|
Thanks David. Dare ----- Original Message ----- From: "David Shea" <dshea@arctools.com> To: <BPCS-L@midrange.com> Sent: Monday, May 08, 2000 11:26 AM Subject: IMPORTANT Update regarding Love Bug and Related Viruses > I know this is way off topic, but it's obviously very important. The Love > Bug and it's variants (including _future_ variations) can be beaten by > disabling the Windows Scripting Host, a very non-essential option in IE5. > Please read the message below for more details. I apologize if anyone gets > annoyed about my sending this to this list, but I have YET to see any of > these so-called 'experts' from McAfee, Symantec, etc that have been all over > the Today show, etc discuss how easy it is to stop this thing dead in it's > tracks. In my opinion, this disaster is largely Micro$oft's fault for > leaving the 'loaded gun' on the table. Perhaps you'll agree with me after > reading the info below. MS's official position is 'not our fault - people > shouldn't open attachments like that'. Duh. > > > > I want to summarize the current status of the 'love bug' and its related > > variants. Please read this entire message. It includes instructions for > > protecting your home computers. Please print this message and take it > home > > with you. > > > > This 'love bug' virus was obviously very effective and destructive. There > > are at least 8 known variants on this bug that are traveling around the > > internet. Some of them are far more destructive than the original. There > > are two ways to protect yourself from this virus: > > > > 1. constantly upgrade our virus protection software to prevent the > > message from getting in. > > 2. disable the Windows feature that allows this virus to spread. > > > > With each of these variants, an update to our virus protection software is > > required in order to stop the incoming message at the Exchange server. > This > > is obviously inefficient, since this virus is easily modified and > > re-distributed. It also takes time for the software company to create the > > 'innoculation', and the download and installation process is manual. So, > > there's a window of opportunity for each new variant to do its thing. > Since > > Thursday, I have downloaded several updates already. The actual source > code > > for the virus is contained in each copy of the virus, so it's fairly easy > > for hackers to 'enhance' this virus and repeat the process. > > > > My preferred approach to stopping this virus is to disable the windows > > feature that allowed this disaster to occur in the first place. A feature > > called the Windows Scripting Host is what makes this virus possible (and > SO > > powerful). This feature is like a Macro language for Windows. It allows > > you to automate things across applications. So, where Melissa used the > Word > > Macro feature to distribute itself, this thing uses the Windows Scripting > > Host. Word and Excel have warnings that come up when you open a document > or > > spreadsheet containing a macro. So, even if you had no virus protection > and > > a Melissa infected document came to you, you would see a warning along the > > lines of: > > > > "This document contains macros. Macros can contain viruses. > > Do you want to disable the macros before opening this file..." > > > > So, at least you get one last warning before disaster strikes. > > > > The Windows Scripting Host (WSH) has no such warning feature. It just > GOES. > > Since this is a feature of Internet Explorer 5, WSH is automatically > > included with Win 98 and Windows 2000. To make things worse, WSH is > turned > > on by default. So... any machine running Win98 or Win2000, or any machine > > with Internet Explorer 5 installed has perhaps a 99% chance of be set up > to > > propogate this virus AUTOMATICALLY. This particular virus does also > > requires Outlook to be installed. > > > > The fact that Microsoft decided to turn this feature on by default is, in > my > > opinion, a HUGE mistake by Microsoft. This feature is powerful, very > > dangerous, and VERY RARELY NEEDED. I would be surprised if one in a > hundred > > people actually need this feature. It should either include warning > > features like Word and Excel, or should require the user to conciously > turn > > the feature on. Had this feature not been the default setting, this > > multi-billion dollar global DISASTER would have been just another largely > > unnoticed annoyance. > > > > So - here's how to disable this feature on your PC. If you ever find that > > you need this feature at some point in the future, it is an option setting > > in Windows 98 and above, and if you're running Win95 you can simply > > re-install Internet Explorer 5. Be aware that if you ever install a new > > version of Internet Explorer, you should do the steps below again to shut > > off this feature. This procedure will disable the WSH, so even if you > were > > to click on the attachment, the virus program would not run. > > > > If you are running Windows 95: > > > > 1. click on Start > > 2. click on programs > > 3. click on MS-DOS Prompt > > 4. at the C: prompt, type REN C:\WINDOWS\WSCRIPT.EXE WSCRIPT.XXX > > 5. if you get a 'file not found' error, then you are safe - you don't > > have the feature installed > > 6. type EXIT > > > > If you are running Windows 98 (and maybe Win2000): > > > > 1. Close all applications on your machine. > > 2. Click on Start > > 3. Click on Settings > > 4. Click on Control Panel > > 5. Click on Add/Remove Progams. > > 6. Click on the Windows Setup tab. > > 7. Double click on Accessories. > > 8. Scroll down to the bottom of the list. > > 9. UNCHECK Windows Scripting Host. If you don't see an item for > > Windows Scripting Host, try the Win95 procedure (above) just to be safe. > > 10. Click on OK. > > 11. Click on OK again. > > 12. Shut down and reboot your machine. > > > > If you are running Windows NT4: > > > > 1. Log on to your machine as a user with Administrator rights > > 2. click on Start > > 3. click on programs > > 4. click on MS-DOS Prompt > > 5. at the C: prompt, type REN C:\WINNT\SYSTEM32\WSCRIPT.EXE > > WSCRIPT.XXX > > 6. if you get a 'file not found' error, then you don't have the feature > > installed and you should be safe. > > 7. type EXIT > > > > If you don't have virus protection on your home PC, or if you don't update > > it regularly (at least monthly), you're playing Russian Roulette. > > +--- > | This is the BPCS Users Mailing List! > | To submit a new message, send your mail to BPCS-L@midrange.com. > | To subscribe to this list send email to BPCS-L-SUB@midrange.com. > | To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com. > | Questions should be directed to the list owner: dasmussen@aol.com > +--- +--- | This is the BPCS Users Mailing List! | To submit a new message, send your mail to BPCS-L@midrange.com. | To subscribe to this list send email to BPCS-L-SUB@midrange.com. | To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com. | Questions should be directed to the list owner: dasmussen@aol.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
