Beware the Sasser Virus

The Sasser Virus Invades the Internet! We've all read the headlines about this new virus. Why is everyone making such a big deal out of this one? Because it's very different in how it gets into your computer. There's things that can be done to prevent this kind of virus getting into your system.

Viruses come in three basic flavours. Plain old viruses, worms, and trojans.

Plain old viruses work by attaching themselves to software in your system and to your floppy disks. If you try to run the program, the virus starts up and tries to infect more programs. If it's on a floppy, it will try to jump to a person's hard drive and infect programs on there.

Worms account for 99% of all active viruses at the moment. They generally come attached to an email that you open and then it works its way into your computer and starts to email everyone in your address book and in your old emails.

Trojans are programs that you think are going to do something (like show you a nice screen saver) and then do something else (like open up your computer to be a place to relay spam through or to turn your computer into a machine that attacks other machines)

The Sasser virus is a little like them all. It doesn't come though email, though. It comes through a security hole in Windows itself. When your computer is connected to the internet, you are assigned a number. This number uniquely identifies you to the internet. Someone else who has this virus starts sequentially trying all these numbers to see if it can find a computer with this weakness. If it finds that computer, it will push itself into their system and then your computer starts to do the same thing.

Sasser attacks all computers but only those running XP, 2000, and NT are affected. If you have one of those versions, you may have the virus if you don't have some kind of protection against it. Unfortunately anti-virus programs are not enough to combat against this kind of attack. Anti-virus software authors do their best to get out an update that will attempt to detect the new virus but that will normally take 3 days. In that 3 days the virus will run around the world 3 times. You need something that will cut off the viruses path to your computer in the first place.

For that you need a kind of firewall of some sort. All users running Windows should be running this anyway but some of you may not have anything protecting you. If you're on a dialup connection, you're restricted to using a software firewall. That means getting a program like ZoneAlarm or SyGate to protect you. If you're on a highspeed connection, then you should be using a hardware firewall like a router. If you have one of these in place, you won't be getting this virus.

The other half of this protection is getting your WindowsUpdates. Microsoft gets to know about these security holes and created patches to fix the holes. They release these patches on the WindowsUpdate website regularly. If you're not visiting WindowsUpdate once a month, you're not protected against this kind of threat. You'll find the WindowsUpdate website here: http://windowsupdate.microsoft.com.

If your computer is acting strangely slow or seems to be communicating with the internet when you're not doing anything, you probably have this virus. support.com can clean this up for you.