SNEAKER

Q.
OK, I know the Good Times virus was a hoax, but it sounds as if fiction has become fact. I
keep hearing about weaknesses being discovered in many e-mail clients. How can I protect
myself?


A. Good Times is one of those urban legends that rose out of the collective paranoia of
an increasingly wired world.


E-mails circled the globe more times than the Mir space station, warning that if users
opened any message bearing “Good Times” in the subject line, it would wreak
havoc on their systems.


Good Times never existed. But malicious as well as responsible users have been digging
for security holes in today’s e-mail clients, and it turns out Netscape Communicator,
Microsoft Outlook 98 and Outlook Express, and Eudora from Qualcomm Inc. of San Diego all
have vulnerabilities.


Attached files or uniform resource locators more than 256 characters long, even if not
opened or clicked, can overflow a buffer and get into memory to cause system crashes or
worse [GCN, Aug. 10, Page 3].


Every e-mail software publisher involved rapidly posted fixes on their Web sites. If
you use any vulnerable applications, be sure to download the fixes.


Also invest in good antivirus software and leave it running. Sometimes when loading
certain applications, you’re directed to turn off virus protection. Unless you are
certain of the source’s integrity, such as a shrink-wrapped box, leave virus
protection on anyway.


Beware of e-mail attachments. Most mail apps indicate any file attachment with a
paper-clip icon. If you see one, scrutinize who sent the message. If you don’t know
the sender, delete the message. Even if it’s a friend sending a joke in an
attachment, it could contain malicious code, and the joke would be on you.


Some apps let you preview the message contents before opening. Turn the preview feature
off.


Never click hyperlinks unless you trust the source. These days, hyperlinks can download
files as well as open Web pages.


Pay close attention, because http://www.fda.gov, for
example, is quite different from http://www.fda.com and
http://www.fda.net . Be wary of long URLs such as http://www.netscape.com/products/security/resources/bugs/longfile.html?cp=hom08prt1,
  which incidentally is the location of Netscape’s fix for this bug.


Clicking on a long link could take you somewhere you do not want to go, or it could
cause a download to execute. Type in such links yourself.


If you can avoid it, do not download files. A browser screen warning appears before
they are saved, giving you a last chance to cancel if you accidentally launch a
questionable download.


The Sneaker Sleuth is on the case. Got a baffling bug? Sneaker.Net’s author,
GCN Lab manager Michael Cheek, will answer questions about common computer problems. Send
your query to sneaker@gcn.com. If your question appears, you’ll receive a GCN
T-shirt.

inside gcn

  • artificial intelligence (vs148/Shutterstock.com)

    Government leans into machine learning

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above