Computing News & Tech Tips

Wednesday, March 31, 2004

Other Areas of Interest

What's New  |  Main Page  | Word  |  Excel  |  Windows

  Internet Explorer  |  RightFax  PantherCal  GroupWise

Virus Related Information

Protecting Yourself from Viruses

Background Information

The main way that computer viruses are spread today is via email.  More specifically, email attachments.  New viruses are being created and released continually and the updates for the anti-virus software will always lag behind the release of new virus.  As a result there is always some window of opportunity for your computer to become infected if you only rely on anti-virus software to protect your computer.

Tactics used by Viruses/Worms

Self contained mail transfer program

Most of the newer viruses/worms use their own basic email program and not your actual email program.  This way they can easily, and continuously send out copies of itself without the need to access your email program.

Once a computer is infected, the virus/worm searches your computer for email addresses it can use.  It will search for various address book files as well as email addresses located within documents on your computer.  It will then send itself out to these addresses, as well as variants of the addresses it finds. For example, if it finds the address abc@company.com it will use that address plus it will guess at other addresses at company.com by using popular user IDs, and send out messages to address like sue, joe, bob, and jim@company.com.

Spoofing Sender Information

These viruses/worms also pick, at random, one of the addresses it finds and uses that address as the sender address.  So when you get an infected email and it says it came from Jane Doe; in reality it was sent from John Doe's infected computer.  Jane Doe just had the misfortune of having her email address on John Doe's computer along with you.  

This accounts for the automated messages you receive from email systems stating that the message you sent could not be delivered because it contained a virus. For example; If a virus/worm had used your address as the sender address when it sent itself out from an infected computer, the recipient's email system  identifies the infected email and since it has your email address in the from field the recipient's mail system sends you a reply stating that you had sent an infected email.  When it actuality it had come from some other computer.

Another interesting situation that arises with these new viruses/worms is that you can receive a message to you that was from you, yet you never sent the message.  In this case it's a dead giveaway that it's not legitimate and should be deleted.

Protecting Yourself from Viruses

Basic Guidelines

The best means of protecting your computer from viruses is to use extreme caution when handling email attachments.  If it looks somewhat suspicious, it probably is.  A good rule of thumb is not to open attachments unless it is something that you've been expecting.  Even if the email appears to have come from someone you know and trust don't open the attachments unless you've been expecting them.  If you think that the attachment might be legitimate but were not expecting it, you can always call, or send the "sender" an email asking them if they actually sent you something.  It's always better to be safe than sorry.

Viruses and GroupWise

GroupWise Quick Viewer

While there have been viruses/worms that have exploited aspects of the  preview pane in Microsoft Outlook products; there should be no concern in using the GroupWise Quick Viewer as it doesn't use the technology that's being exploited.

Access Denied messages when opening email in GroupWise

Note:  The following only applies when you are opening messages in GroupWise!  It may, or may not apply in other circumstances!

There are a few circumstances (not many) when GroupWise will attempt to write the attached files of a message to a temporary location on your computer when you open  an email message.  If the attachment is infected with known virus McAfee will prevent the file from being written to your computer and inform you by popping up an "access has been denied" window.  If this happens do not be concerned.  Just click the stop button twice to get rid of the access denied window and then delete the offending email.  If the attachment is infected with an unknown virus, McAfee will allow the file to the temporary directory but is not executed until initiated by the user.  So as long as you don't execute the attachment your computer will not get infected.  The temporary files written to your computer are automatically deleted once you close the originating email.

Need More Help

If you're on the BFS network and have any further questions or concerns please contact the Systems Help Desk at x4582 or help@bfs.uwm.edu.