Once upon a time, email was considered to be a pretty safe communication medium. For those still using PINE or some other text-only mail client, it still is, says Roger Samara. But for the rest of us, who want to take advantage of all the advanced features of modern email client software, opening an email message can be a scary experience.
Virus writers, who used to spread their virtual “diseases” via infected floppies and network shares, have seized the opportunity posed by email programs that support attached files, HTML messages, and embedded scripts to send viruses and other malicious software (called “malware”) to hundreds or thousands of people with just a few keystrokes. In this article, we will look at how email viruses work and what you can do to protect your computer and network from them.
How Email Viruses Work
There are a couple of different ways that viruses can invade your computer through your email box. One of the most publicized is through attachments. If you open an executable file that’s attached to a mail message, the program runs and the virus does its dirty work – in some cases not only doing damage on your own machine but also using your address book to mail copies of itself to everyone with whom you correspond.
 |
| Roger Samara_Email Viruses |
These infected messages will appear to be from you, even though you weren’t even aware that they were sent. That’s why you should always be wary of mail with attachments, even when it comes from someone you know and trust. Viruses that work this way include the infamous Melissa virus, Klez, and others.
Avoiding attachment viruses would seem to be easy: just don’t open attachments. However, it’s not always that simple. Many of us whose work depends on collaborating with others across the Internet need to exchange attachments. If you do, common sense precautions should prevail. Note the file type before opening an attachment. Executables are most likely to be dangerous, but virus writers use tricks such as appending multiple file extensions to fool you into thinking a file is something it’s not. Because the Windows Explorer and some software programs don’t show common extensions by default, a file named letter.txt.exe will appear to be an innocuous text file when it’s really a program file.
Because the problem of viruses in attachments is so prevalent, Microsoft has written recent versions of Outlook (2002 and above) to automatically block executable file types (.exe, .bat, .com, .lnk, .scr, .vbs and many others). This feature is also added to Outlook 2000 when you apply Service Pack 2 or to Outlook 98 when you apply the Outlook Email Security Update. Unfortunately, this creates a situation where the cure may be worse than the disease if you really need to send and receive those types of files. If so, there are several ways to work around this problem.
The simplest method is to just rename the file with a different extension (for example, rename program.exe to program.txt) and tell the person to whom you’re sending it to rename it to the original name after downloading it.
In Outlook 2002, you can edit the Registry to modify the file types that are blocked. There are several third-party utilities that will let you do the same thing without directly editing the Registry; these include Outlook Permissions Add-in from MRH Technolgoy Group, DetachXP from McDaniel Development and the Xenos Outlook Security Extension.
Note that attachment blocking is optional in Outlook Express, and Outlook Web Access does not include attachment blocking. So another way to get your attachments is to use OWA (if you’re in an Exchange environment) or import your messages into OE from Outlook.
Don’t assume that you’re okay if the only attachments you open are document files. Word documents can contain macros (small programs) that can execute malicious commands. These are called macro viruses. You can protect yourself by setting the Macro Security level in Word (accessed via Tools | Options | Security tab) to medium or high. High disables all unsigned macros, and medium prompts you before running a macro, as shown below.
 |
| Roger Samara: Macro Security |
You can’t assume your mail is safe just because you don’t get attachments, either. Viruses can also be embedded in the mail message itself. This isn’t possible in a plain text message, but the most popular mail clients today (Outlook, OE, Eudora) support HTML mail so you can use stationery, embed pictures and sound, and so forth. An HTML message can contain scripts (programs) that execute viruses. This is one reason many mailing lists block HTML mail (another is bandwidth usage).
The latest version of Outlook (2003), now in beta testing, finally allows users to block HTML mail. This is a continuation of a trend that started in Outlook 2002 (XP), when Microsoft started blocking external content (files grabbed from outside servers) in the preview pane. To convert incoming HTML to plain text in Outlook 2000, you can use VBA code. In Outlook 2002, you can use the Rules Wizard’s “run a script” action to call a VBA subroutine to perform this conversion.
Rich text can also be exploited to send unauthorized messages, and even plain text messages can contain URLs that may take you to web sites where scripts run and disseminate viruses.
Like what you're reading? Get the latest updates and tech guides in your inbox.
Protective Measures you can Take
According to Roger Samara, most viruses are operating system specific (that is, viruses that run on Windows often don’t affect Linux or Macintosh computers, and vice versa) and many are also specific to certain email clients. The first step in protecting your computer from email viruses is to apply all service packs and security updates, both those for your OS and those for your email software. Because the mail client may interact with the browser when reading HTML mail, you should also apply the latest updates to Internet Explorer.
Your mail client should be configured so that ActiveX and Java scripts won’t run automatically. In Outlook and OE, this is done through the settings for the Restricted Sites security zone (Tools | Options | Security). Choose Custom Level and scroll through the list of options, and set the option button for each ActiveX or scripting setting to either “disable” or “prompt,” as shown in figure below.
 |
| Roger Samara_Disabling ActiveX and scripting |
If you use Eudora, in Tools | Options | Viewing Mail, you should disable “allow executables in HTML content.” For Netscape Mail, in Edit | Preferences, Advanced Category, uncheck “enable Javascript for Mail and News.”
The next step is to install a good anti-virus or email security program. Although an AV program will help, it may not be enough to protect a mission-critical network. In that case, a more comprehensive “email firewall” such as GFi MailSecurity for Exchange can check mail content as well as checking for viruses. Remember that new viruses are being created daily, so any virus software will need to have its definition files updated regularly.
Summary
Viruses can destroy data, damage system files that are necessary to run your operating system and applications, and even bring down the entire network through denial of service attacks. If this weren’t enough, these viruses can use your address books to spread themselves further. If you use email, you need to take steps to ensure that you’re protected against viruses, Trojans and other malicious software that can be transmitted via email – without compromising the email features you need to communicate effectively. In this article, we’ve provided an overview of email security issues and pointers to solutions that may be right for your computer and network.
Originally published at: http://techgenix.com
0 comments:
Post a Comment