Viruses and virus warnings

Q: I've received something that looks like a virus, from jo.schmo@aol.com or even from gibberish@londonfreelance.org. Should I write back complaining?

A: Almost certainly not.

New viruses lie about where they came from. See here.

Q: Has my bank emailed me?

A: No!

It has not. It will not. Nor will ebay nor Amazon nor PayPal ask for any account information in an email... See here.

Q: I've received an email warning about an awful computer virus. Should I send it to everyone I know?

A: (short version): No!

An increasing number of the warnings incite people to damage their own computers. Ignore warnings about phone viruses, too: there aren't any of those.


A: (long version):

Almost all emails warning you about viruses are a waste of space. So much are they a waste of space (and therefore, as Einstein figured out, of time too) that they can themselves be regarded as viruses.

Here's why. It's not short, but understanding what viruses really are about will save you a lot of grief. (Skip to here if you're sure what a virus is.)

What is a computer virus?

A computer virus is a small computer program which:

  1. Attaches itself to other computer files. This means that when the "infected" file is copied to another computer and is run or opened on that computer , the virus can spread by attaching itself to more files... and
  2. Has side-effects: typically, wasting storage space and wasting the computer's "attention"... and
  3. Has a "pay-load" - a bit of the virus program which does things other than copying itself. This may range from the harmless - making your computer announce that it is stoned - to the nasty - erasing your hard disk.

A computer program - whether it's a word-processor program or a virus - is nothing more than a computer file containing a set of instructions telling your computer to do some things, in its own language.

A data file contains your work - an article, a photo, whatever. The point of most programs is to manipulate data files. For more detail see here.

Computer viruses, like biological viruses, are parasitical programs. They cannot do anything by themselves. They depend on the instructions in a "healthy" program or cell. (Don't ask any more, or we'll have to call in the philosophers.)

You may also come across the term Trojan Horse - a complete program which does something quite different from its advertised function. Trojan Horses depend on "marketing" to spread... usually appeals to greed or filthy-mindedness.

By the way, no virus or Trojan Horse does physical damage to your computer - they do only "logical" damage to files.


Where do computer viruses live?

Computer viruses can reach your machine in five distinct ways. In historical sequence, these are:

  1. Attached to a small program which sits on many formatted floppy disks. This is called the "boot sector" program and they are called "boot sector viruses". (The "boot sector program" tells your computer how to start itself up - to pick itself up "by its bootstraps" - from that floppy disk.);
  2. Attached to any program file: word-processor, spreadsheet, photo-manipulation program, whatever - program viruses for short; or
  3. Buried as a so-called "macro" program within certain kinds of data file - mostly Microsoft Word. The notorious-in-early-1999 "Melissa" virus is one of these "macro viruses". A "macro" program is one which is "run" by another program, such as Microsoft Word, which is "run" by your computer (think Russian dolls).
  4. Tagging along as an "attachment" to an email message - most of these are strictly speaking not "viruses", but "trojan horses".
  5. Wandering in through an unprotected always-on internet connection.

How can I "catch" a computer virus?

You catch each of the above kinds of virus in a different way:

  1. By starting your computer up while an infected floppy disk (with a boot sector virus) is in your floppy drive; or
  2. By running a program which is infected by a program virus; or
  3. By opening a document (or other data file) which is infected by a macro virus, in a program which can "run" the macro; or
  4. By viewing an email in a vulnerable program like Microsoft "Outlook Express", or opening an infected attachment file however you received it; or
  5. By running an always-on internet connection without bothering with security. (So Don't Do That, Then.)

It is possible in principle to write a macro virus which infects any one of a wide range of word-processor and spreadsheet programs. There was, in fact, a problem with Trojan Horse macros in the Lotus 1-2-3 spreadsheet in the mid-1980s.

But the only evidence that anyone's bothered to write macro viruses that affect any recent non-Microsoft program is of proof-of-principle efforts, not actual infectious thingies in the wild.

  • You can not catch a computer virus by opening a plain text file (also known as a "plain ASCII file").
  • It's very, very unlikely that you'll catch a computer virus simply by viewing a Web page. All the reports of Web pages doing strange things to people's computers relate to visiting porn pages or sites fencing stolen software. (So don't.)

