Keeping the Computer Viruses at Bay
By Jim Calloway, Director OBA Management Assistance Program
I came home from work just a few days ago and checked my e-mail. A Norman lawyer had sent me the Prettypark.exe virus (without knowing he had done so, of course.) Within the last couple of months, a national lawyers electronic mailing list distributed both Prettypark and the KAK worm to its 650 subscribers. More than a few Oklahoma lawyers received ILOVEYOU greetings from their state bar association. A new Melissa variant is making the rounds posing as someone's resume. The CyberNet.A virus is out there, too, but we won't even know how bad it is, until August 17 when it begins its nasty work of totally reformatting the infected users' hard drives.
Spring of the year 2000 has seen the emergence of many viruses, worms and other nasty tricks. It's enough to make a lawyer want to swear off using e-mail forever. Unfortunately, you just can't do that. As pointed out in the companion article, e-mail is cheap, efficient, and is already a primary mode of business communication. Corporations and businesses are not going to let themselves be represented by lawyers without e-mail capability, if for no other reason than the amount of long distance phone charges they avoid.
Surely practicing law does not entail becoming an expert in computer viruses. Well, to a certain extent it does. The good news is that virus protection is not a complicated topic. You can follow a few basic rules to virtually eliminate your exposure to these dangers.
Note please that I understand the technical difference between a virus, a worm and just a nasty file attachment. Defining those and treating them differently by class is not particularly useful or relevant for the purposes of our discussion. Those who are interested in reading more about viruses should be aware that there is a huge amount of information online available through the Internet news service covering technology like C|Net, Zdnet or MSNBC.
So how do you keep viruses at bay?
1) Be cautious of e-mail attachments
E-mail attachments are also one of the most useful things about e-mail. Once you master e-mail attachments, there is no need to pay Federal Express or some other carrier to overnight drafts of documents that you produced in-house. Just e-mail the documents to whoever needs to review them. Attaching documents to e-mail is an essential computer skill for lawyers.
However, you should be cautious when you get an unexpected or unsolicited e-mail with an attachment, even if it is from someone that you know well. The Melissa virus and her cohorts spread themselves by sending copies of themselves to people in the infected party's address book. Attachments to e-mail messages are now the most common way viruses are transmitted.
You have to understand a little bit about different types of computer files to assess the danger. For instance, WordPerfect documents, Adobe PDF files and JPG images are very low risk for infection. (Many would say "no risk," but I'm a lawyer and trained not to say things like that.)
It is important to first examine the file's name. The file name extension, which is a period and the last three letters of the file name, is your first clue. The most dangerous files are those with an extension of .VBS or .EXE. "Opening" these is just running a strange computer program, designed to do who knows what mischief. But even a Microsoft Word file (with a .doc extension) can be infected with a macro virus.
Many people have their computers set not to show file name extensions of "known types of files." That is a bad plan. Most lawyers have no idea which icon stands for an .EXE file. Here's how to change your settings to always show the file name extensions. Open My Computer or Windows Explorer and click View on the menu bar. Then click Folder Options. Then click the View tab, and click Show all files. To see all file name extensions, click to clear the "Hide file extensions for known file types" check box.
What action you should take if you have a suspicious attachment depends on your level of concern. If you know it is a bad file with a message subject line of "PrettyPark or ILOVE YOU," you should instantly delete it without reading it or opening the file attachment. Holding down the Shift key while hitting the Delete key deletes the message permanently instead of just moving it to your "Deleted Messages" folder.
If you are unsure of a file attachment, then it is important that you do not open it. You can take several courses of action depending on your comfort level and experience.
You can do nothing. If a friend or colleague sent you the file, they will eventually contact you to see if you received it if it is important. If it is the latest malicious virus, you will read about it in tomorrow's newspaper or online. Being patient can pay dividends. The danger with this approach is you or someone else using your computer might accidentally open it at a later time.
You can check with the sender. You can send an e-mail to the person who sent it to you asking what the attachment is and why they sent it to you. If they deny sending it to you, they probably have a virus infection. If they say it is perfectly fine to open, you are, of course, placing your faith in their knowledge and understanding of "safe computing." You might inquire as to where they got it and whether they virus scanned it, but generally if their system is not infected and if they created the attachment themselves, you are in a much more comfortable situation.
You can use a specialized tool to view the file. In the article "Software Tools to Make Your Job Easier" in the April 8, 2000 Oklahoma Bar Journal, we mentioned you could use file viewer tools like QuickView Plus to view files without opening them.
Screening your file attachments may sound like a complicated process, but actually it only takes a few seconds.
2) Make sure everyone with an e-mail account at your office understands the danger and procedures
The OBA caught the "Love Bug." In hindsight, the most frustrating thing was that many of us knew that you should never run a file attached to an e-mail with a .VBS extension. No animated joke or cute display is worth opening up your computer to the power of an unknown VBS file. But, obviously, those of us in the know had failed to communicate that clearly to all of the staff here.
