ON VIRUSES _________
This is presented as true to the best recollection and is offered
for guidance with NO warranty expressed or implied.
Your mileage may vary.
Just like weeds are plants growing where they are NOT welcome,
so, too, viruses are program code pieces running where they
are not
welcome, causing harm to their environment, and propagating
themselves to other systems.
No virus started as a piece of useful code accidently run amok,
they were all developed by miscreants to do harm of
some kind to some extent wherever they might get.
Viruses have hierarchic sub-categories
including worms, trojan horses, etc.; the Anti-Virus (A-V)
professionals classify them by drawing distinct fine
lines between the species (much like insects),
while calling the whole group "MAL-ware".
But they are all discussed here simply lumped as "viruses".
A LOT is said in the media about viruses and about being sure
that every system has a good program in place to detect them.
BUT there is one CRITICAL item which is usually OMITTED in
all discussions. It is that these programs can only identify
viruses which match the criteria for KNOWN viruses for which
the vendor has placed the "signature" in its database, and thus
NEW viruses can get thru UNdetected until ...
1. they have been recognized by their having struck somewhere,
2. they have been identified by the A-V experts,
3. their "signatures" have been added to the user's
A-V vendor's database,
4. the updated database has been downloaded by the user,
5. the user has put the updates in place,
6. the user has scanned all of their system files.
Steps 4, 5, & 6 must be repeated by every user OFTEN.
KEEPING CURRENT -----------------
The question then becomes "How Often?". There are two answers:
"It Depends -- on your vulnerability", and
"Often Enough -- to afford protection".
Having the BEST A-V program in the world often merely
gives the user a FALSE sense of security; if the database
is NOT current, then the programs are quite useless.
Additionally, if systems are struck
within the first day or two of a new virus's life, then they will
still become VICTIMS -- until the above steps are taken.
New A-V software right off the shelf and
just out of the box
necessarily has an OLD database with it which MUST be updated
IMMEDIATELY before it is worth using.
WHEN A-V DETECTION HAPPENS -----------
Most A-V programs have several modes of checking
for infections ...
1. when broad-scale scans are run on pre-set/scheduled basis
2. when broad-scale scans are manually invoked
3. when individual files are inspected as received with E-Mail
4. when individual files are inspected before being opened
And these points can have parameters set
(possibly differently for the different modes) to
control scanning
only those files on certain drives, in certain directories,
and/or of certain types (e.g., those ending with -.exe, -.com,
etc,etc).
It is VERY important to have the settings correct.
The MORE pieces that you check, the MORE time it takes.
Haste can make waste; do NOT be in too much of a hurry.
Having the latest A-V database, and the best A-V program,
but with parameters specifying only monthly scans of files whose
names end in -.TXT is quite useless.
MAJOR VIRUS DETECTION PROGRAMS -------
Norton - a division of Symantec
McAfee - a division of Network Associates
PC-Cillin-EtAl from Trendmicro
AVG - from GriSoft/Czech
Kasperski - from Moscow
Panda - from Spain
Some of these are available free forever, some for free trial, and some for a fee per year.
Some offer a one-time program to scan for some or all known viruses.
Some offer specific advice about how to recover from all viruses after you have been infected.
All offer good advice.
Norton is often VERY difficult to get installed and UNinstalled;
its self-help contains a gazillion pages of recommendations which frequently
point to so many other pages that they may all point to each other in a circle.
Their staff recommends UNinstalling some application programs in order to get
the Norton progs installed.
Some application programs recommend turning-off or uninstalling
Norton in order to let their installation processes complete.
Some people say that the Norton products are only good on computers which
have only the OperatingSystem installed -- and NO applications.
Other AV progs have similar problems on a smaller scale.
MEANS USED BY VIRUSES TO ENTER A SYSTEM -------
Viruses can enter a system via floppy diskettes, on CDs, or
over external connections like the InterNet,
i.e. E-Mail and Browsing.
They have even
been known to have been spread in commercially-packaged
software from otherwise-reputable sources. They can lie dormant
in a system and propagate themselves and/or do their
damage at a later time. They could spread for months and then
begin wreaking their havoc (e.g., deleting or corrupting files)
much later; this makes their detection more difficult.
Some viruses may even come packaged with seemingly respectful software
programs (e.g. calendar makers, picture catalog/editors) or programmable hardware
(e.g., picture frames). Often these are added by mal-content employees or
sub-contractors.
Some viruses may enter a system through the victim's InterNet browser, merely
because of a visitation to a nasty WebSite -- ESPECIALLY one of pictures,
movies, and porn.
Viruses generally canNOT impact any system until their insidious
code is run one time. Merely having the code present
on a system's hard-drive
is VERY UNlikely to be harmful UNTIL it is invoked once.
WHY IT IS SOOOOO EASY FOR VIRUSES TO INFECT ------------
Many E-Mail programs, browsers, and other prominent applications
make soooo many operations soooo nice and easy for the
cute whiz-bang features
which many honorable folks want to use for good intent,
that these programs make it ooooooh sooooo
easy for the DIS-honorable
virus writers to
exploit these features for their own insidious intent.
MEANS USED BY VIRUSES TO GET AROUND IN E-MAIL ------------
The InterNet was initially designed to be used
easily, conveniently, and fluidly between
HONORABLE peers. It was NOT designed to be used as it has
grown to be used, but it's a bit late to start over.
There are a lot of DIShonorable users who seem
to obtain some satisfaction from wreaking havoc on others,
by sending out viruses.
It is easy for some to disguise the source of E-Mail; this is called "Spoofing" and
can increase the insidiousness of the problem.
