|
Virus
Protection - Best Practices
There are now over 60,000 computer viruses. Each day an average of 20 new
viruses are created, so keeping your Antivirus software updated is critical.
Still, up-to-date Antivirus software alone is not enough. We must also follow
the principle of "avoidance" and other best practices.
Consider the morning of May 5, 2000, when the Love Bug worm was launched.
Protection from any AV vendor was not available for 1-2 days. While many
individuals had up-to-date virus protection, this worm did over $10 billion in
damages. This is why all suspicious attachments should be deleted without
opening them. It's only a matter of time until the next major destructive worm
surfaces, as the Goner worm did on December 4, 2001.
The following are guidelines which promote the best practices in protecting
your PC from the numerous malicious threats in EMAIL, Web browsing, and other
environments:
General
Best Practices for Virus Prevention
- Never Open Suspicious Attachments -- Assume that ANY
attachment you receive may be potentially infected, even if you know the
author well. Since viruses spawn from an infected PC and it's address
book, viruses will most likely come from family, friends, or business
associates. When processing EMAIL, only open attachment types that you are
expecting. Avoid opening any EMAIL attachment, if it appears to be of a
suspicious nature. Virus writers use social engineering tricks to tempt
individuals into "taking the bait" on attachments, so always be
careful.
- Detach all EMAIL Attachments into a special
folder for scanning -- Always detach EMAIL into a quarantine folder. For example,
create a folder on your hard drive called DOWNLOAD. With your EMAIL
package, detach all eligible attachments into the DOWNLOAD folder. After
detaching, then scan the DOWNLOAD folder with Virus Scan using the ALL
FILES settings. This is the best way to ensure EMAIL attachments don't
bypass virus scanning controls.
- Keep your virus protection up-to-date-- You are far more likely to
get a brand new EMAIL virus in current circulation or outbreak mode, than
an older virus that has been contained and is no longer active.
- Scan your system monthly -- Monthly scans with the
standard default settings and "ALL FILES" settings quarterly.
This will eliminate any possible brand new resident viruses, that you may
have picked up earlier.
- Stay informed -- A major new outbreak will
surface about once per quarter. Usually, the media will highlight these
plus our company provides formal alerts. Please follow the guidelines
shared to avoid problems during these major attacks.
- Education -- At home, it is important to educate all
family members on safe EMAIL practices and how to avoid computer viruses.
- Ensure your Recycle Bin is eligible for scanning -- Most AV products exclude
the recycle bin, where the new SirCam virus can now hide and reside. In
McAfee you can look at System Properties and Exclusions. If the Recycle
Bin is shown as an Exclusion - remove this entry so that scanning can take
place.
- New vulnerable extension types should be
covered by your Virus Protection Software -- Make sure VBS, LNK, PIF,
SCR, HT?, BAT, and others are present in the default extensions. This will
improve your real time virus protection for some of the latest threats.
- Avoid going to any URLs in EMAIL messages that
are suspicious in nature -- A new approach for virus writers is to infect web
pages with scripts, however most mainstream sites should remain safe.
- Keep your Windows environment patched with all
"Critical Updates" -- A new approach for virus writers is to infect web
pages with scripts, however most mainstream sites should remain safe. A
best practice is to update monthly to keep your system as secure as
possible.
Go to http://windowsupdate.microsoft.com/
and select Product Updates and then check Critical Updates. After applying
them you will need to reboot your workstation.
- Keep up-to-date with Internet Explorer patches -- The Nimda virus modeled
after Code Red, created a brand new paradigm where visiting infected web
sites can lead to PC virus infections. The best approach is to stay with
the latest browser edition (that you can run) and latest service pack.
- Do not accept any files offered to you during
WebSite visitations -- Any file ending in EML, NWS, JS, EXE, etc. are signs of an
infected website and these agents can infect your PC as well. If a web
site automatically alters your home page settings, the PC should be
scanned with the latest virus definitions to ensure viruses were not
transmitted as well.
- Do not accept any files offered to you during
Instant Messenger sessions -- There are a number of IRC based viruses that can
infect your PC from others you may be communicating with through instant
messaging. It is best to use this communications tool for
"chatting" only.
- Be careful of Virus Hoax alerts -- Do not believe all EMAIL
you receive from the Internet as virus hoaxes are abundant. You can
research these as noted below, but hoaxes are designed to create confusion
or even to cause individuals to delete files (SULFNBK.EXE hoax). Never
follow steps to delete files or alter your system configuration based
solely on an EMAIL message, but research first (see #15 below).
- Monitor the latest major threats that are
emerging --
When the media highlights a new threat, pay close attention to this so you
can avoid becoming infected.
|