LISTSERV 16.0 - PARKINSN Archives

Good Morning All,
Patrick Crispen's Tourbus explains "Nimda" perfectly...

Read on ...... murray

----------------------------------------------------------------------
   TOURBUS Volume 7, Number 18 -- 21 Sep 2001
----------------------------------------------------------------------
TODAY'S TOURBUS STOP(S):
 Nimda
TODAY'S TOURBUS ADDRESS(ES):
http://windowsupdate.microsoft.com/default.htm
  http://www.webwasher.com/en/products/wwash/download_license.htm

Howdy, y'all, and greetings once again from beautiful Tuscaloosa,
Alabama, a town that is still in tremendous mourning.

-----
Nimda
-----

As if the events of the past week haven't been enough to deal with,
there is a new virus/worm called Nimda.  Every computer running
Microsoft Windows 95, 98, 98SE, ME, NT, or 2000 is vulnerable.

Computers running non-Windows operating systems (like Macs
and Linux boxes) are *NOT* vulnerable, though.

How is Nimda different from the squillion other viruses out there?
Well, if you'll pardon my using an analogy, most viruses try to break
into your computer through your front door.  Close the front door and
the virus ceases to be a threat.  Nimda tries to break in through your
front door, your living room window, and your chimney.  Close the
front door and you're still vulnerable.

In other words, you're going to have to do a bit of work to protect
your computer from Nimda.

----------------------
Closing the Front Door
----------------------

Update your virus definitions.  This closes the front door.  How do
you update your virus definitions?  That depends on the antivirus
program you use.  Norton Antivirus has a "Live Update" button built
into the program; click on it, and Norton automatically downloads and
installs the latest virus definitions from Net.  McAfee VirusScan has a
similar update function (go to File --> Update VirusScan).

And, of course, *NEVER* double-click on any file, especially an email
attachment, regardless of who the file is from, until you first scan
that file with your antivirus program.

As long as you update your virus definitions weekly and never double-
click on attachments without first scanning those attachments, you're
pretty well protected from *most* computer viruses.

But not Nimda.

------------------------------
Closing the Living Room Window
------------------------------

Nimda also exploits a well-known hole in the PC version Internet
Explorer (other versions, including the Mac version of Internet
Explorer, are *NOT* affected by this hole).  According to Microsoft,
Internet Explorer does not handle MIME (Multipurpose Internet Mail
Extensions) headers in HTML e-mails correctly. If a malicious user
sends an affected HTML e-mail or hosts an affected e-mail on a Web
site, and a user opens the e-mail or visits the Web site, Internet
Explorer automatically runs the excecutable on the user's
computer. If this occurs, the executable can take any action on
the computer that the user can take, including adding, changing,
or deleting data, communicating with Web sites, or reformatting
the hard drive.

Fortunately, Microsoft patched this hole back in March.  And finding,
downloading, and installing this patch couldn't be simpler: just run
Windows Update and download *ALL* of the critical updates.

There are a couple ways to run Windows Update, but the easiest is to
launch Internet Explorer and then go to Tools --> Windows Update.  You
can also go to Start --> Settings --> Windows Update.  Either way will
automatically redirect you to Microsoft's Windows Update page at
http://windowsupdate.microsoft.com/default.htm

On the top left side of the Windows Update page, click on the "Product
Updates" link (it is the one with the hand and the red *).  A pop-up
window will appear, telling you to wait while your computer DOESN'T
send any information to Microsoft (well, that's what it says!)

Eventually, you'll see a page that says "Select Software."  When
Microsoft releases an essential update or patch to close a security hole
in Windows, they put it in this page's "Critical Updates" section.
Microsoft also puts a bunch of other, non-essential stuff on this page,
but you can ignore that.  You are here for the Critical Updates.

Select (or click on) EVERYTHING in the "Critical Updates" section -- you
need *ALL* of the critical updates -- and then click on the big, gray
"Download" arrow in the top right hand corner of the page.  Then, just
follow the on-screen prompts.

This closes the living room window.

