Tools and Rules of Internet Security


If you were stung by the I Love You virus, you experienced one of the worst effects a virus can have: inconvenience. Whether the virus is pernicious or benign, cleaning it off your system takes time. Many viruses are capable of destroying data on your computer or stealing it from your PC, but most do neither and are written merely to prove the existence of flaws in the operating system or e-mail software they infect.

Of course, much of the flawed software comes from Microsoft, and just switching to Linux, Eudora, or Opera won't protect you from every Internet security threat that's lurking out there.

Viruses can use various means to insinuate themselves into your computer-through a floppy disk, a program copied from a different PC, or software downloaded from the Internet. Alternatively, they may be introduced via a macro or other script file that runs within a standard application such as Microsoft Word, Outlook, Netscape Navigator, or Eudora. Ordinarily, you have to take some action to start a program, macro, or script running on your computer, but many viruses trigger the application automatically. Recently e-mail viruses have turned up that launch as soon as you view the message they are embedded in-no other action is required on your part.

Although the situation may sound hopeless, it is not. You can still use the software of your choice, and you can still open e-mail attachments. Here are several basic rules that can help you protect yourself from viruses.

Use antivirus software. I generally dislike installing utilities on my computer because they conflict with other programs and the operating system itself, and they make troubleshooting much more difficult. Antivirus programs are among the worst offenders, but just the same, most people should install one and keep that program updated. Doing so will protect you from the vast majority of viruses. Skip this step at your peril.

Update your software. In the last couple of years, software makers have become increasingly responsive to reports of security flaws in their software. These days, software vendors often post security fixes to their Web sites before a real-world threat has even materialised.

To update Netscape Navigator, select HelpòSoftware Updates. To update Internet Explorer or Windows 9x, choose StartòWindows Update, or cruise directly to windowsupdate.microsoft.com. This Microsoft site will determine what software versions you are currently running and will assist you in acquiring required updates.

Understand and use security settings. Most applications that host macro code or scripting languages have security settings that let you control when and how the scripts run. Know what those settings are and make sure they meet your security needs. In Internet Explorer, choose ToolsòInternet Options, click the Security tab, and then select the Internet zone. Click the Custom Level button to browse security options, or click the Default Level button to make sure security is set to Medium. To find Netscape Navigator's security settings, choose EditòPreferences, and then select Advanced in the Category window. Don't forget your application's macro security settings. In Word, Excel, or Outlook 2000, choose ToolsòMacroòSecurity, and make sure your setting is at least Medium. If your Word files don't rely much on macros, choose High.

Another important security setting in Windows Explorer relates to file extensions that have been hidden on such file types as .vbs (Visual Basic script). Several Outlook e-mail attacks have tricked users into launching .vbs attachments by giving them names such as filename.jpg.vbs. Since the .vbs extension disappears, the file looks like a nonexecutable, nonscriptable .jpg image file that is safe to open. To protect yourself from this trick, open an Explorer window, choose ToolsòFolder Options or ViewòFolder Options, select the View tab, remove the check from Hide file extensions for known file types, and then click OK (see FIGURE 1).

Don't launch executable or scriptable files. Executable or scriptable file types include those with .exe, .com, .bat, .xls, .doc, and .vbs extensions. Your best bet is to scan all downloaded files for viruses before running them. If an arriving e-mail contains a Word (.doc) document, assume the document will infect your system. Don't open it until your antivirus software has scanned it and declared it virus-free. Just because the document comes from your boss or your mother doesn't mean it's safe. If you want to view the contents of a file without triggering any macros it may include, open it in Notepad or Quick View. Regrettably, the Quick View utility is not included in Windows 2000 or in Windows Me, but you can buy a third-party copy of Quick View Plus 6 from Jasc Software for $US49 downloaded.

- Scott Spanbauer


Category:Internet
Issue: December 2000

These Web pages are produced by Australian PC World © 2000 IDG Communications