Article I sent to my Newspaper List
Computer Viruses can be stopped and it isn't be very hard to do it. Most all computer viruses are spread as executable email attachments that the victim is tricked into opening and running. Often users of Microsoft Outlook don't even have to run the attachment if they have their setting wrong. But - there are three things that Wibdows users can do to protect themselves from viruses.
First - go to Microsoft Windows Update service (http://windowsupdate.microsoft.com) and install all the latest security patches.
Second - avoid opening email attachments unless you are very sure you know what it is.
And Third - ask your Internet Service Provider (ISP) to block all messages containing Windows attachments that are executable. By blocking all executable attachment your anti-virus software doesn't have to figure out if the attachment is or is not a virus.And - anti-virus software rarely catches the very latest viruses that are going around.
If you do these three thing you should be virus free. And it's a lot easier to prevent a virus than it is to remove one after your computer is already infected.
About the Author:
Marc Perkel is a small internet service provider and contract systems administrator with 23 years of experience in computers and 31 years of experience in electronic systems repair.
Check out the extended section for a letter I sent to a prominent Microsoft official.
This is a letter I emailed to an important executive at Microsoft
This latest virus does not seem to be just going away. It has created a launch platform for the next attack. With a launch platform of millions of computers and attacker would be able to take down the internet. And - any 15 year old super geek could set it off. Or - it can be miltiple viruses from multiple authors all taking advantage of this network of infected computers at the same time.
I want to also point put that all anti-virus software will be useless against this new virus because anti-virus is always at least 2 days behind current viruses and in two days it's to late.
What I'm saying is - in 3 weeks email as we know it may cease to exist. And - we (by "we" I mean "you") should take action to prevent this immediately. You have till 9-11, interesting enough, to act.
The attack can be prevented or at least contained if steps are taken immediately. There are two means that viruses and works spread - by infected email attackments - or directy port to port communication through a vulnerability or - in this case - a back door in already infected computers.
Step 1
---------
As to executable email attachments - Microsoft should issue a worldwide warning encouraging ISPs to block all email with executable attachments. This will stop the spread of all viruses that spread through email - so even if the virus mutates as expected on Sept 10th - there's no way for it to spread. This alert should go out immediately. No later than tomorrow. Step 1 is likely all you will need to do if you can really rally ISPs to join in.
Step 2
---------
Issue a world wide alert encouragimg people to download and install the latest patches for Windows. This should include a television campaign with 30 second commercials showing people how to run Windows Update. If you need to use Windows Update to deploy a fix for this upcoming threat - you want the public to be ready to cooperate. If the public had been educated - the msblaster virus would have had no effect.
Step 3
----------
The risk of direct port to port spreading is less likely but still real. If it's real it would spread like the "msblaster" worm did and that is a far more serious problem. Microsoft need to immediately decompile this virus and determine what it is capable of. Also keep in mind that if the virus can update itself that you have to assume that the update might have this capability. You need to meet with your sharpest people and assess risk and determine countermeasures and put an infastructure in place to deploy the countermeasures should they become necessary.
The problem here is that we are dealing with an unknown threat. So - it's time to look at what can be done with windows update in case of different kinds of threats. I would also encourage you to develop a plan that a work could be cured by attempting to infect a cured computer - the anti-virus virus idea - in case extreme measures are necessary.
Go with what works
------------------------
In the last two weeks millions of computers were compromized by this virus. But - of the computers under my control - not one was infected - and there's a reason for this. Here's what I did:
1) Updates - I went to every windows computer and personally made sure they were updated a few weeks back when the security hole was announced because I anticipated a virus would quickly be developed to exploit this flaw.
2) Firewall - We use a simple NAT firewall. Had there been computers in the office that had been missed - the NAT protected them from the Blaster worm.
3) Executable Attachments - All email messages containing executable attachments are blocked. Besides educating the users not to open executables - showing extentions of well know file types - prohibiting the use of Microsoft Outlook as an email client - my users never had the opportunity to get the virus onto their computer in the first place. Although tens of thousands of virus infected messages were recieved - the users never got a single one of them.
I also had anti virus software on all windows computers - but that had not effect at all on these latest two worms. Point being - anti-virus software can not be relied upon for protection.
The Bottom Line
---------------------
How likely will this happen? My guess is that I will be surprized if it doesn't happen. The opportunity if there - millions of currently infected computers waiting to be exploited by anyone who figures out how to do it first. The temtation is irresistable.
There's only one issue to decised. Does Microsoft want to get the blame for it happening or the credit for preventing it. You have 17 more days. Tick, Tick, Tick ......
Choose wisely.
Marc Perkel
Posted by marc at August 24, 2003 06:11 PM | TrackBack