How many people love you?
by Alan Zisman
(c) 2000. First
published in Vancouver Computes,
July
2000
How many people love you?
No, I?m not really interested in your personal
affairs-- instead, I?m
referring to the recent outbreak of the LoveBug virus. The one
that
came as an e-mail message with the subject line claiming ?I Love You?.
I got an even dozen of those messages, all in a single
day. The highest
number that I?ve heard of was a Vancouver Health Department nurse, who
told me she had received over 120-- ironic, that the health department
was so widely infected.
Receiving a dozen ?I love you? messages caused me no
harm (aside from
a slight deflation of my ego when I realized that they weren?t meant
personally).
That?s because, like many computer users, I?ve learned to be as cynical
of such claims in an e-mail message as I would be if a stranger in a
mall
stopped me to tell me that she loved me.
And like most such attacks, the damage occurs only if
you run the file
attached to the e-mail message. Because such files are specific to a
family
of operating systems, while Mac or Linux users could receive LoveBug
messages,
the attached files would only run on Windows-family computers. Users of
other systems could sit back and enjoy feeling safe. In fact, the vast
majority of viruses are, like the LoveBug, specific to Windows systems.
A cynical attitude, in fact, may be your best
protection from virus
attacks. Don?t believe what you read?those twelve e-mail messages were
not (sigh) real expressions of love. And don?t open unexpected e-mail
attachments,
even if they appear to come in a message from someone you know. A
number
of recent attacks worked by hijacking the e-mail software?s address
book,
sending messages that appear to be legitimately from someone you know.
(My wife, who is an avid mystery reader, subscribed to
the e-mail mailing
list of one of her favourite authors. Soon after, we received a
message,
apparently from him, that included an attachment- Happy99.exe. Why
would
a mystery writer send his readers a file that, if double-clicked, show
fireworks on screen? In fact, that?s the calling card of the Happy99
virus,
another infection that sends itself to addresses in a Microsoft Outlook
address book?and I got to inform a famous writer that he, too, had been
infected. And was spreading it around).
While such attacks have given e-mail attachments a bad
name, most attachments
are harmless. A filename ending in JPG is simply a graphic. But files
with
names ending in EXE or COM are executible files on PC DOS and Windows
systems?they
are programs that will run. Files ending in JS are JavaScript files,
while
endings of VBS indicate VisualBasic Script files?such as the recent
LoveBug.
Unless you?re expecting such files, you?re best off not double-clicking
to run them, at least until you confirm what they are from the sender.
(And if they say, ?It?s a cool display of fireworks?, you should
probably
still leave it alone!)
Get and use an anti-virus program, but realize that no
matter what program
you?re using, it?s only as good as its data files?most antivirus
vendors
update these files monthly or even more often, but that?s no help if
you
haven?t downloaded the update. Symantec?s Norton AntiVirus, for
instance,
lets users know when their virus definitions are more than 15 days old.
But new viruses can spread any time. Having last
week?s virus definitions
won?t protect you against today?s virus. As a registered Norton
AntiVirus
user, I got a warning message about the LoveBug e-mailed to me from
Symantec?right
underneath the dozen infected messages. If I had opened their
attachments,
Symantec?s warning would have come too late.
If you don?t use Windows Scripting, you can remove it,
making your system
immune to attacks by VBS files such as the Love Bug. To do that, go to
the Windows Control Panel, open the Add-Remove Programs icon, and go to
the Windows Setup pane. Double-click on Accessories, and remove the
checkmark
beside ?Windows Scripting Host?. Instant added security.
Since many recent viruses are specific to Microsoft
Outlook, you may
decide to use a different e-mail program, such as Netscape Messenger
(free
with Netscape Communicator) or Qualcomm Eudora (free from
www.eudora.com).
Note that you could still receive the LoveBug, even though you wouldn?t
spread it any further.
As I write this, Microsoft is working on releasing a
security upgrade
for Outlook and Outlook Express users. You can read more about securing
these popular programs at:
http://officeupdate.microsoft.com/2000/articles/out2ksecarticle.htm.
Finally, as with other potential computer dangers, the
best protection
is a recent backup of your vital data.
Just in the past few days (again, as I write this),
the newspapers were
full of headlines about another virus, this one being nicknamed
NewLove.
This one is harder to detect than the original LoveBug. While messages
appear to come from someone you know (once again, hijacking an Outlook
address book), the subject line and the name of the attachment changes
with each message. (A clue is the letters ?FW:? in the subject line,
though
I?m sure a variant will soon appear without that characteristic).
Moreover,
the effects of NewLove?s attachment are more damaging and harder to
repair
than those of the original.
Despite that, I don?t know anyone who has received any
of the new strain.
Fingers crossed. Keep your virus definitions up to date, and stay
cynical.