COMMENTARY-- The threat of terrorism in the U.S. is now very real. If you doubt that, just take a look at tapes of the September 11th horror and you will instantly change your mind. President Bush (news - web sites), Attorney General Ashcroft, Governor Ridge, Postmaster General Potter and every government federal, state, and local official, are warning us to do everything with a "heightened sense of awareness" of the potential for danger. And we should because the danger is real in everything from the mail you receive at your house to the mail you receive on your computer.
The current breed of terrorists is sophisticated enough to do damage to our social and economic environment. And they most certainly know that if they could wipe out corporate networks, desktop computers or even the Internet itself, they would do serious damage to the U.S. economy. Thankfully, many computer security professionals and IT managers are working feverishly to secure their networks.
We have all seen how much damage can be done to networks at the hands of teenage hackers breaking into government and corporate computer systems. It seems as if every time a security loophole in a network or computer operating system is plugged another is opened up by the endless imagination of computer hackers. Most of the hackers we have so far experienced have been bored students or others with lots of time on their hands and bent minds--but minds that have programming skills beyond those of most professionals. But those hackers could just as easily be terrorists of any domestic or international stripe, and that is a major concern for all of us.
Perhaps a bigger point of concern is the e-mail or instant messaging client that sits before you on your computer screen. Why? Because e-mail and messaging services are the easiest and cheapest ways for anyone to spread a devastating computer virus, worm, or some other sort of computer program that can do serious damage, to desktop computers or networks. Such programs can make a mess of an individual computer, a group of computers, or an entire network, and they can spread the wrath of their perpetrators beyond the network they are running on.
You've all seen it before, or do I need to mention Anna Kournikova (news - web sites), I Love You, Nimda, and so on? These and many like them all carried in e-mail messages, either as attachments or macros executable by Word in either attachment or text form. Yes, there are programs that can help to prevent the invasion of such programs, products that work at the mail server end of things, programs that work on your desktop, and they do a fine job as long as they know about the virus or worm they are trying to prevent. But every time there is a new vicious product on the airwaves, the virus community goes into a scramble to update their products and try to prevent its spread. The process makes it inevitable that they are almost always to late to prevent some damage, and sometimes have been to late to stop major damage. So what can you do?
Be careful! It should probably go without saying, but I'll say it anyway because I've seen too many people burned by opening executable attachments sent to them by people they did not know. Do NOT open attachments that can run a program, or any attachment for that matter, unless you know (a) exactly what it is, unless you know (b) who sent it to you, and unless (c) you were expecting it to be sent to you. All three conditions are important because it's entirely too easy for someone to create an alias that looks like someone you know, and send you a software bomb via an innocent-looking e-mail or instant message.
What types of files should you not open? Again, don't open any from people you don't know, but certainly don't open anything with a ".exe" extension or a Microsoft Word or Microsoft Excel document, do not open a file with a ".vbs" or ".dll" extension, and for that matter, don't open any file with an extension you don't recognize. And, lest we forget, Web pages that are sent to you, even if just the URL is sent to you, can execute programs, and they could be devastating programs.
If you use Microsoft Outlook you should also consider changing the e-mail client to only communicate in plain text, avoiding the possibility of a Microsoft Word macro taking off on you before you have a chance to decide what to do with the file. If you are an instant messenger user, block communications from anyone you don't know, and follow the same precautions when deciding whether or not to accept an attachment from someone you are chatting with. And of course if you do use an anti-virus program, you should keep it updated. If you don't, get one from Norton or McAfee, and keep it updated!
What should you do with a message that comes to you with an attachment you are uncomfortable about? One thing to do would be to ask an IT or security professional if they recognize the file. You may be helping them to chase down a virus or worm. But if nothing else is available to you, delete the message that has the attachment, AND delete that message from your "Deleted" folder. Don't try to save it under any circumstances. Make damned sure it's gone.
Social and business interactions of our American culture have been based on a level of trust that goes beyond most anything in the history of human events. September 11th changed that for us, and we must now reduce our level of trust, or even eliminate trust altogether, for things we have always taken for granted. That includes e-mail and instant messaging. It's a sorry state of affairs for us--but now it's just the way things are.
John Dickinson has worked in the computer industry for more than 30 years in positions ranging from systems analyst and software engineer to editor, writer, critic and industry analyst. His most recent engagement was at eMachines, where he managed the company's Internet and software business units.