PREVENT VIRUS INFECTIONS
  Tips from the Geekman - Gary Goodman

I.   Set the Outlook Express Security Zone to Restricted.

II.  Set Outlook Express to CLOSED Preview Pane. (go to details)

III. Use Windows Update, frequently. (go to details)

IV. Download AVG Antivirus(go to details)

V.  Turn Off Hide File Extensions for Known Registered Types (go to details)

VI. Close network Security Holes   (go to details)

VII. Ignore Virus Hoaxes   (go to details)

back to
VIRUS Overview
Tech

TIPS



As mentioned on the previous page, I must disclaim that the details of virus technology and Operating Systems are quite complex, so writing from my own memory, I won't vouch for complete technical accuracy with the terminology and details of everything. 
Maybe after a few more edits.   ;- ) 
... in the meantime ...
Please send me FEEDBACK with any suggestions or questions that would help me make this better.

 I. If you're using Outlook Express, go to the menu item 
Tools, Options, Security
and set your email Security Zone to Restricted
In Outlook it's a similar menu location. 

That puts HTML email (email that can display a web page) into Restricted mode.
That way Scripts will not run in an email, just in case someone added a VBS script (or similar) to an email, (legitimate or not).

Normal Web Browsing is in the Internet Zone, but those are Web Pages YOU choose to go to, not Web Pages someone else chooses to send to you. 
Don't turn off running Scripts altogether on a regular "user" PC (except during a published emergency this was recommended until patches were available), unless you really require airtight security like a corporate server, or else many WebSites -- including Microsoft Update -- will not work. 

Getting rid of "Cookies" is something some nervous folks do because of rumors and the fact that cookies are set by WebSites you visit, but that action is both pointless overkill and counter-productive. Good sites use cookies just to identify the fact that you've been there before. For example, Yahoo uses cookies to help identify you when you login, Hotbot uses cookies if you customize your search page settings, and all shopping carts use cookies to keep track of you until you go to the checkout to buy something. Even if you don't do those things, you probably want to keep cookies anyhow. 
Instead, install Ad-Aware, free from the Lavasoft website and run it to scan for "bad" cookies and "bad" programs like Aureate and Doubleclick that track your every movement, if you want more privacy and less spam. 
 

Here's some info from Ad-Aware HELP:
Adware vs. Spyware 
While advertising\sponsoring is a common way to publish and promote a product for free, some software advertising systems do more then just showing static banners, they make use of your internet connection to retrieve new banner ads from a third parties server and send various information about you. This information is collected and sold to third parties. 
(In short words: The more they know about you, the higher is your value for them.) 

You can also go the Doubleclick website and "set" a special cookie from them that is an opt-out cookie, so they won't track you. 

Here's another couple related quick tips explained on the previous page:
If you're not in a corporate environment, go to Add-Remove Programs in the Control Panel, and [Windows Setup] tab and remove Windows Script Host. 

TFTP - Trivial File Transfer Protocol - is not used by Windows normally and is a point of vulnerability that was exploited by NIMDA, so search your hard drive for  *TFTP*.* and delete both of TFTP.EXE


II. In Outlook Express, under the menu item  View, Layout
     (use [CTRL] + [HOME] keys to go to Top of this page)
CLOSE that Preview Pane. UNcheck that Box.
Otherwise merely selecting an email message just to Delete it, OPENS it in the lower Pane.
The other suggestions on this page should put you in a safe position with regards to merely opening email anyhow, but since it is possible that there could be a window of time between a new email exploit being launched and you being protected by updates and such, why not minimize this risk?  You will have to click more to open emails you want to read, but that should be offset by the time saved by being able to delete trash more quickly.

As an aside, to limit email Spam, when you get a Spam message, you can go to the menu item Message, Block Sender, and anything from that Sender will go straight to Deleted.  Many Spammers change the name of the Sender [From:] with each new ad, so when you set a few Blocked Senders, go to Tools, Message Rules, and block the entire Domain for each one (as long as it's a private "spam" domain and not Hotmail or Yahoo or MSN)
Edit each Blocked Sender by eliminating everything up to and including the @ sign and leave everything after the @ sign, like "clik.spammer.com".  Now any email from that domain will be blocked. 

