Methods of protection against troyans...
Unfortunately, computer viruses like ILove You spreading
via World Wide Web are currently getting more and more
expanded. By the way of penetration into the system,
mostly these viruses are troyans (troy programs), as
it is the user who should initiate the initial code
of such virus to activate it. ILove You has become a
classic example for such virus. The text of a message
containing the virus prompts the user to launch the
attached file (which is the virus, in fact). Unfortunately,
the preventive interlocutions with users are rarely
effective. Warnings of the administrators just get forgotten
or are treated carelessly. All the more, sometimes it
is a problem for a user to differ potentially dangerous
DOC-file from harmless RTF-document.
The proposed method of protection against such viruses
has rather psychological effect. Its goal is to warn
the user of potential danger existing in income message,
and to help him to avoid collision with virus.
The mechanism is pretty easy by itself. It is supposed
that there is a number of types of documents which are
potentially dangerous, namely files with extensions
com, exe, bat, cmd, reg, doc, xls,
vbs (this list can be expanded). At receipt of
a message containing the attached document of one of
indicated types, the program marks the appropriate message
with red colour and notifies the user of potential danger.
This way seems to be more preferable then the idea to
prohibit execution of all scripts in the system - which
is neither a panacea, as the malefactor can send executive
file, with destructive abilities exceed greatly the ones
of a program written on Word Basic.
However, the notorious "E-Mail
Security Patch" by Microsoft only prohibits execution
of all the scripts. Installation of this patch blocks
requests from any program (except Microsoft software,
of course) to your mailbox. Thus, when working with MAPInotify
in MAPI or CDO modes, you can see something like this:
This window will appear every time MAPInotify
checks your mailbox. However, if you are using CDO protocol,
you can evade this restriction, though giving up some
functionality (you would not see the sender's e-mail address).
Use "CDO Security switch" utility, which is
a part of MAPInotify distribution package.