This article describes the top 10 things that YOU can do to prevent new viruses from damaging computers running a Microsoft Windows product. In this document, the term "virus" also includes trojans, worms, searchbars, spyware and other malware. For those using Mac or Linux, similar principles apply.
These are all listed in order of importance.
1. Install Security Patches
Obtain and install all available security patches for your operating system. If you have Windows 98 or newer and MSIE, Windows Update will provide you with all the patches needed. For Windows 95 users, or those who prefer not to use MSIE, you could try WindizUpdate
This is the most important thing you can do... check for updates weekly. Keep your ears open for news about the latest vunerabilities found in your operating system.
2. Don't Rely on Antivirus Software or Adware Removal Tools
While it is good practice to have some sort of virus protection installed on your computer, it should not be relied on as being the only virus protection you use. Training and Virus Awareness are more important.
We have found that most people assume that if they are running antivirus software, then their computer is protected. This is incorrect for the following reasons:
* If your virus definitions are more than 2 weeks old, your virus scanner is useless, and should be uninstalled. It is useless because it will still let new viruses through undetected, and still has the potential to remove your files, open back doors and send mass emails. Since virus definitions for free antivirus programs are typically updated once a month, these should never be used.
* There is always a period of several hours between the time a new virus is released into the wild (ie you get it) and the time that the virus definitions are updated. Even if email is filtered by your ISP, you will still get these new viruses.
* Viruses often disable your antivirus software. If you're using one of the popular antivirus programs, the virus will know it, and will terminate it.
Virus protection provided by your ISP will not stop all viruses.
Most important: Before opening any email attachment, or software downloaded from a website (or porn site), clear your browser's disk cache -- this is because many viruses scan the websites you have visited for email addresses.
3. Don't Use Internet Explorer, Microsoft Word, or Outlook Express
Technically, the heading for this section should be "don't use the most popular web browser, the most popular word processor, or Windows Address Book" - but that didn't fit.
Why is this so important? Let's take the Netsky virus as an example. When it runs, it scans your computer for email addresses; but it doesn't scan every file - that would take too long. It scans, among others, files of the following types:
.OFT Outlook item template
.DOC Microsoft Word document
.EML Outlook Express email message
.WAB Windows Address Book
.DBX Outlook Express email folder
.RTF Rich Text format
.TXT Plain Text
So, email addresses contained in any of these documents are harvested, and the virus emailed to them. But what if more than just the virus was emailed? What if your confidential business data, commercially sensitive data, or personal data was emailed around too?
We strongly recommend that email addresses and documents be stored in less popular formats (ie use a different email program, and different word processor). But isn't Microsoft Word the only word processor available? Dream on... there are many available, some of them are better than the MS one. A good starting point is OpenOffice, which stores its files in a format that (at time of writing) none of the existing viruses scan for. Forget about the argument that learning a new word processor is too difficult. Remember, you too spent many hours learning your way around your current word processor - and it wasn't easy.
Here's a except from an article:
The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.
On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.
"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note.
internetnews.com 29 June 2004
Also, don't assume that a patch will fix the problem... it may just create another
Microsoft�s recent efforts to fix yet another vulnerability in Internet Explorer and end the latest series of internet attacks, doesn�t address another closely related and dangerous vulnerability, according to a security specialist.
Dutch security expert Jelmer Kuperus published code on the web last week that he says can be used to break into fully patched Windows systems using a slightly modified version of an attack called Download.Ject that Microsoft patched two weeks ago.
The new attack targets a hole in a different Windows component than the one addressed by Microsoft's software patch. Using a similar attack, malicious hackers could break into patched Windows machines, Kuperus says.
Microsoft confirmed last week that it is aware of the exploit code, but does not believe any customers have been attacked using the Shell.Application exploit, a US spokeswoman said.
computerworld 13 July 2004
Microsoft's browser makes it so easy to add unwanted features (eg search bar) without the user's knowledge or consent. Why should it just be limited to Search bars? Software is already out there that will monitor every key that you type; every website that you visit; and control your computer completely by remote. It is only a matter time when viruses will record the applications installed on your computer, and send it to a central hacker -- When the question is asked, "give me a list of infected computers running this brand of accounting software", how much damage could be done on your computer?
