I'm sure that everyone who has an email account has
received emails similar to these:
" PLEASE READ THIS AND FORWARD:
CBS will be forced to discontinue "Touched by an Angel" for
using the word God in every program..."
"Dear Hotmail user:
Because of the sudden rush of people signing up to Hotmail, it has
come to our attention that we are vastly running out of resources…
"Malls on 10/31:
I think you all know that I don't send out hoaxes and don't do
the reactionary thing and send out anything that crosses my path. This
one, however, is a friend of a friend and… …"
There is an enormous amount of disinformation around,
and unfortunately the Internet has made it that much easier for people
to spread it around. One of the problems is that the perpetrators choose
subjects which tug at one's heart strings, or make one feel guilty for
not contributing/ perpetuating/ replying etc. There are some useful web
sites on this topic, and it turns out that the chain letter has been
around a lot longer than one might have expected: The concept was used
centuries ago, by the church, literally to put the fear of God into
unbelievers. (I had a good reference to this but I seem to have lost
Generally, you can quickly weed out the hoaxes: They
look like they come from a reputable source (Eg: "Someone at
Microsoft…", "A source at AOL", etc), but they will
be short on specifics: Exactly when, where, who, how, who to contact,
etc. For example, an email has been circulating in South Africa
recently with a photo of a little girl who has apparently been lost.
There is no date, and absolutely no idea of what part of the country she
was lost from! The email address given does not exist, and the person
referred to at one of the consulting houses does not exist.
good rule is to always go back to the (reputed) original source of the
story: Generally you will find a note explaining it, or will discover
that the reputed source does not exist. For example, in the case of the
American Cancer Society ("For every new person that this is
passed on to The American Cancer Society will donate 3 cents to cancer
research. Please help us. Forward this to everyone you know. Thanks for
helping!! "), go directly to the American Cancer Society to
read their statement. The statement has recently been moved, and can be
found at http://www.cancer.org/eprise/main/docroot/MED/content/MED_6_1_Chain_E-mail
Just because someone has taken the trouble to create a
web page and type up some information does NOT make it true. The
accepted wisdom is similar to that in the legal or medical fields: Get a
Some useful web sites:
F Secure Hoax warnings: http://www.datafellows.com/virus-info/hoax/
AFU and Urban Legends: http://www.urbanlegends.com/
Barbara and David P. Mikkelson's Urban Legends
Reference Pages: http://www.snopes2.com/
US Dept of Energy - Computer Incident Advisory
Vmyths.com: (formerley the Computer Virus Myths
A lovely anti-chain letter was compiled by John Perry
in 1994, and may be found at http://www.perry.com/bizarre/antichn.html
Use at your own risk!
The Curse of a Thousand Chain Letters web site may be
found at http://chainletters.org/
and contains some useful information.
The computer world has spawned a host of
dangerous creatures, with names such as virus, worm, hoax, spam,
…. I will attempt to explain the various types of nasties which
you may come across, and give you some rules for avoiding them. As
with the traditional human diseases, an ounce of prevention is
worth a ton of cure!
Virus is a general term used to
describe a program which can spread from one computer to another.
There are various different kinds of viruses, some more harmful
than others. For example, some of them simply replicate all over
the place doing relatively little damage, while others can cause
you to lose all the data and programs on your computer. But even
if a virus does no damage to your data, the very act of spreading
can cause overloading of computer networks, and hence no virus can
be considered completely harmless.
A worm is a special class of
virus, which exists only in order to spread and multiply. Some of
these are so successful that they completely overload email
systems, causing them to shut down.
To be successful, a virus must be able to spread
rapidly. It is no use if it simply destroys your computer before
it has attempted to spread further: The purpose of all life must
be to spread and multiply. Therefore, all viruses will first and
foremost attempt to replicate themselves, and spread from one
computer to another. Once this has been achieved, the virus may go
on to do other things, such as destroy your data, or simply put up
a message on your screen. The action that the virus takes is
generally referred to as the payload. Often, a virus
will simply sit and wait for a predetermined event, such as a
specific date to be reached, before carrying on to the next step.
In the earlier days, viruses would spread by
attaching themselves to programs, and waiting for the program to
be copied to another computer and then run. Programs would be
transported from computer to computer via floppy disks, so the
speed of transmission would be relatively slow. Today, however, we
are all connected to the internet, and there have already been
cases of extremely virulent programs spreading widely through the
internet within hours of original infection. It is interesting
that new infections generally follow the sun around the earth: If
the original infection occurs, for example in Australia, then it
will appear in Africa and Europe a few hours later, and spread to
the Americas within the next few hours.
In order for a virus to do anything at all, it
must get each computer to execute a program of one sort or
another. Again, in the earlier days, this would be a piece of
machine language code. There are two basic ways in which the code
fragment can get executed. First, it could simply be sent as a
program from one machine to another. It then needs a mechanism to
get it started: This could be by the user executing the program,
or by having the name of the program inserted in an automatic
script of some sort. Another way is for the code fragment to
insert itself into an existing program, so that it is
automatically executed every time that program is run.
So, this leads to the first rule for avoiding
infection: Never execute a program if you are not absolutely
certain that it is not infected.