In 2002 I wrote:

  • You can not catch a computer virus by opening any kind of graphic file (JPG, GIF, TIF etc).

That was of course asking for trouble. As the rest of this text makes clear, many infectious things arrive masquerading as image files. And at the end of 2005 a new beastie entered the menagerie: fake image files that could install viruses on Windows computers by exploiting weaknesses in the Microsoft Windows Picture and Fax Viewer program. See this page from the United States Computer Emergency Readiness Team for notes on disabling this program.


How can I avoid computer viruses?

Never insert a floppy disk without using a condom...

(The first person to complain that their floppy disk drive doesn't like spermicidal lubricant wins a sense of humour.)

Avoiding boot-sector viruses

Boot-sector viruses used to spread rapidly way back when, in the days when starting a computer from a floppy disk was common - either because you couldn't afford a hard disk, or because games programs needed to take total control of computers to run rather than crawl.

But the steps you take to avoid boot-sector viruses are still important, for other reasons. These days, you start a computer from a floppy disk only when something has gone very badly wrong with essential files on your hard disk - like, for example, a bad virus infection - and you need to start your computer from the original "system disk" or from a "rescue disk". This is a floppy disk from which your computer can start up its "operating system" - Win9x, Mac System 8/9/X, or whatever.

  • If your operating system was pre-installed on your computer's hard disk, when you first started it you should have been instructed how to prepare a "system disk" or a "rescue disk" for emergencies.
  • If you got your operating system on a CD-ROM, it is virus-proof.
  • If your computer is an antique and you got your operating system on floppy disks, the one which you can use to re-start your computer in emergency is described as a "system disk" on the printed label.

Back view of floppy disk You should have slid open the little tab which stops your computer writing anything onto your system disks immediately after you made them and before you ever used them. If you hold a floppy disk with the flat slidy bit at the bottom and the round metal bit facing you, this tab is in the top left corner.

If you didn't do this, and/or to be utterly safe, you should check all "foreign" floppy disks using a virus-checker program - see below.

Avoiding program viruses

If you want to do any of these things:

  • run programs from sources which may be infected - delivered on floppy disks or from the Internet
  • go on using the Microsoft Outlook program to read your email
  • go on using the Microsoft Word program to create or edit documents

- or if you suspect you have a virus - then invest in a virus checker program. You run one of these virus checkers to check program files, emails and Word documents viruses, before you ever run or open them.

Programs which you buy from reputable sources on floppy disk or CD-ROM, or which you download from carefully-maintained internet archives, rarely contain viruses. Very rarely, not never.

Some of the commonest virus checker programs are:

Free sample programs are available. You need, however, to get regular updates of information on new viruses to be safe - AVG is still (June 2006) free to home users and highly-rated.

Avoiding macro viruses

If you ever receive Word documents as email attachments or on floppy disk, you can use a modern virus-checker program before opening them.

The simpler thing to do is to reply to the email demanding that they send you plain text, not a Word document. All they have to do is copy the text and paste it into the body of an email.

Where that's not politic, the safest thing to do is to use a "Word viewer program" instead of Word itself. You can download these from the Internet (for only the cost of a one-hour local call if you have a dial-up connection):

Macintosh users will find that the TextEdit program - which is included with the operating system in version OSX - will display Word documents and save simple changes.

The "viewer" program allows you to print the document, and to mark text, copy it to the "clipboard" and paste it into a sensible word processor. It does not allow you to change or edit the document, and it will ignore the blandishments of macro viruses.

In emergency, you can try opening the Word document in Windows Write, Windows Notepad, or SimpleText on the Mac. This is quite safe: these programs simply do not understand the "macro language" that macro viruses are written in, so they can't do any harm. But you will see a great deal of garbage on your screen: the actual text is a page or two down, followed by a lot more garbage. Cut out the garbage and save the good bits, if there are any, as plain text.