4. How Much can you Afford to Lose?
If the contents of your computer were destroyed this instant, how far down the toilet would you be? Setting aside that fact that it may take a few hours to get a computer reloaded with basic software; how much work would you lose? When did you last back up your email, passwords and other important documents? How much can you afford to lose?
Remember, computer are just machines, and can break down. Also, not all computers are created equal - The hard drive is the most important part of your computer - and cheap computers have cheap hard drives, not reliable hard drives
5. Know your File-Types
One of the serious flaws with Windows, is that one of the default settings is to hide file extensions. File extensions are very important, and should never be hidden.
Representing files as icons makes it very easy to locate and identify the files on your computer. Generally, different types of document have their own icon - for example Adobe Acrobat files have a distinctive icon. You may or not be aware that Windows Executable files (.exe) contain their own icons, and so can appear to look like any other document. This is why file types are so important
Assume any attachment with any of the following extensions is a virus:
.BAT DOS batch file
.COM DOS executable file
.CMD Windows 2000 batch file
.CPL Control Panel extension
.HTA HTML application
.JS JScript
.JSE JScript Encoded Script
.LNK Shortcut
.MSI Microsoft installer database
.PIF Shortcut to DOS program
.REG Registry Entries
.SCF Windows Explorer command
.SCR Screen Saver
.VB VB Script
.VBE VB Encoded Script
.VBS VB Script
.WS Windows Script Host
.WSC Windows Script Host - Component
.WSF Windows Script Host
.WSH Windows Script Host - Settings file
And, of course, the obvious .EXE file; however there are times when genuine executable files are sent by email... so be cautious. Have you ever needed to send an email with any of the above attachments? We would be interested in hearing your story.
Don't forget - viruses can be found in any OLE document (OLE documents include Word and Excel documents)
Files with a ZIP extension are file archives. They contain a collection of compressed files. The precautions regarding file extensions still apply... however most zipped viruses contain file names with many, many spaces hoping that the actual file extension will be hidden from view. Look for an elipsis ("..." in a filename.
6. Use Common Sense
Do not open any attachment if the email does not make sense. Even if you recognise the name of the person sending the email, do not assume they have sent it. The email may have a familiar name on it for four reasons:
1. Software on their computer has sent an email on their behalf, with or without their knowledge
2. Software has picked up their email address from someone else they have written to.
3. They actually sent it! (in this case it is a genuine email)
4. A spammer has chosen this name, as an enticement for you read the email
When emailing an attachment to another person, specifically mention that in the body of the email, together with the purpose of the attachment.
View message headers to see where the email has come from - while some of the information can be faked, the delivery route can generally be relied on.
7. Use Email Signatures
Whether your email is for home or business use, always include your contact information as a signature at the end of every outgoing email - insist that the recipient be aware that all genuine emails from yourself will have this signature
8. Check Out your Facts
As a rule, emails warning you of viruses are hoaxes, and are in fact "human readable viruses". Give the impression to others that you are a compentent computer user, and take 2 minutes to verify the email before you follow its instructions and forward the email on to everyone in your address book: Take a phrase from the email and search for it on the internet. Symantec's website is a good place to start: E-mail
9. Use an Email Management System
NEVER use Outlook Express or other POP3 based email client for business use. From a management view, all incoming and outgoing business emails need to be archived for legal reasons. From a user's point of view, inboxes can be lost/damaged/destroyed very easily, and email lost.
A web-based Email Management System is a powerful tool, and should be used in all business situations. Not only can it be set up to block spam, viruses, and hoaxes, it allows complete tracking of email; full backup of all email; and allows staff groups to share email - if one employee is sick, the email is still available for another staff member to answer.
10. Purchase your own Domain Name
Spend approximately US$9 on a domain name. For business use, purchase a domain name related to the name of your business (eg businessname.com), for private use, purchase a "generic" name. The advantage of this system is that it is possible to assign a different email address to different sources. When you get spam, you'll instantly see where it is coming from, and can be easily blocked. It is also another way of determining where your clients are coming from. Also, you'll be able to change ISPs without having to email everyone your change of address.
There are other things that can be done to stop spam, but these are beyond the scope of this article.
Remember, the viruses and phishing attempts that are doing so much damage today are primative - you haven't seen anything yet. For example:
* The email message would be written in your primary language, as one would normally write it
* The message would be from some one you know, even if they don't have a virus
* The message would contain information relevant to you or your business, seeming to be genuine; the attachment would seem to be genuine
* The virus itself would take up very little CPU time, and have been well tested by the authors.
