Prevention is better than cure!

Courtesy of the alt.comp.virus newsgroup participants.
(These "anti-malware" pages are the result of a continuing cooperative effort.)

Translated versions available: Français and in het Nederlands

Anti-Virus Main Menu
Main Menu
Prevention is Better than Cure - Some Tips On Avoiding Viruses
Written by: Andrew J Lee   (AVIEN Founding Member)

With viruses and other malware, it's always better to avoid getting them in the first place, than having to spend time getting rid of them and experiencing the stress of lost data, missed deadlines and in extreme cases your PC having to be taken away and rebuilt.

Many outbreaks of infection could be prevented by following a few simple guidelines.

E-mail

As has recently become well publicized, there are an increasing number of viruses that are carried as attachments to email or are somehow embedded in email. Some have caused major disruption and cost billions of dollars in lost time and revenues. Examples are the W97M/Melissa@MM ("Melissa") virus and more recently the VBS/Loveletter.a ("Loveletter") Internet worm. Others such as JS/Kak ("Kakworm") are not as such destructive, but are a nuisance none the less.

While you may have fortunately escaped these attacks, perhaps due to using non-Microsoft Systems, this does not mean that you will always escape.

If the recent VBS/VBSWG@MM ("Anna Kournikova") virus proved anything, it was that simply having a virus scanner installed is no guarantee of protection against new viruses (or even older ones that have been altered slightly), and these can spread incredibly fast once attached to an email message, and do major damage before the Anti-virus vendors can update their definitions.

Ultimately the best way to prevent a virus infecting your system is to take responsibility for what happens on your PC. If you don't run a virus, then it can't infect your system. This includes things like making sure that your email reader wont kindly run it for you without asking you.
  • Are you expecting to receive a file or email from the person that sent the email?Is it from someone you know - Note that some viruses exploit this by using personal email addresses stored on the infected system so this is not guarantee of safety.Try to check with the sender, that they intentionally sent the file, and try to ascertain what they sent you. Often the sender will not know that the message has come from them if it is indeed a virus.Is it Executable, i.e. does it have the format filename.exe - other common extensions are .vbs, .msi, .pif, .scr.
  • You should also remember that document files such as .dot, .doc, .xls can also contain executable code see the "Macro viruses" Section of this page. (Often viruses arrive with so called "double" extensions e.g. filename.jpg.vbs or filename.txt.exe)
If any of the above conditions are met, then you should be suspicious.

Some recommendations:
  • If it is an executable file, just delete the message. Unless you are expecting a particular program it is not likely to be anything more than a joke or "fun" program. These may appear harmless, but are frequently used to carry viruses and Trojan programs. Just delete the message.
  • Make sure that Macro Protection in your Microsoft Office applications is switched on. Always say "No" if prompted about a macro in a document that you received from the internet or outside source. In general documents do not require macros, you will still be able to read the content.
  • Turn off the preview pane in Outlook / Outlook Express, if you use it, and set the Zone to restricted.
  • Don't use Outlook for Newsgroup reading, get a dedicated Newsreader such as Gravity, Agent or XNews, that will not run malicious content.
  • Do not send Joke or Fun programs in mail, this clogs up our email systems, and increases the risk of spreading viruses and other undesirable programs.

Summary:
  • If in Doubt, delete the message first, and ask questions later. If it was important, the sender can always re-send
  • Don't run executable files that arrive in your email, no matter who they are from, you have no guarantee that it is not a virus or other malware
  • If in Doubt, delete the message. If it was important it can always be resent once you have verified that the sender meant to send it to you. (I know I've said that twice, but that's how important it is.)

Floppy Disks

Infected floppy disks used to be the most common sources of virus infection. The risks multiply significantly when floppy disks are shared between colleagues, or are used at home and at work.

The rule of thumb here is, if you are given a floppy disk, always assume it has not been checked for viruses, and check it before you attempt to use it for working with.

If you are giving files held on a floppy to a colleague, customer, friend or other user, check the disk for viruses first.

If you use a floppy disk at home, check it before you use it at work or someone else's machine and vice versa, this will help to prevent viruses spreading should you get one through this method.

CD-ROM's

With the advent of the writeable CD, the instances of viruses spreading through this medium has increased dramatically. Also in some cases CD's that have come from supposedly reputable sources such as Computer magazines have been found to contain viruses.

Currently most of the common magazines issue a disclaimer to the effect that, while they do check all their distributed CD's are free from viruses at time of manufacture, it is the responsibility of the end user to check that this is the case.

It is worth remembering that new viruses are written all the time, and you do not know how up to date the manufacturers anti-virus software is. If you are in any doubt check it first. The five minutes spent scanning for viruses could save hours trying to get your data back later.

Macro viruses

Microsoft OfficeTM Applications such as Microsoft WordTM, Microsoft ExcelTM and Microsoft OutlookTM all contain Macro Language capability, that is they can store programs (and therefore viruses) within the documents that they create and read.

If you receive a document from an unknown source, say through email, or from someone else, you should always check it for viruses.

Examples of MS OfficeTM Document extension types to look out for are doc, .dot, .xls, .xla, .shs, .mdb.

Note: Although viruses cannot be stored in plain text files like .txt, Microsoft Office TM applications will read the file in it's native format if it has simply been renamed. e.g. document.doc has been renamed to document.txt - this could still contain macro's that will run should they be opened using MS WordTM

Executable Files

File viruses spread by a user running an infected file. With more and more people accessing the internet and downloading files from a multitude of different sources and emailing them all over the place, it can be very hard to keep a check on where files came from.

If you don't know what a file is or where it came from, delete it, but if you do have to run it, don't run it without scanning it for viruses first.
© Copyright 2001 - Andrew J Lee
Reprinted with permission		 Andrew J Lee
AVIEN Founding Member
http://avien.net