Infections

Infections (viruses, trojans and worms) are still a problem and are becoming more specialized. Email is currently the most common method viruses use to get around.

• People continue to open email attachments without considering where they might have come from. People click hyperlinks in phishing emails not realizing that businesses don't solve account issues via email.
• People use email programs whose security vulnerabilities haven't been patched.
• People leave the preview option 'on' in Outlook or other email programs.
• Viruses typically use the address book incorporated into Windows to find new destinations to mail themselves to.
• Now viruses are capable of searching for email addresses inside your files.

For all of the above reasons, I limit myself to webmail, where the message and attachments are kept on an online server until I permit otherwise.

Infections don't need to use your email program to send themselves out to other computers - many now have their own compact email programs built in. Viruses have the ability to forge or 'spoof' the 'From' address. So don't bother contacting the person who supposedly sent you the latest infection because it likely did not come from them anyway.

Due to both the unpatched vulnerabilites in web browsers and their add-ons, it is possible to get infected just visiting an infected web site.

Anti-Virus software plays a huge role in the defence against infection, but users often don't use Anti-Virus products the way they were intended. You can turn many of the anti-virus program's features off, or features may not be enabled by default, rendering its existence moot. Having anti-virus software is useless unless you consistently scan your files, your downloads and your email. You must also get the anti-virus signature updates for your program to be able to detect new viruses as they are discovered. Updates are available almost daily in some cases. Remember - an anti-virus program that was only updated 30 days ago will only be able to detect viruses discovered until 30 days ago. Incidentally, the viruses you need to worry about the most are the ones that were discovered most recently, because they are most prevalent 'in the wild'. Do not install more than one anti-virus program on your PC at the same time. You might think you are creating another layer of safety, but in reality 2 programs can interfere with each other.

Some viruses are simply an annoyance - nothing damaging is done to your PC, particularly if the virus is detected before delivering its "payload". In worse cases, the damage can be instant, disabling your Operating System or deleting important personal files. If regular, organized backups have been performed, damage control can be relatively swift and painless. But this assumes you got infected (and detected that infection) since the last backup. Using infected back-up files will just re-infect your PC. That's why you have to scan your backups too. In the worst cases, you may lose very important data and/or have to reinstall your operating system and all of your software from scratch, using known good software. But your backup can give you back your irreplaceable files (documents, pictures, music, etc.).

Some viruses randomly attach a document from your PC before emailing itself off to the next victim. So now not only could you suffer infection, but you could actually be putting your sensitive files at risk and you would not even know it before it's too late - assuming you find out at all. Hopefully this illustrates why it's not really a great idea to keep sensitive data on PCs that have a connection to the Internet. So what do you do with this data? Save it to CD/DVD, to a removeable external hard drive, or put it on a secure cloud service that requires a login to connect.

Viruses hiding in macros or vbs scripts in documents for MS Office applications exist. As a security measure, newer versions of MS Office come configured by default NOT to run macros. In many cases, the unseen damage done by an infection is the enormous workload put on email servers because of the sheer volume of new infected messages created by the virus in an effort to copy itself. This is especially true of a type of infection called a worm, whose only typical goal is to replicate onto as many PCs as fast as possible. Worms do not require any action from you whatsoever to find their way onto your PC, as you will discover if you connect an unpatched Windows PC to the Internet. Worms have taken down some of the world's biggest and most important networks in minutes, in many cases, simply because known Operating System vulnerabilities were never patched through available updates.

So how do you protect yourself from viruses? Here are some of the things I suggest:

• Stop opening unexpected email messages, attachments and hyperlinks, even from people you know. This includes your Internet provider, your bank - anyone!
• Make sure your anti-virus software is updated as often as possible. Make it part of your daily routine, or use its built in auto-update feature if it has one. But don't assume the auto-updates are working - check. If the update is scheduled to run when your computer is off, it's not updating. 
• Regularly scan your files, and configure the anti-virus software to automatically scan your downloads and email.
• Apply all updates for all software on your computer.
• Consider non-Microsoft programs which are less integrated with Windows (such as Thunderbird, Firefox) and stop using the address book integrated into Windows (use a password protected database or spreadsheet instead).

Trojan horses are an effective tool for intruders to use who want access to your PC. Trojans promise / pretend to be one thing when in fact they serve an ulterior motive. A Trojan may be disguised as a useful program while containing hidden malicious functions that exploit the privileges of the user. Trojans can do things the user doesn't want and usually doesn't know is happening because it all occurs in the background. Open your task manager and look at all the processes running in Windows. Do you know what all those processes are for and whether they are legitimate? Maybe it's time to find out. I have lost count of the number of times I have looked at someone's processes and found trojans or some other malicious software operating in the background. By the way, Google is your friend here.

Most Trojans get onto PCs because users are ‘tricked’ into installing them. A Trojan might arrive in an e-mail attachment from a friend, described as a great utility, a screensaver, a cool game, a funny joke or even a fix for a security vulnerability! Consider that infections can automatically email themselves to you and spoof the 'from' address. So just because you receive an attachment from someone you know, doesn't mean it's safe. Quite often the (infected) sender didn't even know the email was sent in the first place, assuming it even came from their PC at all.

Pop quiz: If you receive an email from someone you know and it has an attachment, is it OK to open it? The correct answer is NO!. Even if I'm expecting an attachment from someone, I'll still confirm it before trusting the source. Remember, there's no way for you to tell if the email was generated by a virus or by a person.

Trojans operate with the same privileges as the user (a program often has the same rights to folders and files etc. as you do). Windows has gotten better on this front - the User Access Control feature asks your permission before a program changes your system. But some people turn this safety feature off - bad idea. Therefore Trojans can delete files; send files to another computer; alter files; block your anti-virus program's ability to download updates (OH YES!); install other programs including other Trojan horses or viruses, all while the user is totally unaware. Trojans are the method attackers use to turn computers into 'zombies' or 'bots', which can be remotely organized to participate in Distributed Denial of Service (DDoS) attacks on other computer systems (typically corporate servers). Trojans are also being used to send out spam e-mail. Now that originators of spam are being sought by law enforcement, they try to cover their tracks by using other computers to do the distributing. Now that most internet users have an 'always on' connection, we are easy targets to be used as zombies or bots. This includes ADSL and cable modem connections, as well as high speed government, corporate and university networks.