Then stop opening attachments in your e-mail. That should stop most of them.

That used to solve the problem. Not any more. Now it's not just the browser or email attachments that present risks. Just connecting to the internet can get you a worm like blaster. Some would argue that you should not use a Windows PC - which to me is always a bit of a silly argument. I'll use whatever I want to use. (Besides, Apple and Open Source aren't immune. And, if everybody moves over to them they'll become targets of the virus writers).

I'm interested in learning how I can protect my chosen hardware/software from attack. Now that requires not just an anti-virus program but an anti-virus program that keeps up to date. And it doesn't end there. You've got to submit yourself to the (always risky) Windows update on a regular basis. Then you've got to make sure you don't acquire Adware, Spyware etc... which calls for the use of more protection software. Then you want to protect from SPAM so in addition to being cautious about who you give your email address to you also install anti-SPAM software.

This internet is getting ridiculous!

send me spam one more time...and you will have to make sure you don't drop the soap in the shower! :-)

I also got the same machine, good thing it was here in the box when my old one got trashed by scumware I picked up - drive-by download, I *never* download anything. Some of it acts like a worm and the programs multiply like rabbits even though trying to clean up a number of times a day.

I haven't set up email programs yet, have been using ISP mail web-based and I'd just as soon stay with it and download just what I want to my computer - it's POP3 mail.

Yahoo mail (different with ISP, but others are still protected) - not one virus and 99.999% of spam mail is filtered out. I have gotten SO tired of filthy, messy spam-ridden mail with virus notices coming through, I'm enjoying the freedom from it 100% - and I can access any of the accounts in a second right from the toolbar.

Face it nearly all (99.99+%) infect only Windows machines.

Face it nearly all (99.99+%) infect only Windows machines.

When the fifty million different flavours of Linux get their act together, consolidate, and present a credible mainstream alternative then it'll be worth the time and effort for virus writers to target Linux. At present they can't be bothered because the user base is so inconsequential.

[edited by: Macro at 4:10 pm (utc) on June 20, 2004]

When I set up clients and friends I do the following:

1. Install and fully update, using manual updating of av software, like norton, click liveupdate, reboot, continue process until you get 'all features are now updated' type message, this usually takes 3-5 liveupdate/reboot sequences. It's amazing how many people skip this simple setup step, thinking that av software works out of the box.
2. Set to update automatically after that in settings.
3. In email viewer, disable preview pane (like in Outlook express). Some attachments can be triggered by simply viewing the email, and if a virus comes into your machine, and it's the top of the incoming list, with preview pane enabled, you now have a virus.
4. Explain that av software is not perfect, there is always a 2-5 day lag between a new virus and the updated protection.
5. With this in mind, explain that you can never open an email with an attachment for any reason if you do not know the sender.
6. Explain that viri frequently use an infected machine's address book to use as sender information. Because of this, if you did not request or expect an attachment from someone, assume it may be a virus.
My favorite is when a client forwarded me an email with an attachment and said it wouldn't open. Of course it opened fine, I explained to them that they had now installed a virus on their system.
7. Make sure that you have paid for your av subscription. It's amazing how many people think that antivirus software by itself does anything, explain that it's the virus definitions, not the software running them, that is what protects you.
8. Do a weekly antivirus scan, if you have a decently fast machine this can run while you are using the pc.
9. If virus found type alerts bug you, turn that feature off and just make sure your virus logfiles are set to a very large, preferably maximum size, so you know what viruses have been found.
10. Setup at least a software firewall like zonealarm, don't use windows xp firewall since I believe it does not protect against outgoing requests. This will provide some protection against a virus trying to contact its masters.
11. Ideally also have a real hardware fire wall like a router.
12. As noted, encourage users to not use IE, move them to firefox or opera, although I haven't see this as a real problem mainly because most users don't visit malignant sites as a rule.
13. Explain that spam and viri are very closely related. Never open any piece of spam for any reason, and never click on any link in any piece of spam for any reason. Many 'spam' emails contain images etc that are actually scripts running on bad sites.

After these steps have been taken care of, I've found that infections have plummetted to almost zero, even with absolutely hopeless cases.

99.99+% infect Windows machines because 99.99+% of people use Windows

numbers are more like 3% mac, 0.25% linux, and the rest windows flavors.

Several large European city governments are switching to Linux, so don't count on those numbers staying there forever.

