Defend yourself against malicious Web applets


Is there such a thing as a Web virus? The answer depends on whom you ask. At this writing, not one case of Web infection has been recorded, though several hackers have proved it's possible to create a "malicious" or "hostile" applet that crashes your system or causes data loss when you open it. Fortunately, Java, the most popular language for creating Web applets, is extremely secure and can't access critical system areas. ActiveX controls, on the other hand, can potentially gain access to your hard disk and wreak havoc, but they are not as widespread as Java programs.

Still, it's conceivable you might run into a malicious applet. And if you do, you probably won't know that you've been infected until it's too late, since Web applets run behind the scenes while you visit a Web site that contains them. In that respect, they're considered more dangerous than traditional viruses because you can't protect yourself against them as you can against other viruses (say, by never downloading any files). But here are some safety measures you can take.

Run the latest version of your browser and e-mail client to keep all known security holes plugged. In the past year Qualcomm released a security patch for Eudora (see eudora.qualcomm.com/pro_email/updaters.html), and Netscape released one for Messenger (go to Netscape's SmartUpdate page, at home.netscape.com/smartupdate/su1_40.html). For its part, Microsoft has posted numerous security patches for Internet Explorer 3.x and 4.x ù which are downloadable at the IE Security page (www.microsoft.com/windows/ie/security/default.asp). You can also subscribe to Microsoft's Product Security Advisor e-mail notification program (www.microsoft.com/security/services/bulletin.asp).

Some people disable both Java and JavaScript in their browsers as an additional safety precaution; but because Java is a secure environment, that isn't necessary. If you use IE, however, you should be wary when you download any ActiveX controls. You can configure IE to exercise different levels of caution when downloading these applets (when you go to sites that feature them, you'll be prompted to confirm the download): select View-Internet Options and click the Security tab. For the Internet Zone, set the security level to medium or high. At the high setting, IE will not permit you to download any uncertified controls. Also, Microsoft's original implementation of Java in IE 4 falls short of Sun's strict specifications; a new patch available on www.microsoft.com/java makes this environment somewhat safer for IE users.


Caption: In Internet Explorer, select a security level before downloading ActiveX controls

Malicious code isn't the only peril that lurks in the shadows of the online jungle. Lingering still is the menace of traditional viruses, the kinds you get with innocent-looking downloads and freebies. Here's a checklist of the best pieces of armour you can don to protect yourself against such viral attacks:

1. Deploy antivirus software. Stick with brand-name antivirus software that monitors e-mail and scans file downloads. Update its viral signatures monthly. Keep its monitoring feature turned on (even when Web sites tell you to turn it off to download ActiveX controls). The latest versions of Symantec's $99 Norton AntiVirus 5.0 and Network Associates' $79 McAfee VirusScan 4.0 (both available as "trialware" downloads on our cover CD) scan scripts that Web sites send to your browser to run. Make sure you activate the option to scan Word and Excel macro viruses, the most common workplace viruses around.

2. Never run software that strangers e-mail you. Although you can't get a virus just by reading an e-mail message, you can seriously damage your system by running a program file that's attached to such a message. These Trojan horses pretend to be something they're not (usually a free tool) and are difficult to detect, even with the most recent antivirus software.

3. Download software only from known servers and Web sites. Most large shareware libraries are extremely conscientious about virus-scanning their offerings, because their livelihood depends on the quality of the downloads they offer. Be wary of sites with links to external servers, because they can't control what you get. Virus-scan all downloads you get via such forwarders.

- Judy Heim


Category: internet
Issue: May 1999

These Web pages are produced by Australian PC World © 1999 IDG Communications