[Date Prev][Date Next][Subject Prev][Subject Next][
Date Index][
Subject Index]
Re: Proleptic virus warning
Eric Van Tassel wrote:
>As a general rule, I don't pass on virus warnings to whole lists that I
>belong to. Of the many virus warnings I get regularly via e-mail, a
>sizeable proportion are debunked by another of my correspondents a day or
>two later.
>
>But I do find this one credible: it comes from a friend who, in his turn,
>got it from the head of MIS in the company where he works. It claims that
>if Internet Explorer 5.0 (or Office 2000) is even so much as installed on
>your computer, you may be liable to serious virus trouble.
Many virus scares are false, but Eric's right about this one, and it's
a serious cause for concern.
He appends the following, which seems to be substantially accurate.
>>Dear all:
>>
>> Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT.
>>
>> Personal computers running Internet Explorer (IE) version 5.0 and/or
>Microsoft Office 2000 are vulnerable to virus attacks using most email
>systems, even if the email recipient opens no attachments. You don't even
>have to use IE; just have it installed with the default security settings.
>
>> If you have not closed the hole, you can receive viruses (and spread
>them) by viewing or previewing malicious email without opening any
>attachment, or by visiting a malicious web site. The problem is caused by a
>programming bug in an Internet Explorer ActiveX control called
>scriptlet.typelib.
>
>> This is by far the fastest growing virus distribution problem and ripe
>for a large destructive event - at least as large as the ILOVEYOU virus.
>Updating your Norton or Macaffee virus detection software, while important,
>is not an effective solution for this problem. You must also close the
>hole. Please take a precautionary step and run the correction script
>located at the following URL:
>http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
In fact, these defects in the structure of the software named have
been recognized for a few years, but it takes more programming sophis-
tication to take advantage of them than it takes to write the code for
the kinds of viruses we've seen recently.
>> Steps:
>>1. Double-click on the above URL.
>>2. Hit the "next" button on the right side of screen.
>>3. Hit "next" again.
>>4. When it asks if you want to run this program from it's current
>location, click "yes".
>>5. When it asks "do you want to install and run..." click "yes"
>>6. It will then ask one more time "Do you want to install this update?"
>Click yes.
>>7. Done!
>
>END
This is fine, but why patch up something you don't need in the first
place? The problem is with the so-called Windows Scripting Host, which
has to be active in order for the scripts that do the damage to run.
The WSH is useful for doing batch-file-like things in Windows, but only
if you know either the Java Script language or Visual Basic. If not, it
does nothing whatever for you, and you might just as well disable it.
It's a simple matter of going into the Control Panel > Add/Remove Pro-
grams > click on the Windows Setup tab > Accessories > Details, and then
scroll down the list to Windows Scripting Host and uncheck the box to
the left.
Deactivating the WSH won't protect you from every kind of virus, but the
ones that use it to run a destructive script on your system, such as
"Melissa" or "ILoveYou," will be stopped.
For more information, see the following web site:
www.nsclean.com/psc-vbs.html
and also follow the link to the Federal Trade Commission testimony given
by one of the company's officers.
In the event that your computer doesn't allow you to disable the WSH
by way of the Control Panel, as some apparently don't, the web site
provides instructions for removing it manually.
All best,
Richard Wexler +------+ 1-301-405-5538 (w); 1-301-779-6906 (h) +-------+
| Musicology Division | University of Maryland, College Park, MD 20742 |
| School of Music | E-mail: rw25@xxxxxxxx |
+---------------------+------------------------------------------------+