E-Mail Security

Background
First Line of Defense - User Action
Second Line of Defense - Program Settings
Third Line of Defense - Anti-virus Programs
Additional Information

Background

Viruses have been a fact of life since early in the life of the Internet. Some are destructive and some a merely annoying. For the purposes of this tutorial, we are using the term viruses to include viruses, Trojan horses, worms, and other unintentional results from received e-mail. This tutorial is not intended to be a compete tutorial on viruses and virus protection but to provide sufficient background so that specific setup instructions can be better understood. This tutorial is limited to protection from risks from receiving e-mail.

A more general discussion of viruses, worms and trojans can be found on the Computer Virus/alt FAQ page.

Basically, a computer virus is a software program designed to repeatedly copy itself (replicate) and attach to other programs on your computer or on a floppy disk. The aim of any virus is first to spread, and then to either simply annoy you or to wreak havoc on your computer. Viruses of danger to e-mail users require the use of files that can be executed, that is files that perform actions on your computer. For windows operating system, there are only a few types of these files:

Program files (exe or com extension)
Most of the programs you use on your computer (e.g., the e-mail program, word processor program) are of this type.
Dynamic link library (dll extension)
Contains portions of programs not included in program files. These cannot run on their own.
Scripting (vbs extensions)
These files contain instructions that are interpreted by another program on your computer, for example, Windows Scripting Host interprets the instructions in a vbs type file. The ILoveYou virus was the vbs type. Scripts can also be embedded in HTML format e-mail messages.
Document files (doc extension)
These files may contain viruses included in macros included with the document. These macros may run as soon as the document is opened in your word processor.

This list is not complete but for the purposes of this tutorial, we do not need to concern ourselves with the details of these file types. We only need to recognize the broad categories.

First, it should be made clear that viruses cannot infect your computer from reading text or image type files. Opening these types of e-mail messages either in a preview window or separate window will not cause a virus to be installed.

Now, we have said that viruses require the use of files (programs) that will perform some action on your computer. How do these files get to your computer and how do they get started? And more to the point, how do we prevent them from infecting our computer via e-mail and doing damage?

Virus files are received as attachments to e-mail. These attachments can be any of the types noted above. Merely receiving the file on your computer will not cause the computer to become infected. The file (program) must be run (executed). Most of the time, this is done by YOU when you open an attachment that is infected. If you simply delete the attachment without ever opening it, you need not be concerned with the virus it contains.

Note that the above information is independent of the e-mail program you are using.

There is an exception to this rule. There have been reports that instructions can be imbedded in an HTML format message that will automatically start the execution of a program when the message is opened requiring no further action by you. This action requires the use of the one of the scripting type of files noted above and an e-mail program that will display HTML format messages and execute the code imbedded in them.

Given this information, how do we best protect our computers from virus attacks? There are three facets to this protection:

User actions
Program settings
Anti-virus programs

The recommendations provided have been designed so that you can benefit from most of the convenience features built into e-mail programs but yet be reasonably secure from virus. Since new viruses are found almost daily, no reasonable system will be foolproof. Experience has shown, however, that by following the guidelines presented here and checking the additional links we have included below, the risk from infection is very low.

First Line of Defense - User Action

Since all viruses are transmitted by files attached to messages, the first line of defense is to not open attachments from unknown or unexpected sources. Note that attachments must be one of the types noted in the Background above. A text file opened with Notepad or Wordpad cannot transmit a virus. A document file opened in Notepad or Wordpad also presents no danger since any imbedded macro cannot run in those programs. (Document files are only a danger when opened with a program that can run macros, such as Microsoft Word). An image file (e.g., jpg, bmp, tif, etc.) presents no danger when opened in a graphics display program.

The best practice is to tell your correspondents that you expect them to notify you in advance if they are sending an attachment of the type that can cause a problem. If you receive a message with an unsolicited attachment, you can send a message to the original sender (assuming they are someone known to you) to confirm that it is a secure document. If you really want to open the file, use of an anti-virus program to scan the file before it is opened can decrease the danger. The use of anti-virus programs and their limitations are discussed below.

Care in handling attachments will go a long way in keeping your computer safe from e-mail viruses.

Second Line of Defense - Program Settings

If you are running Windows95/98, you won't see what type of file it is unless you change your Folder Options settings. Changing that default setting is one of the first things that you should do. Select Settings from your Start menu and then select Folder Options. Click the View tab, and make sure that Hide file extensions for known file types is unchecked.

Your e-mail programs must also be kept up-to-date. Suppliers are adding features and safe-guards continually to help manage the virus problem. You should frequently check with the supplier of your e-mail program to ensure that you have the latest updates. Generally, upgrading your e-mail program to a newer version will not enhance security. Newer versions sometimes include added features that may increase their vulnerability to viruses.

Some e-mail programs include provisions for increasing the security of your computer. Many of these provisions are not enabled by default when you install the program. We have recommendations that will work for Outlook 2000 and Outlook Express 5. These instructions will also work with Outlook Express 6, but it has additional virus protection abilities as outlined in the article below:

Microsoft Knowledge Base Article 291387: Using Virus Protection Features in Outlook Express 6

We'll have recommendations for additional e-mail programs soon. In the interim, we suggest that you check the Web site for your e-mail program for any suggestions and security updates.

Third Line of Defense - Anti-virus Programs

There are several good anti-virus programs available today. The major ones include those from Norton (Symantec) or McAfee. These programs will catch many of the viruses before they have a chance to cause any damage if they are kept up-to-date.

You can use an anti-virus program in two ways. One way is to have all incoming messages and files scanned for viruses as they are received.

Many newer E-mail anti-virus programs can work by intercepting your mail as it is downloaded and scanning for viruses. A warning is provided if it finds something suspicious. The anti-virus programs are only effective if your e-mail program is setup to use them and if you keep the virus definitions up-to-date. Most of the anti-virus programs have provision to get updated definitions from the supplier. Note that an anti-virus program may make your e-mail program operate somewhat slower since scanning is done as you download messages.

The second way is to receive the files, save them to your hard drive and then use the anti-virus program to scan them before they are opened. You must take care that the file is not inadvertently opened when you are trying to save it.

Anti-virus programs have limitations, however. New viruses may be loose in the environment before the definitions can be updated. This was the case with the I loveYou bug. It was several days before the signature for this virus was included in virus definitions. Thus, if you were unfortunate enough to be one of the first to receive an infected message, an anti-virus program would not have provided any protection.

This is not to say that anti-virus programs are not effective. They are effective if used properly and kept up-to-date.

The use of anti-virus programs to scan messages during downloading does require changes in the setup of the e-mail program. This is generally done during installation of the anti-virus program but the settings can sometimes get changed or corrupted later. We have instructions for configuring the following for e-mail scanning. Check the help file of your anti-virus program if it isn't included below. See E-Mail Clients for AT&T Worldnet Service settings for your e-mail program.

Norton AntiVirus

Additional Information

You'll find a wealth of information on this subject at the locations below.

Need Additional Help?

If you can't find the answers you need, please try:

The help file for the application you are using.
Our FAQs.
The AT&T Worldnet Help Newsgroups.

Note: AT&T DSL Service support is available at http://dslhelp.att.net

Did you find this Web page useful?
					Please tell us why...

Note: We are unable to answer questions submitted through this form. All submissions are automatically tabulated and comments are sent to the Web design team, not to support personnel. Please try AT&T Worldnet Help if you need further help.