VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
tech: more on viruses
From:
Kelly Pierce <[log in to unmask]>
Reply To:
Kelly Pierce <[log in to unmask]>
Date:
Tue, 23 Mar 1999 06:58:35 -0600
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (158 lines) 
   Protecting Your Computers from Viruses

     This document has two major sections: 1) What is a virus? 2) Where
     can I get more information about viruses? This document is not
     intended to provide comprehensive information about viruses, but
     instead to point you in the direction of the many excellent virus
     resources available on the Internet. A third major section, "What
     is a Word macro virus?" addresses in more depth a family of viruses
     that can infect Microsoft Word files.

   What is a virus?

   (Credit to the alt.comp.virus FAQ, maintained by David Harley at
   http://www.bocklabs.wisc.edu/~janda/acv_faq.html)

   A (computer) virus is a program (a block of executable code) which
   attaches itself to, overwrites or otherwise replaces another program
   in order to reproduce itself without the knowledge of the PC user.

   Most viruses are comparatively harmless, and may be present for years
   with no noticeable effect: some, however, may cause random damage to
   data files (sometimes insidiously, over a long period) or attempt to
   destroy files and disks. Others cause unintended damage. Even benign
   viruses (apparently non-destructive viruses) cause significant damage
   by occupying disk space and/or main memory, by using up CPU processing
   time, and by the time and expense wasted in detecting and removing
   them.

   A Trojan Horse is a program intended to perform some covert and
   usually malicious act which the victim did not expect or want. It
   differs from a destructive virus in that it doesn't reproduce, (though
   this distinction is by no means universally accepted).

   A dropper is a program which installs a virus or Trojan, often
   covertly.

   A worm is a program which spreads (usually) over network connections.
   Unlike a virus, it does not attach itself to a host program. In
   practice, worms are not normally associated with personal computer
   systems. There is an excellent and considerably longer definition in
   the Mk. 2 version of the Virus-L FAQ.


   Where can I get more information about viruses?

   There is tons of very detailed information about viruses available
   online. The best two sources of concise detailed information about
   viruses are the FAQs from the USENET newsgroups virus-l/comp.virus and
   alt.comp.virus.

   There are many more sources of virus information on the Web. The
   Computer Virus Myth Page exists solely to debunk the massive amount of
   misinformation about viruses that infects the Internet.

   For more links to sources virus information, try the Yahoo directory.


   What is a Word macro virus?

   The Word macro family of viruses use the WordBasic macro language to
   infect and replicate in and among MS Word documents and templates.
   Most notably, this new family of viruses is platform independent -
   they will infect documents and templates on DOS, Macintosh, Windows
   3.x, Windows 95 and Windows NT operating systems.

   These viruses use several of the features of the MS Word "environment"
   to auto-execute viral macro code. Once an infected document is opened
   and the virus launched, generally, the virus will infect the user's
   NORMAL.DOT template. This template is the basis for the majority of
   other documents and templates and is globally available to all other
   MS Word templates on the system. Once entrenched in the NORMAL.DOT
   file, the virus will spread to all other documents and templates as
   they are opened. Note that, by default, the NORMAL.DOT template is the
   first document opened when you launch MS Word without specifying a
   different document on the command line. This will immediately put the
   virus in control every time you launch MS Word.

   Word Macro viruses force documents to be saved as MS Word templates,
   despite what the name or extension of the document file might be
   recorded as. Forcing documents to be saved as templates is used as a
   means of propagation as macros are not saved in standard .DOC files.
   Only templates can contain any actual macro code and therefore be used
   as a carrier.

   The most reliable way to prevent infection is to check all incoming
   Word documents (especially e-mail attachments) for the presence of the
   virus. Most commercial anti-virus products will detect and repair Word
   macro viruses; we recommend Norton Anti-Virus from Symantec
   (http://www.symanetc.com/). However, you must be sure to regularly
   update your virus definition file: Symantec releases a new update
   every month on its Web site.

   In the case of e-mail attachments, save them to your hard drive, and
   then check them before opening/launching. Please note users that have
   MIME-compliant e-mailers (e.g., Eudora) and web browsers (e.g.,
   Netscape and Internet Explorer) configured to recognize Word documents
   and automatically start Word may allow this virus to be introduced
   into their systems via e-mail or a World Wide Web page. It is
   recommended users use this "auto-launch" capability with extreme
   caution, if at all.

   There are steps you can take to minimize damage if you accidentally
   open an infected file. First, you can turn off the auto-execute macros
   in Word that are used to spread this and similar viruses by holding
   down the "Shift" key while opening a document or template. Please note
   this does not work in all cases.

   Another preventative step is to activate the "Prompt to Save
   NORMAL.DOT" option, accessible from the menu bar via
   Tools->Options...->Save. If this option is on, any changes to the
   contents of the global macro pool will generate a prompt before
   changes are written to disk.

   Should I Use Virus Protection Software?

   Yes!  Every computer in your organization should have up-to-date virus
   protection software that is regularly updated with new virus
   definitions.  At ONE/Northwest we use Norton AntiVirus, one of the
   market-leading antivirus products.  One of the best features of Norton
   AntiVirus is the fact that it can automatically update itself over the
   Web, with little need for regular huan intervention.  And Symantec,
   the makers of Norton AntiVirus, have an excellent product donation
   program.

   For more information

   Symantec Product Donation Information
          http://www.onenw.org/toolkit/donation.html

   The Virus Myths Home Page
          http://www.kumite.com/myths/

   Yahoo's Listing of Virus Resources
          http://www.yahoo.com/Computers_and_Internet/
          Security_and_Encryption/Viruses/

   Symantec Anti-Virus Research Center
          http://www.symantec.com/avcenter/



                                                                 03/09/99

                     ONE/Northwest: Online Networking for the Environment
                                                1601 2nd Avenue Suite 605
                                                        Seattle, WA 98101
                                           206.448.1008  fax 206.448.7222
                                  [log in to unmask]    http://www.onenw.org/


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2