The key advantage with *nix type OS's is that they don't let you work with 'adminstrative' or 'power user' proviliges like Windows NT/XP os's force you to do. It's virtually impossible for a standard user to work on a windows machine without giving them administrative priviliges, you can't even do av updates in standard user mode.

*nix type systems only give the kind of rights viri need to install themselves in the root user mode, it's that, and not numbers, that makes that setup inherently more secure from what I understand.

With all due respect because I love that bunch dearly, the antivirus world is made up of very technically savvy people - aka geeks. The number one problem with the tech-savvy crowd is that they simply can't understand that the average user doesn't have the technical skills, comprehension and ability to be able to use other than Windows, nor are the overwhelming majority capable of acquiring those skills.

The public is being victimized by a criminal element out there, and just like out in the real world there's no way to stop the criminals, you just have to put bars on windows or live in locked, gated security buildings.

That's why if you want to protect someone from infections, you need to explain to them the above. I've found that this works quite well for standard, non tech savy users, it takes a while to get the message that you can absolutely not trust any unsolicited email ever for any reason, since most people tend to live in a world that's much less cynical and sleazy than the web world is, so it's simply hard for them to grasp that people actually can be this vile and disgusting. Almost restores one's faith in human nature :)

[edited by: isitreal at 4:44 pm (utc) on June 20, 2004]

I don't work for an AV company but maybe there should be a sort of minimum qualification/training before these elements are allowed on the 'net ;)

100% absolutely agreed on that itisreal, it's almost incomprehensible. It's getting more disheartening and disillusioning every day that goes by.

>>Almost restores one's faith in human nature

Personally, it's almost to the point of driving me away it's escalating so badly and so rapidly. There's a huge craving for the decency I'm accustomed to in the offline world.

That said, I do have the boxed version of Red Hat 9, I spent two nights up this week reading the manual that comes with it, and there just isn't the time it would take to get into it. Meantime, I'm ordering a CD of Damn Small Linux to have a look because it runs from the CD, but other than that I have to pass in deference to keeping up with what *has* to be done.

Right now the safest alternative I've seen without any hassles is using the web based 'til a better alternative comes along.

Added:
>>some users are idiots
I know, I know. :)

[edited by: Marcia at 4:52 pm (utc) on June 20, 2004]

Aptget, or the thing SUSE uses, can't remember what it's called are reviewed as much better, though I think there is an rpm package that lets you use aptget if I remember right.

The SUSE distro was the one tested and accepted in I think Munich, and is the distro getting most hardcore desktop development with IBM and Novell, Redhat has stopped official desktop development, opting for server stuff.

However, with this said, I get very few viri, I think I've had one actual infection this year. Never putting any real email address on the web helps a lot, rotating the email addresses you have to have up helps a lot, dumping infected ones helps, having a friends only email address helps a lot.

<added>I thought I would have switched to linux this year, I've promised myself that windows 2000 is the last windows os I'll use as my development OS, XP is a joke to me, have it and hate it. But Linux desktop just isn't happening like it should be, it's getting too bloated, far too slow, redhat 8 ran pathetically slowly on my test installation, same installation I have w2k on, sometimes by a factor of 10 times or more slowly, some stuff is ok, but a lot of it is just not ready yet. Hopefully the gnome and kde projects will take a close look at what firefox is doing, cleaning up code, stopping new features, speeding up execution, making code more efficient. Those desktops have to do this very soon.

There's a huge craving for the decency I'm accustomed to in the offline world.

WebmasterWorld does a pretty decent job at trying to achieve that goal I have to say.

....submit yourself to the (always risky) Windows update....

Y'know, I've been a (like this is a surprise) windows user since maybe 1985 or 86. I've always religiously updated EVERY windows version I've used. I've NEVER ONCE in all those years had a problem CREATED by using the updates provided by windows.

This covers the gamut of my machines, from the original 8086 with dos 2.0 which I eventually bought windows 3.0 for (um. yeah. buggier than an anthill....), then upgraded to 3.1, to the 286 with win 95 that I tweaked n twitched to run decently for 6 years before I got a comcrap (NEVER again....), to the home-built pieces-parts machine that included some of the comcrap peripherals and is still my test machine, to the "new" one I bought 12/02.... and including my used 1997 IBM ThinkPad laptop....

I just don't have the problems some of you do. Wonder why?

[Caveat: I'm probably the ONLY PERSON IN THE WORLD who also never has to patch games to make them work.... anyone here remember the horror stories of Undermountain, or the mid-years Ultimas?]

Don't believe me? Feel free to come along here and take a look....

