How to prevent them

Run a secure operating system like UNIX or Windows NT

security features keep viruses away

Buy virus protection software Avoid programs from unknown sources (like the Internet) Stick with commercial software purchased on CDs

With E-mail viruses

defense is personal discipline Never double-click on an attachment that contains an executable program Attachments that come in as
Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc., are data files and they can do no damage

With E-mail viruses (cont.)

defense is personal discipline Never double-click on an attachment that contains an executable program A file with an extension like .EXE, .COM or .VBS is an executable and an executable can do all sorts of damage once run, you have given it permission to do anything on your machine. Never run executables from e-mail.

Some rules of thumb:

if you merely find JDBGMGR.EXE on your computer,

then it's probably not infected;

But. . .
if you receive JDBGMGR.EXE as an email attachment,

then it probably is infected.

E-mail is clearly the predominant vulnerability point for viruses

Current viruses are spread via security holes in

Microsoft Outlook and Outlook Express

Free patches are available from Microsoft to address these problems
many people are reluctant to apply them.

First, update your system with Windows Update and Office Update
or, buy a Mac

Buy virus protection software

eTrust EZ Anti Virus
(TPC NGs Tom Young from Osaka recommends it) http://www2.my-etrust.com/products/Antivirus

Whats the best one to buy?

The WildList International: As each package offers slightly different features, only the individual or corporate administrator can decide which package would best suit the need. There are a number of papers written on how to choose the best personal antivirus software.

Whats the best one to buy?

The WildList International: We encourage you to arm yourself with as much knowledge as possible prior to making a final purchasing decision. This includes being familiar with
the affiliation of the authors of such papers and any affiliations between testers and software developers. (see False Authority Syndrome)

Product (rated by PC Magazine) Norton Anti Virus 2002 McAfee Security Suite Trend PC-Cillin 2002 Panda Antivirus Platinum 6.0 Norman Virus Control 5.2 McAfee Virus Scan 6.0 Kaspersky Anti-Virus Personal F-Secured Anti-Virus Pesonal Edition ETrust EX Armor Suite

Editor's Rating 5 No rating 3 4 3 3 3 3 3

Member's Rating 3 No rating 4 No rating No rating 4 No rating No rating No rating

How to spot a hoax

"Thoughts travel faster in a vacuum."

Think about it. By removing the actual thinking process,

thoughts can travel uninhibited and thus exceed all logical bounds. In addition, such thoughts often tend to become hyperdriven (adj. driven by hype).

Rule of thumb: If you receive a virus alert message, don't believe it.
There are warnings usually in ALL CAPS about reading

or downloading an e-mail message

Also look for the multiplication of exclamation marks.

Salvation by immediate deletion is also nearly universal.

For some reason the word "miscreant" is a common catchphrase in hoaxes. Hoax viruses always seem to wield the powers of a vengeful binary god.
Such godlike viruses can often do nasty things to your

system that are beyond the abilities of software, mere mortals, or even most hardware technicians.

(it says) forward this mail to anyone you care about.

Here it is. This is the replication engine. This is what

gives the virus the pesky lifelike ability to multiply. This is also a dead giveaway that it is a hoax.

The Authoritative Source Syndrome

"Whoa! The FCC. This must be real." This aspect of cited authority is meant to lend credibility to the hoax.
The truth is, however, that according to the FCC they have never, and will never, send out virus warnings.

Superlative abilities of the virus:

unparalleled in its destructive capability this virus is "highly intelligent Odd. All the viruses seen (at IBM Research) are extremely dumb. most destructive

most polymorphic
stealthiest virus.

The language is crafted to sound technical. It uses computer jargon

It tends to lend credibility to the hoax. Do you believe that a CPU can be melted down by "an nthcomplexity infinite binary loop?

TPC User Comments

Recent virus unleashed!

W32/Bugbear@MM found on McAfees site reported by TPC Member Sam Julien

Andrew Hayes writes:

Store your original program installation CD's and license information in a safe place (A safe place is not next to you PC) Keep backups of your data or any downloaded software (after it has been thoroughly scanned)

Run AV software 24/7

Andrew Hayes writes:

Don't open email attachments unless you're 110%

certain they are safe,

if you're not expecting something from a friend, confirm with them before opening it.

