Never lose data to a virus or script!
Use this simple 4-point protection plan


The Dutch hacker who launched the Anna virus (VBS script) had a point: People really don't learn. It's up to each of us to develop a personal information security strategy--and I have a simple, 4-point plan for doing just that.

If you got hit with Anna, don't feel too bad. I was informed from Microsoft, the maintenance staff was scurrying around pasting red-lettered signs on all the buildings--on the major entrances no less--warning of the virus attack. A spokesperson for that very same Microsoft was happy to mention that people who used Windows Update to download the patch issued last summer were immune to the Anna attack.

I'm not sure what that says about our friends in Redmond--other than they're just like everyone else when it comes to (not) updating their software, even when it can be done almost automatically.

It's been said over and over -- but because so many people still don't seem to get it, and because the only way to really thwart publicity-hungry hackers is by making ourselves immune, let me tell you what you need to do to protect yourself from most any virus (or VBS script) that may come your way:

Step One: Pay attention! I don't open attachments that I'm not expecting, especially if they come from strangers. You shouldn't, either. Common sense here - if you question something (or are unsure), chances are you're probably right with your initial hunch. Don't open it! Delete it.

Step Two: Use Windows Update every week or so to get the most recent security updates and patches. Windows ME fully automates the process, but even done manually (from the icon that's usually near the top of your Win98 start menu), the Windows Update process is pretty painless. I received some copies of the Anna virus, which CAI's InoculateIT (by the way is FREE) happily removed from my incoming e-mails. In fact, I've never suffered a major virus attack. Well, that's an untrue statement. I have received scripts and html code that I either wasn't paying attention to, or wasn't updated on my anti-virus software (see step three below). Another free anti-virus software can be obtained by going to AVG AntiVirus and for Spyware-Terminator-with-Antivirus

Step Three: Virus protection software. It amazes me that about 50 percent of personal computers aren't running virus protection. What are these people thinking? Apparently their data and time have no value, because virus protection is cheap; you can buy it at Wal-Mart, the warehouse stores, and all the office superstores (or as I pointed out in step two, for FREE from CAI).

It's both difficult and easy to choose anti-virus software. There are a number of brands, with CAI's InoculateIT being the best (in my opinion). Other brands include: Symantec's Norton Anti-Virus (NAV) and Network Associates' McAfee, to mention a couple. I use InocualteIT because it's what I've have always used (well, I used McAfee when I was in the Marine Corps - InocluateIT didn't exist way back then). I have friends who say Norton or McAfee is just fine. Indeed, one easy way to choose is to listen to your friends. Alternatively, pick one of the major brands, which have become major for a reason.

Step Four: The best virus protection software can be worthless if you don't update it. It used to be a little difficult to get updated virus definitions. Today it's easy and inexpensive--the software will get them for you. New viruses are discovered almost daily, and while they may not be a threat right now, in six months they could be. Learn the lesson the Dutch hacker got arrested for trying to teach us!

I can't promise 100 percent success. But I do promise this: Follow this 4-step program you'll be 99.9 percent protected against viruses (well, as protected as the current firewall applications allow against Internet attacks, worms, and other troublemakers).



Additional Steps to consider:

1. Disable booting from drive A:. Go into your BIOS setup and disable booting from Drive A:. This will prevent pure boot sector viruses from taking control of your PC.

2. Install the latest software versions and patches. Every new version of software fixes old security holes and provides new protection mechanisms. Get on mailing lists and newsgroups to make sure you get notified of security patches. Lots of Microsoft Internet Information Server (IIS) administrators wish they had done this before the Code Red worm.

3. Rename or delete dangerous executables. Rename (preferred) or delete rarely used executables that can be used by malicious mobile code for harm. These files include: FORMAT.COM, SYS.COM, DEBUG.EXE, REGEDIT.EXE, REGEDT32.EXE, WSCRIPT.EXE, and CSCRIPT.EXE. I like renaming executables instead of deleting them because the files can easily be used again by knowing the new names.

  • Note: Installing new software, upgrades, and patches can reinstall previously missing executables. Computer utilities like Norton Disk Doctor will find renamed files when they are called upon. The newer versions of Windows will often restore protected system files, although there are ways to defeat this behavior depending on the version of Windows you use.

    4. Remove Windows Scripting Host (WSH) file associations. WSH is a Microsoft program used by many types of malicious mobile code. Files ending in .hta, .js, .jse, .vbs, .vbe, .wsh, .wsc, and .wsf should have their opening action re-associated with some harmless program, like NotePad.

  • Note: In Windows 98, open Windows Explorer, choose Tools > Folder Options > File Types, choose the appropriate file extension type, choose Open under Actions > Edit, and change WSCRIPT.EXE to NOTEPAD.EXE.

    5. Make file extensions visible. It is safe to run non-executable file content, such as JPGs, MPGs, GIFs, WAVs, and so on. You just need to make sure they aren't executables in disguise. Most Windows versions will hide known file extensions. Thus, a seemingly innocuously named file, PICTURE.JPG, may really be PICTURE. JPG.EXE. In Windows Explorer, look for the file extension hiding option under Folder Options.

  • Note: Some file extensions, such as .shs (scrap object file) have to be modified in the Windows registry in order to display.

    6. Remove unnecessary programs and services. Most PCs have at least a handful of programs and services running that the user doesn't know about, and, in many cases, doesn't need to know about. Explore the obvious start-up areas (CONFIG.SYS, AUTOEXEC.BAT, CONFIG.NT, AUTOEXEC.NT, WIN.INI, SYSTEM.INI, start-up folders and groups, and the start-up areas in your registry), looking for programs that should not be there. I use MSCONFIG.EXE in the latest versions of Windows and SYSEDIT in older versions for quick looks. In your registry, look under HKEY_LM\Software\Microsoft\Windows\CurrentVersion\Run or Run Services. Delete program entries you are sure you don't need.

  • Note: There are several other areas where autostarting programs can hide in the registry, but the above registry key is the most popular.

    7. Nothing beats a good backup. Make sure important data and programs exist in two places simultaneously. Often, by the time you notice malicious mobile code, the damage is done. A good backup takes away a lot of stress.


    Back to Virus Page
    Back to Tech Page
    Home