& Tricks to Prevent Virus Invasion Before Opening Email
Standard Tips / Advice we all should heed [at
bottom of page]
|1. Create "Bogus" Email entry
in address book:
This may or may not be a hoax but it won't hurt to use it.
To avoid spreading e-mail born computer viruses, create a new contact
in your email address book with the name: !0000 with no email address
in the details.
To do this in Outlook Express, go to Start /
Programs/ Accessories/ Address Book. Once the Address Book is open,
click the New pull-down toolbar item, and then click New Contact....
In the field that says First, type in !0000 and then click OK. And
of course, an easier way is to have Outlook Express open, click on
your Address Book, click on New, then click on New Contact and enter
This contact will then show up as your first contact in the Address
Book. If a virus attempts to do a "send all" on your contact
list, you see an error message that says:
The Message could not be sent. One or more recipients do not have
an e-mail address. Please check your Address Book and make sure all
the recipients have a valid e-mail address.
If you click on OK, the offending infected message will not have been
sent to anyone. The infected message will then be stored in either
your "Drafts" or "Outbox" folder. You may completely
delete (in other words, not just send it to Outlook's "Deleted
Items" folder) the offending message from that location by highlighting
the message, hold down the Shift key and press Delete, and then confirm.
This way the virus is not spread and you have been alerted so that
you can apply whatever remedy the situation calls for.
You can do the same for Netscape by creating a new card and for the
first name type !0000 with NO ADDITIONAL information and hit OK. The
new address will go to the top of your list.
There is a problem with this, however:
Unfortunately, most of the modern day viruses prefer to randomly select
individual addresses or supplement the addresses with those found
cached on the system. In fact, most of the new viruses bypass the
mail client altogether and use their own SMTP engine to send their
viral email. In other words, the tip will only be effective in limited
cases. What the tip can do effectively is lead to a false sense of
security, and that can sometimes be worse than doing nothing at
But, in some cases it would work, if the worm didn't choose the address
book entries randomly.
|2. Preventing Email from "seeing" Scripting
If an attachment has a VBS or other scripting extension, you can prevent
your Email Program from even "seeing" the attachment in
the first place.
Go into Explorer / Tools / Folder Options / File By Type. Find references
to Microsoft's Visual Basic Script [VBS] and delete the file extensions.
Warning: If you don't know what you are doing or how
to recognize the extensions, don't perform this procedure. Ask around,
a friend could help or email
me and I can work you through it. Additional
info stating that the program executables MUST be deleted
3. Can You Get a Virus From Just Viewing the
A stand alone non-networked computer user cannot contract a virus
by simply opening an e-mail message. In that scenario there are
only two e-mail related ways in which to get a virus. One is through
downloading and executing an infected file attachment. The other
way is through clicking on a link to a web site with malicious Java
or ActiveX coding. These last two as I understand it are common
avenues for so called Trojan Horse viruses which are used to extract
information from your hard drive such as your ISP password(s) and
other personal data. Some of the latest AV programs offer protection
against malicious Java and ActiveX coding by refusing access to
suspicious sites when this protection is enabled. Additional
info about Outlook Patches to close this "leak"
can be found below.
|4. Turning Off Preview in IE 5.0+and Netscape
4.78+: This will prevent Emails from being viewed and thus
can be deleted without opening by just deleting the Message Header.
In IE [OutLook Express]:
Select "View" in Menu Bar in OutLook Express.
Select Layout from the "Pull down" Menu
Uncheck box labeled "Show Preview Pane." Click OK and now
all you have is Message headers but no "Preview" window.
In Netscape Messenger Service:
Very easy here:
In the main window, you will notice a divider line between the Message
Headers and the Message Body Section. Just click the tool button on
the divider and Voila! tis ALL GONE, BY BY!
|5. Software program that prevents SPAM from
coming in and ability to delete email w/attachments directly off the
Server before you even download them. You can see who the email is
from, the subject, and the attachment. Best way to stop viruses from
EVEN entering your email program. The program, "MailWasher"
is free. Such a deal! <<< Check it out!
I got it and [8_15_2002] after configuring it, I used it to "view"
my mail from the server before downloading it into my mail client
and there was an email w/a virus attachment. I selected the email
for deletion and than selected "Process Mail" and voila!
it was gone! To test the program, I opened my email client [Netscape
Messenger] and after selecting "Get Mail," that particular
message was NOT there! This little FREE program works! You can bounce
email back to the original sender and it DOES stop viruses from entering
your mail program.
|6. A software program that is used in conjunction
with downloads, is GetRight.
It recognizes the "ticks" in the browser when you click
the download and opens a dialog box for the download. You can configure
it to open your AV software and IMMEDIATELY scan the download for
viruses. Costs $25 but you can download a trial copy. It's worth it!!
|7. Write Protect [prevent addition/changing/deletion]
your BIOS [basic input/output system]. This tip is again, more
for techies but have your computer guru friend do this for you. If
a virus is written to your BIOS, it could be disastrous. With today's
motherboards, the write protect can be done within the software not
involving any hardware changes like years before [opening the case
and changing "jumpers"].
When your computer boots up, hit the <delete> key or designated
key [depending on your BIOS version] and you will enter a DOS like
environment. Every BIOS is different so, check your motherboard manual.
|8. Make a "Virus Free" bootable
floppy or CD to boot from if your computer can't boot because
of virus infestation. Use the virus free floppy/CD to boot from and
investigate your system. Always keep your AV software's virus definitions
and scan engines up to date and. Keeping your AV current, after rebooting,
you may be able to clean your system. Sometimes, you have to boot
to a "C Prompt" and clean files from that because if the
file is in use, like Windows Explorer which is ALWAYS in use, it can't
be cleaned in the Windows environment. But from a DOS "C Prompt,"
after typing a particular string of commands, it can be cleaned. I
know from experience. Several years ago, I had to call McAfee and
a technician gave me the string of commands to type to clean it. Today,
you can usually get the string of commands and instructions from the
AV site itself to avoid phone calls. McAfee actually has a "Live
Techician" that you can connect with on the Net and ask questions
though typing in a dialog box. You can even have your "session"
emailed to you for future reference.
|9. Call your ISP [Internet Service Provider]
to see if they scan your email right at the server for viruses before
it downloads to your email program. A friend, actually gets emails
from her ISP stating that the following email(s) contained a virus
[defined], who it came from and that it was deleted at the source
[the server]. She NEVER receives the actual virus infested email,
just an email from the ISP stating the source and contents. She has
received as many as 10-12 of these emails in a week indicating the
"attempt" of the sender to send a virus(ed) email.
10. [These tips came from Peter Ferrie with Symantec
- Norton AV: they may be redundant but included additional info]
Here are the standard procedures for reducing
your risk of infection:
1) Turn off and remove unneeded services. By default,
systems install auxiliary services that are not critical, such as
an FTP server, telnet, and a Web server. These services are avenues
of attack. If they are removed, threats have fewer avenues of attack.
2) Always keep your patch levels up-to-date, especially
that host public services and are accessible through the firewall,
such as HTTP, FTP, mail, and DNS services.
The Microsoft Update site (http://windowsupdate.microsoft.com) is
the place to start for getting the patches. The best download is
the Critical Update Notification. This tool will alert you to the
existence of new patches, as they become available.
3) Enforce a password policy. Complex passwords
make it difficult to
crack password files on compromised computers. This helps to prevent
or limit damage when a computer is compromised.
4) Configure your email server to block or remove
email that contains
file attachments that are commonly used to spread viruses.
This is the list of attachment suffixes that are considered by
Microsoft to be potentially malicious (are blocked by Outlook XP):
.ade, .adp, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .prf, .reg, .scf, .scr, .sct, .shb,
.shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh
5) Train employees not to open attachments unless
they are expecting them.
