University of Botswana History Department
Computer services pages

Viruses, etc.

History Home Page  |  Site Index  |  Computer services index
Contents

NB: several of the computer services pages include illustrations showing what will appear on your screen as you follow step-by-step instructions. Although we hope these will be useful, the text is intended to contain all the necessary information, so if you find downloading the pictures too slow, then don't bother - they are not essential.


About attachments

The most common way for a virus to arrive (for us at UB) is as an attachment to an email message. Although the email message itself cannot, normally, carry a virus, an attachment can be any sort of file, including a virus.

Computers deal with information, which they store in electronic form in little lumps called files. They do things, such as processing inforamtion, according to sequences of instructions called programs. But - and this is important - a program is itself stored as a file, just like any other file. If a file is to be used as a set of instructions, it is executable code. If not, it is just data.

If the attachment we receive is just a data file, then it should be safe. A good example of a data file is a JPEG image file. Simply viewing an image file cannot in itself pass a virus. BUT - the people who write viruses are clever. They will try to make you think that a file is a harmless data file, while in fact it is executable code.

How can you tell if an attachment is a virus? Extensions

In Windows, file names have two parts - a name and an "extension". The extension is the part that comes after the dot. For example, in
    novel.doc
the part "doc" is the extension. Extensions indicate what sort of file the file is - is it a word-processing document, or an image, or a program, etc.?

When you double-click an icon to "open" it, it is the extension that determines what actually happens next. If the extension is "doc", then the file is a Microsoft Word document, so the MS Word program is started and used to read the document. If the extension is "jpg", then it is a JPEG image file, a picture, and it will be displayed by a graphics program (perhaps Internet Explorer).

The extensions to watch out for are those which are (or can be) for executable code. Unfortunately there are rather a lot of these, so it is safer not to open an attachment unless you can positively identify the extension as something safe such as .jpg. In particular, though, watch out for:

.exe
This is the usual extension for program files. If you open a file with this extension it will be loaded and run as a program. It does not take much skill to write programs that do very nasty things, like erase the hard drive.
.com
This is essentially equivalent to .exe. One recent virus has a filename like www.something.com to make you think it is a web-site link.
.vbs
Visual Basic Script. Again, may be nasty.
.doc
This is for Microsoft Word documents. Microsoft, in a moment of brilliance, decided to allow executable code to be embedded in Word documents as "macros". This is now one of the main ways in which viruses spread. When you open a Word document, Word may load and run the executable code. It is, luckily, possible to set your copy of Word not to run macros. See our page on How to switch off bad features of MS Word. It is also possible to use a different program such as Abiword to open the document, as the virus relies on MS Word to load it.

Make Word display extensions

In its effort to make things "user-friendly", Windows wants to hide the messy extensions from you, and just display the name part, e.g. showing "novel" instead of "novel.doc". Unfortunately, this is also virus-friendly, as it hides the crucial information that a file is not what it pretends to be. To make Windows show you the extensions:

  1. Start the Windows Explorer (on Start Menu, Programs)
  2. Tools menu - select Folder Options
  3. Select "View" tab
  4. Make sure that "Hide file extensions for known file types" is unchecked
  5. Click OK
Double or phoney extensions

Sometimes a virus file will be given a name like
picture.jpg.exe
so that the .jpg will make you think, if you aren't looking carefully, that it is a .jpg file. It isn't! Only the very last part, the .exe, is the extension.

Suspicious messages

A lot of viruses make use of the Outlook program to spread themselves, e.g. by sending themselves to every address in the address book. The program will write some plausible-sounding message in the email, like "Hi! Have a look at this file I just downloaded." - and perhaps it will add the user's standard signature or something to make it look more convincing. All this is designed to make the recipient think it is a genuine message and click the attachment. Sometimes the virus will use the reply function, so that you get what looks like a reply to a message you sent, with a brief message like "I will reply to your message shortly - in the meantime you may find the attached document relevant."

SO - any email message with an attachment is suspect. If it has a very general message like the above examples, then it is very suspicious!

Don't send unnecessary attachments

Attachments should not be used unless really necessary. See our page on how to avoid email attachments, and educate your colleagues about this.


Back to top

Copyright © University of Botswana History Department
Last updated 14 February 2001