Last Updated on September 30, 2010 by Dave Farquhar
Virus insanity. Dark and early yesterday morning, a warning from the good Dr. Keyboard made its way across the Atlantic and into my inbox. “Beware nakedwife.exe,” it said, with a postscript: “Who would open an unexpected executable anyway?”
Bright and early yesterday morning, I responded. “About 90% of the users I support. Thanks for the heads up.”
Fortunately for me, our e-mail administrator remembered the chaos wrought by LoveLetter nearly a year ago and filtered out the attachment at the server side. If what’s now known as W32.naked ever arrived at my place of employment, Outlook literally never knew what hit it.
Unfortunately for everyone else, the vast majority of people–including people savvy enough to build their own PCs and even network them–seem to just blindly open any attachment people send to them. And that’s how computers get infected, and messes like W32.naked spread.
When an unexpected attachment arrives, there are two and only two safe things to do with it:
1a. Update your virus definitions
1b. Detach the attachment, saving it to your desktop or someplace else
1c. Scan the attachment for viruses, and if it’s infected, delete it immediately.
1d. Verify the attachment is indeed what it claims to be. Open it in WordPad before opening it elsewhere. You’ll develop an eye for what a JPEG file looks like in WordPad, or an MP3 file, etc. Open a few files you already know are JPEGs and MP3s to get your eye trained. If what you see is what appears to be executable code, the file’s not what it appears to be. Delete it immediately.
1e. If you must, now that you’ve verified the file isn’t anything dangerous, open it for your viewing pleasure.
Steps 1c and 1d can be interchanged.
Or:
2. Delete the file.
(optional step 2b). E-mail the person and kindly ask them not to send you that kind of stuff anymore.
I don’t have time for process 1. At work I’ve got computers to set up, computers to fix, documentation to write, meetings to attend, people sticking their heads in my cube (I really must look into getting a pair of Mastiffs to keep at my cube’s entryway to keep that from happening), so e-mail attachments at work go straight to file 13 about 90 percent of the time. Hello, strange file. Now that I’ve met you would you object to never seeing each other again? You can leave a message but I’ll only press erase, let’s skip hello and go straight to goodbye. Now that you’ve seen the doctor, don’t call me anymore. I think you get the point.
It’s much better to miss the occasional joke than to lose data and then have to spend all day reinstalling everything. Whatever happened to telling jokes in person, anyway? Seems a lost art these days…
There really isn’t a good way to automate the process and keep your computer safe. Trust me, if there were, wouldn’t you think I’d have figured it out? You’re talking to the guy who spent a week trying to figure out how to get Windows 9x to boot out of a ramdisk, after all.
Of course I’m mostly preaching to the choir here. But maybe this is a new concept to someone out there…
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.