REGULARS

LEGAL TECH

One day this past summer, I noticed that my hard disk was churning for about two minutes although the normal boot process had finished. After this happened four days in a row, I decided to investigate.

Funny e-mail

I thought back to the preceding weekend. A client had sent an e-mail with the subject line “Very Funny.” A .vbs (Visual Basic Script) file was attached.

I knew that .vbs files could carry viruses. On the other hand, I knew that my client — who had a sense of humor — had good anti-virus protection. So I made my stupid mistake: I double-clicked on the “Very Funny” attachment.

A few seconds later, Windows brought up a dialog box to configure MS Outlook, which I do not use for e-mail. Not wanting the process to go any further, I closed the dialog and thought no more about it — until four days later.

Suspecting a virus attack, I fired up NAV for a complete system scan. The findings: I had roughly 300 files, mostly .jpg (JPEG) graphics, infected with the Love Bug virus! After every boot-up, the virus was busily looking for more files to infect.

Executable files

So why had NAV not intercepted the Love Bug in the first place? When I installed NAV eight years earlier, I had set the software to examine only executable files — .com, .exe and the like. In 1992 this made sense, because executable files were where viruses lurked.

Over time, NAV adapted to include, for example, Word documents and Excel spreadsheets as executables because they can carry macro-based viruses. Yet although I had been doing monthly anti-virus definition updates, it appears that NAV did not add .vbs files to the executables list.

NAV was not able to fix any of the infected files, including the virus, itself, so I deleted them. The scanning and deletion process took an hour.

Fortunately, I had backup tapes available to restore the graphics. After another hour, I was in good shape.

Finally, I deleted the association between .vbs files and the program that runs them, wscript.exe. That way, if I am ever again foolish enough to double-click on a .vbs file, Windows won’t know how to run it.

Limited consequences

As it turns out, my stupid mistake did not have terrible consequences. I lost a couple of hours, but I regained my data. Nevertheless, I offer the following recommendations so you will not have to deal with these sorts of problems.

First, make sure that your anti-virus software is examining all files, not just executables, and that you are updating virus definitions at least monthly.

Second, if you do not need to run Visual Basic Scripts, remove the .vbs association from Windows. (At the desktop, double-click on My Computer. On the View menu, select Folder Options and click on the File Types tab. Type “v”; scroll until you reach Visual Basic Script; then click Remove.)

Third, make regular backups and make sure that you are copying the files that you need to protect.

Finally, pay attention, and trust your instincts. If you see an unusual file attached to a message you were not expecting, do not open or run the file. If your computer starts behaving strangely, look into the situation right away.

We cannot avoid every mistake, but we can probably avoid making stupid ones.

Dana Shultz is vice president and legal counsel for an international financial services organization, where he specializes in technology licensing and related transactions. His e-mail address is dhshultz@ds-a.com.

REGULARS

LEGAL TECH

One day this past summer, I noticed that my hard disk was churning for about two minutes although the normal boot process had finished. After this happened four days in a row, I decided to investigate.

Funny e-mail

I thought back to the preceding weekend. A client had sent an e-mail with the subject line “Very Funny.” A .vbs (Visual Basic Script) file was attached.

I knew that .vbs files could carry viruses. On the other hand, I knew that my client — who had a sense of humor — had good anti-virus protection. So I made my stupid mistake: I double-clicked on the “Very Funny” attachment.

A few seconds later, Windows brought up a dialog box to configure MS Outlook, which I do not use for e-mail. Not wanting the process to go any further, I closed the dialog and thought no more about it — until four days later.

Suspecting a virus attack, I fired up NAV for a complete system scan. The findings: I had roughly 300 files, mostly .jpg (JPEG) graphics, infected with the Love Bug virus! After every boot-up, the virus was busily looking for more files to infect.

Executable files

So why had NAV not intercepted the Love Bug in the first place? When I installed NAV eight years earlier, I had set the software to examine only executable files — .com, .exe and the like. In 1992 this made sense, because executable files were where viruses lurked.

Over time, NAV adapted to include, for example, Word documents and Excel spreadsheets as executables because they can carry macro-based viruses. Yet although I had been doing monthly anti-virus definition updates, it appears that NAV did not add .vbs files to the executables list.

NAV was not able to fix any of the infected files, including the virus, itself, so I deleted them. The scanning and deletion process took an hour.

Fortunately, I had backup tapes available to restore the graphics. After another hour, I was in good shape.

Finally, I deleted the association between .vbs files and the program that runs them, wscript.exe. That way, if I am ever again foolish enough to double-click on a .vbs file, Windows won’t know how to run it.

Limited consequences

As it turns out, my stupid mistake did not have terrible consequences. I lost a couple of hours, but I regained my data. Nevertheless, I offer the following recommendations so you will not have to deal with these sorts of problems.

First, make sure that your anti-virus software is examining all files, not just executables, and that you are updating virus definitions at least monthly.

Second, if you do not need to run Visual Basic Scripts, remove the .vbs association from Windows. (At the desktop, double-click on My Computer. On the View menu, select Folder Options and click on the File Types tab. Type “v”; scroll until you reach Visual Basic Script; then click Remove.)

Third, make regular backups and make sure that you are copying the files that you need to protect.

Finally, pay attention, and trust your instincts. If you see an unusual file attached to a message you were not expecting, do not open or run the file. If your computer starts behaving strangely, look into the situation right away.

We cannot avoid every mistake, but we can probably avoid making stupid ones.

Dana Shultz is vice president and legal counsel for an international financial services organization, where he specializes in technology licensing and related transactions. His e-mail address is dhshultz@ds-a.com.