Living with computer viruses
The MailScanner and your own anti-virus software will recognise and protect your from the vast majority of viruses. There is always the chance that the occasional new variant will get through these defences, so you should be alert. Unfortunately there is no single tell-tale sign for you to look out for.
- Most viruses are spread by emails
- The "sender" of the email may be a stranger or may appear to be someone known to you .
- The "subject" of the email may sound very plausible.
- The message will usually have an attachment, but it may not.
- The body of the message may ask you to do something that seems quite reasonable.
- Be suspicious of any unsolicited messages from strangers.
- Look critically at messages from your friends and colleagues: if there is anything uncharacteristic about the message, treat it with suspicion, particularly if it has an attachment.
- In Eudora, turn OFF the options to Download HTML graphics and to use Microsoft's Viewer (choose "Options" from Eudora's Tools menu; these settings are in "Display" and "Viewing mail").
- Many viruses depend on vulnerabilities in the Windows operating system, so make sure you apply all the "Windows security patches". See the notes on the Microsoft critical updates.
- Many spam messages refer you to a web page, and ask you to click on a hyperlink in the message. Don't do this. The hyperlink might take you to a web page which will activate a virus on your computer, or which will extract information from your computer. See below for more information on hoaxes.
Although LIS will occasionally issue warnings about known viruses, you must not rely on receiving an explicit warning about every virus that turns up. You must be carefull at all times.
Hoaxes and false alarms
In addition to actual viruses, we have to live with the mess that viruses (and spam) leave behind.
Spurious error messages
When a machine is infected with a virus, it will usually send out infected messages (without the user of the machine being aware of it). These messages are usually sent either to addresses from the infected machine's addressbook or to randomly generated addresses. The a forged "From" line is inserted in the message, again either using an address from the machine's addressbook, or some random address.
If a message is sent to an invalid address, this will generate an error message. If it so happens that your address has been used in the "From" line of the message, the error message will come to you. Therefore you will sometimes get a message reporting that a message apparently sent from you has been undeliverable. Don't be alarmed by this. It doesn't mean that your PC is infected. The messages concerned may be offensive in nature, but you will not be held responsible for sending them. It is a well-known fact that the contents of the From line are not a reliable indication of who sent the message.
Although you should simply delete and forget these spurious error messages, if you have any doubt about them or any suspicion that there might be something genuinely wrong, contact the IT Service Desk.
Deliberate virus hoaxes
Because viruses are now so common, the practice of sending hoax warnings has become less prevalent. However they turn up every so often, particularly ones advising you to delete a file from your Windows folder because it is infected with a virus that no anti-virus software can detect. Treat any such advice with suspicion.
One sure sign of a hoax is that it will include a suggestion that you should pass the warning on to all your friends. No genuine IT support person would ever make such a suggestion.
Another thing which no genuine IT support person would do is send an attachment by email and tell you to open it or run it. Some hoaxes that seem to come from "Microsoft Support" do this.
If you suspect that a warning of this sort might possibly be genuine, contact the IT Service Desk before taking any action.
Other hoaxes
There are all sorts of other hoaxes which arrive by email, and which have nothing to do with viruses. You should exercise the same caution with these as you would with ordinary paper letters. The commonest hoaxes at the moment are those that appear to come from banks and which tell you to send them your personal bank account details.
There have been hoaxes that seem to come from "admin@st-andrews.ac.uk" saying your account is due to be closed down, and telling you to go to a web page and enter your password. Beware of any such instruction. Since the University may send you instructions which sound somewhat similar to these hoaxes, you need to be careful to distinguish the genuine from the false.
Here are some hints which will enable you to distinguish genuine messages from hoaxes:
- Messages relating to the computer services in the University will contain the name of a member of staff within Library & Information Services or IT Services, and an internal telephone number, usually the IT Service Desk number.
- If a message asks you to carry out any procedure on your computer or to submit information via a web page, there will be a clear reference to a web page within the University, with an address beginning www.st-andrews.ac.uk .
- It is safer to type the address into your browser yourself, rather than just click on the hyperlink in the mail message, since a hoaxer can disguise an external address behind what looks like a genuine local address.
If in any doubt, contact the IT Service Desk.
The IT Service Desk will publish details from time to time about these hoaxes, but you must not rely on this. We can't be quick enough to give early warning of every hoax.
