Over the years I have learnt to be sceptical about such things. I am extremely suspicious of such mails when they do not have an authentic, read known, source. Also, with rather rare exceptions, simply reading an e-mail message cannot execute a virus program on a computer—you need to open an attachment and, of course, viruses cannot attack your hardware.

As Eric Gerlitz says in The Facts about Computer "E-Mail Viruses," you cannot get an e-mail virus by just opening e-mail. A virus cannot exist in an e-mail text message. They also cannot exist in USENET (newsgroup) postings or simply "float around" the Internet. Viruses must be attached to and infect an executable program (.exe, .com). Viruses and other system-destroying bugs can only exist in executable files, and since e-mail is not a system file in that sense, viruses cannot exist there. While reading e-mail, you are not executing any malicious code to activate! Thus, no virus can exist. However, if you (or your computer) download a file attached to an e-mail or USENET posting (i.e.-binary) and run it, there is a chance that file could contain a virus, since a "runable" file may contain a virus.

However, it is also very important that you do not, under any circumstance, allow your e-mail program to automatically execute an attached file. This would put your computer at risk.

My friend had unwittingly forwarded a hoax. Net manners dictate that you shall not forward any message without giving it due thought. This is especially true for messages that say, "Please forward this message to as many people as you can."

Why not? Because you might feel stupid when people tell you what you have done, you might make your friends and associates unhappy and in case you have instructed your e-mail program to send out your address and phone numbers with your mail, you may be sharing private information with many, many more persons than you intended to.

As a rule, I do not forward any mail of the users asking me to forward it to as many persons as possible, since that is one of the most easily recognisable aspects of a hoax letter and, in fact, often its intention. Of course, it goes against the grain, you want to help other people. Who wouldn’t want to warn his friends about some terrible virus that is destroying people’s systems?

Anyway, this virus warning did still scare me enough to visit the US Department of Energy’s Computer Incident Advisory Capability’s Website www.ciac.org. The body has been providing the Department of Energy with incident response, reporting, and tracking, along with other computer security support since 1989.

They maintain lists of virus and other vulnerabilities, as well as tips on spotting hoaxes and soon it was confirmed that this virus alert was a hoax. Just to be more sure, I also visited the sites of leading computer security firms: Symantec, http://securityresponse.symantec.com, and McAfee, www.mcafee.com, which also did not list it among the current threats. In fact it was listed among the hoaxes. Symantec said: "[RTF bookmark start: technicaldetails]This information is a hoax and should be ignored." It also gave a sample of hoax message that was similar to what I had received. [RTF bookmark end: technicaldetails]By now well-known e-mail hoaxes include 3b Trojan, AOL4Free Virus, AOL.EXE, AOL Flashing IM, Baby New Year Virus, Blue Mountain Virus, California Virus, CELLSAVER Virus, CLEANMGR.EXE Warning, E-Flu and so on. You can get the full list at www.symantec.com/avcenter/hoax.html

Now that I knew about the hoax message, I wondered why I did not receive any warning about the W32/Klez.h@MM worm that has been attacking computers, including mine, since June 17. This is a genuine worm that is on the watch list of all computer advisory sites.

The answer to the question is simple enough—people who do not want to help you send hoaxes. While no one really knows why such letters are sent in individual cases, generally speaking, the reasons could be: (i) To see how far a letter will go (ii) to harass someone (iii) to damage the reputation of a person or an organisation..

This they do, and also cause a lot of anxiety and fear.

While viruses stay in the spotlight because of their damaging potential, even a hoax virus alert can cost a lot. As CIAC points out: "The cost and risk associated with hoaxes may not seem to be that high, and isn’t when you consider the cost of handling one hoax on one machine. However, if you consider everyone that receives a hoax, that small cost gets multiplied into some pretty significant costs. For example, if everyone on the Internet were to receive one hoax message and spend one minute reading and discarding it, the cost would be something like: 5, 00,00,000 persons x 1/60 hour x $ 50 per hour = $ 41.7 million (nearly Rs 210 crore).

Of course, there are viruses and they have to be combated. We have given a box that gives the most important tips from a leading antivirus software provider. Basically, a common sense approach of scanning all e-mails, installing and updating the anti-virus software and turning off any options that automatically download files or open attachments goes a long way in safeguarding your computer.

E-mail virus hoaxes target our emotions, fear of the unknown, and the wish to help others. Informed decisions can and do equip us to handle such problems and protect ourselves while helping others too. If someone says: "You have a virus!" we should check and make sure. Any knee-jerk response based on fear is unwarranted and likely to be wrong. Let’s make sure that the fear is warranted, and if it is, we get the tools to tackle the situation.