Message-Id: <200110180134.SAA12128@gateway.astro.ucla.edu>
Date: Wed, 17 Oct 2001 18:34:39 -0700 (PDT)
From: help (computer support)
To: all (mailing list)
Cc: xu
Subject: e-mail viruses/worms
As we were reminded last week, e-mail viruses/worms are becoming more and more common. In fact, I expect that they will soon become daily routine, with ever increasing dangers (``payloads'') for the recipients' computers.

Therefore, we have decided that we will no longer send e-mail warnings about each new virus. It is taking up too much of our limited resources and the information in the announcements is basically always the same (and it is available from the usual anti-virus sources). Instead, this message will give you guidelines for dealing with this new constant threat.

First, you should know that if you use a text-only mail reader (such as PINE, UNIX or VMS mail) that cannot handle attachments or spawn external viewers/commands, you are NOT at risk.

If you use a graphical mail reader under UNIX (or VMS, but nobody does), such as Netscape Mail, MailTool, dtmail, you are not at risk of damaging the computer you are using, but if you have HTML and/or JavaScript enabled, an infected message may make you do things like connect to a web site that collects personal information about you, or run some programs that may affect (possibly delete) your personal files without your knowledge...

But most viruses are intended to hit computers running Microsoft's Windows operating system and core networking tools Internet Explorer and Outlook (Express). (If you were wondering what all the fuss about the worldwide monopoly and bundling lawsuits were about, this is the illustration.)

Using a graphical mail reader (e.g. Eudora, Netscape) under Windows is inherently UNSAFE (and using Microsoft's own Outlook/Express borders on irresponsibility). In addition to the HTML/JavaScript issues mentioned above, the main problem is attachments.

An attachment should always be considered suspicious, even if the message comes from a known or trusted source, and never opened unless you were expecting it or until you have verified with the sender that it was intentional. (Many viruses now e-mail themselves without the knowledge of the sender, so it is always useful to let the sender know if you get an infected message so that they can clean up their computer.) Do not rely on the file name/extension of the attachment; they can be ``disguised'' and even ``standard'' PDF files can carry viruses.

Having anti-virus software can help some (and is MANDATORY for Windows systems connected to our network), but because the frequency of updates usually lags the propagation period of viruses, they should not be relied on as foolproof. (Indeed, Norton AV failed to catch the Nimda virus not too long ago!)

In the end, security boils down to human character more than technology. Most people are aware of e-mail viruses by now, so the new ones rely on social engineering (read: gullibility) to propagate. Another thing to keep in mind is that there are two aspects to e-mail viruses: your computer getting infected, and you transmitting the infection to others around the world. It is your responsibility to ensure that the latter does not happen, by practicing safe computing (more on that in an upcoming announcement).

We will continue to do our part in blocking those annoyances at the network level, but, as we have seen with the SirCam virus which is still spreading after almost 3 months, there are technical (and legal) limitations to what we can do. This is why your vigilance is also needed for your own and everyone else's good. Thank you for your cooperation.