These are all listed in order of importance.
1. Install Security Patches
Obtain and install all available security patches for your operating system. If you have Windows 98 or newer and MSIE, Windows Update will provide you with all the patches needed. For Windows 95 users, or those who prefer not to use MSIE, you could try WindizUpdate
This is the most important thing you can do... check for updates weekly. Keep your ears open for news about the latest vunerabilities found in your operating system.
2. Don't Rely on Antivirus Software or Adware Removal Tools
While it is good practice to have some sort of virus protection installed on your computer, it should not be relied on as being the only virus protection you use. Training and Virus Awareness are more important.
We have found that most people assume that if they are running antivirus software, then their computer is protected. This is incorrect for the following reasons:
* If your virus definitions are more than 2 weeks old, your virus scanner is useless, and should be uninstalled. It is useless because it will still let new viruses through undetected, and still has the potential to remove your files, open back doors and send mass emails. Since virus definitions for free antivirus programs are typically updated once a month, these should never be used.
* There is always a period of several hours between the time a new virus is released into the wild (ie you get it) and the time that the virus definitions are updated. Even if email is filtered by your ISP, you will still get these new viruses.
* Viruses often disable your antivirus software. If you're using one of the popular antivirus programs, the virus will know it, and will terminate it.
Virus protection provided by your ISP will not stop all viruses.
Most important: Before opening any email attachment, or software downloaded from a website (or porn site), clear your browser's disk cache -- this is because many viruses scan the websites you have visited for email addresses.
3. Don't Use Internet Explorer, Microsoft Word, or Outlook Express
Technically, the heading for this section should be "don't use the most popular web browser, the most popular word processor, or Windows Address Book" - but that didn't fit.
Why is this so important? Let's take the Netsky virus as an example. When it runs, it scans your computer for email addresses; but it doesn't scan every file - that would take too long. It scans, among others, files of the following types:
.OFT Outlook item template
.DOC Microsoft Word document
.EML Outlook Express email message
.WAB Windows Address Book
.DBX Outlook Express email folder
.RTF Rich Text format
.TXT Plain Text
So, email addresses contained in any of these documents are harvested, and the virus emailed to them. But what if more than just the virus was emailed? What if your confidential business data, commercially sensitive data, or personal data was emailed around too?
We strongly recommend that email addresses and documents be stored in less popular formats (ie use a different email program, and different word processor). But isn't Microsoft Word the only word processor available? Dream on... there are many available, some of them are better than the MS one. A good starting point is OpenOffice, which stores its files in a format that (at time of writing) none of the existing viruses scan for. Forget about the argument that learning a new word processor is too difficult. Remember, you too spent many hours learning your way around your current word processor - and it wasn't easy.
Here's a except from an article:
The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.
On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.
"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note.
internetnews.com 29 June 2004
Also, don't assume that a patch will fix the problem... it may just create another
Microsoft�s recent efforts to fix yet another vulnerability in Internet Explorer and end the latest series of internet attacks, doesn�t address another closely related and dangerous vulnerability, according to a security specialist.
Dutch security expert Jelmer Kuperus published code on the web last week that he says can be used to break into fully patched Windows systems using a slightly modified version of an attack called Download.Ject that Microsoft patched two weeks ago.
The new attack targets a hole in a different Windows component than the one addressed by Microsoft's software patch. Using a similar attack, malicious hackers could break into patched Windows machines, Kuperus says.
Microsoft confirmed last week that it is aware of the exploit code, but does not believe any customers have been attacked using the Shell.Application exploit, a US spokeswoman said.
computerworld 13 July 2004
Microsoft's browser makes it so easy to add unwanted features (eg search bar) without the user's knowledge or consent. Why should it just be limited to Search bars? Software is already out there that will monitor every key that you type; every website that you visit; and control your computer completely by remote. It is only a matter time when viruses will record the applications installed on your computer, and send it to a central hacker -- When the question is asked, "give me a list of infected computers running this brand of accounting software", how much damage could be done on your computer?
4. How Much can you Afford to Lose?
If the contents of your computer were destroyed this instant, how far down the toilet would you be? Setting aside that fact that it may take a few hours to get a computer reloaded with basic software; how much work would you lose? When did you last back up your email, passwords and other important documents? How much can you afford to lose?
