Hi all: >From: "Bette Richards" <betterichs@earthlink.net> >To: BUNKER-L@rootsweb.com >Subject: how viruses and worms work >Date: Thu, 18 Sep 2003 21:08:41 -0700 > >I am sending this to the list hoping that Kipp and some of our other very >computer savvy people will explain on the list in simple terms for us >computer dummies the answers to these two questions. > Let's not use the word dummies. I do computer support for a living; hence, I have more exposure to these things than most home users. Einstein, I am not. ;-) > >1) I get an email from an automatic service that tells me that a message I >sent was not delivered because the addressee was not known, etc. I never >sent a message to this person and have no clue who they are. How can this >happen? Keep in mind that as far as I know I have never had a virus or >worm. I always have up-to-date virus protection and a firewall too. No >scan >has ever indicated that I have an infected file. > The recent worms (SoBig, Blaster) install themselves as a trojan program on your PC (if you run Windows NT, Windows 2000, Windows XP). As soon as the trojan starts, it looks at the address book file on the infected PC and sends a message (virus attached) to each address in the address book. It also picks a *random* address in the address book and uses that as the 'from' address. So everybody in the address book file gets sent a message, complete with virus, and with (for example) betterichs@earthlink.net as the sender. Some mail recipients trap the message and send back to the sender (they have no idea that it's not betterichs@earthlink.net) a message to the effect that Bette has sent them a virus. Just take those messages and discard them. Nothing constructive can be done with them. > >2) My computer has more than one hard drive. Most things (email, >downloads, etc.) come in through my C drive. I keep my genealogy programs >on my E drive. I keep my pictures and documents on my D drive. I had it >set up this way in the hopes that my genealogy programs would be better >protected from viruses and worms. Am I correct in my belief that a virus >could wipe out my C drive and the things on my D and E drive would be >unharmed? I know that I can reformat the C drive, which essentially erases >everything on it, and it has no effect on the other drives. Is this a good >way to keep your genealogy programs safe from viruses and worms? > Most of the worms/viruses I've seen are coded such that they do damage on the C: drive. That written, you simply cannot depend on that continuing to be the case. It would not take much additional code to do rude things to your D: or E: drive. The only insurance you have is to back up the data files you consider valuable / important. > >Kipp and others please remember that many people on this list do not even >understand what I am talking about when I say I have more than one hard >drive on my computer. I am wondering in this era of nearly daily attacks >from worms and viruses, it might not be a good idea for us genealogist >types >to put our programs on a different drive from their C drive. > I would council regular backups and an up-to-date antivirus product as a better strategy. > >Thanks for letting us pick your brains. > >Bette > These are very good questions, glad to help. BTW, there is a bogus e-mail message going around (virus attached) that purports to be from Microsoft. I can't stress this enough to those who read this list. Microsoft does not distribute patches via e-mail. Microsoft does not notify it's customer base of security problems via e-mail. If you have questions about a questionable e-mail, check the following web site ... http://securityresponse.symantec.com/ I don't promote Norton antivirus over other vendors (e.g. - McAfee). I just find their web pages regarding current worm / virus threats very informative. Best regards - Kipp - _________________________________________________________________ Fast, faster, fastest: Upgrade to Cable or DSL today! https://broadband.msn.com