared to duck and run from those who disagree…
You’re absolutely right. Viruses are overhyped. They are a concern, but there’s no need to panic.
You should use anti-virus software. I’d recommend InnocuateIT from http://antivirus.cai.com – it’s good and it’s free. Of course, no virus software can catch a brand new virus (a major flaw that should be easy to correct, but isn’t), so you need to keep updating.
There are four general categories of viruses. Executable viruses (which attach themselves to program files) and boot sector viruses (which run whenever you start your computer) are pretty much obsolete; if you get one, it’s from a very old floppy disk.
Most recent viruses have been macro viruses, hidden in Microsoft Word files. Microsoft thinks “security” is what you do after someone wrecks your system, so it’s fairly easy for virus writers to create things for work. Luckily, most macro viruses are merely a nuisance and do little more than replicate themselves.
The current wave of viruses are various trojans. Unlike a virus, which infects you by iteself, trojans require you to click and run a program. Once run, though, the current crop (usually e-mail attachments) send themselves to everyone in your Outlook Express Address book and play tricks (including deleting files) with your hard drive.
So what do you do, especially since you can’t trust your virus software? Follow one iron-clad rule: Never click on an unexpected attachment. If a friend sends you an attached file that you don’t expect, first e-mail back and ask what it is. Be especially wary of one with a generic message (“Though you might like this.”). You’re also less likely to spread the virus if you use a mail client other than Outlook Express.
You can only be infected if you click on executable files. Most obvious of these are programs (.exe), though Word files (.doc) can have a macro virus in them. You cannot be infected by clicking on a .txt, .gif, .rtf, .jpg, .avi, .mov, or .MP3 (though it is possible to have a hidden extension after the .txt, so it isn’t actually a .txt file – make sure the icon of the file matches the icon for Wordpad). Never click on a .vbs file; there’s no reason for 99% of users to create such a thing.
File downloads from the Internet are nearly always safe, especially if they’re from a legitimate source like http://www.shareware.com. They guard against trojan horses (though you may not want to download a file the same day it’s uploaded, just to be sure), and the executable file viruses, being obsolete, shouldn’t be a concern.
Finally, if you get a message about a “new and very dangerous” virus, imploring you to spread the word by e-mailing all your friends, that’s probably a hoax. Visit http://www.vmyths.com for information.
sort of. Malicious CGI scripts might be able to do something to your computer.
open docs that are sent with email with wordpad instead of Word, as the macros don’t activate in wordpad.
VBS scripts can do plenty to your computer. The famous I Love you virus used them.
Thank you all. I agree that “virus threat” is overplayed. On technical BB, Windows and other OS are discussed a lot, security and viruses in particular come close second. McAfee sends me updates at least twice a month. Like there are hordes of viruses eager to invade.
Cancer and diabetes are rare diseases, compared with common cold. I know a few diabetics and cancer victims. Of all the PC people I know, only one (1) had a virus once. During all these years.
A few questions, again.
This is true to some extent till you get whacked. You may as well say the flu is over played because you haven’t had one in five years. Maybe you’re lucky, maybe you have a good immune system but it still bites to get sick in the 6th year.
How critical is the info on your PC and how critical is it that your PC be available 24/7? This is the criteria I’d use to determine how anal I’d want to get about virus protection. If there’s nothing irreplaceable then the worst that can happen is you spend half a Saturday rebuiding your PC from a destructive virus attack. If the doctoral thesis you’ve been working on for the past 4 years is on your PC I’d think harder about virus protection (as well as keeping multiple copies of my work). If you use your PC for critical work and you can’t afford to have it out of action for any length of time then get real serious about virus protection.
I was working for a Fortune 25 company back when the “I Love You” virus struck. It was very real and very much a pain in the ass. The company didn’t have hard numbers but there was no question the cost of this attack was in the millions of dollars range (they are a global company and got nailed nearly everywhere).
In short, no need to be a freak about this stuff (except under unusual circumstances like you run the Department of Defense computers) but this IS worth paying at least some attention to.
