i seriously do intend to write my epic words of so-called 'wisdom' down on a variety of subjects that i've learned about as a budding little adult. my views and rhetoric is totally skewed and may not be very easy to follow, but here's the deal: at the moment i'm dedicating a small amount of time responding to family fwded emails with potential viruses in them. i've done this before, to no avail, and then have become the guy who winds up fixing family computers because nobody listened.

all of that changed when i fixed my father in law's computer. we had antivirus on there and everything, but he still got bitten by a fwd he opened, so i dug in and wiped the machine, reimaged it with a fresh install of windows and made the token lame ass attempt at telling the in-laws why what happened happened and how to prevent it in the future. i'm so used to my parents and brothers not listening at all to this speech that i just stopped helping my father altogether with his problems and taught him the magic of google.. but this time something different happens, my father in law actually gives a shit. he actually took what i said to heart and gave a damn that i burned a whole afternoon fixing the computer. the whole event was a rather empowering and appreciable experience from my point of view, so i decided i'd just go an extra inch (not a mile) and tell relatives with reply alls that the file they just fwded might contain a virus. i know, the idea is flawed, because we've established that at least my nuclear family doesnt give a shit or listen... but i've been doing it in hopes of helping the poor victims my family is spamming who may not know better.


welp, one of the threads came around and some of the common "reasons its okay for me to open this file i have no idea about" questions started popping up, and i responded in kind, verbosely. i'm sharing the thread with you here so you can point to it if you want to, or use it as a crib sheet to copy paste from with your own kin. meanwhile, i'll have some link i can just send to people with the questions. eventually, someday, i'll write up a nicely formatted FAQ type deal, though I'm sure a million such FAQs already exist..


The premise is simple, an email came in from one family member fwded on to many others that had a .wmv attachment, that's the setup, here we go:

Jason Wrote:

wmv video files can contain viruses.

Aunt wrote:

Wouldn't any decent virus checker isolate a potential virus in an attachment? Or am I misinformed?

Anyway, this video was worth a virus, it was really funny

Jason Wrote:

The danger with depending on the virus checker is that your virus checker may not have the latest updates, and/or the virus checker company may not even have an update available yet that will attack the virus in the email.

Virus programmers know this and exploit it, commonly. The virus creators create spam such as this with a funny video or politically charged yatta yatta in a .DOC or .EXE or .PPT and send the spam to thousands, then those thousands in a matter of hours send to thousands or millions more... all the while the attachment has a new virus that virus checkers don't check for and will take a matter of days or weeks for the virus checkers to roll out a check for.

Just because the video plays, that doesnt mean there isnt a virus in it.

Uncle Wrote:

I was aware of the macro/VBA capability of carrying virus/worm payloads in MS Office files. Cliff's email had a .wmv attachment. Can a .wmv carry a threat also? I wasn't aware of one.

Jason Wrote:

Yes, like office files, windows media files van carry executable payloads that the media player will execute.

The idea behind the functionality is that someone could publish a video with cool built in features to keep it from being copied or open a website for you, but it's rarely used for anything BUT virus payloads as far as I know.

As always, if microsft invented it, be wary...

Like I told my father in law (who listens, btw): if it's a funny video, get your friend or family to find the exact same video on YouTube and email it to you, you won't get a virus from visiting a YouTube link.

Uncle Wrote:

I did look in You-Tube for this - after Jason warned us but didn't find.

Jason Wrote:

If it were me, I'd say if its popular enough, it'll show up on youtube, otherwise I'd be warry and just drop the spam, perhaps informing the original spam fwder (and cced people) why you're not opening the file... rather than take my chances AND propogate that risky chance to friends and family.

Father Wrote:

Another question..these come to my work email. Isn't there promise that they are safe, since they came through numerous work computers, which at Lockheed are filtered many ways ?

What about the fact that nobody experienced a problem?

Is there any way to see that a virus is aboard ? Or suspect it?

Jason Wrote:

Again, if the virus software in the loop doesnt have a new virus check for the virus on board the file, no that stuff won't help you. Several of the largest viruses in the past decade happened exactly this way, spread via spam very quickly before antivirus vendors had a chance to discover, research, figure out how to fix/prevent, and send out patches to machines.

"nobody experienced a problem" is not a good answer anymore, SMART viruses are undetectable to the user: they dont lock the computer up or make it crash or use so much of its resources that the user perceives a slow down, instead the just sit very silently logging your usage and passwords and occasionally send that stuff home. the old fashion viruses that would kill the computer altogether still exist and still comeout, but we're not talking about kids trying to sabotage for fun here, we're talking about eastern european (and elsewhere) mafia backed hackers with one goal in mind: identity theft & credit card theft... money.

There is a way to suspect a virus is aboard: if it ends in anything other than like ".txt" or ".jpg" or ".gif" or ".tif" or ".bmp", suspect it. ESPECIALLY suspect it if it ends in a microsoft office or exe or wmv format.

My father in law opened hundreds of spam fwds from friends and family, many of them wmv or joke PPT files.. completely safely, until he opened the one that wasn's safe and had a virus in it. He himself didnt even know he had a virus, but complained to his computer programmer son in law that the PC got really slow all the sudden.. lucky for him, computer programmer son in law knew what was likely going on and told father in law to get the computer off the internet immediately until we could wipe it, try to antivirus it, and/or reinstall windows.

