Alarming Times

We live in alarming times. Turn on the television and there's the U.S. attorney general warning us of an unspecific terrorist attack that might or might not occur.

The same holds for computer viruses and hacker attacks, though I must point out there is a big difference between destroying people's hard drives or invading their privacy and taking human lives.

The latest alarm came on Thursday, June 13, when McAfee Security, a leading anti-virus company, said it had discovered a virus, dubbed "Perrun," that could infect files of digital photos, claiming that it was the first example of a virus that travels via a data file, rather than a program. These files are transmitted and opened as a "jpeg" and generally have the extension .JPG.

Before you delete all your digital photographs, take note that this type of virus has not infected anyone's computer. The person who created the virus sent it to McAfee. This is one of many examples of viruses that are, so far, confined to a lab -- it is not "in the wild" and it does not represent any immediate threat. Still, it does prove that it is possible to create such a virus. McAfee's Vincent Gullotto told the Associated Press, "Our concern is more for what might be coming. Potentially no file type could be safe."

Duh. We've known for a long time that it is theoretically possible to hide a virus in virtually any file type, which is why I always warn people to be careful about downloading any type of file. JPEG files don't generally pose a risk because, so far, they haven't been able to contain any type of code to trigger a program to do something dangerous, but, in theory, one could add code into a JPEG file that would exploit a vulnerability in a photo editing program such as Adobe PhotoShop.

Simon Perry, vice president of Security Solutions for Computer Associates, a McAfee competitor, said that McAfee was focusing on the wrong part of the story. "It sounds like they're drumming up business. This is a scare tactic." Perry said that it has long been known that it is theoretically possible to implant viruses in JPEG files, but there is a big gap between doing it in a laboratory and having it infect actual computers.

There are, however, other examples of data files that contain viruses that have done damage. Microsoft Word and Excel files have long been identified as risky because they can contain "macros," which are like internal programs that can be executed once you open the file.

McAfee got plenty of attention as a result of its latest warning, which, of course, is likely to result in increased sales for anti-virus products. As one of the largest anti-virus companies it will get a big share of those sales. Waging a campaign like this is a little like a burglar alarm company putting out a press release about a rash of burglaries in your neighborhood. It hopes that the response is for everyone to go out and buy its product.

While I'm not thrilled with the idea of potentially raising hysteria about viruses, I do agree that it makes sense for people to use an anti-virus program or service. McAfee.com, which offers constantly updated anti-virus protection via the Internet, is certainly a viable option. Another excellent choice is Norton Anti-Virus from Symantec. Norton Anti-Virus is installed on your PC (you don't run it via the Internet) but it does have a "live update" feature that automatically updates the software so it has information about the latest virus threats. Other programs, such as Trend Micro's PC-cillion 2002, are also kept up to date via the Internet.

In addition to the press releases from anti-virus companies, we also have to concern ourselves with virus hoaxes. Just about once a week someone forwards me an e-mail about a terrible virus that is posing an imminent threat. Often, these messages will contain a notice that Microsoft or IBM has issued a warning (Microsoft never issues virus warnings) and they will usually sound pretty convincing. In some cases, the hoaxes have you do something -- like delete a file -- that actually can harm your computer. One recent hoax warned people that their computer might be infected by a file called SULFNBK.EXE, and gave them detailed instructions on how to remove that file.

Trouble is, SULFNBK.EXE is a legitimate file that actually belongs in your Windows system directory. Fortunately, it isn't a critical file, so removing it wouldn't disable your computer, but this technique could just as easily have been used to get people to delete essential system files.

My advice is to never act on an e-mail warning unless you're absolutely certain that it comes from a legitimate source such as the anti-virus company whose products you use. Even then, check on its Web site to see if there's a notice (don't click on a link in the e-mail; go to the Web site manually). Also, both Symantec and McAfee have Web pages with hoax information. Symantec's can be found at http://www.sarc.com/avcenter/hoax.html/ and McAree's is at http://vil.mcafee.com/hoax.asp?. F-Secure operates a hoax page at http://www.datafellows.fi/news/hoax/.

In the meantime, practice safe computing. Use an anti-virus program, don't open attached files that you're not expecting and try not to panic every time you hear about a virus or a hacker. Computing -- like all of life -- is full of risks, but it's also full of joy.

A syndicated technology columnist for nearly two decades, Larry Magid serves as on air Technology Analyst for CBS Radio News. His technology reports can be heard several times a week on the CBS Radio Network. Magid is the author of several books including "The Little PC Book."

Got a PC question? Visit www.PCAnswer.com.

By Larry Magid
Distributed by The Los Angeles Times Syndicate