E-Mails with atttached viruses can arrive in your
mailbox following a variety of methods ...
1. directly from the originator, noting themselves as the sender.
2. from another victim, noting their own name
3. from another victim, falsely noting a third party's name
4. as a genuine reject message from a real ISP
to which a message was sent,
noting you as the original sender
5. as a genuine reject message from a real ISP
to which a message was sent to an invalid address,
falsely noting you as the original sender
6. as a phony reject message, falsely noting
a (possibly non-existant) ISP as the sender, and falsely indicating
that you were the original sender, and claiming some second- or third-hand
party as the intended recipient.
In case (2) above, the sender IS infected.
In cases (3, 5, & 6) above, the sender is indeterminant.
In case (4) above, you ARE infected; the likely-hood of
attempts of this sort is low, since it would be a
renduant attempt to RE-infect an already-infected system.
Cases (5 and/or 6) above seem rather prevalent these days.
In ALL cases, a system WILL BECOME infected if its A-V shields
aren't in place.
In ALL cases the virus code likely had available to it all
of the E-Mail addresses involved. It could find these all in
one system by A's having sent an UN-infected mesage
to 20 addresses including B,
who then replied to all of them and 10 others including C.
Now C's system has 31 addresses available in it,
and a virus in C's system could strike any one or more
of them and possibly attempt to blame any of the others.
One thing that may curtail this activity is to make good use the
"Blind Carbon Copy" (BCC) feature of most E-Mail programs; it
will suppress the identity all of the other addressees from
each recipient's system.
For further info on "Bcc:" see at ...
On_BCC-ing
The old standard warning to "Not open any attachments from
UN-recognized senders" became less useful because some E-Mail
reading programs began to "help" the recipients by automatically
opening anything that came in; much of this automation
has become controlled or defeatable, but is still not fool-proof.
With the advent of disguising/spoofing
the sender, this warning is even less useful because the
senders' name is not much of a guarantee.
For further info on Spoofers see at ...
On_Spoofers
A TRULY INSIDIOUS virus is the type known as the "Root-Kit" virus.
This type infects a system and manages to hide itself
so well that it can NOT be detected by "ordinary" means.
SONY managed to distribute something quite similar to such a thing,
in an attempt to install Digital Rights Management software on a system if
merely their CD was played on it.
For further info on Sony's flub-up, see at ...
On_Sony's RootKit
A WARNING About Some Solutions ------------
One of the oft-touted solutions to prevent the spread
of viruses thru an E-Mail system is to place a corrupt address
in the address-book. This may be MINimally helpful in
some cases, but most viruses are too smart to fall for that ploy.
DECEITFUL ADVICE ABOUT VIRUS PROTECTION ----
Also there are phony virus fixing/detecting programs
whose distributing messages
claim them to be more sophisticated than the professional items.
These falsely claim that the XXX virus is rampant
but that it will NOT infect
systems which it has already infected. They flasely claim that
their attached program, YYY, is perfectly harmless but that it
looks enough like XXX such that XXX will not bother with its own
infection. These false claims continue by also noting
that YYY looks soooo much like XXX
that even the professional A-V programs will claim
that YYY is a virus, and therefore those program must be told to allow
the YYY program to be executed.
Users who succumb to such false claims quickly become
victims of their own gullibility.
DECEITFUL ADVICE ABOUT VIRUS REMOVAL -----
In addition to the viruses riding hidden in files attached
to E-Mails and other machine-processed files,
there is also a less technically sophisticated hoaxish
approach taken by some miscreants.
These folks send E-Mail messages to a few
hundered addresses falsely warning them to be on the
lookout for super viruses
which are UNdetectable even by the best A-V programs.
These hoaxes advise the reader to search their systems
for certain files
(which are actually IMportant to the system)
and to delete them and to empty the recycle
bin to prevent their reappearance.
In some cases actual viruses have been circulated with the same
names as these files, and so there was actually some need to
delete the bad files from their directories
while leaving the good file alone in its directory.
Users who succumb to such false claims quickly become
victims of their own gullibility.
I've gotten a few of these messges but never took the bait.
They were followed in a few days by
warnings about the prior false warnings.
For further info on Hoaxes, see at ...
On_Hoaxes
DECEITFUL ADVICE ABOUT VIRUS PRESENCE ----
Whenever I get a virus warning from ANYONE other than NORTON,
then I go to the site at ...
http://www.google.com/
and give it the search argument of either the name of the virus, e.g.,
jdbgmgr
or some of the words in the message within "quotes", e.g.,
"grey teddy bear icon"
as at ....
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22grey+teddy+bear+icon%22
In 97% of the cases these messages have been hoaxes,
perhaps from someone who does not like teddy bears, furs, roses, beef, or milk.
Sometimes one political faction will send out hoaxes about specific
message subjects used
on an opposition faction's messages indicating that opening that other faction's
message will cause serious damage.
Users who succumb to such false claims quickly become
victims of their own gullibility -- either by missing a real message or by
possibly taking any of the actions recommended.
For further info on Hoaxes, see at ...
On_Hoaxes
From Gilbert & Sullivan's The Mikado comes ...
"As some day it may happen that a victim must be found,
I've got a little list--I've got a little list
Of society offenders who might well be underground,
And who never would be missed--who never would be missed!
There's the pestilential nuisances who write for autographs--"
Were they writing today, they'd be including the line ...
There's the Spammers, and the Hackers, and the Virus writers, too --
Keep Your Virus Shields UP ! !
On_Other_Stuff