advice on viruses

Virus attacks need not be an inevitable aspect of using computers (by which term we include tablets and mobiles). They are able to happen only because of security flaws in the software on your computer. In this article we outline several barriers you can erect to overcome the flaws and to avoid viruses. This list of barriers is by no means comprehensive.

Anti-virus software packages are generally good products but people have come to rely on them to the extent that they take no other precautionery measures. The implicit disadvantage of the AV software approach is that it detects viruses once they have arrived on your computer. The intention is that they will warn you before the virus is able to be executed and will delete it for you. The approach does not block the virus from getting to your computer; nor does it block the security flaws in your computer's software (Windows, iOS, Android etc.) which viruses must exploit in order to do their damage.

You need to create a barrier (or barriers) as early on in the "chain" as possible. In theory, if you could stop all viruses from arriving on your computer, you wouldn't need AV software, whilst your computer's software could have any number of security flaws and it wouldn't matter.

In practice, no barrier is perfect so the strategy should be to have several barriers at successive points along the chain. If a barrier is, say, 90% effective that leaves an unacceptable 10% risk. But three such barriers, in succession, will leave you 0.1% at risk, i.e. 99.9% secure. (This assumes that they are all independent and don't overlap in what they block.) The following categories of barrier start at the beginning of the chain and work forward:-

  1. Stopping viruses from arriving;
  2. Avoiding security-flawed software;
  3. Fixing security flaws;
  4. Avoiding opening suspicious e-mails;
  5. Using anti-virus software.

Some of these barriers involve software which runs permanently on your computer (or at least whenever you are connected to and using the Internet). Examples include firewalls, AV software and Web or e-mail filtering tools. Bear this in mind if you have a less powerful computer, because its performance may become noticeably slower.

1. Stopping viruses from arriving

The majority of viruses arrive hidden in e-mail. Others are hidden in malicious Web pages. And a third category arrive on your computer directly over the Internet.

For e-mail, here are several barriers to help stop viruses arriving:-

  1. Reveal your e-mail address only on a need-to-know basis.
  2. E-mails bearing viruses are a special class of junk e-mail (unwanted e-mail or spam). Some Internet Service Providers offer to screen such e-mail for you. A good spam filter will help to flag up e-mails with virus-bearing links and attachments and also e-mails which try to trick you through "social engineering", e.g. which try to persuade you to phone a number which is allegedly your bank or a software company claiming to warn you that your computer or bank account is at risk.
  3. If you download e-mail to your computer (c.f. using Webmail), software tools such as MailWasher enable you to download e-mails as pure data streams. You can examine them and delete the unwanted e-mails before running your normal e-mail software.

Virus-bearing Web sites are now quite common. Genuine sites may have been hacked and malicious code inserted. Malicious sites may convincingly spoof genuine sites. Avoid being lured into looking at Web sites you're unsure of, especially those linked from suspect e-mails (and most especially e-mails purporting to come from your bank). Web filtering tools are primarily designed to block adverts and to stop companies from tracking your browsing habits. But they will also help to guard against viruses, especially as fraudsters sometimes inject virus-bearing adverts into otherwise genuine sites.

Check that sites that are supposed to be secure and encrypted (with an address starting "https") are indeed genuine. Use your browser's facility to check that the certificate has been issued to the organisation you expect (e.g. your bank).

When using your mobile, be extremely wary of using public Wireless Access Points (WiFi). Never use them for anything sensitive if they have no password (and preferably not even then). A password, when present, is used to encrypt your traffic to and from your mobile so that no-one can eavesdrop on you. That's why the password is sometimes publically displayed: anyone can use the WiFi hotspot but the password is used as an encryption key.

Some viruses arrive on your computer directly over the Internet (such as the Blaster and Sasser worms). You can install firewall software to stop them. Firewalls are absolutely essential. But you are particularly vulnerable if you have a broadband connection (because it is always on) or if you share your files and printer across computers using a local network.

We recommend an excellent and well-known tool for checking that your firewall is fully protecting your computer: Gibson's "Shields Up" firewall checker. Periodically run the "File Sharing" and "Common Ports" services to check that the router's firewall is correctly protecting your computer.

