Beware the Stalker!
This is a long page, and will be slow loading on a modem, but if you read it through and follow the instructions, you'll be reasonably safe from Internet Trojans or worms, and still be able to enjoy web content. The images here are in Windows XP. If yours looks different, don't worry. The important stuff is the same.
About Viruses and Scanners
A virus is defined as any code or program that replicates itself. The latest type of virus has been the Trojan or worm. What's particular about these is that they actually turn into a server on your computer, and can send sensitive information to the owner. They can also allow the owner to 'hijack' your computer into a spamming or hacking machine! So, although they may not destroy your data, they SHARE it...all of it! They can also replicate across networks or across the Internet. There's a sneaky new type of Trojan worm virus out, and it infects computers by an unforeseen method. Below you'll learn how to be reasonably safe from these and others. There are some procedures here, none of them difficult, but they will take a little time. They only have to be done once. If you follow what's here, you'll make it very difficult for a Trojan to infect your computer, and if one does, you'll know right away before it has a chance to give up your sensitive information.
A virus scanner is a must-have, but that alone won't keep you safe. In fact, though I always have a couple of virus scanners installed, I don't run the component that's always there and checking every program as it runs-and I haven't been infected with a virus in years. I don't recommend NOT running these components, but if you take certain precautions, it becomes the final and most formidable layer of protection where worms may be involved. Throw in some common sense and you'll stay safe. The NIMDA virus that came out some years back was the first bug that can infect you just by reading a web page unless...
How To Protect Yourself
Just like the 'war against terrorism' is a multifaceted war, so is our war against 'code invasion'. Just as it's good for us to be aware of what's going on, we need to take an active role in protecting our computers and data, and not just depend on programs. Protection consists of three components: The handling of incoming data, the firewall, and the virus scanning. These are outlined below:
1. The Handling of Incoming Data
There is one way probably over 90% of Trojans attack home computers. It is the most widely used service on the Internet, and it was the first component of the Internet. You guessed it, email. I am not familiar enough with anything but Outlook Express to confidently offer you advice, so that is the only email client I will cover.
Outlook Express is tightly bound to Internet Explorer. When you get an email that's in HTML, OE (Outlook Express) is borrowing Internet Explorer's engine to show you that HTML. Anything IE (Internet Explorer) can do with HTML, OE can do. In the case of plain-text messages, OE doesn't need help, and just shows you the message.
There had to be a standard. A single way for a Mac, a Linux, an IBM, any machine to be able to send email to each other and know what the heck it was. ASCII took care of plain text, but what about pictures, sound, programs as attachments, or anything else? Enter MIME (Multipurpose Internet Mail Extensions). MIME is just a single "table" of content types that a program can look at to know what the heck to show you. If the email header says Content-type: text/plain; then it knows it's just plain text. If it says "mime multi-part", it knows there's more than one mime type in there. Maybe some html for a letter, and some JPG for a picture. It will then look for a boundary in the email that looks something like:
...and will know what to do with it. Certain MIME-types run "automatically".
A sound file properly attached to an email will play right away, without you
opening it. Internet Explorer is handling that, not Outlook Express. That's
where these new viruses come in.
These viruses are attaching themselves to email, and reporting themselves as a mime-type that IE would run automatically under normal circumstances. That's where you come in.
The first thing to do with IE is make sure it's set up properly. If you use IE 6, you should be okay, but always check for updates. If you use IE 5 or 5.5, get the patch now!
IE has settings you are about to learn how to manipulate. You can tell IE how to handle anything in a web page. You can set up zones, and even go domain by domain to set up what IE does with the content served to it. But, to keep it simple, here's some guidelines. Note that while setting the items below, you can click on the little help arrow in the upper right, and then click on an item, and some help for that item will come up. It's very handy.
|Click "Tools...Internet Options". Click on the "Advanced" Tab. Scroll way down, and you'll see some settings you want to have the way shown in the image to the right. The most important one for protection is you want to make sure that IE is checking for signatures on downloaded programs. Once that is set, click on the "Security" tab.|
|In the Security window, you see four ZONES. You can set security for different zones. The two most important are "Internet" and "Restricted Sites". "Local Intranet" is self-explanatory, and "Trusted Sites" are pretty much for secure sites with valid certificates. We'll concentrate on the other two. Click on "Internet" at the top to highlight it, and then click on the "Custom Level" button at the bottom.|
| This box lets you tell IE what to do with scripts.
Notice that for Internet Zone, most are set to "prompt" Clicking
on the image on the right will let you see the entire scrolling contents,
and the best way to have them set. If the image comes up real small, just
hold your mouse over it and a resize icon will show. IE 6 may shrink it
If later, some of the prompts bother you, just change them. Pay attention to what the prompt says, and change the setting. You can always reset all the settings to one of the defaults (Medium shown) and go back. You'll notice in the scrolling view that "File Download" is enabled. IE will always prompt you before downloading a file, so that's safe.
| When you're done with all of the above settings, scroll back to the line
that said "Java permissions", and click on "Custom".
Then click on the button at the bottom that says "Java Custom Settings".
You can click on the image to the right to see the full scrolling view of
what's in there, and how to set it all.
