Mon, 27 Aug 2001

Some tips for simple virus problems

By Zatni Arbi

JAKARTA (JP): A good friend from Medan recently told me her ISP had warned her that she had a virus called W95/MTX@M in her outgoing e-mail.

She was asking whether the ISP was really blocking her e-mail or whether it was just a demo. The wording of the warning, made her think that it was more of a marketing message. I agree. The ISP seemed to be offering virus scanning as a value-added service, which is not a bad thing at all given the real threat of virus and worm infection over the Net.

The question is, of course, how effective is it?

When I checked the ISP's website, I learned that they would only scan all e-mail messages and their attachments. They would discard a message or an attached file if they find a virus in it. The problem is, what if the message or the file is important? The intended recipient will never receive it. Obviously, what we would prefer the ISP to do is to sterilize the message and then deliver it to the addressees.

If you have a Yahoo e-mail account and you use it to send files, the attached files will also be scanned by Norton Antivirus.

Better still, the service is free. However, I have found out that it does not work with files created with Lotus WordPro.

Real Time Protection

The best protection against viruses should be a continually updated antivirus program installed in our computers plus a proper system for handling e-mail messages and attachments. We can still receive important messages and files sent to us, but the antivirus program will clean them for us automatically.

Nowadays there are several ways in which we can subscribe to services that protect our computers from these unwelcome intruders.

One of them, which I have mentioned a couple of times in this column in the past, is to subscribe to online virus protection offered by companies such as McAfee (www.mcafee.com).

At the moment, McAfee is offering a two-year subscription to Online VirusScan for US$39.90. You will need a 24-hour access to the Internet to really benefit from the service, though. There are also free services available from other companies. Trend Micro's PC Cilin House Call (www.trendmicro.com), for example, will also check your system remotely. However, as expected from a free service, it does not provide a real-time protection against viruses. What the visiting doctor does is just to detect a virus if it exists on your computer. You will have to kill it yourself. PC Cilin does offer information on the steps that you can try.

AVG Antivirus (www.grisoft.com/html/us_index.cfm) has gone a lot further by offering a free antivirus program. Called AVG 6.0, it offers nice features such as Resident Protection, E-mail Scanner, Scheduled Tests and Free Updates on a monthly basis, Automatic Update and a Virus Vault for keeping infected files contained. AVG also offers commercial services that include unlimited support for this free program.

Besides AVG Antivirus, McAfee and Trend Micro, there are other companies that also make very powerful commercial antivirus programs.

Symantec's Norton Antivirus is usually considered the best (www.symantec.com), but Panda Software (www.pandasoftware.com) also provides an award-winning antivirus program for home and business users.

If you have a virus problem, you can also take advantage of the evaluation version of antivirus products that you may download from the Web. Trend Micro and AVG Antivirus currently offer PC Cilin 2000 for a free trial period of 30 days.

One thing to keep in mind is that once you have chosen a particular antivirus program, you had better stick to it. The PC's performance usually degrades significantly if more than one antivirus program is running at the same time. These antivirus programs consume a lot of memory, too. If you want to switch programs, make sure that the old antivirus program is completely uninstalled before you install the new one.

Another thing about viruses is that a lot of information about them is also available at our disposal. To learn more about this particular virus, for example, we can go to McAfee Virus Information library (http://vil.mcafee.com/default.asp?). Here we can search for information on W95/MTX@M. The comprehensive information even includes the manual steps that you can take to get rid of it -- including deleting the infected files.

Antivirus Best Practices

Some types of computer viruses come into our mailbox and infect our system the moment it appears in the Preview window. This is very sneaky, because we do not have the chance to protect ourselves. What I have done to protect myself is to close the Preview window in my Outlook Express.

The downside is that I cannot immediately see the content of an e-mail message when Outlook Express is running. On the other hand, I now have the chance to check the credibility of each incoming message before double-clicking on it to see what it contains.

To close the Preview window in Outlook Express, click on the View menu item, and then on Layout. In the dialog box, uncheck Show preview pane, and then click OK.

What about dubious attachments? You must always check the names of the attached files. Be extremely careful if the names end with .com, .exe, .txt, .pif, .vbs and .bat. Some virus makers have tricked a lot of victims into believing that they are receiving benign picture files by inserting .jpg or .pic into the filenames, but they still end with .vbs or .exe.

As viruses can also come in document files in the form of macros, how can you protect against them? The best practice is never to open a file unless you are expecting it from the sender. If you receive an attached file that you do not expect, it is a good practice to ask the sender whether he has really sent the file to you. A lot of viruses and worms use our e-mail client program's Address Book to send out e-mail messages completely without our knowledge.

So, a practice that we all should probably adopt is to first inform the recipients that we are about to send them a file before we do it. Better still, we can include the names of the files that we are going to send them. (zatni@cbn.net.id)