What is a virus?
Computer viruses attack the software of a computer, not the hardware. The basic definition of a virus is a program that copies itself. Most common viruses are small programs that need to use a legitimate program or file in order to run. Most viruses today are written with malicious intent; as a result, they can cause damage to programs or data. Because the virus code must be run to have any effect, the files that the computer treats as pure data, such as .txt files, are safe. For example, reading a plain-text e-mail message won’t infect your computer with a virus.
In order to run, the virus code has to be written in an executable form, such as an .exe program file. HTML-format and RTF-format e-mail messages or Web pages that contain Microsoft ActiveX® controls or scripts, such as Microsoft Visual Basic® Scripting Edition (VBScript), Microsoft JScript®, or other types of embedded program code, can harbor virus programs that run when you open a message or view a Web page. Opening e-mail attachments can also infect your computer with viruses. Some malicious files can be constructed to take advantage of known vulnerabilities in the software in order to run destructive code. Microsoft recommends that you protect your computer by applying all updates and patches for the software on your computer.
A macro is a series of commands and instructions that are grouped together as a single command to accomplish a task automatically. If you perform a task repeatedly in an application, you can automate the task by using a macro. You can store macros in documents, worksheets, or templates, which makes them available whenever a new file based on that template is created. For example, Microsoft Word stores user-recorded macros in the Normal template (Normal.dot) by default, so that they are available for use with every Word document. When you open the Word document, the macro runs. A macro virus is a virus program written in Microsoft Visual Basic® for Applications, the same macro language used in legitimate macros. A macro virus can also run automatically when you open a document unless there are safeguards in place. Most Microsoft Office programs display a confirmation dialog box when you choose to open a document that contains macros.
How do viruses spread?
The Melissa virus in March 1999 spread in the form of an e-mail message with an attached Word document that contained a macro virus. Anyone who opened the attachment triggered the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person’s address book. The e-mail message contained a friendly note that included the person’s name, so the recipient would open the document, thinking it was harmless. The virus would then create 50 new messages from the recipient’s address book. As a result, the Melissa virus was the fastest-spreading virus ever seen and forced a number of large companies to shut down their e-mail systems.
The important thing to remember is that just because an e-mail message appears to come from someone you trust, this does not mean the file is safe or that the sender had anything to do with it. Also, keep in mind that when you share files with another user, the attached macro or script is included with the file. Therefore, be careful when you share files, and scan the files with an antivirus program before you open them. You can choose from many antivirus application vendors.
Important Before you scan Outlook e-mail messages, check with the antivirus program vendor to make sure it is compatible with Outlook. Some antivirus programs can cause problems with Outlook.
Outlook security features
Outlook is designed to help protect your computer from viruses and junk e-mail messages. The following information focuses on the virus protection features in Outlook.
Outlook itself cannot detect whether a virus is present. Macro viruses are spread through attachments, not the e-mail message itself. Microsoft Office achieves macro virus protection by using the High macro security setting as the default. With the High setting, you can run only digitally signed macros from trusted sources or macros that you created yourself, as long as the installed add-ins and templates are trusted. Unsigned macros are automatically disabled.
Note Signing a macro is similar to getting a legal document notarized by a legal authority or getting your passport stamped by a government official. Electronic certificates are used to sign the macro code. Certificates are issued by a certificate authority, such as a bank, government, or software company, which should be trusted sources. For example, all macros that are pre-installed with Office are signed by the developers who created them using certificates issued by Microsoft that vouch for their authenticity.
If you change the macro security level to the less secure Medium setting, you automatically receive a warning each time you open a document that contains a macro. You can select an option in the Security Warning dialog box about whether to run the macro. Disable Macros is the default button.
Note If the security setting is set to Low, Outlook will not warn you before running a macro. Therefore, all macros are run automatically without your intervention. Because of the potential security risk, Microsoft does not recommend that you use the Low setting.
Address Book security
The Outlook Address Book is guarded programmatically. This helps to prevent another program from automatically accessing your Address Book or Contacts list or from sending messages on your behalf without your permission. It is very useful to allow some programs (like Microsoft ActiveSync® or Palm Desktop) to access your contact information so that you can synchronize your personal digital assistant (PDA). However, a virus or other malicious program file can use the same functionality to propagate itself. If a program attempts to access your Address Book, a warning appears on screen.
This message appears if a program tries to access your Address Book. In general, you cannot prevent this caution from appearing. However, check with your synchronization software vendor to see if recent updates to the vendor’s software include interacting with Outlook in a trusted manner. This message is not displayed when Outlook interacts with trusted synchronization software.
- Unless you clicked a command or started a program that is expected to interact with Outlook Address Book information or if you are just not sure, click No.
- If you clicked a command or started a program that is expected to interact with Outlook Address Book information, select the Allow access for check box, and then specify the amount of time you grant access for.
To prevent the spread of viruses from program files (considered a Level 1 threat), Outlook automatically blocks attachments that contain file types that can run programs. These blocked file types include .exe, .bat, .com, .vbs, and .js. Your Inbox displays the paperclip icon in the Attachment column to let you know that the message has an attachment. A list of the blocked attachment files appears in the InfoBar at the top of the message.
If you try to send an attachment that has a file type extension that is on the Level 1 restricted list, you receive a message that other Outlook users may not be able to access this type of attachment.
Only an e-mail server administrator can change this default setting and unblock certain file types. This setting is often used on an organization’s intranet, not on the Internet.
Data files, such as .doc, .xls, .ppt, and .txt files, are not blocked. However, you receive an Opening Mail Attachment message when you try to open an attachment.
This message gives you the opportunity to consider the safety of the file you are opening and a chance to save the file and scan it for viruses before opening it.
To be able to send any file type by using e-mail, you can use a third-party program, such as WinZip, to package files before you attach them to your e-mail message. WinZip can create a new Outlook message and attach the .zip package for you.
In your message, you can include instructions explaining how to extract the files from the package to make it easy for recipients to access the files.
HTML and RTF message security
To help protect you from viruses that might be contained in HTML-format and RTF-format messages, both scripts and ActiveX controls contained in these kinds of messages are deactivated automatically, regardless of the security zone setting. This is because Outlook places all incoming messages in the Restricted Sites security zone by default. The default setting for the Restricted Sites zone is High. This disables automatic scripting and prevents ActiveX controls from opening without permission.
Changing the zone setting to something other than the default is not recommended.
If you need to run the script on an individual message when the security zone is set to Restricted Sites, you can work around the default protection by following these steps:
- Open the message.
- On the View menu, click View in Internet Zone.
- Click Yes when you are prompted about running the script.
You can now run the script.
Outlook has several key virus-protection features in place, with the safest levels used as the default. These features help protect against macro viruses in attachments, unauthorized access to your Address Book by a hacker’s program, and potential viruses in scripts embedded within HTML-format and RTF-format messages. These safeguards, including the ones recommended as every day best practices, will greatly help to make sure that you have a virus-free day.
Source : Microsoft
Filed under: Software |