Try our Search!

Simple Security Solutions
Jeff Pasternack

I am pleased to inform you that from June 4th, 1998 through March 22, 2001, my computer was virus free. The havoc that began sometime around 11:13 pm on March 22nd, however, left me far from pleased. But before I go into that, let me provide some background.

Every year since 1995 or so, I have purchased the latest version of Norton AntiVirus. I have dutifully downloaded the patches and installed them. I can recall at least a dozen times when Norton caught a virus prior to it entering my system, all of them on disks that I had used at some other computer. So far, so good, I thought.

Last year I read a story about how a maker of a very popular children's doll (the doll is a leggy blonde who pals around with a guy named Ken) had released a software package for kids. Unbeknownst to the purchasers of this software, the software would store the children's interactions with the software. Once connected to the Internet, the computer would send that information to the company for market analysis. The same day I read this article, I saw another piece detailing how an Internet Service Provider (ISP) in Singapore had installed a program into its subscribers' computers without them knowing it to determine if any of the subscribers had viruses in their computers. One subscriber was using a personal firewall to monitor her computer's activity and detected the outgoing signal. After some research, I downloaded the free version of a firewall called Zone Alarm. After the easy installation, I connected to the Internet to see what would happen. Boy, was I amazed.

At least five programs on my computer were sending signals out over the Internet and, more intriguing, the firewall was blocking many, many "touches" to my computer's ports. Ports are mechanisms by which computers communicate over the Internet and with printers, mice and keyboards. After going through the offending programs and disabling the broadcast feature, I thought I was in good shape. Current definitions for Norton AntiVirus, scheduled scanning every Friday night at 8pm and a good firewall should equal reasonable protection. Until March 22nd, that is.

I have a cable modem that requires me to dial into the service to activate it and I also maintain a separate dial-up account. I never remain connected to the Internet once I'm done. Imagine my surprise when I came downstairs the evening of March 22nd to find that my computer was online and that the means of connection was the rarely used dial-up line. My wife and I hadn't been on the computer for five hours and I was the last user. Even if I had neglected to log off, the firewall would have locked the system down after 15 minutes of inactivity. So how was it that the computer came to be online? After much thought, I had no idea.

The next day the computer crashed. This is not an unusual event and it happens about every three days or so. After rebooting, my reminder from Norton came up saying that it had been 28 days since I had updated my virus definitions. So, I connected to the 'Net, downloaded the patches and let them install. Then I got queasy: what if a new virus had slipped into my system and because I hadn't done that last update (it should update every 14 days), my computer had become infected?

I ran Norton and within a few minutes, it came back with a report: network.vbs had infected my system. The .vbs extension stands for Visual Basic Script and it is a popular scripting method for writing viruses, although it has many legitimate uses as well. I called a network security friend of mine for his thoughts and told him about my lapse in updating and, on a whim, I also mentioned that I'd found my computer online the night before. He had me look for a file called Netlog.txt and sure enough, there it was. And in that file was a line of code that caused the system to look for the dialup program and connect to the net. However, according to Symantec (the maker of Norton), this was an old virus and when I visited their site, there were clear, easy to follow instructions on how to remove it.

But how did it get past my firewall and Norton? Simple. When I first installed Norton many years ago, I was using an email program called Eudora Lite. More recently, I have been using Netscape Messenger and Microsoft Outlook. Yet I never changed Norton's settings so that it would scan incoming email. Additionally, because I had the free version of Zone Alarm, it too wasn't protecting my email, only my ports.

My new security setup cost $90 (after rebates) and adds a lot of extra protection. I purchased Zone Alarm Pro and set it up to check all incoming mail for a variety of extensions that my friends and family would never send, .vbs among them. I also set it up to block all ports connected to the Internet and to block all programs from communicating outside my computer without my explicit approval. I also bought Norton Systemworks 2001 and set it up to scan all incoming email for any viruses that may have slipped past the firewall.

So, is there a lesson here? Yes. Always make sure your antivirus program has the most recent updates and that you regularly run a virus scan. Symantec, McAfee and Trend Micro all make quality antivirus programs in the $40. If you don't use a firewall, you should. PC World magazine rates Zone Alarm Pro ($40) and BlackICE Defender 2.1 ($40) very highly. The $90 I spent may seem like a lot, but the hours spent on figuring out what went wrong and the amount of concern over what my computer was sending out behind my back cost me more than $90 ever could.

Jeff Pasternack is the president of Dynamic Consulting Group, a franchise partner of 1-800-GOT-JUNK? and author of the TechnoPeasant Review.
If you have questions or comments about this column, please write to him at