There is one problem with this rule: How does
one recognise a 'program'? In the earlier days, this meant any
file with an extension of .exe or .com. However, nowadays there
are many kinds of files which can contain executable code of one
sort or another. For example, the following are all possible
carriers of viruses: .arj, .bat, .cab, .dll, .htm, .ocx, .scr,
.vbe, .vbs, to mention just a few.
So a better rule would be: Never open a
file if you are not absolutely sure that it does not carry a
Does this mean that I cannot read any of my
email messages? In most cases simply reading an email message
cannot execute a virus. There have been some exceptions to this
rule, but these have occurred as a result of holes in the email
programs, and software companies have been careful to repair these
as soon as they appear. So we can add another rule to our list: Make
sure that you keep your software up to date, either with the
latest versions, or by applying the patches or updates provided by
the software company.
There are a few types of email messages which
can contain viruses within the actual text of the email message,
but these are unusual. Generally your email program should have
these types disabled, particularly if you have followed the rule
This still leaves us with a problem: We
routinely send attachments of various kinds via the email system.
How is it possible to be sure that we are not opening a file which
could contain a virus? If you are a real computer fundi, (fundus?)
then you may be able to distinguish which files can contain
viruses from those that cannot… However, for most of us it is a
rather hit-or-miss affair.
For example, I could assume that email messages
I receive from people I know are safe, and simply delete or ignore
messages which are received from people I don't know (or don't
know well). The problem with this rule is that some viruses can
take control of your email program, and will send out copies to
everyone in your address book. So the recipients will think it is
a normal message from you, will open the attachment, and bingo!
Another virus pops out.
I could go a step further, and only open
messages which I receive from people whom I really trust, ie:
people who run up to date anti-virus programs. But even this is no
These days, the only really reliable solution is
to install a good anti-virus program on your computer.
There are some good ones available at reasonable prices. (Keep
away from any which are free; These are generally worthless!) It
is important to remember that new viruses come out every day, and
can spread extremely rapidly. So, just installing an anti-virus
program is not enough - You must update it regularly. For
example, the program I use automatically checks for updates every
time I connect to the internet, and if there are any new viruses
then it updates itself automatically. For other anti-virus
programs you may have to initiate the update yourself, in which
case I would recommend doing so every week or two. Usually it is
not the program itself which is changed, but the table of virus
signatures used by the program to detect viruses.
It is worthwhile to also have an
early-warning system, to draw your attention to any really bad new
viruses which might arise. Many corporates now obtain this
information, and distribute it on their internal email system. You
can also subscribe to various free early-warning services, mostly
run by the anti-virus vendors, and receive emails of significant
new viruses as soon as they occur.
So, to summarise the rules:
- Never execute a program
if you are not absolutely certain that it is not infected.
- Never open a file if you are not
absolutely sure that it does not carry a virus.
- Keep your software up to date, either
with the latest versions, or by applying the patches or
updates provided by the software company.
- Install a good anti-virus program on
- Update your anti-virus program and/or
- Subscribe to free early-warning
Can you get infected with
a virus just by browsing a web site?
Until recently this was not considered likely,
but the Nimda virus changed all that. This virus was
found on 18th September 2001, and was the first virus to modify
existing web sites to start offering infected files for download.
Nimda made use of a known vulnerability to get a foothold on a web
site, and added a short script to random web pages which opened a
new window and attempted to download a copy of the virus onto the
user's computer. The vulnerability is easily fixed, but can occur
where the operator of the web server does not maintain all
recommended software updates.
The real danger on the web is that you can
download all sorts of software and other documents from any web
site, and that there is no guarantee that these are clean. So once
again the good advice is to follow the rules above, and you have a
good chance of avoiding problems. Be vigilant above all else!
Should Service Providers
scan all email for viruses?
In the past, Internet Service Providers did not
see this as their responsibility. As it is impossible to guarantee
that no viruses will slip through, ISP's may have wanted to avoid
the possibility of any litigation or criticism, and so did not
make any promises. Also, what if they blocked an infected document
which you urgently required? Again, they could run the risk of
litigation through the very action of blocking a virus, real or
Nowadays however, it makes good sense for your
ISP to scan all email coming through their servers. I notice that
some ISP's have introduced this recently, and I fully support it.
Generally you receive a warning message, so you know who sent the
original infected email and can contact the sender to find out
what it was about.
However, as with all things, there are some
potential problems with this approach:
- If it is not done properly then you may
assume that the ISP is dealing with it on your behalf, and not
be as vigilant as you should be … and still get hit by a
- New viruses can spread extremely rapidly. It
is always possible for a new virus to spread through the
system before the anti-virus tool writers have time to update
the signature files to detect it.
- If you have encrypted your email message or
attachments then the anti-virus scanning program will not be
able to see within it, and will be unable to detect any
viruses. If your messages or data are important enough to
encrypt, then you MUST follow this through by having good
quality anti-virus tools for use after decryption.
So, if your ISP provides this service, you still
need to follow the rules set out above, and continue to be
vigilant. If your ISP does not provide such a service, lobby
them until they do, or change service providers!