It seems like every week, a new virus scare hits the media. They'll bog down your system, or they'll destroy it utterly. They'll propagate themselves through your email address book and infect your friends. Your email is constantly receiving a deluge of panicked warnings from your ISP, you family, coworkers, newsgroups, etc. They all caution you "Whatever you do, don't open this!!" Now you're so frightened, you begin to wonder if it wouldn't be a better idea to pack the computer in the box it came in, and take up crochet.

Savvy computer geeks are unperturbed, however. There are only a few ways that an email virus can infect your system, and by exercising a bit of prudence, you can feel immortal, and laugh at the panicked hordes when the next scare comes about.

Infection Method

In order to acquire a virus through your email, you have to receive and open an attachment. That's because the rest of your email message is simply ASCII text, and your computer will not process any malignant code as if it were code, but will turn it into letters and numbers, which would look like gibberish and accomplish nothing. It is only through an accompanying attachment that a virus can be introduced. The attachment will be a regular binary file, which will be processed according to its extension¹ when opened.

Most types of files are completely innocuous, depending on what that file type is meant to do. For instance, you couldn't spread a virus in a picture file (.jpg, .gif), a movie file (.mpeg, .mpg, .mov), or a sound file (.mid, .wav, .mp3) because those types of files will only spawn viewing or listening programs, which will then attempt to display the video or play the sound. The program controls the cpu, and the file is treated as data, just as the text is in your email reader.

Therefore, it is important to know which kinds of files can be dangerous...

Data and Programs

There are hosts of file extensions, and new ones coming out all the time, as people discover new ways to encode and compress information, so learning them all would be impossible. However, all file types can be classified as either data or a program. A program is a file that contains instruction codes for the cpu. A data file is simply information, which has to be processed by a program for you to understand it.

In order to be harmful, a virus has to execute cpu instructions. Therefore, anything that is just data cannot be harmful, because data files don't execute anything. Sounds, pictures, and movies are all examples of data files, and are completely harmless. Program files can carry viruses. The easiest way to determine if something is data or a program is to ask yourself if that file can do what it is meant to do by itself (discounting the operating system), or if it requires seperate software to do it. Sounds cannot play themselves, but shareware games can.

Common Virus Carriers

.EXE, .COM, .BAT:These file types will be recognized by your operating system as programs. As such, they are granted control over your cpu, memory, hard drive, and other resources, and are able to wreak havoc with your system when designed with dishonorable intent..ZIP:Zipped files are the most common way to send large amounts of data. They can be designed to be self-extracting, which means that they will uncompress themselves. Self-extracting .zip files behave much the same way as executable files, and can cause damage the same way..VBS:This is a Visual Basic Script. Nobody uses Visual Basic in the world of pc's anymore, so if you get one, you are almost guaranteed that it is a virus created by a Visual Basic programmer who is sick of seeing all the jobs go to people who code C++. The infamous "Love Bug" was sent out with a .vbs extension²..DOC, .XLS:That's right, Word documents and Excel spreadsheets can carry viruses. They're called "macro viruses," and they take advantage of the sloppy coding of Microsoft. When you open a document with one of these viruses, you won't be able to see that anything is wrong. When you close the program, however, it automatically saves a template called "normal.dot" (or "normal.xlt" for Excel), which will copy any macros that were hidden in the bad file to your normal template. Every time you open another document, from that time on, the macro virus will copy itself into that document. Early macro viruses were limited in the amount of damage they could inflict, but Microsoft's program integration, coupled with smarted virus coders, have enhanced the capabilities of macro viruses, to the point that they can now inflict just as much damage as an executable file or a visual basic script.

Macro viruses are the exception to the rule that data files can't hurt you. That is because the macros are instruction codes, nested within the data. These are therefore the most insidious viruses to defend against. "Melissa" is a famous virus that began life as a macro virus. You may be alarmed to discover that Word macros in general, in other words non-viral ones, are coded as visual basic scripts. This is where the security loophole comes in, as well as the reason why virus coders love visual basic.

Prevention Methods

Email Protection

If you use Microsoft Outlook Express, download or otherwise acquire another email client, and delete this immediately. Express has a very nasty habit of opening every attachment indiscriminately, which gives you absolutely no protection. Most other clients will give you an option for automatic opening of attachments. With this feature turned off³, you have no reason to fear the vehement "Do not open!!" warnings. You can open the mail to look at the text, and read the file extension of the attachments, and if they're harmless, you may continue to open the attachments. If they're possibly suspect, you can act according to discretion.

The best way to protect your computer from email viruses is to protect your email account. There are two ways to do this. One way, frequently recommended by journalists, is through the judicious use of email filters. However, filters are not always easy to set up, and the journalists will never tell you how, because they don't know how themselves. Filtering can provide a small measure of protection, but it certainly isn't a cure all, because of a couple of loopholes that virus hackers exploit, which I shall cover shortly.

Another way is to create another email account from one of the many free providers of this service on the internet, such as Yahoo, Email.com, etc. Give your remote account address away when doing things like registering for websites and other such times when you need to give an address to people you don't know. Reserve your home account for the people you know well, and don't go publishing it everywhere. Free email providers are forced to be ever vigilant against viruses, for if they infect all their users, they won't make any money from their advertisers, so they have to take steps. A viral email sent to one of these accounts may very well be deleted before you even know it is there.

Attachment Control

Some good guidelines for handling attachments with potential viruses:
.EXE, .COM, .BAT:Anything that you receive unsolicited with one of these extensions should be suspect, even if you receive it from the address of a friend. It is easy to mimic email addresses, especially with Netscape Communicator. Some viruses have been designed to look up addresses in the host's Outlook address book, and send itself out to all your friends from your own email account. This is how the infamous "Melissa" virus spread itself. Don't trust it just because it came from a friend; find out what it was from your friend before opening it. Or, you can adopt a policy of simply deleting all unsolicited executable files as soon as you receive them..ZIP:The contents of a .zip file are easy to check with WinZip. If you're satisfied that there's nothing harmful in it, you can unzip it from WinZip as well, which would be safer than letting it extract itself, if it were of the self-extracting variety. This gives WinZip control over the process, rather than turning it over to an unknown programmer's wares..VBS:This is a virus. Delete it immediately.DOC, .XLS:Word and Excel can be virus-proofed with a simple ounce of prevention: macros can be disabled. The procedure is identical in both Word and Excel, and must be performed in both:

1. Select Tools-Options in the menu bar.
2. Click on the General tab.
3. Make sure there is a check mark in the box next to "macro virus protection."

Anytime you have any doubts about a file, err on the side of caution, and delete it. And if you want to do your friends a favor, use an email client other than Microsoft Outlook. Viruses are designed to work with it because they want to cause maximum damage, and Outlook is the most common email client throughout business, government, and personal use. "Melissa" and its successors, including the "Love Bug," are coded to look for Outlook's personal address books⁴ to send themselves out to your friends from your personal email account. If you do not have this software, you cannot infect your contacts if you contract the virus yourself.

The Triumph of Geekdom

You now know the simple steps it requires to keep yourself virus free. Not only will your data and your investment be safe, but you can also relax and laugh at the hordes of panic-stricken worry-warts the next time a major virus scare hits the media. These few simple guidelines are all that are required, but some people may go on to talk about complicated things like locking out boot sectors and backing up your entire hard drive⁵, you already know all you need to know for safe computing.