[techbooks] REVIEW: "Virus Alert of the Day", firstname.lastname@example.org
- MLVAOTD.RVW 981016
"Virus Alert of the Day", virus-alert@..., 1998 -,
%C City (place of publication)
%D 1998 -
%P 1 paragraph daily
%T "Virus Alert of the Day"
Aside from VirusHelp (cf. MLVIRHLP.RVW) and the rather noisy
alt.comp.virus, there is one other regular source of virus
information. No discussion, since this is a one way list, but one
more source of clutter for your mailbox.
Virus Alert of the Day is one of the (very many) TipWorld mailing
lists. Like all of them, it is primarily an advertising tool, so
expect a lot of ads. In the case of the virus alert list, you can
expect roughly a one paragraph tip per day, along with several screens
of commercial announcements of various types. Actually, that is not
quite true. There is usually about a screenful of viruses due to go
off on the day in question. However, this is only a list of names,
without descriptions, and there are, of course, a great many viruses
that can go off on any day, or are not subject to date alerts.
The information provided by this list is highly suspect. The author,
and the closest I've been able to get to an identity is
virus-alert@..., provides very little information, and
does not betray much basic fact, let alone conceptual, checking in the
postings. (Yes, doing it on a daily basis is hard, but remember that
I ran the CVP postings for three solid years, week in and week out,
and wasn't even close to running out of material.) Some comes from
recycled press releases alerting users to new viruses or types.
Sometimes the tip of the day is simply an announcement of a new
antiviral release, ensuring that the entire message for the day is one
long string of ads. But sometimes when the list actually tries to
help it does the greatest disservice.
Let's look at three postings from the recent past. On September 10th,
readers were advised to "Lock your floppies." Apparently, if you just
"flip the `switch' up on the top-left corner on the back of the
diskette ... you can prevent diskette-transferred viruses from being
loaded onto your PC." Now, it's very nice that the instructions were
that detailed, but, unfortunately, they were flat out wrong. If your
computer is already infected, then locking your floppy disks may keep
viruses off the floppy. But if your diskette is infected, locking it
will do nothing to protect your computer. (This tip was later
corrected by a reader.)
September 16th saw a note from a reader wondering what to do about an
infection by a stealth, boot sector virus. He had tried various
antivirals and none had removed it. The advice was to wait until the
antiviral vendors got around to a release that did deal with it.
Unfortunately, a number of the antivirals the reader had mentioned do
deal with the virus, and quite effectively. The real secret in this
case is to ensure that you "boot clean" and ensure that the virus is
not resident in memory before you try to run the antiviral. The
secret to booting clean is to ensure that your boot disk was created
before the virus infected the system.
October 2nd saw the relaying of Symantec's report of the world's first
Java virus. This viral non-event was widely ignored by the virus
research community, since everyone had already known it was possible.
Java is a computer language much like any other, and you can write
anything you want in it. The potential threat of a Java virus lies in
Java's ability to create applets for the Web. Fortunately for Web
users, and unfortunately for "Strange Brew," applets submitted over
the Web and run in browsers are confined to a "sandbox" that restricts
some of the operations which "Strange Brew" needs in order to run.
On October 16th, users of Microsoft Word were told, in order to avoid
spreading MS Word macro viruses, to save files in RTF (Rich Text
Format) if they were going to send them to other users. Now, while
this advice might be inconvenient (RTF is not capable of saving all
possible MS Word formatting information), there is some valid
reasoning behind using it as a security precaution. RTF does not
support MS Word macro viruses, either, so an RTF file wouldn't
transmit them. A *true* RTF file, that is. A number of common macro
viruses intercept the FileSaveAs call. CAP, for one, will save the
file as a template document, with the infection present, in spite of
the RTF extension on the filename.
Should you wish to chronicle the further misadventures of the virus
alerts, check out the TipWorld signup page at
copyright Robert M. Slade, 1998 MLVAOTD.RVW 981016
Free Web-based e-mail groups -- http://www.eGroups.com