Maybe it's time to strengthen barriers to e-mail viruses

7/8/2000

"Our computer security system just blocked an e-mail from you because it contains a virus. Thought you'd want to know."

That telephone call from David Jarmul, of the Howard Hughes Medical Institute in Chevy Chase, Md., was the start of a not-so-very-good day, thanks to the "Life Stages" virus.

Life Stages is the most recent in a slew of viruses, or "worms," that hide in e-mail attachments. Open the attachment, and the virus infects your computer. It was closely related to the notorious "Love Letter" virus that caused so much trouble a few months ago.

I looked at my e-mail screen as Jarmul talked. Messages were pouring in from computer security systems around the world. "Norton AntiVirus detected and quaranteened a virus in a message you sent." "ALERT-virus-message returned." "ScanMail message to sender: Virus found and action taken."

It was pretty obvious. My computer had a virus that was systematically going through e-mail addresses in Microsoft Outlook, and sending copies of itself to every address. I handle a lot of e-mail, and my software probably has stored a couple thousand addresses.

Everyone got a copy of Life Stages. Most people on networks were protected by security systems. Most others couldn't open the attachment. I know because I received scores of e-mails from people asking me to resend the attachment.

Until the tangle with Life Stages, I relied on frequent updates of antivirus software and the Golden Rule of e-mail attachments: Don't open an attachment from an unfamiliar correspondent. It may be a virus.

Life Stages, however, came from a known correspondent. It found me among her e-mail addresses and sent me a copy of itself.

Now I've tightened my personal security a couple more notches. Other computer users should consider doing the same.

Love Letter, Life Stages, and other e-mail viruses are written in a Microsoft programming language called VBScript. Their files have ".vbs" as the ending, or "extension." Any attached file ending in .vbs may be a virus and shouldn't be opened. Files ending in .shs also can be viruses. When you see one as an e-mail attachment, delete it from the in-box, and then delete from the deleted messages queue.

Seem simple? Well, Microsoft made it hard.

Windows 95, 98, NT, and 2000 are set at the factory to hide such file extensions. An attachment may look like a harmless text (.txt) file, for instance, instead of a .vbs virus.

I've reconfigured Windows to show file extensions so I can spot .vbs and .shs viruses in the future. Here are the directions for Windows 95, 98, and NT 4.0, courtesy of Carnegie Mellon University's computer security program:

Click on the Windows Start button, located at the end of the Task Bar. It runs along one side of your computer monitor. Select Settings and Control Panel. Click on View and in the drop-down menu select Options. Click on the View tab. Uncheck both "Hide files of these types" and "Hide file extensions The next step takes you into a critical area called the Windows Registry. Follow the instructions exactly. Mess up here, and you can disable your computer.

Click on the Windows Start button. Select "Run" and type in regedit. Click on "Edit" and select "Find." Go to "Look at" and uncheck "Keys" and "Data." In the "Find What" box enter NeverShowExt and click "Find Next." Right click on NeverShowExt and select "Delete." Find the next occurrence of NeverShowExt by pressing F3. Delete it, and continue until every occurrence is gone.

Reboot your computer to make the changes take effect.

Michael Woods is the Blade's science editor.