This article describes the top 10 things that YOU can do to prevent new viruses from
damaging computers running a Microsoft Windows product. In this document, the term "virus"
also includes trojans, worms, searchbars, spyware and other malware. For those using Mac or
Linux, similar principles apply.
These are all listed in order of importance.
1. Install Security Patches
Obtain and install all available security patches for your operating system. If you
have Windows 98 or newer and MSIE, Windows Update will provide you with all the patches needed.
For Windows 95 users, or those who prefer not to use MSIE, you could try WindizUpdate
This is the most important thing you can do... check for updates weekly. Keep your ears
open for news about the latest vunerabilities found in your operating system.
2. Don't Rely on Antivirus Software or Adware Removal Tools
While it is good practice to have some sort of virus protection installed on your
computer, it should not be relied on as being the only virus protection you use. Training and
Virus Awareness are more important.
We have found that most people assume that if they are running antivirus software, then
their computer is protected. This is incorrect for the following reasons:
- If your virus definitions are more than 2 weeks old, your virus scanner is useless,
and should be uninstalled. It is useless because it will still let new viruses through
undetected, and still has the potential to remove your files, open back doors and send
mass emails. Since virus definitions for free antivirus programs are typically updated
once a month, these should never be used.
- There is always a period of several hours between the time a new virus is released
into the wild
(ie you get it) and the time that the virus definitions are updated. Even if email is filtered by
your ISP, you will still get these new viruses.
- Viruses often disable your antivirus software. If you're using one of the popular antivirus
programs, the virus will know it, and will terminate it.
Virus protection provided by your ISP will not stop all viruses.
Most important: Before opening any email attachment, or software downloaded from a website
(or porn site), clear your browser's disk cache -- this is
because many viruses scan the websites you have visited for email addresses.
3. Don't Use Internet Explorer, Microsoft Word, or Outlook Express
Technically, the heading for this section should be "don't use the most popular web browser,
the most popular word processor, or Windows Address Book" - but that didn't fit.
Why is this so important? Let's take the Netsky virus as an example. When it runs, it scans
your computer for email addresses; but it doesn't scan every file - that would take too long.
It scans, among others, files of the following types:
| .OFT | Outlook item template |
| .DOC | Microsoft Word document |
| .EML | Outlook Express email message |
| .WAB | Windows Address Book |
| .DBX | Outlook Express email folder |
| .RTF | Rich Text format |
| .TXT | Plain Text |
So, email addresses contained in any of these documents are harvested, and the virus emailed
to them. But what if more than just the virus was emailed? What if your confidential business
data, commercially sensitive data, or personal data was emailed around too?
We strongly recommend that email addresses and documents be stored in less popular
formats (ie use a different email program, and different word processor). But isn't Microsoft
Word the only word processor available? Dream on... there are many available, some of them are
better than the MS one. A good starting point is OpenOffice,
which stores its files in a format that (at time of writing) none of the existing
viruses scan for. Forget about the argument that learning a new word processor is too difficult.
Remember, you too spent many hours learning your way around your current word processor - and it wasn't easy.
Here's a except from an article:
The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning
Web surfers to stop using Microsoft's Internet Explorer (IE) browser.
On the heels of last week's sophisticated malware attack that targeted a known IE flaw,
US-CERT updated an earlier advisory to recommend the use of alternative browsers because
of "significant vulnerabilities" in technologies embedded in IE.
"There are a number of significant vulnerabilities in technologies relating to the
IE domain/zone security model, the DHTML object model, MIME-type determination, and
ActiveX. It is possible to reduce exposure to these vulnerabilities by using a
different Web browser, especially when browsing untrusted sites," US-CERT noted in
a vulnerability note. |
| internetnews.com 29 June 2004 |
Also, don't assume that a patch will fix the problem... it may just create another
Microsoft’s recent efforts to fix yet another vulnerability in Internet Explorer and
end the latest series of internet attacks, doesn’t address another closely related and dangerous
vulnerability, according to a security specialist.
Dutch security expert Jelmer Kuperus published code on the web last week that he says can be
used to break into fully patched Windows systems using a slightly modified version of an attack
called Download.Ject that Microsoft patched two weeks ago.
The new attack targets a hole in a different Windows component than the one addressed by
Microsoft's software patch. Using a similar attack, malicious hackers could break into patched
Windows machines, Kuperus says.
Microsoft confirmed last week that it is aware of the exploit code, but does not believe any
customers have been attacked using the Shell.Application exploit, a US spokeswoman said. |
| computerworld 13 July 2004 |
Microsoft's browser makes it so easy to add unwanted features (eg search bar) without the user's
knowledge or consent. Why should it just be limited to Search bars? Software is already out there
that will monitor every key that you type; every website that you visit; and control your computer
completely by remote. It is only a matter time when viruses will record the applications installed
on your computer, and send it to a central hacker -- When the question is asked, "give me a list of
infected computers running this brand of accounting software", how much damage could be done on
your computer?
