I keep hearing about new viruses on bbc news online. Eventually it becomes clear they are in the form of attachments, that need to be activated by the reciever to work.
Have a clue people! don’t fucking click on them! This is why I have never worried about viruses, because I am not stupid enough to click attachments like “Love letter.doc.exe”
I am sure I will get flamed. I just wish they’d emphasise that it is partly the users fault for opening the damn attachments. Why do SO MANY people still do it!?
And people (including you, dad) don’t download programs with names like “Internet booster” and “memory wham bam upspeed superduper fastilator”.
(ok that last one was made up. Point is don’t trust things with silly names that claim to do in software what hardware cannot do)
My dad used to get computer viruses all the time. Then I got him this neat firewall program called Lock 'Em Up Tighter Than A Gnat’s Ass 4.0 and…
Unfortunately it wasn’t that easy. I had to play a trick on him and tell him that every store or catalog he likes to shop from has a website the same as the store name, just with .com at the end.
After that day he tried to shop at Dick’s online store, he never used the computer again.
Ha! This morning, nasties in my inbox indictated that someone I know had contracted the new Netsky.C worm, so I did what I always do-- composed a letter with detailed detection and removal instructions, personalized enough that anyone reading it would know that I was the actual originator, and sent it out to everyone on my contact list.
By this afternoon, I had several “Why are you sending this to me, you know that I’m smarter than that!” messages, and one “Hey, thanks for spotting that for me!” message from someone who I would have assumed was smarter than that if I’d discriminated at all about who I sent it out to.
Turns out he had, after being lulled into the false sense of security that AV protection with up-to-date definitions seems to give people, gone looking for Matrix: Revolutions on Kazaa, and stumbled across a “Matrix Screensaver” which of course didn’t work, because it was worm, not an actual screensaver. He was suspicious enough to “do a scan” to make sure he was uninfected, and of course it came back negative so he went to bed.
AV software is no replacement for not being careless, and downloading tiny executables off shady peer-to-peer networks is an awful lot like screwing strangers in public bathrooms. For fuck’s sake, people. Smarten up! Of course, I have a low opinion of the intelligence of anyone who would willingly install Kazaa, anyway. Filthy pestilential piece of spyware-laden garbage! If you’re going to use P2P (for public domain stuff) use something that doesn’t suck so damned much!
Every time a new virus comes into the news, my mother tells us at the dinner table with an admonishment to be very very careful.
Once she leaves, my brother and I confirm to each other than this still consists of NOT OPENING ATTACHMENTS OR WACKY .EXE FILES.
Geesh.
My contribution to this battle is to never ever read emails from a certain friend, who instead of forwarding dumb joke emails, insists on attaching them. I write her back several times and say sweetly that I’m sorry I missed her message, but I just never open attachments, and would she please quote the text as text. She never replies, and the attachments keep coming. Perhaps they are the viral work of a bot.
Some managers a few cubicles away from mine are running all amuck like chicken little about the “virus” that showed up this week. I am so freakin tired of one guy in particular. I dont know if he speaks loud because he thinks everyone is interested in what he has to say or he is deaf but he makes me want to slap him and get fired for insubordination. He has to announce that he got “another” mysterious email from someone not on his personal list and he gets up and paces around making sure everyone is not opening their emails. Stupid oaf, I hope he misses business work because he is acting like an ass.
Another manager strided over to my cubicle and demanded to look at my email and was pointing out emails that she thought were suspect. I just sighed and told her they were “my” emails and not hers to have opened.
Dammit, tightass! In the words of my coworker:
I have forgotten more about computers than she has ever learned!
Lets be realistic people.
Whatever you tell your friends and colleagues is meaningless.
Somewhere out there someone will click on an attachment.
We live in the age of the network aware worm , packaged with backdoors and keyloggers etc. and you can still be affected by rogue code without ever being infected .
Often mails will be spoofed so your well intentioned advice might well be delivered to someone with no culpability at all
The ‘dont open attachment’ advice is good but combine it with instructions
to :
A: regularly update the OS patch levels ,
B: regularly update the IDS signatures in your personal firewall of choice ,
C: regularly update your anti virus defintions
D: ensure your corporate systems are correctly managed as above and filters are in use at gateways (or even better have mail managed by Message Labs)
E:listen to your mom at the dinner table,
Day Zero Exploit Warhols are on the way , the concept has been proven , you need to protect yourself.
Here’s some security advice:
http://www.evidence-eliminator-sucks.com/how-protect.php
http://www.pc-help.org/www.nwinternet.com/pchelp/index.html
http://diamond-back.com/fileextensions.html
Yeah, but with most mass mailers today, the infected computer does not have to be anyone you know. I notice you have your e-mail address on your web page; this means anyone who ever visited your web page could possibly be infected. How do you plan to contact them?
It’s good advice not to click on unknown attachments, but human nature and social engineering mean that people will continue to do it. People just don’t understand that computers need to be maintained, and that you have to think of security with anything you do. Also, a lot of users are too young to understand this (kids on online all the time); others don’t really care if they have a virus as long as it doesn’t keep them from doing what they do (the fact that few new viruses do damage to hard drives is one reason they’re spreading so much – generally, the more damage a virus does, the less it spreads)
The rule for attachment, BTW, should be similar to the rule for lawyers: Never click on any attachment unless you know exactly what it is.
