Minutes of the Meeting held 31 July 2001


The following items were on the white board:

1. Disconnection problems - Lynn
Lynn writes:
Oh, dear!  John Saxon has called and let's say the "worst" problem
regarding my disconnections was (wait for it) I had ticked "hang up
after send and receive" (sigh!) So it was "user's fault" and I may
just go and change my Touchfone as well.  He kindly rectified and
tidied up some other details which weren't helping either.  Thanks JS.

2. TV out - Emil

I asked whether members use the TV Out functionality built into some
video cards. None did. Some mentioned the perception is that the image
on the screen of the TV set is not good enough.

3. Changing ISPs - Graham Mc
4. SirC virus
    CnC mailing List
    Video Sagas
                             -JohnS

Re SirC virus, Algis writes:

----
Win32.SirCam.137216 worm is a PITA.  Fortunately, I did NOT open the
attachment with it.  However, once one is on the SirCam mailing list
(somehow placed there), there is no end of the email sent by some poor
souls, who don't know how to get rid of it.   Symantec has some good
technical information about this worm.  One article about it is
attached.

Where I work,  every single computer on campus has Norton Antivirus
loaded and running at startup.  And yet, somehow, at least six people
that I know of managed to contract the W32.Sircam.worm virus. 

How could that be?  Will it happen to you, too? 

There were two general problems that contributed to this disaster (and

it's spreading far and wide my friends!) 

The first, which is somewhat understandable, is that these people's 
virus definitions were not up to date.  Some people think that once 
you have installed antivirus software, that's all you need to do.  Get

over it... 

To work, antivirus software needs up to date antivirus definitions. 

Since hundreds if not thousands of new viruses are produced EVERY DAY,
the virus definitions need to be constantly updated.  I used to tell
people that updating once a month was adequate.  That's not good 
enough anymore. 

The W32 was discovered on July 17th.  The virus definition wasn't 
released until July 22nd.  We began contracting the virus on July 
23rd.  Updating at least weekly would have been necessary. 

But there's a much bigger problem, and one that's easier to solve, 
than outdated virus definitions.  It's YOU! 

Let's back up a moment. 

A virus is a program.  It's just like Works, Quicken, AOL, Netscape,
you name it.  You double click the icon and it runs.  The good 
programs do things we like.  The viruses do things we don't like. 

But a virus is, if you will, still born unless it is run.  The virus
writer has to trick you into running the program. 

Nowadays, lots of viruses are being delivered by email.  They're very 
smart.  In general, here's what happens: 

The hacker sends the virus via email to any number of people.  One or 
more of those people RUN the program that is the virus.  Among other 
bad things it does, the virus looks in the email address book of the 
person who ran it, creates any number of email messages and attaches 
itself to each message.  It then sends itself to all your (one time) 
friends.  Your friends, happy to receive an email from you and, 
because they know your name and trust you, double click on the 
attachment that "YOU" sent them and, voila, the process starts over. 

The only way to break the cycle is to NOT run the program in the first

place. 

But these hackers are savvy.  They know you're smart enough not to run
a program that you don't know about, right ; 

so they have to trick you. 

The W32.Sircam.Worm has a message that says the sender is sending you
the attached file for your review.  That sounds reasonable.  Another
virus sent people what it said was a picture of some famous tennis
star.  Hey, who wouldn't want to see a famous tennis star on your very
own PC.  And on it goes. 

It used to be that if a) the email came from someone you didn't know 
and b) it had an attachment you weren't expecting it was C) a great 
idea to just delete the darn thing and be done with it.  But now, 
because the viruses send themselves to you from your friends and 
relatives, condition "a" is no longer a good guide. 

But there is a safety valve.  Yes, you should have antivirus software 
and you should keep it's definitions updated.  But even better, you 
should understand how a program can run. 

If you double click on a txt file, it will probably open in Notepad,
but it won't run.  If you click on a gif file, it'll probably open in 
some image viewing/editing program, but it won't run. 

So how do the little devils trick you into running their program? 

Well, there are only a very few file types that are considered
programs by Windows.  They must have the extension .bat, .com, .exe, 
.pif, .vbs.  You can also "catch" a virus that comes in with a Word or

Excel document that has macros in it. 

So, you MUST NEVER CLICK OR DOUBLE CLICK on a file that has one of
those extensions unless you know where the file came from and what it
is supposed to do. 

But the hackers know you know that. (Right!) 

So they get even trickier. 

The file they send you has a very strange name.  The way the name 
looks, it's likely that you won't notice whether it is an executable 
file. 

The virus that came with the picture of the tennis star was a good 
example.  It looked something like famous tennis star.jpg.exe 


Now, you probably only read the beginning of this file name as you do 
for most files, right.  And even if you went a little further (and 
understood what you were reading!), you would have seen the jpg 
extension and thought it was a picture.  But it's that sneaky .exe at 
the end that will kill you! 

Sometimes, because of the way you have your monitor set up or your 
email program, you might only see famous tennis star.jpg. the rest is
hidden. 

ALWAYS, ALWAYS, should I say it again, ALWAYS, click once, BUT JUST
ONCE, on the attachment so that you can see its whole name.  If that
doesn't work, RIGHT click once and then select Properties from the
context menu. 

In every case, it's better to save the attachment and then scan it
with an antivirus program THAT HAS UP TO DATE VIRUS DEFINITIONS.  But
above all, do not go around double clicking on files no matter how you
got them, via email, from a floppy, from a friend or your mother. 

It's gotten that bad folks.  In all the years I have been computing,
15+, I have only had 1 virus and that came from my wife's floppy disk.


But I am now so paranoid about the stealth and danger of these things,

that we've gone out and finally bought antivirus software. 

YOU are the first and last line of protection.  Antivirus software is
good, but you are the only one who can wreak havoc on your own system.


DON'T DOUBLE CLICK without knowing exactly what you are doing. 
---- 
5. TRANSACT hands on experience - MikeD
6. Printer Problem 
    CD Player 
                             -Kevin
7. Visual Basic course - Rick
8. Canberra Times [answer to computer] freezes
    TRANSACT
                             -Jeff
9. Bigfoot e-mail - TedT
Ted T reported that when he sent a web page to his bigfoot.com email
address, he received an error message when he opened his email but
nevertheless the web page that he had sent was displayed immediately
under the error message.  His concern was that his bigfoot email
account may have become defunct.

Ted has now advised that subsequent attempts to send web pages to his
bigfoot address have all been without problem so it must have been a
one-off hiccup. (He hopes!)


******************************************************
Coffee & Chat Page, inluding archives of past meetings
http://www.pcug.org.au/pcug/candc/
******************************************************

Return to the Index or the Coffee and Chat Page