Macro viruses have also been found in other Microsoft Office programs. You can download viewer programs for the Excel spreadsheet, etc from:

You may draw the conclusion that using non-Microsoft products where possible is A Good Thing. The NUJ couldn't possibly comment on this.

Avoiding Trojan Horses, worms & other beasties

Never click on the icon for an "email attachment" without thinking. Usual journalistic questions: what, whence, why and who benefits?

Microsoft Windows hides a piece of information which makes that thought easier. So un-hide it:

  • Click the "Start" button
  • Click "Programs"
  • Click "Windows Explorer"*
  • Click on the "View" menu;
  • Click on "Options";
  • Click on "Show all files"; and
  • Clear the checkbox "Hide file extensions for known file types".

* The program may also go by some synonymous name. Mine is called "NT Explorer" and its Options panel looks like this:

NT Explorer Options panel

Why do this? Because Windows uses the "extension" - the dot and three letters at the end of a file name - to tell what kind of file it is; particularly if it is a file which can be run. Be very suspicious indeed of files that now appear to have two extensions; in a 2001 example, kournikova.jpg.vbs. Clearly, it was trying to pretend to be something it wasn't. She's alleged to be crap at tennis, anyway, not that I'd know.

Think particularly hard about files with the following extensions:

  • .com COMmand - a program
  • .exe EXEcutable - a program
  • .bat BATch file - a script that can run programs
  • .vbs Visual Basic Script
  • .dll Dynamic Link Library - a bit of program
  • .pif Program Information File - a link to a program
  • .lnk another kind of LiNK to a program
  • .scr SCReensaver program
  • .    no extension at all: could be anything...

If the attachment is one of these, run it only if you understand why you are expecting a program and what it will do! See here for more information.

The Macintosh computer doesn't make much use of these "extensions", and doesn't hide them. You will see them on files - legitimate or viruses - sent from or intended for Windows machines.

Teaching the unwary to suspect those beasties

If you still run the Internet Explorer Web browser program or the Outlook email program, you must teach them to be more suspicious:

  • Click the "Start" button
  • Click "Programs"
  • Click "Internet Explorer"
  • Click on Internet Options under (often) the Tools menu
  • Click on the Security tab
  • Click on Trusted sites
  • Remove all sites from the trusted list, unless you're absoutely sure you understand why you shouldn't do this
  • Click on OK
  • Click on Internet
  • Click on Custom Level
  • Scroll down to File Download (further down than the illustration below)
  • Click on Disable
  • Make sure that none of the options to do with "ActiveX controls" is set to "Enable" - all should be "Disable" or, if you don't mind being nagged to let over-clever Web sites to do their thing, "Prompt".
  • Click on OK
  • Click on OK

These options will/should affect how Outlook behaves, as well.

MS Internet Explorer options - affect Outlook as well

The final setting in the pictorial example above is me living dangerously. Setting "Script ActiveX controls marked safe for scripting" to "Prompt" produces all sorts of bizarre and annoying prompts - for example whenever you try to fetch an Adobe Acrobat .PDF file from the Web. So I changed over to use the Opera browser instead. It's free to download, very fast, it includes a program for reading email. Later, I changed to use Mozilla (for unrelated technical reasons). I continue to recommend both.


How do I change over from Internet Explorer & Outlook Express?

You do not have to remove these programs. The point is to stop viruses using them - which simply means "disconnecting" them from other programs on your computer.

Download and install Eudora or Opera or Thunderbird as the program you use to read email. Simply stop using Outlook or Outlook Express.

The following example images are from a five-year old version of Opera. The current version will look different but it should not be hard to locate the equivalent questions and type in the right answer.

Your new email program will ask for some technical information. You can copy this from Outlook, thus:

  • Start Outlook, one last time
  • In the menu bar, click on Tools
  • Click on Accounts
  • Click on the name of the email account you are using, then on the Properties button
  • Click on the "Servers" tab
  • You will see something like this:
MS Outlook email server info
  • Write down on a piece of paper the information next to "Incoming mail" and next to "Outgoing mail". Proofread it.

(You could cut and paste to save pencil-lead and proofreading, but if you know how to do that these instructions are probably driving you wild with their completeness.)

