July 31, 2001 – Recent national media and Internet reports about the SirCam virus and the Code Red worm have caused many people to be rightfully concerned about their computer's safety. The following is a brief discussion of what you should be worried about and what you can do before and after a virus attack.
The term virus is used throughout this article, as the differences between virus, worm, Trojan horse and other such terms are not all that important in this context.
Computer users are almost inevitably exposed to computer viruses, and certainly if they work online. Computer viruses are small programs that are spread in a variety of ways. Unlike the kinds of diseases that humans get, all computer viruses are created by humans, and there is no way that a human being can be infected by computer code. Also, just as you would be unlikely to catch a disease from a fish, different operating systems (i.e., Windows, Macintosh, Unix) are not likely to be cross-infectious.
The degree of damage done by a virus varies with the virus writer's intent, your computer system and probably a few dozen other things. The folks who write this stuff are not known for being friendly, so it is best to avoid their "gifts."
Computer professionals often joke that the best way to protect your computer is to practice "safe disk," but the point they make is dead serious. There are three aspects of safe disk: Don't put things in your computer unless you know where they have been; never open an e-mail attachment unless you requested it; and use protection.
Even when you are careful, a bit of protection can go a long way. Get, use and update one of the latest anti-viral software packages. I use Norton AntiVirus and update it at least once a week, or whenever I read about a new virus making the rounds. It has never failed me. Last time I checked, Norton (www.symantec.com/) was about $20. If you surf a lot, you should probably use a personal firewall such as ZoneAlarm (www.zonelabs.com), which is free for personal use.
If you have been infected, it is polite, to say nothing of prudent, to let the person whose transmission infected you know that he or she is passing a virus along.
While losing the contents of your hard drive hurts, viruses that cause physical computer damage are extremely rare. Thus, infected computers can often (but not always) be repaired with full data recovery. Norton AntiVirus comes with some excellent tools for this, but some viruses require special efforts and/or do things that just can't be repaired. A visit to some of the major virus-associated web sites such as Symantec often provides a cure.
Finally, our local computer vendors and consultants have a lot of experience in data/virus recovery. If you don't already have a local contact, look in the Yellow Pages to find one near you, and give them a call. (Note: If I were to be told that my hard drive was trashed, I'd get a second opinion).
It is timely to mention the latest threats.
SirCam: If you got a short message that included an interesting-looking attachment and content something like "I send you this file in order to have your advice," you have been exposed to SirCam. If you opened the attachment, you are most likely infected and may be passing the virus along to everyone on your local network and in your e-mail list.
Worse, SirCam attaches a random document from your system and sends it along. This has proven embarrassing or worse to many folks. Even worse, SirCam selects a few computers and either fills the hard disk with junk or erases a lot of the content.
For more information online, see sarc.com.
There is a free fix for SirCam at symantec removal tool.
Code Red: This one is not likely to be a cause for concern to the general user, except that it may slow down the Internet and cause some of your favorite web sites to have problems. It only infects Internet servers. Unless you are running specific types of Internet servers that have not been recently updated, you can't be infected by Code Red. It is very unlikely that a general user would be using such server software, which is used to deliver web pages to visitors.
Code Red spreads by trying to connect itself to random Internet addresses; thus, to be threatened, you must both be running the specific server software and be connected to the Internet when an infected server attempts to connect with your computer.
Other than infecting lots of servers, the apparent intent of Code Red is to cause the federal government's White House server to fail when, at specified times, the infected servers all attempt to connect at once. This form of attack results in what is called "denial of service," as the server can't help legitimate visitors because it is too busy with the fake ones. The White House server never sees these attacks, as it changed its address; but we all feel a net slowdown as servers participate in the attack and a loss of bandwidth. Even if you don't run a server, it is worth an occasional visit to windowsupdate.microsoft.com to ensure that your system has the latest updates from Microsoft.
Remember: Don't open strange attachments, no matter how interesting they look. Get and use a good anti-virus program. And, if you're a web surfer, consider getting a personal firewall.
Editor's note: Charlie Balch is a computer information systems faculty member at The University of the Virgin Islands. The Source asked him to provide this information because of concerns locally about the virus and worm problems.