A major worry of anybody who receives e-mail messages with attachments is whether they've been hit with a virus... and, if so, is it likely to do some damage to their computer? This article discusses the issue of viruses, worms, and Trojan horses, the things that go "bump" in your e-mail box. Are they something you need to worry about?
NOTE: Viruses is the proper plural of virus... some "pedant wannabes" like to use forms like viri or virii, but there's no support for them in classical Latin. It seems that in ancient Rome, "virus" was a collective noun for a mass of pestilence, and had no plural. If it did, it probably wouldn't have ended in -i, since the word was not in the part of the complex structure of Latin word classes that took such a suffix, even though many other -us nouns were. Anyway, viri is Latin for "men", so it would have been very confusing to use it also as the plural of "virus"!
What is a virus?
The concept of a computer virus was envisioned by computer science researchers long ago, who wrote various academic papers exploring the theoretical possibility of such a program. While a few actual viruses may have surfaced on the old mainframe-based networks, it took the widespread use of personal computers in the '80s to provide the fertile ground from which the first major viruses sprung, spreading via floppy disk or bulletin board system download. The widespread use of e-mail attachments in the late '90s created the means for a vast profusion of new malicious programs to spread widely.
To be precise, most of the harmful programs spreading via e-mail aren't technically viruses. Those who study such programs have created three distinct categories of them:
By these standards, most of the so-called "e-mail viruses" are actually worms; however, "virus" has entered the vernacular as the common term for all sorts of "malware". This is partly due to the same sort of sloppiness that has muddied lots of other precise terminology in the area of computers and the Internet since it became popular in the mid-'90s, but partly because the above-noted distinction is becoming more difficult even for experts to make; newer generations of "malware" can sometimes take on aspects of all of these types, changing based on the situation the program finds itself, or based on random factors such as the system clock value; it might propagate itself sometimes by attaching to other programs, sometimes on its own, and sometimes masquerading as something else to get people to run it.
E-mail viruses (or "worms", if you prefer) were the subject of users' panic and worry long before they existed in reality. Several notable virus hoaxes went around in the mid '90s, such as the one that claimed that if you got a message with the subject "Good Times", then merely opening it in your mail reader would cause disastrous consequences to your computer. Actually, at that time, mail readers displayed nothing but plain text, so it was completely impossible for a virus, worm, or Trojan horse to cause malicious effects merely by opening a message in a mail reader. (File attachments were possible even back then, but you had to save them to disk and then run them; there was no way to launch them directly from a mail reader.) People still believed the warnings, and after several false scares of that sort, the first real e-mail viruses probably ran into a "Boy Who Cried Wolf" effect where people didn't believe warnings now that they were true.
But as mail programs got more advanced, the possibilities for virus/worm/trojan writers expanded. With some programs automatically rendering HTML messages with inline images, embedded sounds, and, most dangerous of all, scripting languages, malicious programmers found security holes to exploit so that a message could indeed do nasty things just by being opened. Even files most people regarded as "safe", like MS-Word documents, could have macro viruses embedded. And one of the things such a program could do, once run, was to find the user's address book and e-mail itself to all the user's friends... who might well open the message and its attachments without fear because it came from somebody they know. Thus, e-mail viruses have been a big danger.
Nevertheless, virus hoaxes continue to circulate alongside the real viruses, so don't believe every warning you hear. In particular, if a message tells you to look for some particular filename on your system and delete the file because it's a virus, it's probably a hoax; several versions of this are going around, and if you follow their instructions you'll actually be deleting a perfectly innocent file that's part of the operating system.
What to Watch Out For
Here are a few telltale signs that an e-mail message you just received is probably a virus.
What to Ignore
If you get something that appears to be a virus, one thing to ignore is the name and address in the "From" line. That is not necessarily who actually sent you the virus. Currently, the most common viruses forge their "From" lines, so they probably came from somebody completely different. Thus, it does no good to get angry at the person who appears to have sent you a virus, or to warn him/her that he/she is infected; it's likely an innocent person who neither sent nor received the virus in question, but whose address was picked out of an address book or Web page by a virus finding fake return addresses to use.
Protecting Against Viruses
Installing an anti-virus program, such as Norton Anti Virus or the McAfee security programs, will give you some help in avoiding virus infection. But they're not perfect; they can only guard against viruses they know about, and new ones surface all the time. Keep your virus definitions up to date, but don't let your guard down totally just because you think your system is protected.
Also pay attention to announcements of security holes and patches to fix them in your operating system, e-mail program, and Web browser. Some of the worst flaws, where messages could launch viruses even from the preview pane, have been fixed now if you have the latest update of your mail program. We can hope that, nowadays, viruses can only launch themselves if you actually open an attachment, not just view a message body... cross your fingers...
Why Avoiding Microsoft Programs May be the Best Way to Avoid Viruses
I know you're saying, "There he goes again, with another anti-Microsoft rant." And it's true that I have a strong dislike for big corporations that undermine Internet standards (like Microsoft, and also AOL). But there are actually several good reasons why using some other brand of e-mail program will give you very good protection against viruses, worms, and related hazards. They fall in two basic categories:
1. Viruses Target Microsoft because It's Popular
Even if Microsoft's e-mail programs aren't inherently more unsafe than any others, and the others have security holes just as bad, you're still at greater risk with Microsoft programs, for the simple reason that the virus authors are specifically targeting them. Like the bank robber who, when asked why he robbed banks, said "Because that's where the money is," virus creators target MS Outlook because that's what most of the users are using; they get more "bang" from an Outlook virus than, say, a Pegasus Mail virus. Thus, they're always on the lookout for security holes in Microsoft products that they can exploit, and once a virus takes control, it always looks for an Outlook-format address book to find new victims. If you use something else (even something with its own security holes), you'll be safe from these viruses because they're not targeting you.
This, of course, is self-limiting; if enough people took my advice and switched from Microsoft products to something else, that something else would then become a leading target for virus authors. At that point, all of you would need to move on yet again, and keep seeking out more obscure mail programs to use. If people seek out different mail programs from one another, however, they would be creating a multiculture, instead of a Microsoft-dominated monoculture, which would be a less fertile environment for viruses in general.
2. Microsoft Programs Really Are More Insecure
I don't, however, think that their higher popularity is the only reason why Microsoft e-mail programs are so susceptable to viruses. There are some design decisions that Microsoft has tended to make with its software over the years that create security vulnerabilities. The Microsoft philosophy is to try to make it easy to use their software without actually having to think about it... to this end, the software tends to do things behind the user's back, and hide the technical details from the user. The emphasis is on trying to do what the software guesses the user really wants, without actually letting the user know what it's doing until it's already done. They also like to have their software do "gee-whiz" special effects, even if they provide more methods of sneaking in "malware", which more pedestrian stuff like plain text does not. And Microsoft programs tend to ignore Internet standards, even when the standards are there for a reason; for instance, both their Web and e-mail programs second-guess MIME types, figuring out what they think a file really is, even if that's different from what it's announced as being... this can let dangerous stuff get past a filtering proxy (because it's identified as something safe), but still get executed by the user. There's a reason that one of the "affectionate" names users have given to MS Outlook (along with "Outhouse") is "Lookout", as in "Look out... here comes another virus!"
If you use a mail program like Pine or Pegasus, which doesn't do as much in the way of "snazzy" multimedia, you've got little chance of picking up a virus, since your program wouldn't launch it even if you received one.
Next: The section on how to configure specific mail programs, to make your output as standards-compliant and non-problematic as can be managed, begins with The Bat.
This page was first created 15 Jun 2003, and was last modified 19 Jun 2003.