If, for example, you decide to use Opera to send and read email in the future:

  • Start Opera
  • In the menu bar, click on E-mail
  • Click on New account...
  • Click on the "Servers" tab
  • You will see something like this:
Opera email server info
  • Fill in the information you just recorded
  • Your "Login" is (almost always) the bit of your email address to the left of the "@" sign
  • Leave the other settings well alone, unless your email service provider tells you otherwise
  • If Outlook tells you that your "Incoming mail server" was an "IMAP" server, apparently you're stuck in some corporate MS-only hell and you're not going to be using Opera to read email. Oh well. Demand that the corporate IT people sort out the problems they created. Get yourself your own email account.
  • Otherwise, send yourself a test message!
  • You don't have to tell anyone you've changed. What you did above is to set up a different program to access the same email account. People will only notice the difference when they don't get viruses from you.
  • If you ever start Outlook again, it will ask you whether to make it your "default mail client". Don't - the whole point is to stop viruses being able to find it as the "default mail client".

Whatever you installed as your email program, now do this:

  • Start Internet Explorer as above
  • Click on Internet Options under (often) the Tools menu
  • Click on the Programs tab
  • Next to "Email", select your email program from the drop-down list; or
  • if your email program isn't shown, select "Hotmail"

You may well want to keep Explorer hanging around, in case you need to use it to visit any annoying websites that discriminate against non-Microsoft products. (By default, Opera "pretends" to these sites that it is Internet Explorer, but they're not always fooled.)

What you have just achieved is to make sure that:

  • So long as you don't use Outlook (Express), viruses can't use it to start Internet Explorer automatically and do damage through the flaws in that;
  • Conversely, neither can viruses use Internet Explorer to start Outlook automatically and do damage through the flaws in that.

How can I avoid passing on viruses?

By preventing infection of your computer.

You can save people to whom you send email a whole lot of trouble by not sending them Word documents.

Instead, send them the plain text. Copy it from the word-processor you use to the "clipboard", and paste it into the body of an email message.

Just the facts, ma'am

If you want to look as though you know how to use email, you may also want to make sure that you send only plain text. That's what email's for, innit?

If you really can't get rid of MS Outlook, do the following:

  • In the Tools menu, select Options
  • Select the Send "pane"
  • Under "Mail sending format", select Plain Text
MS Outlook options

This means you send nice, compact plain text messages with no annoying <FONT FACE="garbage"> stuff in them - and no <SCRIPT SRC="destroy.vbs">.

If you have got rid of Outlook, you'll probably be able to figure out how to do the same in your program.

Sending plain text from other programs

Opera sends (or used to send...) plain text by default. Eudora and Thunderbird also have options to send plain text only. Look in the Tools menus for "Account Settings" or "Options" options.

You can also change the "properties" of email programs' address book entries to send plain text only to the address in question.

See the following comprehensive guide for all known (and some unknown) email programs:


But what if they really need a Word document?

If your client or contact really needs a Word document with layout and fonts, send a so-called "Rich Text Format" file. When you've finished editing it, under the File menu select Save As... and under Save as type select RTF. Then attach the resulting file to your email.

Note - May 2001

It's happened: someone's worked out in principle how to make an RTF file load a .DOT template file which fetches an .HTML file which calls a Microsoft ActiveX plugin which... we don't know, because no-one's done it, yet.

Sending RTF files is still a much, much better idea than sending MS-Word .DOC files. To be safe, go through Word options and preferences turning practically everything off - particularly everything to do with macros. Opening RTF files you receive in a viewer program is still absolutely safe.


What do I do if I've caught a virus?

Don't leap to conclusions. Computer programs (especially the "operating system" programs called Windows) do bizarre things when overstretched or otherwise confused. You may not have a virus at all.

Be calm. More time and data is lost through people panicking at the idea that they have a virus than is ever lost through the direct effects of real viruses.

Run a virus-checker program, and follow the instructions carefully.

