Beware the Stalker!
This is a long page, and will be slow loading on a modem,
but if you read it through and follow the instructions, you'll be reasonably
safe from Internet Trojans or worms, and still be able to enjoy web content.
The images here are in Windows XP. If yours looks different, don't worry. The
important stuff is the same.
About Viruses and Scanners
A virus is defined as any code or program that replicates itself. The latest type of virus has
been the Trojan or worm. What's particular about these is that they actually
turn into a server on your computer, and can send sensitive information to the
owner. They can also allow the owner to 'hijack' your computer into a spamming
or hacking machine! So, although they may not destroy your data, they SHARE
it...all of it! They can also replicate across networks or across the Internet.
There's a sneaky new type of Trojan worm virus out, and it infects computers
by an unforeseen method. Below you'll learn how to be reasonably safe from these
and others. There are some procedures here, none of them difficult, but they
will take a little time. They only have to be done once. If you follow what's
here, you'll make it very difficult for a Trojan to infect your computer, and
if one does, you'll know right away before it has a chance to give up your sensitive
information.
A virus scanner is a must-have, but that alone won't keep you safe.
In fact, though I always have a couple of virus scanners installed, I don't
run the component that's always there and checking every program as it runs-and
I haven't been infected with a virus in years. I don't recommend
NOT running these components, but if you take certain precautions, it becomes the final and most formidable layer of protection where worms may be involved. Throw in some common sense and you'll stay safe. The NIMDA virus that came out some years back was the first bug that can infect you just by reading a web page
unless...
How To Protect Yourself
Just like the 'war against terrorism' is a multifaceted
war, so is our war against 'code invasion'. Just as it's good for us to be aware
of what's going on, we need to take an active role in protecting our computers
and data, and not just depend on programs. Protection consists of three components:
The handling of incoming data, the firewall, and the virus scanning. These are
outlined below:
1. The Handling of Incoming Data
There is one way probably over 90% of Trojans
attack home computers. It is the most widely used service on the Internet, and
it was the first component of the Internet. You guessed it, email. I am not
familiar enough with anything but Outlook Express to confidently offer you advice,
so that is the only email client I will cover.
Outlook Express is tightly bound to Internet Explorer.
When you get an email that's in HTML, OE (Outlook Express) is borrowing Internet
Explorer's engine to show you that HTML. Anything IE (Internet Explorer) can
do with HTML, OE can do. In the case of plain-text messages, OE doesn't need
help, and just shows you the message.
MIME Types
There had to be a standard. A single way for a Mac,
a Linux, an IBM, any machine to be able to send email to each other and know
what the heck it was. ASCII took care of plain text, but what about pictures,
sound, programs as attachments, or anything else? Enter MIME (Multipurpose Internet
Mail Extensions). MIME is just a single "table" of content types that
a program can look at to know what the heck to show you. If the email header
says Content-type: text/plain; then it knows it's just plain text. If it says
"mime multi-part", it knows there's more than one mime type in there.
Maybe some html for a letter, and some JPG for a picture. It will then look
for a boundary in the email that looks something like:
-----=_NextPart_000_0007_01C173D1.5F7E8210
Content-Type: image/gif;
name="picture.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="picture.gif"
...and will know what to do with it. Certain MIME-types run "automatically".
A sound file properly attached to an email will play right away, without you
opening it. Internet Explorer is handling that, not Outlook Express. That's
where these new viruses come in.
These viruses are attaching themselves to email,
and reporting themselves as a mime-type that IE would run automatically under
normal circumstances. That's where you come in.
Internet Explorer
The first thing to do with IE is make sure it's set
up properly. If you use IE 6, you should be okay, but always check for updates.
If you use IE 5 or 5.5, get
the patch now!
IE has settings you are about to learn how to manipulate.