Peace, I think you have vbb code, which this message board uses, confused with the above mentioned VBscript. They are completely separate things, and you will still be able to use this board as you can now, even after disabling VB scripting.
I totally agree with the “don’t open attachments you aren’t expecting” advice. I’d double-underline that, though.
The viruses which have spread most effectively and done the most damage where I work are mostly variants on the “I Love You”/“Love Letter” virii.
These have even been known to catch IT pros off-guard because of an exploitation of Windows’ file associations and naming conventions.
For example, a recent one included attachments which appeared to be *.JPG files but were actually *.JPG.vb – Visual Basic code scraps which Windows displays as *.JPG files unless you have your view settings set to “Hide File Extensions for Known File Types - OFF”. They would open with a double-click and proceed to overwrite every JPG on your hard drive with their own code.
Another batch came through with the extension *.TXT.shs, which Windows ID’s as a text scrap, but shows up as DOCUMENT.TXT unless you have your view set up to show extensions. These used Microsoft Word macros (SHS is the extension for “Document Scrap” objects. You think you’re opening a text file and all of a sudden your computer is emailing a virus to everyone you know.
Bad.
Tips:
In your View setup, make sure that “Hide File Extensions for Known File Types” is NOT checked.
NEVER open an e-mail attachment you are not expecting.
NEVER open a file which seems to have a recognizeable extension (*.JPG, *.TXT, *.GIF, etc.) but doesn’t show the right icon.
Always keep your virus definitions up to date.
During this time of year, it is important to keep you PC healthy by insisting it wear a hat, sweater and mittens when playing outside. The cold air can slow the body’s natural defenses, making your young PC more susceptible to infection when it comes into contact with its PC playmates who may not be as clean as yours.
Also, talk to your PC about the dangers of unprotected sex and exposure to body fluids. Try to not terrify the poor dear, but ensure that it understands the risks. It’s a dirty, dirty world out there.
Drops on Astroboy14 printed copies of every instance of the loveletter virus that ripped through work in two days.
Take that.
Two weeks ago, one of our suppliers got hit by LoveLetter, and the Director of Marketing received a copy. He opened it up, double-clicked the attachment, selected “Open It” from the dialogue offered by Outlook, and nothing happened.
A minute later, four copies from him showed up in my inbox. I asked him if he’d sent me anything, since the email looked suspicious (blank but for a .vbs attachment). When he said no, I immediately got on the paging system and warned the office not to open any attachments.
Too late. Within ten minutes I had another thirty copies of the virus in my inbox, and so did everyone else. There are only around 100 people with email at work, but because mailing lists exist in the general contact list, people received multiple copies.
That wasn’t so bad, but had we been a larger company, our mail server would have crashed under the load, as happened often the first time it went around. Also, loveletter replaces all .jpg and .vbs files with copies of itself, and changes the start page on your browser to atuomatically download another virus from the Internet; thankfully, none of the machines actually hit with it contained the libraries of digital product images we rely on. Norton Antivirus didn’t catch it, either receiving it or when executing it, and our virus definitions are always up to date. I sent the I.S. department around to everyone with email to personally warn them to delete the emails they’d received under threat of bodily harm.
So the virus threat is like the threat of getting into a car accident. It happens so rarely that you don’t think about it, but when it does happen, it can kill you. Elementary precautions are definitely called for, just like you wear a seat belt.
Antivirus software is useful, since it (usually) prevents the spread of known viruses. However, the reason the first instance of the LoveLetter virus did so much damage was because, before it had been discovered, antivirus software had no protection against it.
Don’t open email attachments you’re not expecting. Run AV software. Scan your hard drive regularly. And don’t forward email warning about viruses - they’re always hoaxes.
I’d just like to add that executible and boot sector vira are not dead, just somewhat quarantined. Among small networks such as those found at many schools and offices (which were always their primary breeding grounds), they can thrive for ages. A certain university which I attended hadn’t managed to wipe out the local infestation of AntiEXE as of when I left a year and a half ago, and probably still hasn’t. If you’re not on such a network, though, you never were very likely to encounter them, and are even less likely nowadays.