CYBER EYE

Protecting yourself from viruses means using common sense

William Jackson

Way too many users fell for the ILOVE-YOU e-mail attachment last month.

Many of us'myself included'knew better but clicked anyway. The result was that the virulent worm spread with record speed through millions of computers on three continents.

Antivirus vendors responded heroically. Within hours they had updated signature files to detect and disinfect the love bug. But antivirus programs are reactive, and a lot of damage had been done before the patches were ready. Many antivirus sites were swamped by system administrators trying repeatedly to get in and update their software. While they waited, the virus spread. Copycat versions soon appeared, some of them with code modified enough that it could slip past the updated antivirus programs.

The key to limiting the spread of future viruses is behavior'that of the virus and that of the user at the keyboard.

Subject of scrutiny

A number of products detect malicious code by watching how it behaves. For example, SurfinShield Corporate from Finjan Inc. of San Jose, Calif., isolates executable scripts in a so-called sandbox and monitors their actions, blocking any that violate policy against such things as overwriting files or accessing address books. In the case of ILOVEYOU, SurfinShield did spot the executable portion and block it before it did damage.

Tripwire 2.0 from Tripwire Inc. of Portland, Ore., another policy-based product, looks for file modifications, additions or deletions. It does not quarantine executable files or block actions, but it does notify the administrator when files have been violated and helps to detect the damage done.

Policy-based shields, combined with antivirus programs, provide a good degree of protection, but the first and last line of defense is the user. Most viruses, especially the fast-spreading worms such as ILOVEYOU and last year's Melissa, propagate through e-mail. They need a little help from the user before they can infect anything.

Unless your e-mail reader automatically runs executable files'a function that should be turned off'you have to click on an attachment to catch a virus.

The lesson to be learned from ILOVEYOU is: Be careful where you click. As a general rule, don't run executable files from strangers, or even files you were not expecting from familiar addresses. Regardless of the filename, look at the extension before you click.

There's absolutely no reason to open most of the messages that harbor viruses. Let's have a show of hands: How many of you who opened ILOVEYOU believed you were getting a love letter? I thought so. But you opened it anyway, didn't you?

If your workday is anything like mine, you get more than enough e-mail messages and should have no qualms about deleting the losers with subject lines such as FWD:FWD:FWD:JOKE, RE:YOUR REQUEST or URGENT MESSAGE. If a message is truly urgent, the sender will follow up with voice mail. As far as I know, nobody has been attaching any viruses to voice mails lately.

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group