You can tell IE how to handle anything in a web page. You can set up zones,
and even go domain by domain to set up what IE does with the content served
to it. But, to keep it simple, here's some guidelines. Note that while setting
the items below, you can click on the little help arrow in the upper right,
and then click on an item, and some help for that item will come up. It's very
handy.
| Click "Tools...Internet Options". Click on the "Advanced"
Tab. Scroll way down, and you'll see some settings you want to have the
way shown in the image to the right. The most important one for protection is you want to make sure that IE is checking for signatures
on downloaded programs. Once that is set, click on the "Security"
tab. |
 |
| In the Security window, you see four ZONES. You can set security for different
zones. The two most important are "Internet" and "Restricted
Sites". "Local Intranet" is self-explanatory, and "Trusted
Sites" are pretty much for secure sites with valid certificates. We'll
concentrate on the other two. Click on "Internet" at the top to
highlight it, and then click on the "Custom Level" button at the
bottom. |
 |
This box lets you tell IE what to do with scripts.
Notice that for Internet Zone, most are set to "prompt" Clicking
on the image on the right will let you see the entire scrolling contents,
and the best way to have them set. If the image comes up real small, just
hold your mouse over it and a resize icon will show. IE 6 may shrink it
initially.
If later, some of the prompts bother you, just
change them. Pay attention to what the prompt says, and change the setting.
You can always reset all the settings to one of the defaults (Medium shown)
and go back. You'll notice in the scrolling view that "File Download"
is enabled. IE will always prompt you before downloading a file,
so that's safe. |
 |
When you're done with all of the above settings, scroll back to the line
that said "Java permissions", and click on "Custom".
Then click on the button at the bottom that says "Java Custom Settings".
You can click on the image to the right to see the full scrolling view of
what's in there, and how to set it all.
Okay, you're almost done! Click OK, and get back
to the "Security" Screen. |
 |
| Back at the Security screen, select "Restricted Sites" and again
click the "Custom Level" button at the bottom. This one is easy.
Disable Everything. Under login at the bottom, set to "Prompt
for username and password". If you know a bit, and you want to set
a couple of things to prompt, that's okay too. But do not enable anything
in your restricted zone. Believe me, you won't miss anything. Be sure to
click OK, and "OK" your way back out of the IE Internet options. |
 |
Outlook Express
Okay, once you've finished setting the IE stuff, open Outlook Express, and
click on "Tools", "Options". Click on the "Security"
tab. Check in "Restricted sites zone". Also check in "Warn
me when other applications try to send mail as me". See the arrows
in the image to the right. That's it. Click OK and you're all set. You can
enjoy web content, and your Outlook Express is pretty well locked down,
but you'll still see pictures attached to email messages.
NOTE: Occasionally you may get prompted by Outlook Express with something like, "Your settings do not allow scripting of ActiveX Controls...", upon opening an email. I get newsletters that sometimes send ActiveX in the email. I choose not to run it. I still get to see the email without a problem. I don't care for ActiveX in my emails. If you choose to run ActiveX from an email, you could be at risk, unless it is from a trusted source. |
 |
A note on Chat Clients, such as ICQ, AOL Instant Messenger, and Microsoft
Messenger:. I would be very wary of anything sent to me by a stranger. In ICQ,
I have it set to not even tell me a stranger is sending a file; it just denies
it. A file can be called "picture.jpg.pif" and look like an image to
you, because Windows won't show you the "pif". PIF files are PROGRAMS,
not PICTURES. If you double-click this file, it will run, and I guarantee the
only pictures you'll be seeing are the ones at the virus scanning companys' home
pages, as you frantically try to remove the virus. There are two simple rules.
1. Don't accept downloads from strangers. 2. Virus scan everything you
get through a chat program with at least one virus scanner. I use two. My primary
virus scanner, and The Cleaner, a Trojan-specific virus scanner. On to part two.
2. The Firewall
Never confuse price with value. From my personal experience,
and from what I've read, I believe that the personal firewall with the best
value has a price of zero. A real firewall protects people and things on one
side from things (usually fire) on the other. It is a barrier. A firewall on
your computer is also a barrier. The difference is that the one on your computer
has to let some things in. Most firewalls take this into account. Only one that
I know of effectively and simply watches and controls what goes out too.
Zone Alarm is a free personal firewall that makes your ports disappear until
a program needs to use one. Each time it first sees a program, it asks you if
you want to let it access the Internet. For Outlook Express, Internet Explorer,
Netscape, and other Internet programs, you obviously say yes and check in the
box telling it to remember. That's it.