Further, create a Mail Rule that says anything not having your email or your name in the [To:] or [CC:] line will be filtered to a Spam folder (which you must create in the process).  Spammers frequently include your email name in a [BCC:] or Blind Carbon Copy list, "unidentified", instead of putting everyone's name in the [To:] header.  (That's actually a courtesy.)  Your new Spam folder will contain 95% advertising and 5% something you might want, so check it every day or so in case a "friend" got filtered to there. 

You can create exceptions for people you know who send you email you do want, by including the condition that the "[From:] Line does not contain those certain names in your Address Book or other "friends" such as subscriptions to Tech or Stock Market lists, for example

That worked for me, but not perfectly.  It seemed that Outlook Express would sometimes ignore the exceptions I added.  So, I created a separate rule for certain groups of people.  This rule 
a) applies a Color of my choice to email [From:] certain senders, and 
b) Stops Processing More Rules
These are merely choices with a check box. 
This rule must precede the Spam rule in the list.  Use the [Up] and [Down] buttons.
In other words, when I get a group joke from 'Mary', or a group message from Microsoft Certified Professional that has my name in the [BCC:] line, it would normally go to Spam, but instead will go to the Inbox, or go to another folder of my choosing.
You can also filter by keywords in the [Subject:] too, keywords like: mortgage, lonely, discount, etc. 
If you feel you have a little computer savvy and can follow written instructions, I can email you some Registry files that you could use to import my long list of blocked domains and key words.  This could save you from having to "reinvent the wheel", one keyword and one domain at a time. Your instructions would be to  a) modify my file using the Find and Replace function in Wordpad or Notepad to change the settings from my account to your account, and   b) go into the Rules to delete rules or modify rules to apply to you, including creating that Spam folder on the "Spam" and "Noise" rules, and changing my email address to yours. Not that difficult. 


III.  Look for an icon that says Windows Update.
     (use [CTRL] + [HOME] keys to go to Top of this page)
It may be at the top of the Start Menu, or under Programs, Accessories, System Tools.
Or you could just go to www.microsoft.com and look for Windows Update on that page.

It is suggested that anyone using Windows go to Microsoft, Product Updates frequently and install *Critical Updates*, all the patches that protect against newly discovered security breaches in Windows, that someone could purposely or inadvertently exploit. You can also choose automatic updates. 
("Inadvertently" means if a friend was infected but didn't know it, and a virus sent mail from him to you. A virus could also be sent by a third-party computer, that had your friend's name in the Address Book, made to look like it came from your friend. "Purposely" means you get lured to a WebPage that has been sabotaged or created for the express purpose of attacking computers that visit the site.)

At this time, 2002, since I am not running Win XP and I have Internet Explorer 5.5 Service Pack 2 installed, and I have the latest Security Updates to that software, I choose to REMOVE Internet Explorer 6.1 from the list of Critical Updates I'm installing.  I only do that to avoid the added "software bloat", but if your computer is fast, that shouldn't matter. I believe Internet Explorer 6X is more a "features" thing than a security update, so long as IE 5.5 is properly patched. Since IE6 is not installed, I also don't install Automatic Windows Update Warnings so it doesn't bug me all the time, but you could simply change the schedule for Automatic Windows Update to once daily instead of every 5 minutes, in the Task Scheduler.  Look that up under Help if that applies to you. 
If you are using AOL's browser, instead of Internet Explorer (and you *COULD* use Internet Explorer to browse after you connect to AOL), then I'm not sure exactly what to do to get security updates from AOL

I would assume that AOL installs security updates "on-the-fly".  I assume they probably just take the decision out of the hands of the user.  I didn't see that on their WebSite, but they probably just avoid mentioning anything that might cause alarm. 

It would be a good idea to install the latest version of AOL (7.0 [or 8.0 if you have minimum 64MB RAM] at this time), since they probably revamp security updates on successive releases. 

