We all know that as the Internet has become more popular, e-mail viruses have flourished. Disruption caused by e-mail viruses has run into the billions of dollars for affected companies worldwide.

In order to prevent the execution of viruses via the reading of e-mail or surfing the web, it is important for every company to develop an Internet Security Policy that dictates safe procedures for viewing and executing e-mail attachments, and for surfing the web. This is extremely important because many viruses, when unleashed, go beyond the local desktop when delivering their payload. One careless employee can bring down an entire network if his or her computer is wired into that network.

What follows is a basic overview of risk avoidance.

How Infections Occur and Spread

In order to understand how to avoid being infected by a virus while reading e-mail or surfing the web, it is necessary to understand how such infections occur, and how they spread.

Viruses come in through two routes: through e-mail attachments, and through browser cache files.

Viruses Spread Through E-Mail

In order to contract a virus through e-mail, the e-mail message must have an attachment. This is because e-mail viruses are contained in programs or documents that must be run, or executed, in order for the virus to be unleashed.

It used to be that executable programs (programs ending in .exe) were the only method that computer users had to worry about as far as contracting viruses was concerned. However, this all changed with Microsoft allowing Visual Basic code to be written for Office macros—for example, Word and Excel documents. (A macro is a routine that can be executed from within the Word or Excel document.) Since many people have their e-mail programs set up to automatically open and display Word and Excel documents, this results in the automatic execution of any macros contained within a displayed document. Hackers have now taken to hiding viruses inside the macro code of Word documents. The macros may do everything from simple mischief to wiping out entire hard drives and making a system unusable.

The problem is further compounded by the fact that the bulk of all viruses are written to spread themselves by sending a copy of themselves to everyone in a person's Microsoft Outlook address book. Since the e-mail message containing the virus then appears to be coming from a trusted friend, it is likely to be opened by the recipient. (Beware, however, of e-mails from friends and/or co-workers bearing strange subject lines, such as "I Love You", or vague subjects such as "Hey, Here's that file you wanted".)

Preventing the Spread of E-Mail Viruses

Persons reading e-mail need to observe some basic precautions with all e-mail messages containing attachments.

First and formost, I can't stress the importance of having good anti-virus software. Three good products are McAfee, Norton Anti-Virus from Symantec Corp. and Avast! (from the nautical, "Stop!"), which is a shareware product.

Stay informed of new viruses by visiting the websites of the most popular virus software products. This would include the above. Some of these companies will scan your hard disks for free, checking for viruses silently waiting on your system.

You should never click on and run—or execute—any attachment file ending in .exe, .com or .bat without first checking with the sender to if it was his or her intention to send the file and, if so, whether the program has been checked and verified to be safe. This is especially important when you don't know the sender.

Beware of executables that display a cute animated holiday greeting, for example. Such programs, while appearing innocent, have been found to contain what is termed a Trojan horse, or hidden malicious code. Sometimes the user has no idea that he or she has been infected after viewing such a program, as the virus may lie dormant until a specified date.

The best security policy is for employees to be told not to run any programs other than the software that has been installed on the computer.

Secondly, there are two different measures which can be taken to prevent infection via the viewing of Word or Excel attachments.

It is possible to tell some e-mail programs not to automatically open and display Word and Excel documents with the Word and Excel programs. The attached files, once they are determined to be safe, can be detached from the e-mail message and then opened manually by running Microsoft Word or Excel and opening the document. This is an extreme measure, I realize, and creates extra work for the reader, but it is truly the safest method.

I have used the above method with great success for quite some time. However, I use a program other than Microsoft Outlook for the initial reading of e-mail messages. I do have Outlook installed on another desktop machine, and use it frequently for sending e-mail, however, I have been unable to locate a setting in that program for preventing the automatic viewing of attachments. If anyone knows if Outlook can be set up in this way, please e-mail me with the details!

As an alternative to the above method of prevention, it is possible to set up the Word and Excel programs to either not execute macros at all, or to prompt before executing macro code. If a person receives an attached Word or Excel document, he or she can "just say no" to executing any embedded macro until it is known whether or not the sender intended to send the document containing the macro.

Viruses Spread Through Surfing the Web

Up until a few years ago, it was impossible to acquire a virus without running an executable file. This is no longer true. Viruses, even malicious ones that wipe out a person's hard drive, may now be acquired simply by surfing the 'Net. These viruses come in through the Temporary Internet Files (the browser's cache).

It has been my observation that the more questionable the website source, the less safe it is. Pay attention to where you click when doing searches through the major search engines. And I hate to say this, but some search engines, such as Google, are safer than others. Google works by checking how many other links are linked to a particular website/page. (In other words, counting cross-links in order to prove relevance.) If many other people have linked to a particular website, then it is generally safe (but there are always exceptions!).

Be especially careful when searching for things that may have "seedy" connotations, such as sex, drugs, etc. There is a practice whereby a hacker attracts a click by using somewhat benign keywords, then linking to a seedy website. These are hackers favorite places to place viruses. They are often related to non-business-related websites, however (entertainment, sex, drugs, etc.). Pay special attention to the wording returned by the search engine, and to the url destination in the status bar (the gray bar just above the tray). Viruses have now become so prevalent that, given a choice, I will visit the website with the more well-known name (such as the National Institute of Health, rather than some no-name health website).

All of these things, together, will lessen your chances of infection. Just remember to use common sense!

How to Prevent Infection

Virus Alerts—Viruses Themselves!

While we're on the subject of viruses, if I had a dollar for every time I received an email-message purporting to warn about some particular virus or another, I would be filthy rich. The messages often go something like this:

V I R U S     A L E R T!!!

If you receive an e-mail with the title "Good Times", do not open it! It contains a virus which will wipe out your whole hard drive. This virus warning was issued by IBM and Microsoft. Send this warning to everyone you know!!

Cynthia Brooman, President
Point & Click Software, Inc.

Graphic Design | Creativity | Typography | Writing Skills
Programming | Database | Client List | About PCSI
Help | Write Us

Copyright © 1994-2006 Point & Click Software, Inc.