Several years ago I heard an industry pundit refer to computer viruses as the electronic equivalent of graffiti. This was annoying but not particularly damaging. I wonder what he thinks now? Last year (1999), encounters with malicious software, computer viruses, worms, & Trojan horse programs resulted in approximately $12.1 billion in damages. Certainly not the electronic equivalent of graffiti, this is better described as the cyber equivalent of a car bomb--destructive, indiscriminate, and costly.

Contrary to what's often portrayed in the movies or on the six o'clock news, malicious software has no magical powers, it won't cause you monitor to burst into flames, or gnaw through your keyboard and bite off your fingers. Computer viruses, Trojan Horse programs, and Worms are simply computer programs. In order for one of them to do damage, some type of programmatic code has to be run.

Threats

Understanding the threats is half the battle in defending against malicious software. So what is a virus? So what is a virus? A worm? A Trojan Horse program?* A hoax?

• Virus. A computer virus is a self-replicating program containing code that explicitly copies itself and that can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus.
• Worm. A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections).
• Trojan Horse. A Trojan Horse is a program that does something undocumented that the programmer intended but that some users would not approve of if they knew about it.
• Hoax. A hoax is warning about a nonexistent, extremely destructive, piece of malware. Hoax warnings are normally distributed as chain letters that ask you to "pass this warning along to everyone you know." Legitimate warnings are not distributed as chain letters and will always include links to the issuer's Website where additional information can be found.

Solutions

How can you defend yourself again malicious software? Regardless of whether you’re a Windows, MacOS or Linux user you should practice Safe Hex.

1. Keep your system patched. Be sure to check for patches or updates for both the operating system and any applications you use at least once a month.
2. Install quality anti-virus and anti-spyware software and keep it up to date.
3. Keep backups of important files. Accidents happen; having backups of your important files makes them easier to recover from.
4. Use strong passwords… A strong password should be at least 8 characters and include letters, numbers, and at least one special character. It should also be easy to remember.
5. Don’t run as Root or Administrator unless you absolutely have to.

In addition to those basic steps you should also:

• Use care when downloading and installing programs.
• Disable file and printer sharing in your computer, particularly when accessing the Internet using cable modems, digital subscriber lines (DSL), or other high-speed connections.
• Use care when reading e-mail with attachments:
  • Never, ever:
    • Open e-mail attachments from someone you don't know.
    • Open e-mail attachments forwarded to you even if they're from someone you know.
    • Open unsolicited or unexpected e-mail attachments until you've confirmed the sender actually meant to send them.
• Do not select the option on web browsers for storing or retaining user name and password.
• Do not disclose personal, financial, or credit card information to little-known or suspect web sites.
• Delete spam and chain e-mail's; do not forward these and do not use the unsubscribe feature.
• Log off the online session and turn off your computer when it is not in use.
• Do not use a computer or a device that cannot be fully trusted.
• Do not use public or Internet café computers to access online financial services accounts or perform financial transactions.
• Ensure your browser supports strong encryption (at least 128-bit). Most browsers now provide this by default.
• Install and use a file encryption program and access controls.
• Broadband users: install and use a hardware firewall/router.

*The definitions of a computer virus, worm, & Trojan horse programs are taken from the comp.virus/Virus-L FAQ by Nick FitzGerald.

Related Links

• Kaspersky AntiVirus
• F-Prot Anti-Virus
• F-Secure Anti-Virus
• NOD32 Anti-Virus
• Sophos AntiVirus