Misused, anti-virus programs as bad as the sickness They're effective, but can wreak havoc if left active in the background

Your computer

January 18, 1998|By MICHAEL HIMOWITZ

ONE OF the nice things about the growth of the Internet is that it helps me keep in touch with readers.

Every week I get e-mail from users with problems or questions. While I can't always respond personally, I often use the issues they raise as subjects for my column. This week brought a note from a reader who's spending a lot of time browsing the Web. He's starting to worry about contracting viruses and wants to know which anti-virus program is the best.

The answer is good news and bad news. The good news is that the popular anti-virus programs -- Norton, McAfee and Dr. Solomon -- are all effective. They'll catch most destructive programs before they get a chance to ruin your day. The bad news is that anti-virus programs can wreak their own little brand of havoc on your computer if you don't use them carefully.

To understand why, consider the nature of the enemy. Viruses are malicious little programs that sneak into your computer and do things you don't want them to do. A benign virus may do nothing more than pop up an annoying message. The most destructive will wipe out your hard disk.

Viruses got their name because, unlike earlier generations of nasty digital pranks, viruses reproduce themselves, spreading from PC to PC through infected floppy disks, office networks and more recently, through the Internet.

Until a few years ago, the only way to contract a virus was to start your computer with an infected floppy disk in the drive or run an infected program. But over the last few years, vicious mutations have appeared in Microsoft Word or Excel documents, which have a built-in programming language that gives hackers a chance to get at your machine.

If you open an infected document, it infects your version of Word or Excel and every document you've ever created. If you send an infected letter or spreadsheet via e-mail, it infects your recipient's machine and all of his documents, too.

Today, security experts are starting to worry about nasty bugs transmitted directly over the Internet through Web browsers that execute programs stored on remote computers.

While the design of Web browsers and their programming languages is supposed to protect against these, it's rare that a week goes by without some hacker exposing a security flaw in the system.

Against these dangers, anti-virus programs offer several levels of protection. Most will scan your critical system files and memory when you start up, looking for programming code "signatures" of known viruses. At your command, they'll also scan all the files on your disk, looking for nasties.

These approaches are fairly benign -- at the worst they'll take up a few minutes of your time, and if an anti-virus program finds an infected file, it can usually repair the damage.

But trouble can occur when your anti-virus program sets up a third level of protection -- by remaining active in the background while you go about your work.

Memory-resident anti-virus software will monitor every program that's running on your computer, looking for suspicious behavior.

For example, well-behaved programs shouldn't write to your disk's critical boot sector, and they shouldn't try to modify their own code or the code of other programs. An anti-virus program can warn you when this happens, or just stop the behavior entirely.

In theory, this is wonderful protection. But it's often hard to determine malicious code from legitimate programming. As a result, an anti-virus program may stop honest software from doing what it's supposed to do. Suddenly, your computer stops working properly. Or you'll find that you can't install a new program that you've just taken out of the box.

In one company I know, users were left muttering all over the building after technicians installed anti-virus software on every computer. No one had bothered to test it for conflicts with the programs that many workers had on their hard drives.

After fighting too many of these battles, I've decided that the side effects are worse than the threat of the disease, and I've given up on anti-virus software that runs in the background. But that doesn't mean you should abandon the idea entirely.

Most anti-virus programs give you a choice of protection levels (this varies from publisher to publisher).

You should absolutely scan memory and critical system files on start-up, and it's a good idea to schedule a complete scan of your files once or twice a week.

Be particularly careful with Word and Excel documents that come to you on floppies, over the Internet, or through e-mail. Never open one of these directly from your e-mail program. Always save it to disk and check it with your anti-virus program first.

On Microsoft's Web site (www.microsoft.com) you can also find a Word template that will detect common Word viruses and disable them before they can cause damage.

Finally, remember that malicious hackers are always inventing new virus strains. So keep your anti-virus software up-to-date.

Most publishers post monthly updates on their Web sites, and you can download the latest versions. Some charge a yearly subscription fee for updates, while others provide them free of charge. Either way, it's a good investment of your time and money.

To contact Mike Himowitz, address e-mail to mike.himowitaltsun.com.

Pub Date: 1/18/98

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.