|
|
By Joyce Winslow(jwins@oregon.uoregon.edu)
By now, most people are aware of the havoc created at some sites by the ILOVEYOU virus, which affected a significant number of public and private computing systems early last May. But some may still be unclear how to protect themselves from similar attacks in the future. This article briefly summarizes common virus hazards and suggests some practical security measures.
In general, a computer virus is a "parasitic" program written intentionally to enter a computer without the user's knowledge or consent. A virus attaches itself to a file or disk boot sector and replicates itself to other files or disks in an effort to spread. Viruses that infect the boot sector of a hard disk are known as boot viruses, whereas program viruses ("worms") infect executable program files (e.g., .vbs, .com, .exe, .sys, and .bin).
The ILOVEYOU virus was the latest, most dramatic, instance of the widespread damage a worm can cause. Worms can take several forms, but typically they come as forwarded email containing an attachment. When the attachment is opened, the worm then installs and executes itself, performing any number of annoying or destructive actions, including sending itself to people in the recipient's email address book and infecting or deleting files.
In addition to irrevocably destroying all files with the extensions .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, and .mp3, the ILOVEYOU virus also changed the Internet Explorer Start Page URL to a page containing an executable virus file. And while the ILOVEYOU virus uses Outlook and Outlook Express to proliferate, users of other email programs are still vulnerable. (Note: The Visual Basic script of the virus is tailored for Microsoft Windows operating systems; Macintosh operating systems were unaffected by the ILOVEYOU virus.)
This virus is pernicious, using Microsoft Outlook and Outlook Express to send itself to everyone in an address book from these programs, and destructively replacing files. The subject line of the infectious email reads "ILOVEYOU," and the message of the email reads "Kindly check the attached LOVELETTER coming from me." The attachment, which contains the destructive Visual Basic script (VBScript), is named "LOVE-LETTER-FOR-YOU.TXT.vbs"
Don't open attachments! This is the number-one rule of safe computing. Don't download files from strangers, and don't open any files at all unless you know the person who sent them, you were expecting that particular file, and you have an up-to-date virus detection program running.
Install an antiviral program and keep it updated. The UO currently has a site license for the Symantec antiviral products, and you can get copies of Norton AntiVirus (NAV) and Symantec Antivirus Mac (SAM) from the CC Public Domain server on UOnet. Other commercial antiviral tools include Virex, Sophos Sweep, F-Prot Professional, and McAfee's VirusScan.
Once you have installed a virus-protection program, download the latest virus definitions from your software provider. Symantec's Norton AntiVirus has a LiveUpdate utility that makes it easy for you to keep your antiviral software up-to-date.
Consider installing a personal security package. A variety of personal security software packages for personal computers is now available. (For a review of some of the firewall software that's currently on the market, see "Personal Security Software Offers Increased PC Protection").
If you have further questions about obtaining or using antiviral programs at the UO, you can contact Microcomputer Services from 9 am to 5 pm, Monday through Friday. Call a consultant at 346-4412, stop by Computing Center Room 202, or email microhelp@oregon.uoregon.edu.
Microcomputer Services also has detailed virus information posted on several of its web pages. For a good overview of viruses and virus protection, see their "Practicing Safe Computing" page at http://micro.uoregon.edu/workshops/virusoutline/ For specific information about the ILOVEYOU virus, see http://micro.uoregon.edu/taintedlove.htm