advice on viruses

Virus attacks are not an inevitable aspect of using PCs. They are able to happen only because of security flaws in the software on your PC. In this article we outline several barriers you can erect to overcome the flaws and to avoid viruses.

Anti-virus software packages are excellent products but people have come to rely on them to the extent that they take no other precautionery measures. The implicit disadvantage of the AV software approach is that it detects viruses once they have arrived on your PC. The intention is that they will warn you before the virus is able to be executed and will delete it for you. The approach does not block the virus from getting to your PC; nor does it block the security flaws in your PC's software (Windows etc.) which viruses must exploit in order to do their damage.

You need to create a barrier (or barriers) as early on in the "chain" as possible. In theory, if you could stop all viruses from arriving on your PC, you wouldn't need AV software, whilst your PC's software could have any number of security flaws and it wouldn't matter.

In practice, no barrier is perfect so the strategy should be to have several barriers at successive points along the chain. If a barrier is, say, 90% effective that leaves an unacceptable 10% risk. But three such barriers, in succession, will leave you 0.1% at risk, i.e. 99.9% secure. The following categories of barrier start at the beginning of the chain and work forward:-

  1. Stopping viruses from arriving;
  2. Avoiding software security flaws;
  3. Patching security flaws;
  4. Avoiding opening suspicious e-mails;
  5. Using anti-virus software.

Some of these barriers involve software which runs permanently on your PC (or at least whenever you are connected to the Internet). Examples include firewalls, AV software and Web or e-mail filtering tools. Bear this in mind if you have an older PC, because its performance may become noticeably slower.

1. Stopping viruses from arriving

The great majority of viruses arrive hidden in e-mail. An increasing number are hidden in malicious Web pages. And a few more arrive on your PC directly over the Internet.

For e-mail, here are several barriers to help stop viruses arriving:-

Virus-bearing Web sites are becoming more common. Avoid being lured into looking at Web sites you're unsure of, especially those linked from suspect e-mails (and most especially e-mails purporting to come from your bank). Web filtering tools such as WebWasher are primarily designed to block adverts and to stop companies from tracking your browsing habits. But they will also help to guard against viruses.

Windows uses a network protocol which was designed specifically for global networks such as the Internet. Windows links this protocol to another protocol which was intended only for local networks (usually several PCs in a single building). This linkage gives rise to some of the security problems which make firewalls desirable when connecting your PC to the Internet.

Some viruses arrive on your PC directly over the Internet (such as the Blaster and Sasser worms. You can install firewall software to stop them. Firewalls are essential for broadband always-on connections or if you share your files and printer across PCs using a local network. They are highly desirable for other dial-up connections. There is actually an effective firewall in Windows XP but, remarkably, it is switched off by default in XP Home Edition. Using Windows Help, search for "firewall" and learn how to switch it on. If you have installed XP Service Pack 2 (or if you have Windows Vista) the firewall is switched on by default.

2. Avoiding software security flaws

Reduce the use of software known to be flawed. The most important software is that which forms your gateway to the Internet, viz. your Web browser and your e-mail software. Most people use Microsoft software. It's a matter of opinion whether Microsoft's products are inherently prone to flaws (but patches for security flaws appear very frequently). Since Microsoft dominates the market, virus writers seek to exploit its weaknesses far more often than the software of other companies. Also, Microsoft's philosophy is to develop software that is highly integrated. It is arguable that such a policy leads to increased complexity, which in turn leads to the kind of obscure bugs that viruses exploit.

Reduce the use of such software or eliminate it altogether by using alternative products. You probably won't want to use an alternative operating system to MS Windows but there are alternative browsers to MS Internet Explorer and alternative e-mail packages to MS Outlook Express.

This strategy is especially recommended if you believe that monitoring for updates and downloading them is too time-consuming or that you may forget to do it regularly.

Configure your software to make it more secure. For example, Internet Explorer enables you to set and tune different security levels when accessing the Web. For e-mail software, set it (if it lets you) never to open attached files directly but only to save them on your PC.

3. Patching security flaws

Security patches are released very frequently, typically two or three per month for Windows software (and each patch may fix several flaws). It's time-consuming to download them; some of them are quite large and will tie up your Internet connection. It's not easy to tell which patches apply to your particular situation, so you should err on the side of caution and install them if you are not certain. Only the most diligent users are able to keep their patch level fully up to date. Even IT professionals (e.g. people who run servers) are poor at keeping up.

Windows XP users can make use of Windows Update. You can choose four modes of use:-

  1. You can decide when to run Windows Update and which updates to download and install.
  2. You can get Windows Update to advise when updates are available and you can then download and install them as you choose (this is the default).
  3. You can allow Windows Update to download updates automatically but to ask you before installing them.
  4. You can allow Windows Update to download and install updates automatically.

We recommend mode (1) because the Windows Update Web site offers all security updates. Modes (3) and (4) install only critical updates. Security updates that Microsoft deems as non-critical are not installed using these modes.

All four modes of Windows Update require your PC to send information about your system to Microsoft's server so that the applicable updates can be determined. This is itself a potential risk but no breaches of security have been reported to date.

4. Avoiding opening suspicious e-mails

Don't open suspicious e-mail attachments (and preferably don't open the body of the e-mail either). Files attached to e-mails may contain a virus. HTML-formatted e-mails may contain a virus in their body. Some security flaws in e-mail software will cause the software to open the attachment automatically or to fail to detect that the internal format of the attachment is faked. Even without such flaws, if you open a virus-bearing attachment yourself, you will trigger the virus. So be aware that virus writers use "social engineering". The e-mail's title and text may attempt to look plausible and the "From" line may even be spoofed to contain the identity of one of your genuine correspondents. Once you become wise to these tricks, it's much easier to spot e-mails which superficially look genuine but which in fact are just not plausible.

If you hold off from opening the e-mail, your anti-virus software (see below) may jump in and detect the virus. A barrier at this earlier stage, however, is to use e-mail software that attempts to detect junk e-mail (spam), including e-mail with viruses.

Open e-mails in Plain Text format. HTML-formatted e-mails almost always include a Plain Text version. The HTML format may contain a virus. If your e-mail software has the facility, set it to display e-mails in Plain Text format where both formats exist.

5. Using anti-virus software

Note that this barrier is the last in the chain. If you have erected the earlier barriers, your AV software should by now be threatening to go on strike for work. AV software is effective but only if the virus definitions are kept up to date. That's the big disadvantage: new definitions are released at least weekly.

Last word

The anti-virus industry describes many viruses as "blended threats". Syntactic prefers to use the term "multi-warhead" because a single such virus uses several methods to try to attack your PC. In a comparable way, you need to adopt multiple strategies for your defence against viruses, that is, by erecting multiple barriers. If we've succeeded, this article has shown you the way.