Virus-checker programs will offer to remove viruses which they find, and will often succeed. They may also warn you about files which have changed or changed size. More often than not, this is for a perfectly innocent reason, like you playing with the colour scheme in Windows, which changes a file such as WIN.INI or CONFIG\SYSTEM .

You do have a full backup of all your (important) work on floppy disks, or Zip™ disks or writable CD-ROM or tape, don't you?

In fact, it's a good idea to keep several backups. Have at least one week-old backup and one three-month-old on hand at any one time. That way, you are likely to have a copy which predates your infection.

You have kept the original disks of all the programs you use, in a safe place and with the write-protect tabs open if they're on floppy disks - haven't you?

These precautions will come in handy when your computer's internal hard disk starts making genuinely scary motorbike-brakes-on-a-wet-day noises. That's the sound of the so-called "heads" on your hard disk crashing into the magnetic magic stuff and ploughing your files back into the void. You'll recognise it when you hear it, you likely will hear it one day, and it's much more scary than a mere virus.


What about those virus warnings, then?

If you've paid attention to the above, you will already be in a fairly good position to recognise the frightening obfuscations (known in the trade as "technobollocks") which are an essential ingredient of spoof virus warnings.

Another key sign to watch for is an outstandingly authoritative- sounding original source. If you're keen, go to Google and discover for yourself that the alleged organisation has no Web site. If it were an authoritative source on viruses, it would most definitely have a web site and that would come right at the top of the Google list. (This is primarily advice for journalists. Suggesting that you check that your source exists ought to be redundant...)

You should also beware of any message which demands that you copy it to other people. It's a chain letter, whether it's promising riches or threatening doom. Consider this:

  • Actual computer viruses do their harm by wasting human time. They infect programs and Microsoft documents. They are parasitical on these programs and documents, using them to spread to other programs and documents. They may do harm by deleting files - which simply wastes the time it takes you to restore the uninfected backup versions (or to re-do the work if you forgot to back up). They waste much more time in checking whether you really have a virus, and the time it takes to repair the effects of panicking about a virus. Above all, they waste the time it takes patiently to explain what a virus really is.
  • Spoof computer viruses do their harm by wasting human time. They infect human minds. They are parasitical on these minds, using them to spread to other minds (by persuading them to forward emails in large numbers). They waste the time it takes you to forward them, the time it takes the recipients to read and ignore them, and the time it takes to repair the effects of panicking about a virus. Some (like the 2001 sulfnbk.exe and the 2002 jdbgmgr.exe spoofs) persuade recipients to delete actual, useful files. Above all, they waste the time it takes patiently to explain what a virus really is.

If, for example, you receive email warning you about messages with the subject line "Good Times", the warning email itself is the virus. There is no "Good Times" computer-virus; only a mind-virus.

Never, ever, forward such a warning without first checking the authoritative source:

You may also want to read:

For example, some of the spoofs in circulation in late 2000 were:

  • California / WOBBLER
  • Good Times
  • AOL4FREE
  • Win a holiday
  • Bloat
  • JoinTheCrew

Warnings about an "A.I.D.S. email attachment" are hoaxes. There are several actual program-infecting viruses called "AIDS". An actual Trojan Horse called "AOL4FREE", which deletes all files on your hard drive, appeared some months after the hoax warnings. It is rare in the wild and, like any other program virus or Trojan Horse program, will do harm only if you are greedy or distracted enough to run it.


Messages that lie about their origins

Every day londonfreelance.org gets emails from computers announcing that they have failed to deliver junk mail, and worse, which claimed to have been sent from someone@londonfreelance.org - and some of you may have had dodgy messages that claim to come from us. They are lying. The idea is that you think you know where the message comes from, and you click away... How does this happen?

Buddha says: avoid attachments

Anyone who clicked on links in some of those messages would install a nasty virus-like program on their computer. That would read their email address book and send it off to the purveyors of spam and viruses.

If londonfreelance.org is in their address book, it may get picked at random as the false sender of a whole bunch more viruses and/or spam. If you let this happen to you, your contacts may start receiving nasties that claim to come from you.

Various addresses at londonfreelance.org are probably in hundreds or thousands of address books, and some of their owners have clearly clicked thoughtlessly - which is one reason our name is already being taken in vain.