Everyone in your office who has e-mail access or might ever put a floppy disk in his or her computer should understand all about virus infections and e-mail attachments. Hopefully, we have made that very simple for you now. You can just make sure that everyone reads this article. But the challenge is making certain that new employees and temporary employees are also informed. Then there is the problem of on-going education. As virus designers continue their wicked projects, the standard of care may change. We will cover more on that subject later.
3) Install anti-virus software on every computer you use
This is a critical element. As our law practices become ever more Internet dependant, the possibility that your office will at some point receive a virus-laden file approaches 100 percent. Given the huge expenses you would face from lost time if your computer network was compromised by a significant virus infection, the cost of anti-virus software looks truly minor indeed.
At a minimum your anti-virus software should 1) have the capability to automatically scan your system for infections at a set time each day (or several times a week), 2) be easy to operate so that you can manually scan a floppy disk you receive from outside the office or an e-mail attachment, 3) have a virus removal feature and 4) have a prevention feature that is always looking for infections or virus-like activities and will take action independently.
I have a personal example of that last feature. Many years ago our law office was infected with the ANTI-CMOS virus. We did nothing wrong to get it. A vendor of a software program sent us the program on an infected disk and, at that time, we wouldn't have thought to virus scan a disk "from the factory." ANTI-CMOS spread through the office quickly and cleaning it up turned out to be a lot of work. That was in the days when we used a lot of 1.44 meg floppy disks and the virus would copy itself to any floppy disk inserted in an infected machine. Virus scanning and cleaning lots of floppies took lots of time. Now, of course, we do not use that many floppies. Like many of you, I have a big basket of old floppies handy for the times I might need one. Just a few weeks ago, I needed to copy a document onto a floppy disk. I reached into the basket and grabbed a floppy disk. I was checking the contents of the disk prior to reformatting it when my screen changed color and everything stopped. My anti-virus software gave me a warning message and halted all other operations. My old friend ANTI-CMOS was back. Somehow an infected disk from that problem over five years ago had evaded cleaning and made its way to my home. The software offered me the option of cleaning the infected disk, but, as I said, I have lots of floppy disks. I took it out of the drive, broke it in half and tossed it in the trash.
The moral of this story is not to scrimp on anti-virus software.
ZDNET lists the following "Five star" anti-virus programs: Command AntiVirus for Windows 95/98 4.58.3, F-Secure Anti-Virus 4.06.1461, Internet Guard Dog 3.0, McAfee VirusScan for Windows 95/98 5.01, Norton AntiVirus 2000 (Windows 95/98) 6.00.03, and PC-cillin (Windows 95/98) 6.0.
The most well-known and established are the McAfee and Norton products. A larger company's resources may be preferred as new outbreaks of virus infections occur.
4) Keep the anti-virus software updated
If you are happily running that anti-virus software that came pre-installed on the your computer when you purchased it three years ago, you may be in for a rude awakening. There are new viruses and worms being released into the wild frequently and you are probably defenseless against these. Your software may be the top of the line, but it cannot protect you against a new type of virus developed and released after it is loaded on your computer unless you update the software data files. The data files are the files that allow the program to locate the offending virus.
Luckily if you are a registered owner of an anti-virus product, you can update your data files easily and quickly over the Internet for free. There are even services available that remote scan your computer for viruses over the Internet for you. Most lawyers have a bit of concern about client confidentiality when they consider allowing another computer to remotely search through their network online. Before signing up for this type of service you would want to discuss confidentiality with the salesperson, but I would imagine that they will attempt to assure you of secrecy. All businesses typically have some information that they would like to be kept secret.
For most of the rest of us, however, updating our anti-virus software is as simple as going to the proper Internet page of the software, downloading the latest virus data files and running it on our computer to let it update our system. (This is one .exe file you can run on your system with confidence.)
How often you check to see if you should update your virus data files is purely up to you. Many people opt for once a week. Others do it far less often. But you should certainly get an update when the news about one of these major viruses hits the media. For those of you reading this who have not updated your virus files in months, then the time to do so is right now!
Even the "free" software that you get with the purchase of a new computer usually only has free updates for a specified time. Or the company that makes the anti-virus software will eventually upgrade to a new version and stop doing updates for the "old version." It appears likely that one will end up paying for virus protection on an annual basis no matter what route you take. It is certainly worth it. Anti-virus software is only as good as its last data file update.
5) Scan regularly
Don't assume that e-mail is the only way to get a virus. In fact, until relatively recently it was probably the least likely way to get a virus or a virus-infected file. Certainly after Melissa and ILOVEYOU, the recent most likely way to get a virus has been via e-mail.