[Caveat 2: I AM having a problem with Throne of Bhaal - absolutely refuses to work with XP. *shrug* Oh well, one out of a hundred....]

The size of the problem seems to be causing many users to become a lot more conscious of the malevolent nature of unsolicited e-mail and it's taking a lot of the fun out of the internet for all of us.

Good luck with your new machine.

Cheers,

SB

view source

But you can get "preachy" about it ..to everyone you know who has a computer ...

Maybe we should start a"what to do and not to do in security" thread ..or even a whole forum area with s ubdivides for M$ and 'nix etc ..apache , fr*ntp*ge ( cleaned my hands when I typed that ) servers...Not an exploit list but some basic area ..nothing to help the still active hackers and the wanabee script kiddies but a check list and advice zone ....?

14. If you get a suspect email, or an email from a 'friend' with an unexpected attachment, view the source. In Outlook express, you do this by:

right click on email
select properties
select 'details' tab
click message source button
expand ensuing window to make it big enough to actually read the email.

MS could have made this harder to do, but I guess they were satisfied since they have now successfully prevented 99+% of all users from ever figuring that out...

Why there is not a receive emails in text only option on these email clients is beyond me, that would eliminate almost all spam and virus problems, why is that feature virtually taboo? They have it for email sending format, but not receiving

Now the next question i have always wondered - why don't these people get locked up? Well i guess lots of them are found and then offered jobs by the AV companies, to work for the other side. Also i bet lots of these scumbags are spotty kids who are too young to be locked up. And obviously many operate in far away places so it makes it harder to nail them. But viruses and SPAM will continue to plague us all until the authorities get off their fat hairy holes and really deal with these people. Agreed?

Tim

The most important protection is a firewall. I bought a brand-new Netgear hardware router with an integrated firewall a couple of weeks ago, and it cost me $40 (Canadian). That's seriously cheap for such an important piece of equipment. If you're using high-speed internet access via DSL or cable, or if you're connecting with multiple machines on a network, then a router is the best protection around - far better than the awful Norton Internet Security, and far more effective than other software-only firewalls. What's more, with a separate device, your computer's resources are not being used up by the firewall software. Hook it all up, then go over to the excellent grc.com (the guy who runs that site is paranoid about security) and use the Shields Up utility. If everything is working correctly, all your computer's ports will be marked either "closed" (good) or "stealth" (even better!).

After that, as others have mentioned, you should consider using a browser other than Internet Explorer, and an email client other than Outlook Express. Personally, I like the Mozilla suite, but there's a good choice out there.

If you must use Outlook Express, switch off the preview pane and never click on strange attachments. If you must use IE, disactivate all ActiveX for all sites other than ones you've selected to put in the Trusted Zone. That should include Windows Update, and perhaps a few others only if really neccessary. Run as a normal user, and only log in as Administrator for installing software or if forced to.

Finally, don't install programs such as Kazaa, or any downloaded "free" program unless you are absolutely sure of the source of the program and you trust the website and program authors.

The following thread is about Windows servers but much of it can be applied to Windows desktop machines:

[webmasterworld.com...]

Of course, I run Linux ;)

And I will do my updates and patches like a zombie, without any second thoughts allowing my machine to report to the master.

And then I will suddenly feel assured until the next wave of flaws and exploits starts appearing.

What happen to those DOS days when we have so much more control.

Some of the trojaned microsoft machines has been infected for months and they *are still infected*.

One of them is my client's machine and I did not even realise that his machine is infected until I look at the log on the router stating hundreds of connections from his machine to random nodes on the Internet.

Really difficult to tell other than a 'slow' Internet speed.

1) Good firewall. Hardware if you can afford it, software (zonealarm) if you cannot. I use a hardware firewall (SOHOIII) to protect against incoming threats, and ZoneAlarm to protect against outgoing threats.
2) Good antivirus software. Norton, mcafee, etc are good. Anyone who has a system attached to the internet without a good antivirus program is living on borrowed time. Ensure the updates run automatically once a week (min).
3) Make sure you update your windows with windows update regularly.
4) If you use outlook, make sure the outlook security patch is installed. This ensures you cannot open executable attachments. (also ensures your HTML email is displayed in restricted zone).
5) "Push" your email through a service like spamcop.net. This removes most spam, and does a good virus scan as well. You can forward your email to a spamcop account, then pick it up via pop server.
6) Disable the messenger and alerter services on windows.
7) This one is harder on users, but I set the internet zone to high security, then add sites I trust to the trusted zone. Teaching your average user to do this is a real pain, though.
8) Install a good adware scanner and run it either automatically or occasionally. Delete everything it finds.
9) Make good backups on at least a weekly basis. At the very least, ensure your DATA is backed up to CD-RW or something similar.
10) Do not install any P2P software, and if you do have it installed currently, then you may want to reformat your hard drive and reinstall from CD. Sounds like a pain, I know, but these things are virus funnels.
11) Subscribe to the antivirus newsletters at from Symantec, mcafee, microtrend and cert. Review whatever comes in from these.

