By Richard Morochove
First published April 8, 1999
Melissa, Papa, Mad Cow and Syndicate. The names of these computer viruses reverberated throughout the computing world in the past couple of weeks. Although the worst of the disruptions caused by the viruses has passed, the fact remains that we are still vulnerable.
What lessons can we draw from this latest virus attack? How can we better protect ourselves in the future?
Viruses attack computer systems every day of the week. What made Melissa different and more newsworthy than most was the incredible speed at which it spread. Just three days after its release into the computing environment, Melissa was clogging e-mail boxes from Toronto to Tokyo. The virus overloaded e-mail systems at several computer-savvy businesses, including Microsoft and Canadian software developer Cognos.
Yugoslavian computer hackers lobbed a file-attachment virus toward NATO's web server. While this crippled NATO's web presence, it didn't affect the air bombardment.
Melissa spread quickly since it delivered its payload to the first fifty addresses in the recipient's MS Outlook address book. And those fifty delivered Melissa to others, and so and so on and so on.
Unlike many other viruses, Melissa isn't destructive of data. Therefore it poses relatively little threat to home PC users. It delivers its 50 message payload only once, so it won't overload your personal e-mail connection to the Internet.
However, the virus could compromise the security of confidential documents, spreading them far and wide over the Internet. Aside from overloaded e-mail systems, it's this aspect that worried businesses the most.
Melissa is written in Microsoft's Visual Basic for applications macro language. This language is used to control applications in Office 97 and the upcoming Office 2000, which will be available in stores on June 10.
Macros written in Visual Basic for applications can affect the operations of any application in the Office suite, not only Word. The Papa virus, a variant of Melissa, used Microsoft's Excel spreadsheet to do its dirty work. The Melissa problem could recur next week with another new fast-spreading virus.
While anti-virus specialists at Symantec and Network Associates quickly developed an anti-Melissa fix, the solution arrived too late for many. Any anti-virus solution will always be prepared after the virus hits.
What's a better solution? Microsoft needs to plug the holes in its macro software that permit these macro viruses to spread so easily.
Microsoft did add security settings in Office aimed at defeating these macro viruses. Then Microsoft allowed programmers to use Visual Basic for applications to disable those security settings. What were they thinking?
Microsoft CEO Bill Gates recently launched his latest book, "Business @ The Speed of Thought." I hope he can take time from his busy schedule to read one: "Computer Security for Dummies."
The widespread use of Microsoft products means they will remain a prime target of virus creators, since the programmers can be assured the virus will propagate far and wide. The alleged author of Melissa was arrested in New Jersey, presumably ending the threat from that source, but others will take his place.
Microsoft needs to be particularly mindful of the destructive capabilities of its software. Otherwise, this is one good reason for computer users to stray from the beaten path and adopt competing products from Lotus Development and Corel that aren't under the spotlight of the virus creators.
Until Microsoft gets that message, here are a couple of tips to protect yourself from an unwelcome virus.
Ensure your computer is equipped with anti-virus software that is regularly updated for new strains. Both Symantec and Network Associates produce good products.
Don't open attachments to e-mail messages you aren't expecting. Yes, I was e-mailed a message containing the Melissa virus in a Word document. I won't say who sent it, to protect the guilty. However, I delete all binary attachments to messages I receive, unless I'm expecting it. That way I have little risk of receiving a macro virus.
In most cases, e-mailing a word processing document is a lazy and inefficient way of transmitting the information. Usually you just need to communicate the text inside the document. To do that, just copy the text from the document and paste it into the e-mail message. You'll find your message is much smaller in size. It will be transmitted quicker and you don't risk ruining your reputation by sending someone a computer virus.
If you eliminate unnecessary binary attachments to e-mail messages, you eliminate a major conduit for virus transmission. And that's the real message from Melissa. CW
Richard Morochove, FCA, is a Toronto-based computer consultant.
Copyright ©1999 by Morochove & Associates Inc. All rights reserved. This work may not be copied or distributed by any means without our prior written permission.
Click here to visit a guide to hundreds of financial links!
Visit the
ComputerWatch Archive to see more columns
Post any questions or comments about this article to