2. Avoiding security-flawed software

Reduce the use of software with a poor track record of security flaws. Virus writers seek to exploit the weaknesses of the most widely used software so a contrarian approach can be a good idea.

The most important software is that which forms your gateway to the Internet, viz. your Web browser and your e-mail software. Many people use Microsoft Windows software. It's a matter of opinion whether Microsoft's products are inherently prone to flaws (but patches for security flaws appear very frequently). Also, Microsoft's philosophy is to develop software that is highly integrated. It is arguable that such a policy leads to increased complexity, which in turn leads to the kind of obscure bugs that viruses exploit.

In addition to Windows, Apple's iOS and Google's Android are widely used operating systems.

You probably won't want to take the big step of using an alternative operating system (other than Linux, there's not much choice). But there are alternative browsers to MS Internet Explorer and alternative e-mail packages.

In association with Web browsers, PDF files and Flash are often used on Web sites and their security flaws are therefore often exploited. If possible, set your browser to run Flash only when you click to allow it (the option may say "Plug-ins: click to play"). Adobe Reader is often used to display PDF files but it has security flaws (and is a hugely bloated program). If you only want to display PDF files and print them and don't need all the advanced features of Adobe Reader, try an alternative PDF program such as Sumatra PDF Reader.

Configure your software to make it more secure. For example, Internet Explorer enables you to set and tune different security levels when accessing the Web. For e-mail software, set it (if it lets you) never to open attached files directly but only to save them on your computer.

3. Fixing security flaws

Check that all your software is up to date. Some software vendors (notably Microsoft) issue separate security patches; other vendors release new versions of their software containing both improvements and security fixes.

Microsoft Update (see below) covers only certain software from Microsoft and not that from other vendors. Secunia is a highly reputed software security company that offers a free tool (for personal use) for checking whether your software is up to date. It can check a wide range of software, from Microsoft and from other vendors. The Personal Software Inspector (PSI) is a downloadable program. We strongly recommend that you run it regularly.

Microsoft Windows security patches are released very frequently, typically several per month (and each patch may fix several flaws). It's time-consuming to download them; some of them are quite large and will tie up your Internet connection. It used to be possible to control the download and installation of patches but, with the latest Windows version, there is no choice.

4. Avoiding opening suspicious e-mails

Don't open suspicious e-mail attachments (and preferably don't open the body of the e-mail either). Files attached to e-mails may contain a virus. HTML-formatted e-mails may contain a virus in their body. Some security flaws in e-mail software will cause the software to open the attachment automatically or to fail to detect that the internal format of the attachment is faked. Even without such flaws, if you open a virus-bearing attachment yourself, you will trigger the virus. So be aware that virus writers use "social engineering". The e-mail's title and text may attempt to look plausible and the "From" line may even be spoofed to contain the identity of one of your genuine correspondents. Once you become wise to these tricks, it's much easier to spot e-mails which superficially look genuine but which in fact are just not plausible.

If you hold off from opening the e-mail, your anti-virus software (see below) may jump in and detect the virus. A barrier at this earlier stage, however, is to use e-mail software that attempts to detect junk e-mail (spam), including e-mail with viruses.

Open e-mails in Plain Text format. HTML-formatted e-mails almost always include a Plain Text version. The HTML format may contain a virus. If your e-mail software has the facility, set it to display e-mails in Plain Text format where both formats exist.

5. Using anti-virus software

Note that this barrier is the last in the chain. If you have erected the earlier barriers, your AV software should by now be threatening to go on strike for work. AV software is effective but only if the virus definitions are kept up to date. That's a big disadvantage: new definitions are released at least weekly and sometimes daily.

Relying on AV software, with its database of virus definitions, is like having a broken window in your house and sitting inside armed with a set of photos of known local criminals. Doesn't it make better sense to fix the broken window?

Last word

The anti-virus industry describes many viruses as "blended threats". Syntactic prefers to use the term "multi-warhead" because a single such virus uses several methods to try to attack your computer. In a comparable way, you need to adopt multiple strategies for your defence against viruses, that is, by erecting multiple barriers – the more the better. If we've succeeded, this article has shown you the way.