Here's the "definitive" answer AOL Customer Care gives to my question: 

I understand that you have a question about does AOL do automatic security updates for AOL software (without informing the user), or do those require upgrading to the next release (or downloading security updates, as with Microsoft - gg).

AOL has a secured account unless the member has open any linked or download any website that can affect its account.

AOL updates its program each time a member is sign on or off to its account, that means that the account is really in a secured place  (i.e. your account + email + settings + favorites are stored online, not on your computer). 

As you may have noticed that is almost a direct answer to my question.

IV. If your Norton or McAfee has expired and 
     (use [CTRL] + [HOME] keys to go to Top of this page)
you're not paying to renew it, uninstall it and go to www.grisoft.com  and download AVG Antivirus.  It's free for home users. Updates are free (for now) to non-commercial users. 
AVG kicked butt on the NIMDA virus (that attacked corporate web servers and Windows 2000 computers running the mini-web server Internet Information Service) well before Norton-Symantec released a solution.

If it takes  w a y   t o o   l o n g   to download AVG, latest virus updates, plus all the Windows Updates, and you live in Ohio, contact me about Road Runner, because I'm sure you realize you could be done in 10 minutes using Road Runner Broadband Access.  You could contact Road Runner directly, but why not give me a free month for referring you. 
Please send me $ FREE MONEY $ just to say thanks!


V.  Open Windows Explorer (or My Computer on your Desktop)
     (use [CTRL] + [HOME] keys to go to Top of this page)
just to familiarize yourself with your own computer Files and Folders where you store data. Browse around.  Think of it as looking through real File Folders or nested Tupperware containers to see what's stored inside.  Don't change anything or delete anything.  Just note that Your Computer contains Drives which contain Folders which contain Files, which include program files, settings files, and user document files, etc. 

Then in Windows Explorer, click on View, Options, or Tools, Folder Options and go to the [ View ] tab. 

UNcheck the box that says 
Hide File Extensions for Known Registered Types. (or something equivalent). 

This is for email Attachments. People are fooled into opening dangerous attachments because Windows has "Known file extensions" Hidden by default!  Great planning, Mr. Gates!

This is a bit of "marketing" and "dummy-proofing" from the early days of Microsoft to make Windows look more like a MAC. MACs don't use a 3-letter DOS extension to assign a program to open a file with, but rely on some internal code to identify the file type. Microsoft assigns files to certain programs based on the "registered" 3-letter DOS extension of the name.
While this won't "protect" you per se, you won't be tricked into opening an attachment described as a photo or movie, that is really something else. It's a con job. A Virus may use your friend's infected computer to lure you and trick you, if you're not aware of this. 

An EXE or COM or VBS or PIF or SCR (screensaver) or SHS file is dangerous to open, especially as an email attachment. 

I received an anonymous email with the "tempting" line "Check out pictures of my Party".  The attachment was called "MyParty.Yahoo.Com" which to a casual observer looked like a link to a web site, but Website Links end in .URL. This was a COM file -- a program -- just like Format.COM or "ScrewUpMyComputer.COM". 

A Word DOC file (or Excel XLS) spreadsheet could contain a Macro Virus, like "I Love You" of past years.  If I had to open an unknown DOC file, I would open it in Wordpad, which cannot run scripts or Macros. 
A ZIP file can opened if you have Winzip installed. It will probably only contain baby photos from your cousin, but you need only to pay attention to what is inside it, and learn about potential viruses so you can decide before you launch the contents. See previous Overview page for a list of "safe" file types.  Also, you might keep it until you call your cousin and verify she sent it, if you are suspicious of it.

You do not have to be afraid to detach or open most attachments like a JPG or GIF picture, so long as you notice what type of file it really is, by the unhidden extension.  You do NOT have to be afraid to open an email message from someone you don't know, but you DO need to pay attention when opening an attachment from anyone, whether you know them or not!!

When you UNcheck that setting (that hides important information from YOU), then at least you can SEE whether it is really a safe file
or something dangerous like "SexyPhoto.JPG.VBS" (since the .VBS won't be hidden anymore),
and then choose whether to open it or not. 

