Fatal Attachment?

So far I have discussed e-mail strictly in terms of exchanging textual messages. This is tremendously useful, and accounts for the vast majority of e-mail activity. However, the e-mail facility can actually support much more sophisticated messaging, which I will briefly discuss here--not least because along with this extra sophistication comes extra danger!

The essential idea is that it is possible to ``attach'' any kind of information at all (that you have in computer form) to an e-mail message; the recipient can then detach it again and view or process it in whatever way is appropriate. The buzzword acronym for this facility is MIME, for Multipurpose Internet Mail Extensions. With MIME attachments you can use e-mail to send photographs, songs, movies, or any other kind of information you can imagine. Of course, you must separately have some way of getting these media into your computer--but that may be easier than you might expect. A multimedia PC will normally already have a facility for you to record sound into a computer file. If you have a scanner or a digital camera you can easily create image files. And so on.

Naturally, you can also use MIME attachments to exchange more conventional computer information--such as spreadsheet files, databases, word processor files, or even applications programs. This can be much more convenient that exchanging information with others using diskettes (which is the more old-fashioned way of doing things).

Using attachments is a relatively advanced facility, and I won't present it in fine detail here--you can find more information in the online help or other documentation for your e-mail client. But I do want to warn you about one danger of e-mail attachments: the real possibility it raises of efficiently transmitting computer viruses.

Computer viruses, unlike their real biological counterparts, are not natural occurrences: they are carefully crafted weapons of computer terrorism. A virus is a malicious computer program that can ``infect'', or become installed on, your computer, without your being aware of it. It can then cause various kinds of malfunction, ranging from the mildly annoying through to wholesale destruction of your computer data. It can also use your computer as a base to propagate to others.

The most common mechanism which viruses have used to spread themselves in the past is via floppy disks shared between computer users. However--and this is the what I want to alert you to here--they can propagate equally, or perhaps ever better, via e-mail.

A recent well-publicised incident was that of the so-called Melissa virus. This exists embedded within documents in the Microsoft Word (a word processing program) format. To a certain extent, Melissa can be passed on just ``naturally'', whenever people exchange infected documents (whether by e-mail or on disk). But the specially distinctive feature of Melissa is that it does not passively wait and hope for propagation in this way: once it gets to infect your machine it can not only replicate itself into your documents (which is a common technique that many viruses of this sort use) it also actively scans your e-mail address book, and sends e-mails, with infected documents attached, to a large number of your e-mail contacts. Because these e-mails appear to be coming from you, there is a good chance that the recipients may believe that the attachment is trustworthy. If so, they will duly detach it and load it up in MS-Word--at which point it gets an opportunity to infect their systems also. And so the cycle repeats, but multiplying rapidly.

Melissa was not designed to do any ``direct'' damage to users' computers or data as such--though in certain circumstances it could transmit documents, belonging to a victim, which were sensitive or confidential. But when it was initially released, in late March 1999, it spread extremely quickly on a global scale. The resulting explosion in e-mail traffic quickly overloaded many e-mail servers in affected organisations, severely disrupting their normal operations.

While the Melissa virus itself has now been generally brought under control, new viruses are regularly being released. So you would be very wise to take precautions against them. The minimal precaution against viruses of all sorts is to install effective anti-virus software on your computer. However, in general these can only protect you against viruses that have already been detected and analysed (or closes variants of such viruses)--they cannot protect you in advance against completely novel strains. So you should also be extremely careful about exposing your computer to infection in the first place.

As far as protecting yourself against infection (and transmission) of viruses by e-mail is concerned, the simplest policy, which I certainly recommend for beginners, is to confine yourself strictly to plain text (ASCII) format messages, with no attachments. This form of e-mail is absolutely safe: it is impossible for viruses to hide in such messages. In particular, you should resist the temptation to use a sophisticated word processor, such as MS-Word, to create straightforward textual messages which can be dealt with perfectly adequately in ASCII. This is a trap that many novice Internet users fall into, especially if they are already familiar with using a word processing package. Similarly, If you find that any of your e-mail correspondents is in the habit of using such a word processor format for textual messages, warn them about the danger of propagating viruses, and encourage them to use ASCII instead.

More generally, if you receive e-mail with attachments of any format then, regardless of who the message is apparently from, do not attempt to access or view these attachments unless you can independently verify their authenticity and purpose, and that the sender has taken steps to ensure that they are virus-free.

There are many Web sites which provide information on computer viruses and other issues relating to computer security. A good starting point is the following category index:

http://www.yahoo.ie/Computers_and_Internet/Security_and_Encryption/

As the name ``virus'' indicates, some of the ideas behind the design of computer viruses have an inspiration from biological agents. However, alongside this malicious application of certain biological ideas, there are also completely positive research programs dealing with related concepts and technology. One such field, explicitly concerned with the intersection between biology, engineering, and computer science has become known as ``Artificial Life'' or ALife. You can find out more about this benign face of biologically inspired computer programming at:

http://www.eeng.dcu.ie/~alife/