Current consensus in the antivirus world is that users are now the number one problem in antivirus protection.

Wrong. Completely and utterly wrong. The number one problem in antivirus protection is the criminals who create the viruses in the first place.

I've NEVER ONCE in all those years had a problem CREATED by using the updates provided by windows.

I manage a windows shop for a major multi-billion dollar company. We update religiously, and have for years, and never once has an update caused a problem. Over 5,000 machines, updated a dozen times a year.

I've found educating about the virus and how it works is much easier to do, sort of the 'teach a man how to fish and he'll feed himself' type deal.

With reasonably careful treatment of emails and attachments, not visiting hacker sites etc, running occasional malware scans, I've found that virus and trojan related issues simply aren't that big a deal for average users on small networks or home systems, not nearly like they are made out to be by highly security conscious networking professionals, assuming you follow the basic security requirements.

My comments on consensus of main problem source was taken from various av sites, securityfocus, theregister, can't remember the links, I've read that many times in the last year or two, it's referencing the rapid spread of viruses, and how to stop it.

Of course if no viruses are created there is no virus problem, that goes without saying, but that's not something that's going to happen, especially now that virus writers, spammers, and probably various mafias have gotten involved in that end of things.

Richard

The main problem I've found is that 2-5 day delay between a virus release and the antivirus update being installed on the machines. Assuming decent quality av like norton, macafee (neither of which I like at all due to various annoying unfixed problems), or maybe kasparsky (? never tried it) that is being updated, it's this several day window that usually contributes to the massive spread, since during that time no machine anywhere is protected, and it's that lack of protection that contributes to the huge success, and virtually overnite proliferation, of viruses like klez.

Personally I don't bother with most windows updates on my home machines, I do them now and then, but consider them a very low priority, I might do a malware scan maybe 1-2 time a year. On the small office networks I have them do all service packs and security patches, but that's just because I don't trust them to not open viruses or get trojans. If I could find an email client that let me turn off all html viewing of incoming emails that worked a bit more nicely than pine, I'd switch.

1) Don't use IE. Instead, I have them using Mozilla. IE makes it too easy for malware to automatically install itself.

2) Don't use Outlook or Outlook Express. Instead, I have them use Mozilla Mail. You can get a virus through either without even opening an attachment.

3) Get a real firewall. I have a separate box that does dial-out, instead of having the modem in their machine. Don't use a software firewall, since it is too easy for malware to turn it off.

If I had to pick the absolute top things, it's to get users to turn off the preview pane in their client, and stop opening attachments, and read source code of suspicious emails from people you know (which is why the lack of a simply 'view source code' button, or a 'receive all email in text mode' check option makes continuing virus spreading a certainty).

I agree these are good things to do. But they require constant work. Forget once and you may be zapped. I suggested what I did because it's automatic once done. The outlook security patch will prevent ALL email born viruses. Antivirus will handle a lot, including those from web pages. Spamcop.net will strip out the spam and the viruses (most of them) and the firewall will prevent welchia-type viruses.

I have a separate box that does dial-out, instead of having the modem in their machine.

Yes it's not a good idea to have a working modem on a machine anymore on a permanent basis. Some of the malware installs dialers which will use a modem to pump up 900 number charges. I would suggest that the phone line be unplugged until and unless needed, esp if the modem is just a backup for a DSL or cable connection.

The outlook security patch will prevent ALL email born viruses.

I suspect that comments like this are making virus writers around the world at least smile, if not burst out laughing hysterically. Sort of like the IE security patch that recently was revealed to require its own security patch, critical... or why I decided to stop doing networking stuff this year except for one old client.

I suspect that comments like this are making virus writers around the world at least smile, if not burst out laughing hysterically.

Actually, it works very well. Prevents automatic sending. Prevents opening executables. Puts HTML emails in restricted zone. An excellent patch. The additional patch that came later was because the original patch was TOO tight and needed to be loosened for corporate users.