TOM REGAN: Check e-mail attachments

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500202463-500280214-501494367-0,00.html

Christian Science Monitor

HALIFAX, Nova Scotia (May 10, 2000 3:40 a.m. EDT
http://www.nandotimes.com) - I thought a lot about dancing pigs last
week. True, the e-mail virus attachment that crashed so many computer
systems last week was supposed to be a love letter. But when it comes
to computer security, pigs and love letters have a lot in common. And
you should avoid both of them at all costs.

Over the next few weeks, we're going to hear a lot about software
programs that will protect computers from these attacks. Some of these
programs are very good: Symantec's Norton Antivirus is a good
fee-based product, while Finjan's SurfinGuard Personal Internet
Security software (available for free at its Web site) is also a
program that people should have on their computers, at home and at
work.

But in the end, I believe there are only two things that can be done -
one personal, one public - to protect people and businesses from these
malicious behaviors in the future.

The personal one is very simple, yet very hard to do. It goes like
this: Don't open e-mail attachments of any kind, ever. Basically, keep
your hands and eyes off dancing pigs. Tell this to everyone in your
office and your family, and you'll have very few e-mail-virus
problems. Any e-mail from someone you don't know should just be
deleted immediately, without a second thought.

Unexpected e-mails from people you do know should not be opened until
you've checked with the sender.

If you do this all the time, you'll probably be safe. I have not
opened an e-mail attachment in two years. While everyone else in our
office was knocked off e-mail by the bug last week, I was able to
continue using my e-mail program because (1) I never open attachments
and (2) I will not use Microsoft's Outlook e-mail platform. It has
become so popular and widespread (and if you believe chat groups on
the Internet, riddled with security holes) that almost all e-mail
virus writers write exclusively for Outlook.

Public protection is more difficult. These days, most e-mail viruses
are written by crackers (malicious hackers) outside the United States.
That's because, if you write it from inside the U.S., you will most
likely be caught. And it's increasingly likely that you will go to
jail. This is much more difficult in countries where they may not even
have laws against computer crimes.

That's why we need an international pact of the kind that brought an
end to air hijacking in the '70s. Once crackers know they'll be hunted
down for their deeds, regardless of where they may live, or that they
will be extradited to a country where they will be prosecuted, it may
make the people who write these viruses think twice before they do.

But ultimately, international laws will only go so far. Be your own
best friend when it comes to computer security. Then, in the future,
love letters from secret admirers will only be welcome if they come
via regular mail.

Tom Regan is the associate editor of The Christian Science Monitor's
Web site.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".