Watching Where You Step On-Line

FOR years, computer users have been concerned about computer viruses sneaking into their machines via diskettes.

Now these and other destructive programs have a new mode of entry: the Internet.

As more people hook up to the the global computer network, they're becoming susceptible to such mischievous software on-line. The programs represent a tiny minority of what's available electronically. Still, just as someone might avoid a dark alley in a big city, computer users should watch where they step in cyberspace, security experts warn.

"With the Internet in place, you can get programs from anywhere," says Carey Nachenberg, senior software engineer with Symantec Corporation, a leading marketer of antivirus software based in Cupertino, Calif.

"Connectedness in itself creates risk," adds Peter Tippett of the National Computer Security Association (NCSA) in Carlisle, Pa.

The latest incident occurred not on the Internet but on an on-line service that connects to it. Reports of a "Trojan horse" called "Aolgold" began popping up last month on the America Online (AOL) service. A Trojan horse is a computer program, often destructive, disguised as something else. In this case, Aolgold was attached to electronic-mail messages touting it as an upgrade to America Online's software. In actuality, it was designed to delete important files on users' computers.

The spread of malicious software on electronic networks is nothing new. In 1988, a student released replicating software called a worm that crashed the Internet. Electronic bulletin boards have also contributed to the spread of computer viruses.

New urgency

But three factors make the current situation more urgent:

r The universe of Internet users is far larger today than it was in the early 1990s. It is many times the size of any bulletin-board service as well.

r The type of users hooked up to the global network has changed. Before, the Internet was largely the domain of technical professionals, who were knowledgeable enough to defend themselves. Today, the Internet is home to many computer novices.

"People are more and more connected and the people who are connected are less technically savvy," Mr. Tippett says.

r A relatively new type of destructive program is emerging. Until now, most virus damage was done by programs designed for a specific type of computer and spread by diskette. The growth of the Internet may encourage the proliferation of a newer type of program called a file virus. Some of these programs, such as the new Microsoft macro virus, can work on many kinds of computers.

The most intriguing security questions surround Java, an emerging Internet programming language developed by Sun Microsystems.

Java can work on any machine hooked up to the Internet. Moreover, Java programs reside on the Internet but have the ability to control someone's computer - at least temporarily - even if it's thousands of miles away.

This capability makes it a powerful tool, making the graphical part of the Internet come alive with animation, for example. And its developers have worked to make Java secure.

"We've tried really hard to address this issue," says Eric Schmidt, chief technological officer of Sun Microsystems in Mountain View, Calif. "A bad agent language is worse than none."

Not foolproof

Still, security experts doubt it is foolproof. "Any good programming language ... can be made malicious," says Tippett of NCSA.

The recent Aolgold incident illustrates how companies will have to counter malicious software more quickly than in the past. Aolgold could have become available to millions of America Online users very quickly. But it caused more scare than damage.

"The batch file was not well-written," says David Stang, chief technical officer for Norman Data Defense Systems, a multinational data-security company with offices in Fairfax, Va. Also, America Online promptly warned its customers of the program's potential.

Last week, S&S Software International Inc., a British antivirus company, announced it already had developed a program that could detect and remove Aolgold. New computer viruses may demand even more quick response, security experts agree.

Taking precautions

The real key to stopping them, however, rests in the hands of computer users, security experts say. If they take precautions, destructive software won't travel far.

"Just like you check to see who's coming in your house, check all the doors and windows of your computer," says Germaine Ward, product manager for Symantec.

For example: If users download a program off the Internet, they should scan it with antivirus software before using it, security experts say.

Fortunately, users' awareness of the dangers on-line appears to be on the upswing.

"There are so many new PC buyers and they are starting to evaluate what's out there," Ms. Ward says. "There has been a huge increase in the awareness of viruses."