Okay, you're almost done! Click OK, and get back to the "Security" Screen.
|Back at the Security screen, select "Restricted Sites" and again click the "Custom Level" button at the bottom. This one is easy. Disable Everything. Under login at the bottom, set to "Prompt for username and password". If you know a bit, and you want to set a couple of things to prompt, that's okay too. But do not enable anything in your restricted zone. Believe me, you won't miss anything. Be sure to click OK, and "OK" your way back out of the IE Internet options.|
Okay, once you've finished setting the IE stuff, open Outlook Express, and click on "Tools", "Options". Click on the "Security" tab. Check in "Restricted sites zone". Also check in "Warn me when other applications try to send mail as me". See the arrows in the image to the right. That's it. Click OK and you're all set. You can enjoy web content, and your Outlook Express is pretty well locked down, but you'll still see pictures attached to email messages.
NOTE: Occasionally you may get prompted by Outlook Express with something like, "Your settings do not allow scripting of ActiveX Controls...", upon opening an email. I get newsletters that sometimes send ActiveX in the email. I choose not to run it. I still get to see the email without a problem. I don't care for ActiveX in my emails. If you choose to run ActiveX from an email, you could be at risk, unless it is from a trusted source.
2. The Firewall
Never confuse price with value. From my personal experience, and from what I've read, I believe that the personal firewall with the best value has a price of zero. A real firewall protects people and things on one side from things (usually fire) on the other. It is a barrier. A firewall on your computer is also a barrier. The difference is that the one on your computer has to let some things in. Most firewalls take this into account. Only one that I know of effectively and simply watches and controls what goes out too. Zone Alarm is a free personal firewall that makes your ports disappear until a program needs to use one. Each time it first sees a program, it asks you if you want to let it access the Internet. For Outlook Express, Internet Explorer, Netscape, and other Internet programs, you obviously say yes and check in the box telling it to remember. That's it.
Sometimes a program wants to "listen for connections" from outside your computer. That's what a web server does. It listens for requests from browsers (like yours) for web pages (like this one) and serves 'em up to you. A server is giving information to a client. That can be controlled but you don't need to be giving information to clients, unless you purposely run a web server or ftp server on your computer. In these cases, Zone Alarm will let you know a program is acting as a server, and you give them permission. That's fine. Some programs like Kazaa ask for server permission. I do not allow it. But, I leave the box unchecked. Maybe next time I do want to share my files on Kazaa, and I'll allow it.
After just a few days, you know what you have running as servers (if any). If all of a sudden one day, a strange program wants to act as a server, you can tell Zone Alarm not to allow it, and you can copy that program name and search for it. You can scan it for a virus, and stop it from sharing your information before it gets a chance. Zone Alarm keeps a list of the programs and what permissions they have, and you can go in there any time and view or change that. You can also look in there to see exactly where a program is on your computer. A note about Zone Alarm: You may want to turn off alerts, as they will bug you some. With alerts turned off, it will still tell you when a program wants to access or serve to the Internet.
Zone Alarm has the "Internet Zone" and the "Local Zone". I would suggest keeping the Internet Zone to high, and the local to medium. Read the help file. It's informative.
When you install Zone Alarm, or right afterwards, be sure to check in the "MailSafe" checkbox. It will quarantine any executable (program or script-type) files that get past Outlook Express.
If there's a website that you need to give some special access to (or a computer on a network or an IP or IP range), you can go into Zone Alarm's options and put that in your "Local Zone".
I am not going to go into the other popular firewalls. I have not seen one that protects you from outbound servers (Trojans) the way Zone Alarm does. I can only recommend installing it. Even with the default options, it gives you excellent protection. Get Zone Alarm HERE. To check your computer's port settings, trust no one but GRC. Why? Because he's not really trying to sell you anything, and he's relatively unbiased.
3. The Virus Scanning
Virus scanners have historically been there to protect from viruses that did things like delete everything on your hard drive while showing you a happy face, or reboot your computer at a certain time, stuff like that. This has changed. There are still some viruses out there that maliciously destroy data, but the main things today are the Trojans. Virus scanners will look for Trojans, and will pretty much clean your computer of them, though many times they don't do it completely, and you will have to read their recommendations for completely removing these bugs, if you get one.
The fact is, viruses have changed and the methods outlined above are the way to beat them, at least for now. The virus scanner is but one part of the scheme, though a very important part. But if you don't have the other two in place, your virus scanner is going to be working overtime, and you have no first defense! Any major virus scanner is good, but I would recommend a second anti-virus program, for Trojans. One good one is called The Cleaner, and is available at MooSoft.Com. The Cleaner is specifically for Trojans, and has components that will monitor your registry and your memory, if you choose to run them. If anything changes your registry (something Trojans like to do), it will tell you immediately. But, it will also sound the alarm if you change your registry through modifying a system setting. I only run them when I suspect a problem. They are, however, very small and unintrusive.
Combining Your Protection
Use common sense. Just remember that an email from someone you don't know with an attachment is probably a virus. But, also remember that Trojans usually send an email to everyone in the address book, so an email from your best friend could be a virus.
If Outlook Express warns me of an attachment, I will save it. Usually Zone Alarm will step in and quarantine it (it just doesn't have a chance!). At that point I'll virus scan the saved, quarantined file. If nothing comes up, I'll open it (the quarantined file) and Zone Alarm will ask me "Do you REALLY want to run this?" No, I don't. I SAVE AS... and it will give it the original file name. I will then scan it again, saved with the original name. If nothing comes up, I'll scan it with The Cleaner. Face it, most people don't get even one program or script a day from people they know, so it's not an inconvenience. And, if you get a script or a program from somebody you don't know, there is a 99.999% chance that it's a virus.
Congratulations! The End!
If you have done everything stated above, you will be about as safe as you can be from Trojans without sacrificing much. Use some common sense and just scan everything you download, regardless of whom it came from, and keep your virus scanners up to date. Computers are fun, and they do a lot for us, but we still have to do for ourselves :)