But floppy disks can be infected. Every floppy coming in from outside the office should be scanned for infection. (In fact, remembering my experience with ANTI-CMOS, one could argue the first thing you should do with any floppy disk is to scan it.)
The anti-virus software should also be used to scan the entire computer system, including all hard drives, on a daily basis. For those who leave their computers on all the time, it is a pretty simple matter to set it to automatically scan in the wee hours of the night when you will be asleep. For others, perhaps the beginning of the day or lunch is a good time. Depending on many variables, this scanning could take 10 or 15 minutes and your computer have performance on a scale of sluggish to unusable while the scanning is taking place.
Many lawyers want to do the scanning manually so it doesn't interfere with their use of the computer. They say they will set it to virus scan when they leave for lunch. We strongly recommend that you opt for the automated daily scanning process even if it does get in your way every now and then. The reason is simple. The computer doesn't forget to do the scanning.
6) Back up your files
This next safety step is not unique to virus protection. It already should be a part of your regular technological business operations. Do regular back-ups of your data.
Whether your next office computer disaster comes in the form of a hard drive crash, a burglar who steals your computers or a virus that reformats all of your hard drives, the burning question will be "When was our last backup done?"
Your forms, client files, calendars and other data contained on the computer would be much more expensive to replace than the hardware. How many hours would it take your staff just to retype all of your form files? If you lose client material to a virus, who would you think should bear the cost of recreating it?
Every lawyer should be doing complete system backups weekly and incremental backups daily. In addition a fairly recent backup should be stored at another location to protect against a major disaster like the office burning. Knowing that the worst case scenario for a virus attack is losing only one day's worth of work gives a lawyer great piece of mind.
7) Turn off your VBS (Visual Basic Scripting)
More accurately stated B uninstall the Windows Scripting Host.
As mentioned previously, unless you are absolutely sure you know what you are doing you should never click on an e-mail attachment where the files is named something dot VBS. VBS stands for Visual Basic Scripting. Visual Basic is a programming language and that is really all most lawyers need to know about it.
Since the latest high-profile virus infections utilize Visual Basic Scripting through Microsoft Outlook, if you uninstall the scripting host from your system, then they cannot do all or part of their dirty work My understanding is that if you need Windows Scripting Host, you know that you do. Many industry experts have been quoted as saying that 90-something percent of users do not use or need Scripting Host. If you find out you do need it, you can always re-install it. You do not need to be a computer guru to do this. The steps are fairly simple.
Even if not having scripting available did limit your options, there will be more of these types of viruses circulating in the future. The trade-off would clearly seem to be worth it. For what it is worth, numerous OBA-NET subscribers have already taken the following steps, and no one has yet to report any impairment of computer functionality.
In Windows 98, that means go to your Start Menu and choose Settings, then Control Panel. Double-click on the Add/Remove Programs control panel. Choose the Windows Setup (or Windows Components) option, and then double-click on Accessories on the list. Then uncheck the box for Windows Scripting Host, which should be the last one on the list.
If you are using Windows NT or 95, there are several sets of instructions in various places online. Here's a location that includes east to follow instructions, along with screen shots of each step in the process: www.f-secure.com/virus-info/u-vbs. The screen shots are there for the Windows 98 uninstall process as well.
Memo to Microsoft Corporation: Given what we know now, perhaps the default at the factory should be for scripting host not to be installed on the standard installation, with an option for those who really need to install it to do so.
8) Someone in your office should stay informed
This is the hardest part for so many law firms. Lawyers want to practice law and generally do not want to learn anything more about technology than absolutely required. Everyone already has a full set of responsibilities.
But we need to take our lessons from the rest of the business world. Many corporations now have CIOs or Chief Information Officers.
Someone in your law office, lawyer or nonlawyer, should at least pay some attention to virus information and other technology trends. They should be the one who knows to go to the Computer Incident Advisory Capability (CIAC) of the U.S. Department of Energy at www.ciac.org to check out all of the bogus virus warning we receive via e-mail from well-meaning friends and associates. They should be on the e-mail update list for the company that supplies the law firm's anti-virus software and have the web site book marked in case they need to check something quickly. They should know how to download and install new updated virus data files. They should monitor the firm's policies regarding virus protection.
Oklahoma lawyers also can subscribe to the OBA-NET, which one lawyer joking noted might well be due for a name change to the OBAVirus Alert Net.
It is hard to understand why so many obviously talented people spend their time writing malicious viruses, worms and other destructive files. But it is obvious that we will be dealing with these issues for quite some time. At least law firms who have access to this article will have a roadmap to follow as they begin to implement their policies to keep computer viruses at bay.
Comments or questions? Jim Calloway can be reached at (405) 416-7051 or via e-mail at jimc@okbar.org.
Originally published in the Oklahoma
Bar Journal June 10, 2000 - Vol. 71; No.18 |
