[Owl]   Common Sense Guide to Viruses [Mail Me] [Home]

Search Yahoo!


Viruses: General Advice

Further Details Main Page

Further Details about Viruses & their Prevention

A virus is a programme designed by someone who thinks it's a real laugh to mess up people's computers and waste others' time. Viruses can range from annoying messages on the screen on a certain date to hard drive formatting (i.e. the disk gets wiped clean). They can obviously be very dangerous.

Viruses are normally transmitted by infected documents (for example word processor files), or executable files (such as screensavers). A user must actually "use" the file (i.e. copy, open, execute...), before the virus can infect the user's computer.

Viruses cannot be carried in normal e-mails. The only possible way of introducing a "virus" into an electronic message's text is by using a language called JavaScript. (Note: the rest of this paragraph is more technical... skip it if you don't understand it, it's not important). This is a web programming language that allows designers to, for example, bring up a dialogue box in a browser to ask the user a question. A programmer can design a JavaScript that persistently brings up a new e-mail message window until your system crashes, when you open the e-mail. You just restart the computer, and delete the e-mail. A JavaScript cannot do anything worse than that, unless you say yes to a plethora of dialogue boxes that your e-mail programme will bring up when the script requests the system's permission to access, for example, the hard disk. Quite honestly, anyone who is stupid enough to allow a script in an e-mail from an unknown source access their hard disk either wants to scrap all their data or is mad.

Any e-mail programme that supports the usage of JavaScript in e-mails has the option of disabling it. I would recommend that everyone did so, especially if they have no experience in web programming. All users of Internet Explorer 4.x or Netscape Navigator 4.x are affected by JavaScript enabled e-mail. Other e-mail clients do not support it.

UPDATE: Since this was written it has been discovered that there is a security in Microsoft's Outlook Express e-mail client, which ships with Internet Explorer 5.0x. This allows a malicious person to include an emebedded ActiveX control in an e-mail which can access your computer's file system, and potentially damage it very drastically. Outlook Express does not give any warning of the embedded control. A patch which fixes the vulnerability is available, see http://www.microsoft.com/technet/security/default.asp. The patch will then pop-up a warning telling you that the e-mail contains "unsafe content", and asking you whether you want to run it. Treat this like an attached file, and only choose "Yes" to run it if you are certain you know what it is (it may be a virus, even if it's from someone you know!).

The only way that a real virus can infect your computer is by a file being attached to the e-mail. If you get ANY attached files from unknown sources, don't open them. You can open the e-mail and read it, that won't hurt, but under no circumstances open/save the attached file. Delete the e-mail when you have finished with it. Remember that many viruses are distributed in screensavers that will actually work, but at the same time as protecting your screen format your hard disk. Overall, treat attached files on e-mails as you would a letter bomb by post. Note that some viruses, when they infect a computer, can actually attach themselves to all a user's outgoing messages: therefore, you may get a message from someone you trust, with a virus attached. A good policy to follow is to always tell someone what you've attached to a message.

Any e-mail with the subject "RETURNED OR UNABLE TO DELIVER." (or similar), you should open the message (not necessarily any attachments though), because this will be from your ISP (Internet Service Provider), telling you that one of your e-mails couldn't be delivered, probably because you typed the address wrong (it's not a virus, as many people think!).

IBM, Microsoft, Compaq, AOL, AT&T, CompuServe, and the rest of the computer industry giants have never, and I would say will never, announce virus warnings. If ever you see them associated with this kind of thing, it's a hoax. If it were McAfee or Symantec, it might be more believable, as these are two big virus checker companies, but no one else.

E-mails that say things like "The virus will attach itself to your computer chips and destroy them in a puff of smoke" (or something somewhat less obvious), are complete rubbish. Viruses may sometimes be able to indirectly physically damage your hard disk, but nothing else. Your computer will not go up in smoke, nor will your chips short circuit.

When an e-mail says, "not many people know about this", it's true! The only person who knows about this completely fictional virus at first is the idiot who writes the e-mail in the first place. On behalf of all the I.T. professionals out there, if ever that person reads this, we'd love to wring your neck.

It's a good idea to keep your virus checker up to date: new viruses emerge every day, and consequently to be adequately protected you should get new updates at least every month. Most virus checker companies offer this service free of charge if you buy their products.

Finally, virus e-mails that have a sender's address mentioned in them can easily be disproved much of the time by sending e-mail to the "address". Most of the time you'll get an error e-mail from your ISP saying that they couldn't deliver the message because the address doesn't exist.

Download this document:
Word 97 Document (22 KB)

General Advice on Viruses

Macro Viruses

E-mail Viruses (& Hoaxes)

Notes & Disclaimer