Then in June 2006 we started getting fake emails thus: "Your account has been used to send a large quantity of spam. Click here..." No way!

Getting an anti-virus program and keeping it up to date can help avoid this problem. But you only have to click once on a new virus-like attachment that the program doesn't recognise. Vigilance is still your duty.


Your bank has not emailed you!

An NUJ member contacted us to report that soon after buying from www.amazon.co.uk they received multiple emails starting "Amazon is committed to maintaining a safe environment for its community of customers. To protect the security of your account," and concluding: "To securely confirm your Amazon information please click on the link bellow:"

They didn't click. They were wise.

Those emails were "phishing" attempts: a ruse to try to get us to reveal account details and passwords.

The message had nothing to do with the Amazon purchase. That was a coincidence. Between 12 and 14 June 2006, for example, londonfreelance.org received four such messages claiming to come from three banks - one of which happens to be our bank.

One simple rule deals with phishing attempts: never click on any link in any email that claims to come from any institution that handles your money. Money-handling institutions never send emails requesting (or linking to pages that request) passwords or sensitive information. Not banks, not credit card providers, PayPal, Amazon nor eBay. Never.


What about phone viruses?

All warnings about phone viruses are hoaxes. They exploit a news story in the summer of 2000 about an academic who'd shown that in principle it's possible to write a virus which will infect a so-called WAP phone and no other kind. Equally, it was shown in 2006 that it is in principle it's possible to write a virus or worm that spreads through "BlueTooth" connections between phones, but we have no reports of it actually happening.

If you have a regular mobile phone, relax. There is no known way of writing viruses that infect these. You'd know if it was a WAP phone because you'd be paying extra for the privilege.

There are no accurate reports (October 2002 - nor June 2006) of WAP-phone viri in the wild.

Uh-oh! There was, however, a report (November 2001) from a usually reliable source of bad hackers discovering how to send an SMS message that would lock you out of your phone, if and only if (so far) it's among a certain set of Nokia models. So think before you give your number out to unusually pallid people.


From the CIAC site, March 1999

WARNING!! BEWARE GEEKS BEARING GIFTS!

WARNING! WARNING! WARNING!

IF YOU RECEIVE A GIFT IN THE SHAPE OF A
LARGE WOODEN HORSE DO NOT DOWNLOAD IT!!!!
It is EXTREMELY DESTRUCTIVE and will
overwrite your ENTIRE CITY!

The "gift" is disguised as a large wooden
horse about two stories tall. It tends to
show up outside the city gates and
appears to be abandoned. DO NOT let it
through the gates! It contains hardware
that is incompatible with Trojan
programming, including a crowd of heavily-
armed Greek warriors that will destroy
your army, sack your town, and kill your
women and children.

If you have already received such a gift,
DO NOT OPEN IT! Take it back out of the
city unopened and set fire to it by
the beach.

FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!
[NUJ.LFB home]
Search Help

Contents

What should I do with virus warnings?
What is a computer virus?
Where do computer viruses live?
How can I "catch" a computer virus?
How can I avoid computer viruses?
How do I change over from Internet Explorer & Outlook Express?
How can I avoid passing on viruses?
What do I do if I've caught a virus?
What about those virus warnings, then?
Messages that lie about their origins
Your bank has not emailed you!

© 1999-2006
Mike Holderness ;
moral rights asserted.

Terms & conditions: this advice is provided as is with no warranty of fitness for any particular purpose nor guarantee as to the results of following or of failing to follow it. Liability is specifically disclaimed for damage direct or consequential caused by nuclear strike, civil unrest or its failure to arise when required, acts omissions or failure to exist by deities, computer viruses, the Y2K Bug, or otherwise.

This document is an example of the reason why Tim Berners-Lee and Robert Caillau invented the Web: they got fed up with answering their phone and email and invented a means of saying helpfully "get the answer yourself".

[Site map]

Last modified: 1 July 2006
Send design comments to: web@londonfreelance.org
© 2000-2002-2006 Mike Holderness
[NUJ home]