Home /
Reply to Message
Flu Shot
The problem comes from automatic program execution (autoexecute). This has always been a Microsoft Feature. That's what makes viruses work, it's also what makes Microsoft Update work. Without Automatic Execution (which has been in Microsoft OS versions since at least DOS 2) much of the Microsoft ecosystem would not work. Computer viruses simply use the existing Microsoft ecosystem.
For defense, First, abandon Outlook.
Second, turn off HTML preview in email. Text only is the only safe way. ASP, C#, Java, JavaScript are all used, as is Visual Basic. Even Adobe pictures can have scripts buried in them. This is part of Flash. And YES, Flash autoexecutes the scripts. None of the above systems should be considered safe. Nor can most macro's be trusted. There are thousands of Word and Excel malware macros around. If you open up an infected document, then your computer is also infected. This problem is not unique to Microsoft. All programs with Macro languages that will autoexecute are vulnerable. In your programs, if there is a feature to enable macros to execute automatically when the document opens, TURN IT OFF!
Third, Learn to look in the text files for these languages. All viruses have a program text file, usually with a block of what look like random charactors. The random looking charactors are the machine code for the Virus, but it is loaded and started by the MSBasic/.Net/JavaScript/etc.
Look also for any .exe file in the attachments. having the .exe extension marks it as a program to Windows.
Of course a better solution is to go to the Unix world, where marking a program as executable is done by the OS separately from the naming conventions. OSX is a better choice than Windows for this. Linux is better than OSX. Fanboys will disagree with both statements, but they are true and have been shown so by serious research. There are also special versions of Unix and Linux that are even harder to compromise. But remember that the more secure a system is, the harder it is to use it. Microsoft is vulnerable because they try to make the computer make your life easier. The OS doesn't know if the request comes from you, from a trusted vendor you are using (such as MS Office, or Adobe Photoshop) or from a criminal gang (Malware).
Antivirus software can provide limited protection, but Malware often targets the Antivirus software as a way of spreading. But Antivirus is often also a source of 'bugs'. All software has 'bugs'.
Malware writers look for the bugs to exploit. Historically, Windows has both the most bugs, and the most users. Especially, the most untrained users. Thus, to the Malware people (Press calls them 'hackers', People who write software that is not intended to be commercial. they are really 'Crackers', people who want to crack your computers protection, like a breaking the shell of a nut, and steal from you.) Windows offers both the easiest pickings and the most targets on the market.
If you can survive a transition to OSX (Apple) or even better to Linux, then you will be more protected. But if you HAVE to use something exclusive to Windows, then at least adopt the latest version of Windows. Windows 7 and the preview versions of Windows 8 have adopted about half of the common Unix criteria which Linux uses for system protection. Apple is a little further along than Windows in this regard.
No system can be totally safe, but there are things that you can do to help protect yourself. Look at first and Second above as more important than the Antivirus, but if you are using windows, then you need the Antivirus too. Antivirus is less important for OSX and Linux, but many Linux systems have Antivirus installed, just to remove the Windows virii that are so prevalent.
even with all that, if you have good habits, you can protect yourself.
I hope this helps you. It is really a very complex subject.
For defense, First, abandon Outlook.
Second, turn off HTML preview in email. Text only is the only safe way. ASP, C#, Java, JavaScript are all used, as is Visual Basic. Even Adobe pictures can have scripts buried in them. This is part of Flash. And YES, Flash autoexecutes the scripts. None of the above systems should be considered safe. Nor can most macro's be trusted. There are thousands of Word and Excel malware macros around. If you open up an infected document, then your computer is also infected. This problem is not unique to Microsoft. All programs with Macro languages that will autoexecute are vulnerable. In your programs, if there is a feature to enable macros to execute automatically when the document opens, TURN IT OFF!
Third, Learn to look in the text files for these languages. All viruses have a program text file, usually with a block of what look like random charactors. The random looking charactors are the machine code for the Virus, but it is loaded and started by the MSBasic/.Net/JavaScript/etc.
Look also for any .exe file in the attachments. having the .exe extension marks it as a program to Windows.
Of course a better solution is to go to the Unix world, where marking a program as executable is done by the OS separately from the naming conventions. OSX is a better choice than Windows for this. Linux is better than OSX. Fanboys will disagree with both statements, but they are true and have been shown so by serious research. There are also special versions of Unix and Linux that are even harder to compromise. But remember that the more secure a system is, the harder it is to use it. Microsoft is vulnerable because they try to make the computer make your life easier. The OS doesn't know if the request comes from you, from a trusted vendor you are using (such as MS Office, or Adobe Photoshop) or from a criminal gang (Malware).
Antivirus software can provide limited protection, but Malware often targets the Antivirus software as a way of spreading. But Antivirus is often also a source of 'bugs'. All software has 'bugs'.
Malware writers look for the bugs to exploit. Historically, Windows has both the most bugs, and the most users. Especially, the most untrained users. Thus, to the Malware people (Press calls them 'hackers', People who write software that is not intended to be commercial. they are really 'Crackers', people who want to crack your computers protection, like a breaking the shell of a nut, and steal from you.) Windows offers both the easiest pickings and the most targets on the market.
If you can survive a transition to OSX (Apple) or even better to Linux, then you will be more protected. But if you HAVE to use something exclusive to Windows, then at least adopt the latest version of Windows. Windows 7 and the preview versions of Windows 8 have adopted about half of the common Unix criteria which Linux uses for system protection. Apple is a little further along than Windows in this regard.
No system can be totally safe, but there are things that you can do to help protect yourself. Look at first and Second above as more important than the Antivirus, but if you are using windows, then you need the Antivirus too. Antivirus is less important for OSX and Linux, but many Linux systems have Antivirus installed, just to remove the Windows virii that are so prevalent.
even with all that, if you have good habits, you can protect yourself.
I hope this helps you. It is really a very complex subject.
Posted by YetAnotherBob
4th Feb 2012