Business-like, isn't he?


 

 


ISSUE 585: Zisman- Jan 9 2001


The high-tech office

ALAN ZISMAN

Passing on virus warnings is often the problem itself

A few issues ago, while reviewing Symantec's Norton AntiVirus 2001 (NAV), I mentioned that I had received an e-mail with an attachment. NAV identified the attachment as a virus and had it quarantined before I could open it and infect my system.

More recently, I got a message from a PR consultant saying, "Check out this new flash movie that I downloaded just now... It's Great." While there was no warning from NAV, my personal paranoia flashed a warning. I usually get press releases from her, not video clips.

So I manually scanned the attachment. When it passed, I ran it. No movie.

Norton AntiVirus automatically "phones home" every fifteen days, to get the latest virus information. But if this file, Creative.exe, was newer than my nearly up-to-date virus de-
finitions, it would have slipped through my defenses.

I manually ran NAV's Live Update feature to get the latest virus definitions, and -- Bingo! -- my system was reported as infected with the W32Prolin.Worm. This time, NAV offered to remove the infection, and sent the spurious video file, Creative.exe to "quarantine."

Symantec posts very comprehensive computer virus information on its Web site (www.symantec.
com/avcenter
). Searching for my virus informed me that it damaged JPEG graphics files and, like most of the current crop of infections, spread itself through the Outlook address book. Sure enough, my hard drive was littered with the remains of more than 300 ruined graphics files (not a major loss). Because I use Eudora for e-mail rather than Outlook or Outlook Express, I had not spread the virus further.

I e-mailed the message sender, telling her she was the innocent victim of the Creative virus and suggesting she clean her system and inform everyone in her address book that they may have been infected. I haven't heard back from her, but if she reads this column, no hard feelings, and no need to be embarrassed. But please inform the people you may have infected!

We all need a dose of healthy paranoia about computer viruses. And we all need to make sure the virus definitions used by our anti-virus software are up-to-date. But paranoia can get out of hand. Re-
cently, I received an e-mail message from a colleague, reading (note the capitalization):

 

PLEASE, SEND THIS INFORMATION TO EVERY PERSON IN YOUR ADDRESS BOOK. IF YOU RECEIVE AN E-MAIL THAT READS "UPGRADE INTERNET2" DO NOT OPEN IT, AS IT CONTAINS AN EXECUTABLE NAMED "PERRIN.EXE." IT WILL ERASE ALL THE DATA IN YOUR HARD DRIVE AND IT WILL STAY IN MEMORY.... THIS INFORMATION WAS PUBLISHED YESTERDAY IN THE CNN WEB SITE.... CHECK THE LIST BELOW, SENT BY IBM, WITH THE NAMES OF SOME E-MAILS THAT, IF RECEIVED, SHOULD NOT BE OPENED AND MUST BE DELETED IMMEDIATELY, BECAUSE THEY CONTAIN ATTACHED VIRUSES....

 

Back to Symantec's AV Center, to search for "Perrin.exe." I quickly found it, listed along with a number of other virus hoaxes.

Yes, a hoax. In fact, every well-intentioned e-mail that I've received over the years passing on information about viruses has similarly been a hoax.

Some telltale signs: messages being passed along like chain letters; attribution to a big organization like IBM, Microsoft or NASA; and other suggestions of credibility ("published yesterday in the CNN Web site") without actually including a link to follow-up.

Virus hoaxes don't damage our computers, but they spread like viruses and waste our time. While friends tell friends about infections, check before passing hoaxes any further. You don't need to be a Norton AntiVirus customer to check at Symantec's AV Center. It took me less than a minute to debunk this message.


Google
Search WWW Search www.zisman.ca



Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan