LaurentianWeb - The Virtual Newspaper of the Laurentians of Quebec

www.laurentian.com

Attachments & Viruses
June 18 1999

The most recent virus scare of the week, the "explore.exe" worm that has reportedly wreaked havoc on some major corporate systems including Microsoft, AT&T and others, is no joke but if you take the time to understand how these viruses get into your system and infect it, you can greatly reduce the chances of becoming a victim and having damage done to your system.

What you must first do is adopt a personal protocol of how you handle any file attachments that come into your system. The absolute best way to avoid any problems whatsoever is to simply delete all file attachments upon receipt. This is the best way but that is not a solution if you are a remote worker and in the habit of transmitting file attachments. So what can you do?

You must establish formal protocols with your co-workers.

These protocols should be well understood and you must never deviate "and take a chance" as the co-worker actually might not even be aware that he/she is transmitting a virus to you that may well have been surreptitiously introduced into their own system as this most recent "explore.exe" worm seems to profligate through networks once one recipient has opened the file on the network. This is not like the Melissa worm in the past and far more dangerous.

First, set up a system with your co-workers to verify their identity. You can do this simply by getting a digital signature from Verisign or Thawte to use to sign your email. Establish an understanding with your co-workers that any email attachment they send will be sent as an attachment to an email with a verifiable digital signature AND that the file is named in that email. You should not open any other file that may come as an attachment even if the email is digitally signed!

If you wish to go one step up the ladder of security both of you should use PGP (pretty good privacy) and encrypt the file with your key. If a file comes that isn't encryted, kill it.

If you are transmitting a lot of files back and forth, you shouldn't be using attachments anyway. You should be using FTP (file transfer protocol) and you should set up a file folder on an FTP server that is password protected so that you can both transfer files in and out. FTP is more effective with larger files and the use of FTP is considered good manners instead of loading up mailservers with large file downloads. Your ISP's mail server may often be tied up because a number of people are logged into it and downloading long attachments all at the same time.

We have a policy on LaurentianWeb's email server to chuck all file attachments. Nothing is brought into the system as a file attachment. It may be over cautious but if you want to send me something, send it as ascii text in the body of an email. A picture? Put it on a website and send me the URL and I'll go and get it and download it and save it. Then I know there isn't something else embedded in there!

You should be aware that ordinary email if it is formatted as HTML mail can be embedded with an executable program as a link. So do NOT click on any links in an html formatted email from someone you don't know as you may well activate an embedded executable file instead of a link.

Burned while browsing

You can indeed get burned while browsing. If you go to sites that may be somewhat dubious, look out. If you decide to download a file off a dubious site, it may well be a bomb. Do you really need that file? Think about it. You can download it and run a virus check but if it is a compiled binary file, you are not protected by any virus checker.

In fact most virus checkers are preying on your fears. It's better to have good protocols. After all the virus checker is only as good as its latest update.

Good security is simply adopting good habits like not walking down dark alleys at night. This is not going to get better! There will be more and more cyber terrorism. If it isn't kids thinking it's a joke, it may well be real terrorists who are just looking to wreak havoc on the internet and damage governments and corporations. So take the time to set up protocols and use them and most importantly, stick to them!

If you are a business or individual who is concerned about security and integrity of your email and system and would like more information,

Back to LaurentianWeb