Remember, computer are just machines, and can break down. Also, not all computers are created equal - The hard drive is the most important part of your computer - and cheap computers have cheap hard drives, not reliable hard drives
5. Know your File-Types
One of the serious flaws with Windows, is that one of the default settings is to hide file extensions. File extensions are very important, and should never be hidden.
Representing files as icons makes it very easy to locate and identify the files on your computer. Generally, different types of document have their own icon - for example Adobe Acrobat files have a distinctive icon. You may or not be aware that Windows Executable files (.exe) contain their own icons, and so can appear to look like any other document. This is why file types are so important
Assume any attachment with any of the following extensions is a virus:
.BAT DOS batch file
.COM DOS executable file
.CMD Windows 2000 batch file
.CPL Control Panel extension
.HTA HTML application
.JS JScript
.JSE JScript Encoded Script
.LNK Shortcut
.MSI Microsoft installer database
.PIF Shortcut to DOS program
.REG Registry Entries
.SCF Windows Explorer command
.SCR Screen Saver
.VB VB Script
.VBE VB Encoded Script
.VBS VB Script
.WS Windows Script Host
.WSC Windows Script Host - Component
.WSF Windows Script Host
.WSH Windows Script Host - Settings file
And, of course, the obvious .EXE file; however there are times when genuine executable files are sent by email... so be cautious. Have you ever needed to send an email with any of the above attachments? We would be interested in hearing your story.
Don't forget - viruses can be found in any OLE document (OLE documents include Word and Excel documents)
Files with a ZIP extension are file archives. They contain a collection of compressed files. The precautions regarding file extensions still apply... however most zipped viruses contain file names with many, many spaces hoping that the actual file extension will be hidden from view. Look for an elipsis ("..." in a filename.
6. Use Common Sense
Do not open any attachment if the email does not make sense. Even if you recognise the name of the person sending the email, do not assume they have sent it. The email may have a familiar name on it for four reasons:
1. Software on their computer has sent an email on their behalf, with or without their knowledge
2. Software has picked up their email address from someone else they have written to.
3. They actually sent it! (in this case it is a genuine email)
4. A spammer has chosen this name, as an enticement for you read the email
When emailing an attachment to another person, specifically mention that in the body of the email, together with the purpose of the attachment.
View message headers to see where the email has come from - while some of the information can be faked, the delivery route can generally be relied on.
7. Use Email Signatures
Whether your email is for home or business use, always include your contact information as a signature at the end of every outgoing email - insist that the recipient be aware that all genuine emails from yourself will have this signature
8. Check Out your Facts
As a rule, emails warning you of viruses are hoaxes, and are in fact "human readable viruses". Give the impression to others that you are a compentent computer user, and take 2 minutes to verify the email before you follow its instructions and forward the email on to everyone in your address book: Take a phrase from the email and search for it on the internet. Symantec's website is a good place to start: E-mail
9. Use an Email Management System
NEVER use Outlook Express or other POP3 based email client for business use. From a management view, all incoming and outgoing business emails need to be archived for legal reasons. From a user's point of view, inboxes can be lost/damaged/destroyed very easily, and email lost.
A web-based Email Management System is a powerful tool, and should be used in all business situations. Not only can it be set up to block spam, viruses, and hoaxes, it allows complete tracking of email; full backup of all email; and allows staff groups to share email - if one employee is sick, the email is still available for another staff member to answer.
10. Purchase your own Domain Name
Spend approximately US$9 on a domain name. For business use, purchase a domain name related to the name of your business (eg businessname.com), for private use, purchase a "generic" name. The advantage of this system is that it is possible to assign a different email address to different sources. When you get spam, you'll instantly see where it is coming from, and can be easily blocked. It is also another way of determining where your clients are coming from. Also, you'll be able to change ISPs without having to email everyone your change of address.
There are other things that can be done to stop spam, but these are beyond the scope of this article.
Remember, the viruses and phishing attempts that are doing so much damage today are primative - you haven't seen anything yet. For example:
* The email message would be written in your primary language, as one would normally write it
* The message would be from some one you know, even if they don't have a virus
* The message would contain information relevant to you or your business, seeming to be genuine; the attachment would seem to be genuine
* The virus itself would take up very little CPU time, and have been well tested by the authors.