Friday, November 25, 2005

There’s danger in downloads

Every time you install a downloaded program or open a downloaded data file, you’re taking a chance. You have no way of knowing who touched the program or file before you, so you have no way of knowing whether it contains a virus. An anti-virus utility can pinpoint viruses for you, but you must use it faithfully and update it regularly (preferably once a week, or at least once per month) in order for the software to perform well.
Granted, the odds of acquiring a virus from a file you download from a reputable hardware manufacturer or software developer are very slim. Established companies would never knowingly post infected files on their publicly accessible servers. Nevertheless, mistakes can happen, and willful hackers (savvy computer users who break into systems for illegal and/or unethical purposes) might find a way around whatever security measures are in place. The safe course of action is to watch your PC’s behavior after installing downloaded files from a trusted source. Look for symptoms of viral infection and take action immediately if necessary.
Unfortunately, large corporations with legal responsibilities don’t develop all of the files and programs posted online for public consumption. The Internet is overflowing with screen savers, desktop enhancements, MP3 files, and thousands of homegrown applications wanna-be programmers designed. Some of these files include viruses or bugs that could cause major problems with your PC. Some are Trojan horses (programs that claim to be one thing while actually doing something else). To minimize the likelihood of inheriting such problems, you should shun downloads from unrecognized sources.
You also should avoid files that bear potentially dangerous file extensions, such as those listed in the “Be Wary Of These File Attachment Extensions” sidebar. Set your computer to display hidden file extensions so you can see what types of files you’re downloading. This is important because hackers know that smart computer users avoid potentially dangerous file extensions, so they add false file extensions to the middle of file names. For example, instead of naming a file Report.vbs, a hacker might name it Report.txt.vbs. That way, when you save the file to your PC, it displays as a benign text file called Report.txt. Only after setting the computer to display hidden file extensions will you see the .VBS extension and realize that the file is almost certainly a virus.
Windows makes it easy to expose hidden file extensions. Double-click the My Computer icon, open the Tools menu, and click the Folder Options command. In the resulting dialog box, choose the View tab, deselect the Hide File Extensions For Known File Types option (in Windows Me and Windows 98) or the Hide Extensions For Known File Types option (in Windows XP). Click OK to save the changes.
Now that you can see the file’s entire name, including its file extension, you should pay strict attention to the letters at the very end of the file name. Stay away from the file if its extension includes .VBS, .EXE, .PIF, or any of the extensions listed in the “Be Wary of These File Attachment Extensions” sidebar.
Sick of scripts. As dangerous as downloaded programs and files can be, at least you have the option of whether to download them; such is not the case with scripts. web site designers like to incorporate scripts within pages of HTML (Hypertext Markup Language) code precisely because they can configure scripts to launch automatically when visitors access the pages. This factor makes scripts good for adding interactive features to a shopping site, for instance, but bad for users who value the security of their PCs. Indeed, underhanded hackers frequently use scripts to surreptitiously infiltrate computer systems and exploit their weaknesses. What the hackers do after they gain access to systems is up to them; they may track online behavior, steal data files, infect systems with viruses, or perform other malicious activities.
There is a way to minimize your exposure to scripts: Configure your browser’s security settings to disable the most common scripting capabilities. To do this in IE, open the Tools menu, click Internet Options, and choose the Security tab. Either set the security level to High or customize the associated setting by clicking the Custom Level button and manually disabling all scripting functionality. Click OK to save the change.
Keep in mind that you may have difficulty accessing some legitimately secure web sites after you disable the scripting capabilities. You can mitigate this inconvenience by configuring IE’s Trusted Sites zone to permit scripts on sites you trust. From the Security tab of the Internet Options box, select the Trusted Sites icon, click the Sites button to add specific URLs to the list of trusted sites, and then click the Custom Level button to enable scripts in this zone.
P2P, or not P2P. Among the most controversial technologies, P2P (peer-to-peer) file sharing lets your computer swap data files with any other computer connected to the same network. Such networks serve as a convenient distribution channel for data pirates who want to share copy right-protected audio and video files across the Internet. They also serve as a convenient distribution channel for hackers who want to spread viruses, Trojan horses, and other malware (code intentionally designed for a malicious purpose) to unsuspecting computer users.
The easiest way to protect yourself from this source of trouble is to avoid P2P networks altogether, such as those based on LimeWire30 or Kazaa31 software. If you must use these networks, keep the P2P connection on your PC closed at all times, except when you’re using the program. These programs can run quietly in the background, so read the product documentation to find out how you can shut down the program entirely. You also should review the shared files folder on your PC (each P2P program has one) to determine whether you’ve acquired or are spreading any virus-laden files.


Post a Comment

<< Home