The best anti-virus defense: Knowledge

Learn how your computer works and you'll be much less susceptible to viruses like the Explore.zip worm.

Published June 16, 1999 4:00PM (EDT)

The latest virus to hit the headlines -- the dread Explore.zip worm -- is an especially noxious piece of programming: It infects mail servers using a Microsoft proprietary mail system known as MAPI and causes people to receive e-mail messages from trusted colleagues that deliver treacherous file attachments. If you click on the attachment, named "zipped_files.exe," the program will hunt and destroy files on your hard drive in a variety of popular formats (mostly Microsoft Word, Powerpoint and Excel) -- then mail itself out to all your friends and colleagues with your name on it.

Explore.zip is the closest thing yet to that legendary and still mythic beast -- the "e-mail virus." But in truth, the havoc it wreaks derives not from the e-mail message itself but from unsuspecting users double-clicking on that attachment, deceptively named "zipped_files.exe." A savvy user would know that real zipped (compressed) files end in ".zip," not ".exe" -- the file-name extension for executable programs. In other words, if your friend says he has sent you a zipped file but the file is actually an executable program, that file should go straight to the "delete" bin.

The lesson here remains the same as it's always been: Be extremely suspicious of e-mail attachments; when in doubt, delete; and by no means should you ever double-click on an e-mail attachment whose filename ends in ".exe" unless you are sure you know what you're doing.

The other lesson is one that the New York Times put on its front page earlier this week -- and that we highlighted in Salon two months ago, during the reign of the Melissa virus: Computer networks have their own ecology, and these systems become much more vulnerable when they are "monocultures," built around one species or technology standard. In other words, an office that uses all Microsoft products is far more vulnerable to the rampages of Explore.zip and its ilk than one that relies on a more varied set of software. Microsoft, of course, is determined to build software products that do more and more of their work behind the scenes, automatically. But the company has done a poor job of protecting these automated processes from pranksters and malicious virus coders -- for whom the jazzy features of products like Microsoft's Outlook e-mail program serve as a perfect petri dish.

Microsoft is building this kind of behind-the-scenes automation into more and more of its products, and integrating all of them more fully with the Net. That's just great -- until we have hundreds of descendants of Explore.zip bouncing around our office networks, turning all those nifty features against us. Then, the answer to "Where do you want to go today?" might quickly become, "As far away from Microsoft as possible."

In the end, the best protection remains what it's always been: Knowing what your computer is doing and how it does it -- including such small but vital details as the difference between ".zip" and ".exe."

[Postscript: Please read my "Mea culpa" followup for more on ".zip" and ".exe."]


By Scott Rosenberg

Salon co-founder Scott Rosenberg is director of MediaBugs.org. He is the author of "Say Everything" and Dreaming in Code and blogs at Wordyard.com.

MORE FROM Scott Rosenberg


Related Topics ------------------------------------------

Microsoft