Also, do not execute software that is downloaded from the Internet
unless it has been scanned for viruses. Simply visiting a compromised
Web site can cause infection if certain browser vulnerabilities
6) Remove unneeded shares. If you don't want people
to access your
files, then disable the File and Printer Sharing from the Control
Some points about your existing tips:
- Can you get a virus from
just viewing the mail? YES. If you have not
installed the Outlook security patches from Microsoft, then simply
previewing or opening the mail, an attachment can execute without
interaction. No click required.
- Preventing viruses from
JS (aka Microsoft JScript or ECMAScript) is another scripting type.
However, removing the registry associations is no guarantee that
script will not run. The way to stop scripts from running is to
or rename the scripting host. To do that, rename or delete WSCRIPT.EXE
11. Today's web sites contain active content
and often it is necessary to download a special [script] viewer
or plugin to view this content. In Internet Explorer especially,
the plugin / viewer can be automatically downloaded! You can set
your "Internet Options" in your Control Panel to warn
you when a plugin / viewer is needed to download to view the web
site content. Many of these plugins can contain destructive ActiveX
hurricane force! Listed here are some SAFE plugins to download:
- Macromedia Flash / Shockwave [upgrades too] [much
of Bowzer Bird Design is created with Flash MX and you will need
this plugin to view it]
- Real Audio [upgrades too]
- Windows Media Player [upgrades too]
Let your tuition warn you when you enter a site
that requires you to download a viewer / plugin. DON'T DO IT!!
Security Notification Service
This service provides summary information from every Microsoft security
bulletin. Security bulletins are technical documents discussing
newly discovered security vulnerabilities, and provide information
on what products are affected, the risk the vulnerabilities pose,
and how to eliminate them. Click the link to subscribe. You will
have to register first with Microsoft Net and then on the Newsletters
page, choose the Microsoft Security Notification Service.
In OutLook, Window's programs and Windows OS's,
there are many vulnerabilities a hacker/cracker can find and enter
you system withevil intentions. Here, you will find what "patches"
"fixes" or "SP's" to download and install to
close the "loopholes."
The Security Notification can be directly emailed
to you or you can choose from the left side bar which ones you want
info for and than download them individually.
Tips [Virus Detection and Prevention Tips]
1. Do not open any files attached to an email from
an unknown, suspicious or untrustworthy source.
2. Do not open any files attached to an email unless
you know what it is, even if it appears to come from a dear friend
or someone you know. Some viruses can replicate themselves and spread
through email. Better be safe than sorry and confirm that they really
3. Do not open any files attached to an email if
the subject line is questionable or unexpected. If the need to do
so is there always save the file to your hard drive before doing
4. Delete chain emails and junk email. Do not forward
or reply to any to them. These types of email are considered spam,
which is unsolicited, intrusive mail that clogs up the network.
5. Do not download any files from strangers.
6. Exercise caution when downloading files from
the Internet. Ensure that the source is a legitimate and reputable
one. Verify that an anti-virus program checks the files on the download
site. If you're uncertain, don't download the file at all or download
the file to a floppy and test it with your own anti-virus software.
7. Update your anti-virus software regularly. Over
500 viruses are discovered each month, so you'll want to be protected.
These updates should be at the least the products virus signature
files. You may also need to update the product's scanning engine
8. Back up your files on a regular basis. If a virus
destroys your files, at least you can replace them with your back-up
copy. You should store your backup copy in a separate location from
your work files, one that is preferably not on your computer.
9. When in doubt, always err on the side of caution
and do not open, download, or execute any files or email attachments.
Not executing is the more important of these caveats. Check with
your product vendors for updates which include those for your operating
system web browser, and email . One example is the security site
section of Microsoft located at http://www.microsoft.com/security.
The above Top 9 Virus Detection
& Prevention Tips are Courtesy
web site. Please visit them for more info.