The most common forms of malware currently being distributed do NOT NEED TO CONTAIN ANY VIRUS, WORM, or TROJAN (horse or otherwise).

Most stuff being currently distributed relies on what's called "phishing" or "social engineering." Computerese is ignored, and the most vulnerable component - the nut in front of the keyboard - is attacked instead.

The only usual requirement is that you "click something." The click can be intended simply to open a web page or open an email, but usually it's clicking a link on a page or in an email.

The "click" that you do can be aliased so that it does something different than it's expected to do, or so that it does what's expected but does something in addition to what you see it doing.

If the "click" tells your computer that you approved the installation of a program, the program will be installed, even if you didn't know you were giving your permission.

Your computer MUST DO WHAT YOU TELL IT TO DO. The program does NOT NEED TO contain a virus, worm, or trojan in the usual sense. All it has to do is tell your computer to open a port. It can then connect to a malicious website, or it can just sit there with the port open and wait for the site to find it. The port can be used, by a malicious website, to install additional little programs to search the files on your machine, capture the keystrokes for everything you type, or to use your machine to send spam to others.

Since those who use this kind of malware tend to the use of a few specific ports, every "bot-herder" on the web searches for machines with these ports open. The malware that gets delivered to you may not even come from the same source that tricked you into getting the opening, and/or you may get "little programs" from numerous sources.

EVERYTHING that this kind of malware does, often is "perfectly normal computer operation" just as when you stick a CD into your drive, and Windows Media Player, or iTunes, or QuickTime, or (insert your "player" program) opens a port and makes a connection to retrieve the track information to tell you the details of what's on the disk (and to tell WMP/iTunes/QT/other what tunes you're playing, and whether it's an official/commercial/authorized/paid for disk).

The only real defense against some of this is the common admonition:

"DON'T BE STUPID."

Sometimes, even that isn't enough.

Newer AV and antimalware programs are learning to recognize some of the phising ploys and the sites that generate them. With latest patches, WinXP will, with proper settings, ask you for an independent "permission" to run any executable accessed on the web, or to turn on "unusual" permissions. A trivial example is the popup that asks if you want to "run or save" a file from a web source.

I'm told that Vista goes a step further, in that even if you're running with Administrator privileges you're required to re-enter the Administrator password to approve any "program" installation or to perform any other "Adminstrator level" operation. This kind of malware is a main reason for it.

For best protection, you need not only current AV/Adware/Spyware definitions, but should also have a reasonable current program version, since older versions still in use may not incorporate looking for these kinds of malware.

But nothing helps if you are - accidentally or intentionally, or by nature - even a little bit:

CARELESS / STUPID / OBLIVIOUS / OVERCONFIDENT / GULLIBLE / GREEDY / CURIOUS / UNLUCKY

John