hi tc
"I may be missing something or doing something wrong but I have no *.vbs or *.zlo files at all on my computer. Any ideas?"
maybe you are missing something. or maybe it's me. <g3> here's the way i see it.
it matters not how many vbs files you do or don't have on your pc at this moment. what we're talking about is the ones that may get sent to you with malicious code attached. per that article, many worms come in the form of vbs files. a quick scan through norton reveals hundreds that begin with the letters vbs in their name. maybe it's thousands that actually are vbs files, i do not know.
but now i think i know one reason why the vbs files are so popular among the virus writers. the action your pc takes when it receives one seems to be designated by default to 'open'. the 'edit' action, if it's even present, is not selected. so it's a very convenient and highly successful vehicle for the bad guys to use to gain access.
the thrust of the article is to change the action your pc takes when it receives a vbs file. (again, this has nothing to do with how many you do or do not have on board at this time.) by changing the action to 'edit', and assigning notepad.exe as the application, the vbs file can not open and release its contents onto your hard drive.
the zonealarm thing i discovered today was that it renamed the vbs extension to zol, but kept the action the same, which was 'open'.
now assuming that you went forward with the article's instructions and changed the vbs action to 'edit', the final test to see if what you did was working was to click on a vbs file and see if notepad opened it. this is where my concern comes in. in #reply-15376502 i posed the question,
"if you follow the final steps in the 'trick the worm' instructions, and try opening a vbs file on your system, and if you end up with an 'open with' dialog.... that seems like za isn't doing its job. za changed the extension name to ZLO, but who's gonna send you a ZLO file? see what i mean?"
when i tried to open a vbs file, the 'open with' dialog pops up. why didn't zonealarm try to open it? it wasn't until i recreated the vbs extension (that za had changed), and made the action 'edit' (instead of 'open'), that it opened in notepad, as the article said it should.
if this is all too boring, or if i'm butchering the explanations, my apologies. not many here seem interested, based on the response to my posts on the topic. so i'll put a proper lid on the whole subject, if that's the best thing to do. it may sound like i'm beating a dead horse here, but i'm really just trying to communicate what i think it a very effective (and hot!) method of precluding these mean old worm viruses. in fact, the anti-antivirus folks should be applauding this tip, in that it completely preempts even the ultra fastest virus definition updates for each newly discovered loveletter-style virus.
anyway, let me know your thoughts, please. whatever they may be! <g3>
:)
mark |
