|
For those who have Microsoft Windows and have Word, Excel,
PowerPoint, Access, or Project on their computers, may find the following
helpful.
The basic operating system still remains MS-DOS, in spite of
the recent Windows versions. Every file under MS-DOS has an 8 character file
name and a 3 character extension separated by a period. The fact that longer
file names appear and can be used is a trick involving bytes associated
with directory space. The MS-DOS directory still uses the 12 bytes, with the
system inventing appropriate file names. The (~1) characters is an example. Note
that the long name may include periods and words to indicate that it is not a
virus.
The last 3 characters tell the system how to react to
"opening" the file. If the last 3 characters are "doc", Microsoft Word starts
and the file is handled under Word. If it is XLS, EXCEL appears, if ppt,
PowerPoint appears, etc.
If the last 3 letters are "EXE" or "exe"", the system
interprets the file as a machine instruction file (program) and immediately
passes control to the first instruction. Most of the virus that have appeared
are files whose last 3 letters were "exe", inspite of masking characters in the
long file name. NEVER double click on an E-mail message that has a file
attachment ending in "exe", unless you are sure it does not contain a
virus.
If you are uncertain about what the file contains, go to
MS-DOS, call up the old EDIT and open the file in EDIT. EDIT will strictly look
at the file in terms of ASCII characters for each byte. Viruses will not start
if you open the file under EDIT. If you get stuff that is not text, even it has
an extension of txt, then find out more from the sender before you do anything
with it. Any file is safe to open under the old MS-DOS EDIT, providing you don't
do a SAVE after opening. Just EXIT.
Microsoft Windows, Outlook and the "Office" suite have a
background compiler called "Visual Basic for Applications". This is the tool
that allows macros, subroutines and functions to be written for your
applications. These macros, subroutine or functions may be included with the
file containing the text, workbook, slides, tables,
etc. or may be in a separate file. Consequently all these programs will
recognize the linking within the program to a separate file, and transfer
control to the separate file (This is how macro's work).
The recent I LOVE YOU virus file has "vbs" as the
extension. With this extension, the "Outlook" program recognized the file as a
macro under the "Visual Basic for Applications" (VBA) portion of Outlook. If
double clicked, VBA would process the file, and generate machine instructions as
if it were an "EXE" file. There are other Visual Basic files with vb-
extensions.
The problem here was that the virus detectors do not look at
"vb-" files for viruses. I don't think they search "dll" files either. My
current McAfee anti-virus program does not search all files.
Be aware that any software or software upgrade may contain
a program command structure or subroutine that is interpreted or compiled
(without you being aware of it) by VBA, generating a destructive virus. (The
software does not have a virus, it just generates the virus as part of the
complied program.) The attachment may be an EXCEL file with a macro that does
the destruction when you are in EXCEL and open the file. (The
event starting the macro is file open). Microsoft does bring up a
warning message box when the file to be opened has a macro. However I don't know
it is detects all non-Microsoft included VBA subroutines and functions. If the
file has developer added macros, this flag would be turned off. This would be
the case for all those Statistical Software Programs that use EXCEL for data
input and overall data management.
This is a problem that affects Microsoft Windows and Office
products. There are no easy fixes. Microsoft opened up the suite and
standardized on Visual Basic as one of the "engines" to allow all kinds of
outside developers to develop commercial software programs based on Windows.
This decision has been a significant contribution to the current economic growth
of new software programs and startup companies.
There are (26 * 26 * 26) possible file extension names.
Although many file extensions are standardized, developers invent their own file
extension names, and therefore in many cases, you have no idea what a file with
a strange extension is supposed to do.
Compressed files are another problem. With the zip extension,
the a possible virus and the true extension becomes only known after the file
has been de-compressed or expanded. A virus may lurk in a zip file and be
undetected by anti-virus programs. If in doubt, do an anti-virus check on all
files after un-zipping.
DA Heiser
|