One file extension that is apparently hidden by default regardless, is the .SHS extension.  To correct this, Open Windows Explorer, go to the menu View, Options or Tools, Folder Options, go the the tab [File Types] and hit the letter S to scroll down to the SHS type.  Open that Type and Modify it by adding a check to the box that says "Always Show Extension". 

It's like verifying the ingredients of some food you get in the mail. Is it sealed and packaged by a company? Is it really from Aunt Beth?  Or does it have a typed label and no letter inside?
VI. To close the door to outside hackers and potential opportunistic virii, go to 
Steve Gibson Research aka www.grc.com and read about setting up and testing your Network Security. 

You can make sure that your Microsoft Client and NetBIOS-over-TCP/IP (NBT) is NOT bound to the WAN a.k.a.  Internet, and that only TCP/IP is bound to the Internet connection. This is especially important if you have any folders shared on your hard drive for network access in Local Area Network (LAN). 

If you are sharing folders in your home or office between multiple computers, you can limit your shares to isolated subfolders instead of top folders or drives, you can password protect your shares for write access. Shared folders will have a blue hand underneath them in Windows Explorer. 

You can install a Cable-Router which separates your network from the Internet if you are using DSL or Cable broadband access.  This inherently separates your computer from the Internet by 
a) using a "real world" IP address from your Internet provider and 
b) assigning you a "private" non-Internet non-accessible IP network address for your own computer. 
If your Router is also a firewall, you can block Port 23, which is Telnet. 

Go to Qualys aka http://browsercheck.qualys.com  to Check your Browser for patches and security holes. 



 
VII. HOW TO AVOID VIRUS HOAXES
   (use [CTRL] + [HOME] keys to go to Top of this page)
There are more known virus hoaxes than viruses, according to a national expert at the CIAC in Washington. 
Probably the quickest way to propagate a virus would be to send it in a virus warning.
Everyone would read it and forward it. Everyone could theoretically get infected just by reading the virus warning about getting infected. 
(note: back on Overview there is info about some virus warning emails that offer a new VBS virus as a fix. One appears to be a memo from Symantec.)

In the recent past, you could not be infected just by reading an email.  A MIME exploit was developed that hijacked a weakness in the standard MIME encoding of email, but you fixed that when you installed the Windows Critical Updates mentioned above, right? 

PS.  Last I heard, AOL does not use the MIME standard for email, but that's not a cause for cheering.  It's just a different proprietary platform they use that could be just as vulnerable, and I think the AOL email client is cumbersome.

If a dangerous virus came out, and all the majors knew about it (as most of the virus warnings state), wouldn't it be reported on the WebSites of AOL?  IBM?  CNN?  Microsoft?  IBM?  Symantec? somewhere? 
Whenever I get a Virus warning, it usually says "Microsoft released this information" or "AOL said this on CNN" but there's never a *LINK* to the story or more info

Do you think maybe those companies are now relying on chain letters to disseminate information?

I suggest opening up a search engine like
AOL Search or AltaVista or Yahoo www.yahoo.comor Hotbot www.hotbot.com
and paste in "It takes guts to say Jesus" or "Penpal" whatever the apparent "title" of the virus letter is. 
See if there's any links to that information that it can find on the web.

Your search will probably turn up a bunch of links to Hoax information. 

FYI:  Same goes for missing children emails and the like.  You can easily follow up on those by doing a web search or going to www.snopes.com or another WebSite that covers Hoaxes. 
A Colorado Police Station has an answering machine on their main phone number to deal with calls about a lost little girl who was found over 5 years ago (probably hiding at her girlfriend's house).  The email is "in the wild" and will probably circulate forever.  It does not have an origin date and the Hotmail response link is dead. Hmmm...

Happy Surfing.  G.



Gary Goodman
330 733 3518
Geekman1@Geekman1.com
http://www.geekman1.com/
12-03-2002
 
back to
VIRUS Overview


Tech
TIPS
 

Gary's resume

GEEK-MAN

PERSONAL

OR just hit BACK button on your browser

-