Practice safe computing and thwart online thugs

By Kim Komando

Viruses, Trojan horses and worms are malicious programs often written by teenagers or young adults -- or even older adults of that mentality -- who feel a desperate need to impress others.

People may or may not be impressed, but many viruses have indeed been destructive. The MyDoom e-mail virus in 2004 is expected to cost companies $250 million in lost productivity and technical support expenses -- with medium- to small-sized companies bearing the largest burden. Several years ago, the Melissa virus spread rapidly around the world, causing $80 million in damage. The FBI caught the perpetrator: David Smith, a 30-year-old programmer who got 20 months in the Big House.

If you want to avoid being a victim yourself, here are some things to know.

Today, nearly all viruses arrive via e-mail. It is possible, however, to get an infection by simply visiting a Web site. Although this is pretty unusual, it actually happened to me a few weeks ago. I was researching a topic for my radio show and stumbled upon a site of hacker tools. I clicked to enter the site and seconds later, my antivirus software alerted me that it prevented a Trojan from entering my system.

But usually viruses arrive as attachments to an e-mail. The subject line — "I love you," "Naked Wife" or "AnnaKournikova," for example — is intended to entice the recipient into opening the attachment. In the hacker world, this is called "social engineering." The virus program begins running when you open the attachment.

Our three malicious programs are generally referred to as viruses. A malicious program can have characteristics of a virus, a Trojan horse or a worm, or it can be all three. So let's define them:

Virus: A program that attacks your data in some way. It may pop up a silly message, causing irritation. Or it might destroy everything on your hard drive.

Trojan horse: A program that includes a secret, malicious payload. You might get an e-mail with a program attached to it. You might even find the program worthwhile. But the program may also be secretly malicious. The malicious component might download viruses from the Internet. It might search out your credit-card numbers and send them to a computer on the Internet. Or it might be a virus itself.

Worm: When you open the e-mail attachment, this program goes to your e-mail address book. It sends itself to the addresses there. When it reaches those addresses, it repeats the process. That is how worms spread rapidly around the world. Worms are often viruses.

Virus writers tend to go where their potential victims are located. Because Windows has more than 90% of the operating system market, Windows users are targeted. Viruses for Macintosh and Linux are much less common.

So how can you protect yourself? Practice safe computing. Here's how:

1. Install an antivirus program.

There are a number of these programs. AVG Anti-Virus (www.grisoft.com), by Grisoft, is free. There are many others — among the best are McAfee, Symantec and Panda — that are inexpensive. In most cases, they will be $40 or less. You'll get better technical support from the paid versions.

All antivirus programs offer updates. You just download them from the manufacturer's site. Updates are important. New viruses come out constantly, and the updates ensure that the antivirus program can recognize them.

The easiest way to buy is via a download on the Internet. You can also buy many brands in stores. When you install the software, select the option to update automatically. That way, you won't have to think about it.

You also want the antivirus software running in the background. If you activate a virus in an e-mail attachment, the software will catch it. Additionally, antivirus software often protects against worms in Microsoft Outlook and Outlook Express. The program can be set up to start with Windows.

2. Install a firewall.

There are two types of firewalls: hardware and software. Most home users and many small businesses use software. Like antivirus programs, there are a number of manufacturers. In fact, McAfee and Symantec sell firewalls with their antivirus programs.

There are also free versions for personal — but not business — use. Two are ZoneAlarm (www.zonelabs.com) and Outpost. I especially like ZoneAlarm, a program I've used for several years.

In general, a firewall will make your computer invisible on the Internet. Computers have a number of communications points, or ports that can be used for outbound transmissions. Hackers use sniffer programs to find computers with open ports. They target these computers, because backdoor programs installed by Trojan horses use those open ports to communicate with the Internet.

Most firewalls also stop transmissions from programs trying to access the Internet. So if a backdoor program does land on your computer, its transmissions will be intercepted. The firewall will ask you if you want to let it transmit. If you answer "no," it is blocked.

The firewall also will block programs that need Internet access, such as your Web browser. It will ask if a particular file can pass. Some are obvious. Internet Explorer or Netscape clearly are valid. So are e-mail programs. But some are obscure. If you don't know, say "no." If things don't work, go back and say "yes." If you are unsure of a file, the firewall may have information on it. Or you can check the Internet.

Firewalls install like any other piece of software. During installation, you'll be given the option of being notified every time a probe is stopped. This gets old fast. However, if you want to see what is coming at you, click "yes" on notification. You can always go back and change it.

Windows XP has a built-in firewall. It does a good job of hiding the computer. But it does not stop outbound transmissions.

If you want to check it out, click Start > Control Panel. Double-click Network Connections. Right-click your network connection and click Properties. Select the Advanced tab. Check the box under Internet Connection Firewall and click OK.

If you have a router, it probably has a built-in firewall. These are very effective. But check your instructions to be sure that it is enabled.

3. Keep your system patched.

Microsoft's applications are big. Security companies probe Windows and other programs constantly, looking for flaws. So do hackers. Microsoft issues updates as necessary to ward off any vulnerabilities.

Windows XP will download and install updates automatically. To find the automatic setting, click Start > Control Panel. Double-click System. Select the Automatic Updates tab. Select the update option with which you are most comfortable.

To update Windows 98 and Windows Me (Millennium Edition) manually, click Start > Windows Update. You can also automate the download in Windows Me. To do that, click Start > Settings > Control Panel. Double click Automatic Updates. Make one of the three choices and click OK.

4. Back up your data.

If you get a virus, it could seriously damage your data. Worst case, your business could be hurt badly. Why take that chance? Protect yourself with backups.

The safest backup is on a removable medium, such as a tape or rewritable CD or DVD. If the backup is removed from the computer, a virus can't get to it. You also can take the backup from the premises overnight, which protects you against fire or theft.

Whatever you do, protect yourself against viruses, Trojan horses and worms. Installing the necessary software is not difficult. Antivirus programs and firewalls don't take much care, once they're set up. Don't let the evil people on the Internet sucker you.