Think once, twice, three times ... before forwarding a virus warning

It's the silly season, or so it would seem. Rumours are rife and accusations fly. Because they go in circles, they keep coming back. No doubt most perpetrators are motivated by genuine concern. Unfortunately that doesn't reduce the damage they cause. In fact, I'm beginning to think that hoaxes, legends and the many miscellaneous myths, legends and lies end up being as destructive as actual computer viruses, security threats and dangerous information to be found on the information superhighway.

Even outrageous spoofs on classic viruses get taken seriously by enough people that sharing these humorous messages can be dangerous. Not to your computer, to your sanity. No matter how outrageous the claim, it will come back to you one day, when someone somewhere mistakes it for a serious threat, and with genuine concern starts it on another around the world trip, leaving a trail of neophytes in its path.

So in Good Times or bad, whether travelled alone, accepted an invitation to Join the Crew with Irinia or Deeyenda, or received the message from a Pen Pal of someone with an AOL4FREE account, don't spread virus hoaxes!

The bold entries above are the names of some of the all-time classic virus hoaxes. When these names appear in a subject line, prepare yourself for a hoax, and treat it accordingly.

What about authentic virus alerts?

It's sad but there are people who create and release viruses. What's more, the Internet is a very efficient distribution mechanism for these destructive creations.

How do you tell if a virus warning is authentic? Go to an authoritative source. Your greengrocer's daughter's best friend's brother may be a games wizard. Your office partner's wife's niece may be the next Bill-Gates-in-waiting. But don't take their word as gospel. About the only way they are going to have accurate, up-to-the minute information about what's going on in the virus scene, is if they're a part of it themselves.

Instead go to one of the recognised hoax debunking web sites, or the corporate web site of one of the prominent anti-virus software developers (the antivirus software you use would be a good first choice). You'll find that most authentic virus warnings, sent by established industry experts or companies, are digitally signed--often using Pretty Good Privacy (PGP). PGP is the world's most widely used encryption software. It provides a facility for digitally signing a document, which can be used to authenticate the identity of the sender. See "Anti-virus Web Resource" for sources of anti-virus information.

If we all act responsibly, we may escape from the never-ending cycle of hoax de-bunking. And maybe, some day, in a land far, far away, no one will ever again get a headache, after trying, without success, to explain to someone that a computer virus really can't let the air out of your car's tyres, or give you split ends!

Anti-virus and security resources on the Web

Australian Computer Emergency Response Team
http://www.auscert.org.au

Although it doesn't focus on viruses (hoaxes or real), AUSCERT's website provides "a single, trusted point of contact in Australia for the Internet community to deal with computer security incidents and their prevention". AUSCERT's aims are to reduce the probability of successful attack, to reduce the direct costs of security to organisations and lower the risk of consequential damage. AUSCERT is a member of the international Forum of Incident Response and Security Teams.

Forum of Incident Response and Security Teams (FIRST)
http://www.first.org/

A coalition of various computer security incident response teams from government, commercial, and academic organisations. FIRST aims to foster co-operation and co-ordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.

US Department of Energy's Computer Incident Advisory Capability (CIAC)
http://ciac.llnl.gov/ciac/

CIAC is an element of the Computer Security Technology Center (CSTC) and is located at the Lawrence Livermore National Laboratory (LLNL) and a founding member of FIRST. Although its focus is providing computer security services to employees and contractors of the Department of Energy, in areas such as incident handling, computer security information and computer security consulting, the CIAC web site is a good resource for background information on

Hoaxes http://ciac.llnl.gov/ciac/CIACHoaxes.html
Chain letters http://ciac.llnl.gov/ciac/CIACChainLetters.html
Security tools http://ciac.llnl.gov/ciac/SecurityTools.html (downloadable links for most tools listed).

C IAC signs its bulletins and notes with a PGP encryption key. You may use this key to validate CIAC publications received via e-mail.

Paranoid types should note the warning message you receive before being shown the first page of this site:

WARNING! Use of this system constitutes consent to security monitoring and testing. All activity is logged with your host name and email address.

Although it seems to be pretty standard as far as warnings on US government web sites go, the fact that the US government's nuclear and toxic waste research is done under the umbrella of the Department of Energy and the LLNL has been integral to this research makes me think they mean for visitors to watch their steps.

W.A.V.C. Homepage
http://www.club.innet.be/~ewillems/

Another good source of antivirus information is the "W.A.V.C. Homepage". The owner of this site, Eddy Willems is a founding member of EICAR (European Institute for Computer Anti-Virus Research). So his claim of offering "The Most Comprehensive and Up-to-date List of Anti-Virus Sites" (1048 different antivirus links as of August 1997) carries some weight.

National Computer Security Association
http://www.ncsa.com/

The (US) National Computer Security Association (NCSA) is an independent organisation that promotes continuous improvement of commercial digital security. It conducts a program to certify anti-virus software that successfully detects all viruses on the WildList.

The Antivirus Resources Page
http://www.hitchhikers.net/av.shtml

The Antivirus Resources Page has featured in PC Update. (The Antivirus Software Update Auto-Notification page PC Update, November 1996). This site has a good step-by-step how-to for dealing with a suspected virus infection, the first two steps of which are:

Do not panic. Virtually any virus can be removed without reformatting a hard drive or diskette
Obtain the latest version of at least two of the better anti-virus products which detect/remove viruses.

Stiller Research Antivirus Research
http://www.stiller.com/

This site is packed with information about viruses, including an excellent run down on virus myths that featured in these pages before (It must be a virus...but then again... PC Update, November 1996)

Antivirus Software Vendor's Websites

Antiviral Toolkit Pro (AVP) http://www.avp.ru
Cybec http://www.vet.com.au
Data Fellows F-Prot Pro http://www.datafellows.com/
Dr Solomon's http://www.drsolomon.com/
IBM http://www.av.ibm.com/current/FrontPage/
McAfee http://www.mcafee.com
Symantec http://www.symantec.com/avcenter/index.html
Vbuster http://www.geocities.com/SiliconValley/7492

Reprinted from the November 1997 issue of PC Update, the magazine of Melbourne PC User Group, Australia