Virus Protection: BugBear Aftermath
BugBear has torn through the Internet, helped mainly by its aggressive mass-mailing capability and its exploit of a bug in Internet Explorer. It spread so quickly that many people did not have time to update their virus scanners.
The fact that so many people are continually infected by viruses when everyone and their cat have anti-virus software demonstrates it's not adequate to simply update a virus scanner every few weeks; protecting yourself from threats from the outside requires a combination of approaches.
1. Anti-Virus Updates
Many vendors update their signatures weekly, some more frequently. In particular, Vet and Symantec/Norton update every few days and have very good systems to download only the new updates (AutoDownload and LiveUpdate). There's no reason you shouldn't check for updates every time you are on the Internet. You should also install any anti-virus program updates in addition to the signature updates.
2. Software Updates
Viruses like BugBear exploit bugs in old versions of Internet Explorer, and their effect can be minimised or stopped altogether simply by keeping your web browser and operating system up to date. All versions of Windows, also, contain bugs which help viruses propagate. If you keep your system updated a lot of threats from the outside can't get a foothold.
Microsoft has a terrific site at http://windowsupdate.microsoft.com which identifies your version of Windows and Internet Explorer and suggests the patches you need to download. The most critical updates are listed under "Critical Updates".
Unfortunately the most important updates, such as Internet Explorer 6.0 Service Pack 1, Windows 2000 Service Pack 3 and Windows XP Service Pack 1 are quite large. If you prefer not to download them, we can send them to you on CD for $11. If you are a Cadzow 2000 user, your next CD-ROM update will contain them also.
3. Don't Open Attachments!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
If you can resist the temptation to open suspicious attachments in email you'll save yourself a lot of trouble. How do you know which are suspicious? For a start, by the extension.
Any attachment that ends in: BAT CHM CMD COM CPL EXE JS JSE LNK PIF REG SCR SCT URL VBE VBS WSC WSF or WSH should be regarded as highly suspicious. There aren’t many good reasons why someone would send you files of this type.
Another tip-off is the use of multiple extensions. For example, you may receive an attachment called Letter to Staff.doc.pif. Virus writers want you to think this is a DOC file, but it's actually a PIF file, and if you've been paying attention you would know that PIF files are to be avoided.
Of course, viruses can travel in DOC, XLS and many other formats but the above list are the most common, the most likely to be malicious and in 99.9% of cases you can safely delete them.
Outlook Express 6.0 and Outlook 2000/XP have options to block attachments but they aren't very practical as they tend to block everything, so in many cases you need to rely on identifying and deleting these files yourself.