VIRUSES, WORMS, AND OTHER SLIMY CREATURES

ANTIVIRUS SOFTWARE SLOWS ME DOWN

The Annoyance:

Since I installed antivirus software on my computer, it takes longer to collect my email. The messages used to pop into my Inbox as fast as lightning, but now that my antivirus software is checking each message, it seems to take twice as long, or longer.

The Fix:

Yeah? So? And your point is?

YOU DON'T NEED EMAIL TO GET A VIRUS

The Annoyance:

One of the three computers on our network has no email. We use it only for Internet access, and most of that work is for the children's homework and school research. Because of the lack of email, I didn't install an antivirus program. But my 12-year-old son tells me no computer should be without antivirus software.

The Fix:

In many families, the 12-year old is the resident computer geek, and your household is no exception. Your son is right. You can get viruses from other computers on your network, or from a web site.

A VIRUS DISGUISED AS A DOCUMENT

The Annoyance:

If viruses can exist only as programs, how come I picked up a virus from a Microsoft Word document?

The Fix:

The virus got into the document because the document contains Visual Basic Script (VBS) programming code used to create a macro. The macro is part of the document file, and because VBS produces executable code just like any other programming language, a macro qualifies as a program. Such viruses are called macro viruses. Be sure you configure your Microsoft programs to enable Macro Virus Protection. For example, in Word, select Tools Macro Security and choose a security level.

If you don't use VBS and don't have to run VBS files, change the file association for .vbs files to Notepad. Then, if you open a document file that also contains a VBS file (which might contain a macro virus), it will open as a text file in Notepad (instead of executing its malicious code). Check your Windows help files to learn how to change file associations.

VIRUS SCAN TAKES FOREVER

The Annoyance:

I follow the advice of my antivirus software and run a complete scan once a week. It takes forever. Is there a way to speed this process?

The Fix:

You can shorten the time it takes to scan your system by preparing for the scan with the following steps:

• Delete the contents of the Recycle Bin.

• Delete temporary Internet files. In Internet Explorer, select Tools Internet Options. In the Temporary Internet files section of the General tab, click the Delete Files button.

• Search For Files or Folders. Click the "All files and folders link in the left pane, enter *.Ext in the top field, and click the Search button. Substitute the file extension your software applies to backup files for .ext. For example, to remove Microsoft Word backup files, enter *.wbk (see Figure 7-5). When the backup files appear, press Ctrl-A to select them all, and then press the Delete key.

Figure 7-5. Get rid of unneeded files before scanning your computer for viruses.

SELECT MAPPED DRIVES FOR A VIRUS SCAN

The Annoyance:

My computer has several mapped drives linked to shared folders on other networked computers. If I select Entire Computer as the target of my virus scan, those mapped drives are scanned, too. This increases the time it takes to scan the computer.

The Fix:

Because you certainly installed antivirus software on the other computers, it's a waste of time to scan individual folders on those computers when you scan your own computer. Select the local hard drive as the target of the scan, instead of the entire computer.

SCAN TWO DRIVES

The Annoyance:

My computer has two hard drives and several mapped drives to remote folders. I don't want to scan the remote folders, but my antivirus software doesn't let me select both hard drives.

The Fix:

Isn't that annoying? The only solution is to scan the first hard drive, and then scan the second hard drive in a separate action. Of course, depending on the way you use the second drive, you might be able to skip the scan (or perform the scan less often). Many people use the second drive to hold documents (which makes backing up documents much easier). In that case, you don't have to scan it as often because you rarely find a virus in a document you created.

SCAN THE ENTIRE NETWORK

The Annoyance:

Even though I installed antivirus software on every computer, it's very time consuming to scan each computer. Can I scan the entire network from one computer?

The Fix:

Good thinking! Your antivirus software probably doesn't have an option labeled "Scan Entire Network," but you can manually set up such a scan. Share every drive on every computer on the network, and then map drives to those shared drives on the computer that does the scan. Selecting the entire computer in the scanning options includes all mapped drivesergo, you scan the whole network. If you don't want to share drives on your network, just create the shares and map them for the virus scan, then disable the drive sharing until the next time you want to scan the whole network.

WHAT'S HEURISTIC SCANNING?

The Annoyance:

My antivirus software has an option to use heuristic scanning techniques. I have no idea what that means, but I read a tip that says it takes longer to scan with this option, and it's not absolutely foolproof.

The Fix:

Heuristic scanning analyzes an executable file that does not contain a known virus to try to identify whether it's a potential threat. This is a way to catch viruses new to the computer community. Each antivirus program has its own method for defining "suspicious" code during heuristic scans. Heuristic scanning is a guessing game, but at least it uses educated guesses. It slows the scanning process and sometimes produces false alarms. For example, a perfectly safe program can contain programming code that the antivirus software thinks is related to the way a virus acts. Still, it's better to be safe than sorry.

SCHEDULE SCANS FOR THE MIDDLE OF THE NIGHT

The Annoyance:

I'd like to schedule my weekly scan for the overnight hours, so it doesn't interfere with my computer use. But what happens if the scan finds a virus and I'm not there to take care of it?

The Fix:

Scheduling scans at night is an excellent idea. The software, and any viruses it finds, will wait patiently for you to return to the computer and deal with the problem. In fact, programs such as Norton AntiVirus will automatically remove the virus or quarantine the file so that it can't infect your computer. Make sure you check the quarantined files (if your antivirus software performed that action) and delete them.

WHAT'S WITH THIS CONSTANT UPDATING?

The Annoyance:

Almost every time a computer on the network dials out to the Internet, the connection is slowed for a while because the antivirus software is checking for updates. Do they bring out updates of the program every day?