(Hes) seen a few infected systems, from a relatively

benign Word Macro virus to one that trashed the HDD (so that) a low-level format was need to get it working again.

Andrew Hayes writes:

I also saw one that blew the mobo by setting registers

to a certain combination that caused an overload in part of the circuit, but I'm sure those sort are very rare now. Modern motherboards don't have those types of defects, do they?

David Parry (uses)

Virus Buster from Leprechaun Software Updates are available very soon after a new virus appears e-mailed notification of new viruses and also news of hoaxes.
(He) gave up on McAfee after paying for upgrades and getting the runaround when (he couldnt) log in to download the goodies.

He goes on to say that the Australian Govt uses Leprechaun antivirus software

CR Lipton has interesting comments

about security on the Trend Micro site
Apparently, if this morning's CNet News is to be believed, one of the things you should NOT do is to scurry down to the Trend Micro website and buy anything from them. According to the story, their shopping pages have a little glichette that causes it to pop up with the previous buyer's name, address, and credit card information already filled in for you. If anyone wants to, they can then charge their purchase to your credit card while getting the product delivered to themselves. And, even better, your credit card info continues to be displayed until the next honest person erases yours and types in theirs.

Resources

www.tokyopc.org/ Chit Chat Newsgroup -- Chit Chat Personal Computer Virus Attacks www.vmyths.com/ This site is NOT sponsored by antivirus companies it lists virus hoaxes www.symantec.com/avcenter/hoax.html Heres another hoax site, from Symantec www.symantec.com/avcenter/ Symantec Security Advisory site www.howstuffworks.com/virus.htm How computer viruses work www.cert.org/other_sources/viruses.html Carnegie Mellon Software Engineering Institute, CERT Coordination Center Computer Virus Resources www.virusbtn.com/ Virus Bulletin Independent Anti Virus Advice www.ciac.llnl.gov/ciac/CIACVirusDatabase.html Although the Computer Incident Advisory Capability site (associated with the DOE) is no longer being maintained, it has loads of advice and information about PC and Mac viruses. Also links to other sites that are being maintained. www.zdnet.com/products/stories/reviews/0,4161,2248291,00.html ZD Nets tells you how to protect against computer viruses.

www.special.northernlight.com/compvirus/ Current news, Journal articles and editorials; Virus Writers and Hackers; Journals, Portals and Reference; US Government Resources; Web bugs; Malware, Spyware, Adware and Trojan Horses; Diagnostics; Anti-Virus Solutions (over 30 of them!) www.research.ibm.com/antivirus/SciPapers/Wells/HOWTOSPOT/howtospot.ht ml Joe Wells seminar and funny paper on getting in the know www.jaring.nmhu.edu/virus.htm Computer viruses have been with us since the late 1980s and continue to increase in number. The following list includes some of the best sites on the Internet for describing computer viruses as well as links to many of the top anti-virus software sites. From Wayne Summers at New Mexico Highlands University. www3.ca.com/virusinfo/ More than I ever wanted to know about computer viruses. The Virus Information Center serves as a rich, up-to-the-minute resource, containing detailed information on viruses, worms, Trojans, and hoaxes, as well as valuable documentation on the implementation of comprehensive antivirus protection. CAs eTrust Antivirus Research Centers monitor around-the-clock to defend against the damaging effects a virus outbreak could cause.

www.sophos.com/virusinfo/whitepapers/videmys.html An introduction to computer viruses written by Carole Theriault, carole.theriault@sophos.com, Sophos Plc, Oxford, UK and first published in: October 1999 www.cknow.com/vtutor/index.htm Computer Knowledge Virus Tutorial www.pcmag.com/article2/0,4149,6276,00.asp PC Magazine Personal Antivirus Article www.wildlist.org/ The world's premier source of information on which viruses are spreading In the Wild. But don't take our word for it. Read what PC Magazine, MSNBC an others have to say about us www.research.ibm.com/antivirus/SciPapers.htm With scientific papers titled, Where Theres Smoke, Theres Mirrors, how can you go wrong? http://vil.mcafee.com/dispVirus.asp?virus_k=99728McAfee detailed information on latest virus released into the Wild.