Doug wrote:

But I am being hit with 2 virus attachments in email, per day. I won't open email from people I don't know esp if they have attachments.

Back when I ran legacy Microsoft OSes, I found a 100% effective way to nullify the virus problem: Never run code you don't have reason to want to trust well enough to run. This, of course, implied ensuring that I knew about all occasions when I (or my machine on my behalf) ran code, and that it never happened without my approval.

Relevant to that, your quotation (above) indicates clearly where part of your problem lies: You talk about "opening" e-mail attachments. In Microsoft-speak, the verb to "open" sometimes mean to execute, and sometimes means to view -- with the implication that the user has no idea which of the two he's doing. The implied mindset is part of what leads Microsoft's captive userbase to put up with misdesigned applications like MS-Outlook and MS-Outlook Express, whose three-pane view (at least in some versions) auto-executes code arriving as attachments without the user even selecting the attachment at all, let alone giving permission to run it.

The first steps to asserting control (aside from probably rebuilding your system from trusted media) is to remove all executables that you don't regard as trustworthy. I.e., if you suspect that MS-Outlook Express runs executables without checking with you first, get rid of it. And does your MS-Word, MS-Excel, MS-Access, or WordPro run AutoOpen or AutoClose macros automatically without checking with you? (Are you sure? Did you create test documents with those macros and see if they ran without checking with you? If not, why not?)

From that point forward, never just "click on" or "open" files without knowing of a certainty whether that's going to run as code or not. And don't just install software without meaningfully checking its identity. (You downloaded it? OK, but are you sure the site you got it from was the real site? Are you trusting some dubious party's DNS?)

Unfortunately, keeping a legacy Microsoft OS non-compromised is always a bit stressful, because you know that a user-level error of judgement can compromise the whole system's security, and not just his own security. (This is largely true even on NT, which at least in theory supports multiple user contexts, although it's not genuinely multiuser.) You have much more of a safety cushion, in that respect, on Unix.

If you use Linux, you get your pick of [link|http://linuxmafia.com/~rick/linux-info/muas|105 e-mail clients], none of which has a "virus attachment" problem. No offence intended, but it's a bit pitiful to have to ignore e-mail from strangers: No competently designed system can be threatened by a mere e-mail.

Rick Moen
rick@linuxmafia.com