The Fix:

It's not the program that changes daily; it's the virus information file. Antivirus software has two parts:

• The program, which is the engine that drives the work.

• The virus information file, which contains all the information about known viruses. The program uses this information to find viruses.

Because new viruses, or variants of known viruses, are discovered almost daily (in fact, sometimes hourly), the only way to ensure that virus checking is performed with up-to-date information is to keep a current copy of the virus information file on your computer. When you go online, the software checks the manufacturer's web site to see if either the virus information file or the software program has changed. If it has, the new file(s) are downloaded to your computer.

ANTIVIRUS PROGRAM UPDATE REQUIRES A REBOOT

The Annoyance:

My antivirus software checks for updates constantly because we have an always-on Internet connection. Sometimes all the computers on the network see a pop up that says an update has been downloaded, and clicking OK makes the pop-up go away. Other times, however, the pop-up says the computer has to be rebooted. Why?

The Fix:

Usually you need to reboot because the software program itself has been updated (the frequent downloads of updated virus information files are responsible for the regular pop-ups). When you're asked to reboot to incorporate the new features, it means your antivirus software is disabled, so you should restart the computer as soon as possible.

TURN OFF AUTOMATIC UPDATING

The Annoyance:

Because we use a telephone modem to connect to the Internet and often have more than one person online at a time, the automatic updates of our antivirus software really make us less productive. Can we turn it off?

The Fix:

Yes, you can turn off automatic updates, but I'll tell you how to do this only if you promise to check for updates manually every day. Promise? OK.

Your antivirus software used your Windows Task Scheduler to automate checking for updates. You can delete the task, and then use the menu bar in the software window to check for updates manually. Here's how to delete the scheduled task:

1. Select Start Programs Accessories System Tools Scheduled Tasks (see Figure 7-6).

2. 
   

   ---

   Warning: If you check for updates manually and download an updated version of the software program (the engine), the new version schedules a task to check for updates. You'll have to remove the scheduled task again.

   ---

   MY ISP SCANS FOR VIRUSES, WHY SHOULD I?

   The Annoyance:

   My ISP has virus blocking enabled on mailboxes. Why should I buy and run antivirus software?

   The Fix:

   First of all, your ISP can't scan your drives and find viruses that have come into your system over the network, or over the Internet. Second, the only way to know that the antivirus activity is using up-to-date information is to run your own antivirus software, which is updated whenever new viruses are discovered.

   ANTIVIRUS SOFTWARE WON'T INSTALL

   The Annoyance:

   We added a third computer to our network several days ago, and today I went to the web site of our antivirus software vendor and tried to download the program. The download failed about halfway through, and I tried again with the same result. The other computers never had a problem downloading the files. Why am I suddenly not able to install the software?

   The Fix:

   I'll bet big bucks that the computer has a virus. You waited too long to install the antivirus software. An existing virus is one of the primary causes of installation failure. In fact, many viruses are programmed to prevent antivirus software installations.

   Luckily, you have a network, so you can cure thissomething people who run standalone computers can't do easily. Use the following steps to check for a virus on the computer:

   1. Share the hard drive of the computer that has the problem.

   2. On a computer running antivirus software, map a drive to the shared drive you created.

   3. Open the antivirus software and select the mapped drive as the drive to scan.

   4. Start the scan.

   If the scan discovers a virus, delete the virus-laden file(s). Then go to the software company's web site and search for the virus by name to see if there are additional removal tasks (such as deleting additional files the virus installed, or removing registry items added or changed by the virus). Then download the antivirus software. If the scan doesn't discover a virus, something else is going on, and you should call the vendor for support.

   ---

   Tip: If you can get to the Internet, you can use the free, web-based virus scan available at www.mcafee.com. It cleans your computer and then asks if you'd like to purchase McAfee virus protection software.

   ---

   DON'T GET FOOLED BY VIRUS HOAXES

   The Annoyance:

   Occasionally I get email from people I know warning me that some horrible virus has emerged, and the antivirus software companies can't seem to find a fix. Most of the time, the instructions in the email tell me to delete files from my Windows folder, which makes me nervous.

   CLUES TO VIRUS HOAXES You can usually spot a virus hoax email message because it contains multiple clues. First of all, the sender is not a computer expert (for example, your brother-in-law, who is an IT professional, would never send you a message like this). In fact, often the sender isn't even a polite emailer because he includes all the previous forwarded messages that crossed the Internet, forcing you to scroll through a million recipient names and a thousand iterations of the message body. Doesn't that annoy the heck out of you? Second, the message includes screaming demands to warn everyone you know about this dangerous virus. "Screaming" in email is USING ALL CAPITAL LETTERS TO REINFORCE THE NEED TO PANIC. Third, the information that no antivirus software company has been able to get a handle on the virus is a big clue that this is a hoax. That's ridiculous. A "troublesome" virus is one that takes more than an hour to pinpointusually it takes only minutes to figure out what a virus is doing and how it is doing it. Finally, the message usually contains some kind of long, complicated story with a protagonist who is a computer expert. For example, somebody was warned by his cousin who is an engineer at IBM/Microsoft/Oracle/Intuit/<insert name of any other major computer company here> that this virus will destroy computers within five minutes.

   
   

   The Fix:

   Why do perfectly reasonable, intelligent people broadcast a zillion emails to warn their friends without checking the facts first? Don't remove any files from your Windows folderyou'll probably stop some important feature from running. Instead, check the veracity of the information yourself.

   The email message probably contained a name for the virus. Enter that name in the Search box at your antivirus software company's web site. You'll almost certainly see an article explaining that the virus warning is a hoax. You can also check one of the following web sites, which keep up with virus hoaxes:

   • http://www.vmyths.com/

   • http://hoaxbusters.ciac.org/