www.ethanwiner.com - since 1997

Avoiding Email Viruses

Follow these few simple steps, and never again worry about virus attacks.


Yesterday I received five emails containing the same virus (Sircam) as an attached file. I knew immediately this was a virus that should not be opened, but unfortunately many others who received it did not and had their computers trashed. Avoiding viruses is not difficult if you follow the few simple steps explained below.

Rule #1: Never open a file attachment you receive by email, even if it comes from your best friend. Many viruses propagate by sending themselves to people in the user's address book, so the virus arrives in an email from a friend and not from a stranger. I once received the Happy99 virus with an email from my cello teacher. She had no idea she had even sent it to me! If friends send you jokes or other text in attachments, ask them to please use Copy/Paste to put any text they want you to see in the message body. Many people don't realize Windows lets you copy text from one program and paste into another, and this is the only way I forward jokes to my friends.

JPG and GIF pictures are always safe to open, but if you use Outlook Express 5.0 or later you don't need to. Attached image files are displayed in the message window anyway, so there's no need to open them. If you receive an attached file named image.jpg or picture.gif and it does not display, then it may well be a virus disguised as an image file. By default, Windows hides extensions for file types that it knows, like .exe, .jpg, .htm, and so forth. So the sneaky bastards that create viruses often name them hotbabe.jpg.exe or joke.doc.exe, since all most folks will see is hotbabe.jpg or joke.doc, without the real extension at the end which is .exe. Fortunately, this is very easy to fix: Start Windows Explorer and go to the View menu. Next, select Folder Options and then click the View tab. Near the top of the list find the item Hide file extensions for known file types and make sure it is not checked. Even with extensions revealed, however, you still must be careful. If an attached file has a very long file name, the extension will be hidden if there's not enough room to display the full name.

Most viruses are programs having an .exe file extension, but they can also use .com, .vbs, .pif, .bat, and probably others. Although .doc (Microsoft Word) files are usually safe, viruses can be hidden inside them in the form of self-running macros. In practice, very few people need to use Word's macros feature anyway, so you should set Word to warn you whenever such a macro is about to run. In Word 97 (which I use) you get to this option from the Tools menu, then Options, the General tab, and make sure Macro virus protection is enabled (checked). In Word 2000 you get to this option from the Tools menu, then Macro, Security, and click the Security level tab. Select the Medium security level to be warned whenever a macro tries to run. Other versions of Word may use different menus, but it should be under Options or Preferences somewhere, or search Help for "Virus."

If you receive an attached file that you want to be sure is not a virus, this is easy to do with Norton AntiVirus. I recommend Norton AntiVirus over McAfee because it consistently beats McAfee in PC Magazine's annual antivirus program tests. But McAfee is very common - more than it deserves in my opinion - because it comes pre-installed on many computers. I have Norton AntiVirus, but I do not have it active and running which is the installed default. Antivirus programs slow down your computer a lot because they intercept all disk activity. Whenever I download a utility or other program I want to try, I always save it to disk instead of opening it. Then in Windows Explorer I right-click on the file and select Scan with Norton AntiVirus. If the program does contain a virus Norton will report it. By manually scanning files I avoid losing half my computer's speed from Norton AntiVirus always running in the background. I suggest that you create a folder named \Temp on your C: drive, and save all downloads and email attachments there. Then you can easily find them and scan for viruses manually. No matter how careful you are, even the best antivirus program is useless unless you update it often. Norton AntiVirus comes with the free LiveUpdate service, and I urge you to use it regularly. But even if you update every day, you still should verify what an attachment contains before opening it. Antivirus program updates always come out the day after a new virus appears!

Besides email attachments and files you download, you can get viruses just from visiting web sites and newsgroups. Fortunately, these are easy to avoid too. From Internet Explorer select the Tools menu, Internet Options, then click the Security tab. Click the Custom Level button, and set the various options as follows:

Under the heading ActiveX controls and plug-ins set each item to Prompt. This way when a web site attempts to run an ActiveX program you will be asked for permission. If you're downloading an update from the Microsoft web site or a cool new utility from PC Magazine you can of course allow it. But if you don't know the web site, be safe and answer No. It is annoying to be asked frequently if you'll allow running ActiveX, but it's even more annoying to have a virus trash your computer!

Under the Cookies heading you can safely set both options to Allow. Some people prefer to not allow web sites to store cookies, and that is your choice. But you won't get a virus from a cookie.

For Downloads you can allow files, but be sure to always save them to disk (and scan them manually). Never open files from a web site, except from the Microsoft Update site where you sometimes have no choice. I have Fonts set to Prompt - so I can say No - which avoids cluttering my hard disk with huge Chinese and other foreign fonts that try to download automatically when an email or web page requires it.

Set Java permissions to High safety, set Installation of desk top items to Prompt, and set everything else to either Disable or Prompt.

In the long run, the best way to avoid receiving viruses by email is to minimize the number of people that know your email address. More and more web sites and online product registration forms require an email address. But unless you really want to let them contact you (perhaps to be notified of product updates), always use a phony email address like nospam@nospam.com. If you are active in online discussion forums and newsgroups, always use an alias instead of your real email address. Outlook Express lets you use any email address for posting in newsgroups; in the newsgroup's Properties form under User Information simply make up any address. Finally, never reply to junk advertising that offers "to be removed from our mailing list." Those are just a trick, and their real purpose is to have you confirm that they sent to a valid address! Once they know they found a "live" one, they sell your email address to other junk mailers.

For advanced users and computer professionals

I have written a faux virus that you can send as an attachment to test your friends and colleagues. When run it pops up in a DOS window and lets the user know they could have gotten a virus and should be more careful! Click here to download my virus.com program. It's only 3k so it travels quickly even through a 28k modem. Then rename it to nakedbabe.jpg.com or joke.doc.com and forward it to anyone you think needs a wakeup call.


Entire contents of this web site Copyright © 1997- by Ethan Winer. All rights reserved.