By the way, if you run Windows Updates and don't see any Critical
Updates, don't panic.  This just means that your version of Internet
Explorer has already been patched (and your living room window is
already closed).  :)

-------------------
Closing the Chimney
-------------------

You're still not done.  According to our friends at CERT,

As part of the infection process, the Nimda worm modifies all web
content files it finds (including, but not limited to, files with
.htm, .html, and .asp extensions).  As a result, any user browsing
web content on the system, whether via the file system or via a
web server, may download a copy of the worm.  Some browsers may
automatically execute the downloaded copy, thereby infecting the
browsing system.
[from http://www.cert.org/advisories/CA-2001-26.html ]

You've already taken care of the automatic execution problem in the last
step (Microsoft's Critical Update patch closes that hole), but it is
still possible that an infected Web page could automatically download a
Nimda virus-infected file to your computer.  Your computer wouldn't be
infected, though.  Instead, the virus-infected file would be like a
letter bomb; it will just sit there, taking up space, waiting for you to
open it.

The folks at CERT recommend disabling JavaScript to avoid this
problem, but I have a much more beautiful solution: download and
install a "pop-up killer" like WebWasher.  Nimda tries to "come down the
chimney" through JavaScript pop-up window.  Pop-up killers like
WebWasher keep this from happening.

In other words, WebWasher closes the chimney.

Originally developed by German electronics giant Siemens,
WebWasher is a filter program for PCs, Macs, and Linux boxes
running either Netscape Navigator or Microsoft Internet Explorer.
Once you install WebWasher on your computer, the program
automatically blocks unwanted Web content
like banner ads and pop-up windows.  Instead of the ads, all you
see is white space -- the ads aren't even downloaded!  :)

What is most amazing is that WebWasher is free for home and
education use.  You heard right, folks: IT'S FREE!  To download
WebWasher, point your Web browser to
http://www.webwasher.com/en/products/wwash/download_license.htm

and click on the "I agree" button.  The download process is self-
explanatory.

Once you download WebWasher to your hard drive (the file less
than 1 Mb in size, so it should download pretty quickly). double-click
on the installation file to install the program, and then follow the on-
screen instructions to configure both WebWasher and your browser.
This sounds complicated, but it is actually rather easy.

That's it!  You are now free to surf the Web relatively ad-free.  And
unlike a lot of other ad filtering programs, WebWasher doesn't change
the appearance of most popular Web sites.  In fact, some sites -- like
Intellicast -- look significantly better without the ads!

As I said earlier, most viruses try to break into your computer
through your front door.  Close the front door and the virus ceases to
be a threat.  Nimda tries to break in through your front door, your
living room window, and your chimney.

BUT, if you update your virus definitions, never double-click on
attachments, download and install the Critical Update patches from
Microsoft, and use a pop-up killer like WebWasher, the Nimda virus
will become just like Yoko Ono: an annoying thing about which you need
not worry.  :P

---------------
And Finally ...
---------------

After last week's attack, I decided to check my homeowners insurance
to see what is and is not covered.  Here is what I found.  The last
sentence gave me a much-needed chuckle.

      Section 1 - Losses Not Insured
      1. e.  War, including undeclared war, or any warlike act,
      including destruction or seizure or use for a military purpose, or
      any consequence of these.  Discharge of a nuclear weapon is deemed
      a warlike act even if accidental.

Well, DUH! :P

That's it for this week.  Have a safe and happy weekend and we'll talk
again soon.

TODAY'S TOURBUS STOP(S):
    Nimda
TODAY'S TOURBUS ADDRESS(ES):
    http://windowsupdate.microsoft.com/default.htm

http://www.webwasher.com/en/products/wwash/download_license.htm

=====================[ Tourbus Rider Information
]===================
    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
      Copyright 1995-2001, Crispen & Rankin - All rights reserved

  Help the hungry, poor and sick - for free!  http://FreeDonation.com

       Subscribe, Signoff, Archives, Free Stuff and More at the
               Tourbus Website - http://www.TOURBUS.com
=======================================================


            .~~~.  ))
  (\__/)  .'     )  ))       Patrick Douglas Crispen
  /o o  \/     .~
{o_,    \    {              [log in to unmask]
   / ,  , )    \           http://www.netsquirrel.com/
   `~  '-' \    } ))    AOL Instant Messenger: Squirrel2K
  _(    (   )_.'
'---..{____}                  Warning: squirrels.

* * *
[log in to unmask]

----------------------------------------------------------------------
To sign-off Parkinsn send a message to: mailto:[log in to unmask]
In the body of the message put: signoff parkinsn