A guy in the IT department here at my company told me a story about how during the ILOVEYOU virus a few years ago, a project manager called him and yelled at him because he couldn’t open an attachment in an email (they had set up Outlook to strip .exe attachments). When asked who it was from, he said the COO. The IT guy replied with, “Do you really think the COO is sending you a love letter?” :rolleyes:
Some people are just so fucking stupid that it makes me feel ill.
You all don’t open attachments at all? That’s crazy. I use and receive attachments, tons of them, each and every day. Couldn’t do my job without email attachments.
I sure am glad I don’t have this threat of viruses hanging over my head. Sounds like it’s no fun at all.
I open attachments only if the email is from someone I know, and that someone has mentioned in the body of the email something like “I’m attaching a text file (or pictures, or whatever) of (whatever).” I also don’t use Outlook or Outlook Express. I don’t believe that I’ve ever had a virus infection from email.
I also have my security settings tweaked a bit. I have Active-X prompt me before running. This DOES mess up the look of some pages, but in most cases, it’s advertising that wants to run Active-X. I’m also very, very careful of what I download.
What about the ones that launch themselves when you highlight the message in the inbox, with the intention of deleting it, without having opened it, let alone clicking on the attachments? I’ve had a couple of those buggers lately.
I have my mailserver configured to use several aliases for my account, and my client set up to label and sort incoming mail based on which alias is used. (Yeah, I’m a nerd.) Anyway, this gives me a heads-up on what relationship the sender has to me – real-world personal, family, recreational online, business, something I’ve registered for, or someone coming through my cheesy webpage. If I started getting virus e-mails addressed to that alias, I wouldn’t have any reason to think that the sender actually knows me, and would just delete them and ignore it, or configure my mailserver to refuse mail for that alias, if the volume was too crazy.
You’ve got to stop using Outlook Express, is what that’s about. 
(I’m assuming OE still won’t let you turn off the stupid Preview “feature.” Haven’t looked in a long time, though.) If you have the full version of Outlook, you can turn that off. Better still, use an e-mail client that is more secure. I like Thunderbird. It’s free. (Note- some people complain about a lack of plug-in support for Thunderbird. Doesn’t bother me, because I hate it when people send me noisy, flashy e-mails. If you like that sort of thing, you’re probably better off with Eudora.) By all means, though-- get rid of that Preview Pane. Apart from letting your pants down to malicious ActiveX scripts (if you have ActiveX enabled,) Spam that is displayed there will be counted as “read” by webbugs, which means More Spam for Martha. (First one to say “Band Name!” gets in the knees.)
Cheers!
There’s an option in Outlook that lets you read e-mail in HTML or just plain text. (It doesn’t always work correctly, but for the most part it does.) I keep it on plain text, because it can defeat some viruses and spam by stopping webpage exploits.
It’s not foolproof, but it works - haven’t had a virus in years, and I’m constantly downloading crap and viewing suspicious websites and emails.
Thanks for the advice and inspiration, Larry Mudd and TonyJ. You might just have succeeded in spurring me into doing something about this.
Martha, do you know what version of Express you’re using? If not, go to “Help” and click “About Microsoft Outlook Express.” (Forgive me if this is too simple; after having to teach one new employee how to use a mouse, I never assume anything about folks’ computer literacy).
If you’re using anything besides Outlook Express 6, you should update to OE6: you can click here to go to Microsoft’s update page.
If you’re using 6, you can go to tools–>options and click on the Security tab; the second check box says, “Do not allow attachments to be saved or opened that could potentially be a virus.” Checking this box provides very good security, in my experience; it also makes downloading trusted attachments a pain in the butt. (Usually you’ll have to go back to this tab, uncheck it, then close and reopen OE6).
I also think, but am not sure, that OE6 doesn’t allow attachments to be opened automatically when you receive an email. Pictures are imbedded in the message, but I don’t think executables are.
One question: recently I’ve been inundated with mydoom, and it always comes in looking like a .zip. No executable extension. Is the extension on this somehow hidden? Under folder options, I’ve unchecked “hide file extensions for known file types,” but I don’t know of a similar setting in OE.
And yes, I use OE6, because it’s simple, and I don’t feel like learning a new program while this one’s working – especially when learning a new one would mean training all our staff in using a new one, too.
Daniel
I believe that there are viruses that don’t need for you to open an attachment to activate, here is a recent news article about it. MyDoomb Even OE 6 is vunerable to that one. So, it’s not as easy as “just not opening attachments”. It’s a matter of keeping your virus scan engines updated, and running.
We got hit with a mydoom variant at work this week.
Highlights: idiot manager telling our group that if we must open suspicious attachments, be sure to scan them afterwards with the scanning/repair tool IT build just for this one mydoom variant.
Wha…? I spoke up pretty quickly and suggested that it might be just as well not to open the damn things.