Virus guidelines (was: WARNING)
|From:||Lars Henrik Mathiesen <thorinn@...>|
|Date:||Thursday, May 31, 2001, 6:24|
> Date: Thu, 31 May 2001 00:05:06 EDT
> From: Elliott Lash <AL260@...>
> :( :( :( I'm really sorry if I caused you any problems *big fowns*
> you have my permission to do something really bad to me... :( :( (In
> the future, I think I'll try to figure these things out on my own,
> rather than submitting such things to the list..tho I was trying to
> help) again...*sadness* :(
Here's my professional advice.
Whenever you get a virus warning, or see a suspicious email:
If you're running Windows, first check your inbox and outbox --- if
you already have much more mail than usual (which is of course hard to
determine if you subscribe to high-volume lists like this), or there's
tens of mails in the out queue that you didn't put there, take your
machine offline AT ONCE so it doesn't propagate. Turning off the modem
or removing the Ethernet cable is often fastest.
Otherwise, go look it up before doing anything. Let me recommend
Google again as the fastest way of finding most anything on the net. I
just typed "SULFNBK.EXE virus", and the first link was Symantec's page
about the hoax. (If you had to turn off the network, see if you can
find another computer to do it from, that doesn't run a mail program
on boot --- otherwise, try and turn off your own mail program before
reconnecting to check. If it's a real virus, don't stay online until
you get it fixed).
If you do feel that you have to send out warnings, just send a pointer
to a page at some anti-virus site. Don't copy out the instructions,
they might change on the site, or mutate when your mail is resent.
General safety rules:
Install antivirus software if you can afford it. Update the virus
definitions at least once a week, and remember to check the relevant
web page for updated 'engine' versions --- when the virus authors
invent new methods to hide them, it's often not possible to write a
definition that works without extra support code.
Never ever open an attachment anyway, unless you know what it is, why
it was sent to you. Check that it was sent to you specifically. If
it's from someone who normally sends you stuff, check that the text
actually refers to some activity you have together, and is coherent.
Coherency is important now, there's a real virus called Magistr going
round that picks a subject line, a paragraph of text and a file name
from some random file on the sender's hard disk. So even if it uses a
lot of familiar words and spellings, it can still be a virus.
(In fact that's how this SULFNBK.EXE hoax seems to have started:
Someone got Magistr, which disguised itself under that name, but they
didn't identify it correctly. And when antivirus programs didn't find
a virus in that file on uninfected machines (because there wasn't
any), someone else added the 'not a virus until June 1' thing. Which
is nonsense --- if there was such a thing, it wouldn't be spreading
itself until tomorrow. By definition, if it spreads, it's a virus, and
sooner or later it will be detected by antivirus software).
Or alternatively, run FreeBSD like I do. Noone writes viruses for this
platform. (Linux is good too in that respect, but I'm sure someone
will find a way to do it soon. The Mac is also an unpopular target).
Lars Mathiesen (U of Copenhagen CS Dep) <thorinn@...> (Humour NOT marked)