Viruses are no longer about annoying you or corrupting your data, these days it is ALL about extortion. Instead of corrupting your precious picture memories, they zip them up in an encrypted password protected file and flash a thing on your screen that says "send $10,000 to this bank account number or you'll never get your memories back". Instead of making you reinstall windows, they silently wait for signals from back home that use your email accounts that are configured on the box to send spam world wide. Instead of making you reinstall windows, they silently log your keystrokes and have programs back home that are especially interested in keystrokes sent to applications called "firefox" right after the keystrokes "http://www.bankofamerica.com" are typed in.

Yes, we have software that tries to protect you from yourselves, but its very much like the CIA/terrorism business. It's really nice to paint terrorist as imbecils that our smart geniuses will ultimately be able to outsmart by taking freedoms from the common man and analyzing EVERYTHING, but the truth of the matter is, there are geniuses on both sides that can subvert any system as well as the guy who made the system himself. In virus land your CIA is symantec, trying to make a profit from protecting you. They are incentivized to make your dollars more than they are to hunt down every virus known to man "for the good of the world". In virus land your terrorists are, more than likely, terrorists, or closely aligned with the same terrorist groups you hear about on the news: al qaeda, mafia groups in countrys in eastern europe torn to shreds government wise, etc.

while we are on this subject, let me provide you with some real life examples, in the past year i have two of them.

I already mentioned the incident with my father in law's computer, he downloaded a spam attachment fwded to him by a family member, and ran it on his computer. He has up to date DAILY anti virus on that computer, and either the virus was brand new or just was not on anti virus radar yet, or something, and so anti virus let the file run and the damage was done. running anti virus AFTER that point was useless because the virus itself hid files and programs from the antivirus scan, so we had two options: wait for someone like symantec to post an .exe tool JUST FOR THAT VIRUS, that may or may not work completely, or wipe the disc clean and reinstall windows. we reinstalled windows.

The other incident was with myself. I read a lot of news, AND blogs, one of the blogs I frequent is mostly user submitted data (think like youtube), the blog is a collection of links to funny sites. I visited a site that had an virus-like exploit for my browser in it, and the virus got on my computer, all i had to do was open the site in my browser. The reason this exploit worked (it usually doesnt for me, because i use firefox), was because my firefox was out of date by a few weeks and I had neglected to let it install the autoupdate. Again, that incident ended in a total windows wipe, along with an integrity check of my backed up personal files from days before to make sure the virus had not screwed around with my personal stuff.

The lesson here is two fold: it takes time for companies to react to viruses, and its important to keep your software on your computer up to date, especially email programs, browsers, microsoft office, and microsoft windows. You have probably heard, but maybe not understood, that microsoft is NOTORIOUS for security flaws. Truth is, they are not NOTORIOUS for security flaws, its just that until recently, they didnt give a damn. For example an exploit for internet explorer would come out that could install a virus on your computer because IE had some page rendering bug hackers could take advantage of.. and microsoft WOULD patch it, but after about SIX MONTHS. Today that sounds ludicrous, because today we live in a world where there is browser competition such as firefox that has made microsoft look very bad because the firefox developers turn out security fixes the day of or a few days after a new security issue comes to light. Microsoft was REALLY sucking wind for a long while for the past 3 or 4 years when they were taking 3 or 6 months to fix an issue and make an update available and firefox would patch itself automatically the next day.

In the past, before networked home systems, the computer used to be hooked directly up to the web, so computers on the web could hit the computer via internet rather than your router. So, a person would reinstall windows from scratch, and then go to windows updates, BEFORE THE UPDATES WERE EVEN DOWNLOADED that computer would have viruses on it, because people have software out there that is just continually scanning and trying to take over machines over the internet using old, known, patches. This becomes especially troublesome if you are trying to update a machine on a network (behind the router) where other people on the network have viruses actively trying to seek out and take over machines. This very thing happened with jonny at his apartment, we reinstalled windows and could not download windows updates fast enough to it to prevent viruses from other kids machines at the apartment network from taking over. Ultimately we had to disable the network altogether on his laptop, download update exe files from microsoft directly with chris' laptop, and copy those update files over to jonnys computer before we could even turn the internet connection on.

Software security is a very hard issue, like everything else in america, manufacturers of software are incentivized to get stuff out the door that looks nice quicker and quicker, and they are not incentivized to make their products secure or even run correctly. It is very common even on CONSOLE games today that the game has a major bug right out of the box, but when you put it on the PS3, the PS3 starts downloading the update from the internet to make the game playable. This is just an all-american poor values prioritization issue that's rampant in our economic marketplace, if it sells, who cares? That's the M.O., and only when someone as giant as microsoft has competition for mac being more secure (by virtue of being a small target..) or has competition from firefox being more secure (by virtue of valuing security and being proactive and quickly reactive), only when that competition starts cutting into the bottom $$$ line, do companies start giving a shit about security in code and/or quality of product.

Most of you in this thread work for the DOD and are intimately aware with how damn convoluted the government contracts are for those programs. There's a reason for that rigor.. in the free market, you don't get it, and when uncaring monopolies rise in this interconnected world of ours, the consumer suffers. It's as simple as that.