Servers
Sometimes a program wants to "listen for connections"
from outside your computer. That's what a web server does. It listens for requests
from browsers (like yours) for web pages (like this one) and serves 'em up to
you. A server is giving information to a client. That can be controlled but
you don't need to be giving information to clients, unless you purposely run
a web server or ftp server on your computer. In these cases, Zone Alarm will
let you know a program is acting as a server, and you give them permission.
That's fine. Some programs like Kazaa ask for server permission. I do not allow
it. But, I leave the box unchecked. Maybe next time I do want to share my files
on Kazaa, and I'll allow it.
After just a few days, you know what you have running
as servers (if any). If all of a sudden one day, a strange program wants to
act as a server, you can tell Zone Alarm not to allow it, and you can copy that
program name and search for it. You can scan it for a virus, and stop it from
sharing your information before it gets a chance. Zone Alarm keeps a list of
the programs and what permissions they have, and you can go in there any time
and view or change that. You can also look in there to see exactly where a program
is on your computer. A note about Zone Alarm: You may want to turn off alerts,
as they will bug you some. With alerts turned off, it will still tell you when
a program wants to access or serve to the Internet.
Zone Alarm has the "Internet Zone" and the
"Local Zone". I would suggest keeping the Internet Zone to high, and
the local to medium. Read the help file. It's informative.
When you install Zone Alarm, or right afterwards, be
sure to check in the "MailSafe" checkbox. It will quarantine any executable
(program or script-type) files that get past Outlook Express.
If there's a website that you need to give some
special access to (or a computer on a network or an IP or IP range), you can
go into Zone Alarm's options and put that in your "Local Zone".
I am not going to go into the other popular firewalls.
I have not seen one that protects you from outbound servers (Trojans) the way
Zone Alarm does. I can only recommend installing it. Even with the default options,
it gives you excellent protection. Get Zone Alarm HERE.
To check your computer's port settings, trust no one but GRC.
Why? Because he's not really trying to sell you anything, and he's relatively
unbiased.
3. The Virus Scanning
Virus scanners have historically been there to protect
from viruses that did things like delete everything on your hard drive while
showing you a happy face, or reboot your computer at a certain time, stuff like
that. This has changed. There are still some viruses out there that maliciously
destroy data, but the main things today are the Trojans. Virus scanners will
look for Trojans, and will pretty much clean your computer of them, though many
times they don't do it completely, and you will have to read their recommendations
for completely removing these bugs, if you get one.
The fact is, viruses have changed and the methods
outlined above are the way to beat them, at least for now. The virus scanner
is but one part of the scheme, though a very important part. But if you don't
have the other two in place, your virus scanner is going to be working overtime,
and you have no first defense! Any major virus scanner is good, but I would
recommend a second anti-virus program, for Trojans. One good one is called The
Cleaner, and is available at MooSoft.Com.
The Cleaner is specifically for Trojans, and has components that will monitor
your registry and your memory, if you choose to run them. If anything changes
your registry (something Trojans like to do), it will tell you immediately.
But, it will also sound the alarm if you change your registry through modifying
a system setting. I only run them when I suspect a problem. They are, however, very small and unintrusive.
Combining Your Protection
Use common sense. Just remember that an email
from someone you don't know with an attachment is probably a virus. But, also
remember that Trojans usually send an email to everyone in the address book,
so an email from your best friend could be a virus.
If Outlook Express warns me of
an attachment, I will save it. Usually Zone Alarm will step in and quarantine
it (it just doesn't have a chance!). At that point I'll virus scan the saved,
quarantined file. If nothing comes up, I'll open it (the quarantined file) and
Zone Alarm will ask me "Do you REALLY want to run this?" No, I don't.
I SAVE AS... and it will give it the original file name. I will then scan it
again, saved with the original name. If nothing comes up, I'll scan it with
The Cleaner. Face it, most people don't get even one program or script a day
from people they know, so it's not an inconvenience. And, if you get a script
or a program from somebody you don't know, there is a 99.999% chance that it's
a virus.
Congratulations! The End!
If you have done everything stated above, you will
be about as safe as you can be from Trojans without sacrificing much. Use some common sense and just scan everything you download, regardless of whom it came from, and keep your
virus scanners up to date. Computers are fun, and they do a lot for us, but we
still have to do for ourselves :)
H for TWebMan Home | J for
JavaScripts | M for Make
a Perl Script | P for php