4. How Much can you Afford to Lose?
If the contents of your computer were destroyed this instant, how far down the toilet
would you be? Setting aside that fact that it may take a few hours to get a computer reloaded
with basic software; how much work would you lose? When did you last back up your email, passwords
and other important documents? How much can you afford to lose?
Remember, computer are just machines, and can break down. Also, not all computers
are created equal - The hard drive is the most important part of your computer - and
cheap computers have cheap hard drives, not reliable hard drives
5. Know your File-Types
One of the serious flaws with Windows, is that one of the default settings is to hide file
extensions. File extensions are very important, and should never be hidden.
Representing files as icons makes it very easy to locate and identify the files on your
computer. Generally, different types of document have their own icon - for example Adobe Acrobat
files have a distinctive icon. You may or not be aware that Windows Executable files (.exe)
contain their own icons, and so can appear to look like any other document. This is why
file types are so important
Assume any attachment with any of the following extensions is a virus:
| .BAT | DOS batch file |
| .COM | DOS executable file |
| .CMD | Windows 2000 batch file |
| .CPL | Control Panel extension |
| .HTA | HTML application |
| .JS | JScript |
| .JSE | JScript Encoded Script |
| .LNK | Shortcut |
| .MSI | Microsoft installer database |
| .PIF | Shortcut to DOS program |
| .REG | Registry Entries |
| .SCF | Windows Explorer command |
| .SCR | Screen Saver |
| .VB | VB Script |
| .VBE | VB Encoded Script |
| .VBS | VB Script |
| .WS | Windows Script Host |
| .WSC | Windows Script Host - Component |
| .WSF | Windows Script Host |
| .WSH | Windows Script Host - Settings file |
And, of course, the obvious .EXE file; however there are times when genuine
executable files are sent by email... so be cautious. Have you ever needed to send an email
with any of the above attachments? We would be interested in hearing your story.
Don't forget - viruses can be found in any OLE document (OLE documents include Word
and Excel documents)
Files with a ZIP extension are file archives. They contain a collection of compressed
files. The precautions regarding file extensions still apply... however most zipped viruses
contain file names with many, many spaces hoping that the actual file extension will be
hidden from view. Look for an elipsis ("...") in a filename.
6. Use Common Sense
Do not open any attachment if the email does not make sense. Even if you recognise the name of
the person sending the email, do not assume they have sent it. The email may have a familiar name
on it for four reasons:
- Software on their computer has sent an email on their behalf, with or without their knowledge
- Software has picked up their email address from someone else they have written to.
- They actually sent it! (in this case it is a genuine email)
- A spammer has chosen this name, as an enticement for you read the email
When emailing an attachment to another person, specifically mention that in the body of
the email, together with the purpose of the attachment.
View message headers to see where the email has come from - while some of
the information can be faked, the delivery route can generally be relied on.
7. Use Email Signatures
Whether your email is for home or business use, always include your contact information as
a signature at the end of every outgoing email - insist that the recipient be aware that all genuine emails
from yourself will have this signature
8. Check Out your Facts
As a rule, emails warning you of viruses are hoaxes, and are in fact "human readable viruses".
Give the impression to others that you are a compentent computer user, and take 2 minutes to
verify the email before you follow its instructions and forward the email on to everyone in your
address book: Take a phrase from the email and search for it on the internet. Symantec's
website is a good place to start: securityresponse.symantec.com/avcenter/vinfodb.html
9. Use an Email Management System
NEVER use Outlook Express or other POP3 based email client for business use. From a management
view, all incoming and outgoing business emails need to be archived for legal reasons. From a
user's point of view, inboxes can be lost/damaged/destroyed very easily, and email lost.
A web-based Email Management System is a powerful tool, and should be used in all business
situations. Not only can it be set up to block spam, viruses, and hoaxes, it allows complete
tracking of email; full backup of all email; and allows staff groups to share email - if one employee is sick, the email
is still available for another staff member to answer.
10. Purchase your own Domain Name
Spend approximately US$9 on a domain name. For business use, purchase a domain name related
to the name of your business (eg businessname.com), for private use, purchase a "generic" name.
The advantage of this system is that it is possible to assign a different email address to
different sources. When you get spam, you'll instantly see where it is coming from, and can be easily blocked. It is also another way of
determining where your clients are coming from. Also, you'll be able to change ISPs without
having to email everyone your change of address.
There are other things that can be done to stop spam, but these are beyond the scope of this article.
Remember, the viruses and phishing attempts that are doing so much damage
today are primative - you haven't seen anything yet. For example:
- The email message would be written in your primary language, as one would normally write it
- The message would be from some one you know, even if they don't have a virus
- The message would contain information relevant to you or your business, seeming to be genuine;
the attachment would seem to be genuine
- The virus itself would take up very little CPU time, and have been well tested by the authors.
Feedback
Please tell us what you think of this article - if we are wrong about any point, please prove us wrong.
Email us from our website 62nds.com |
