Home of Siebert Meine Hobbies Curriculum Vitae Virus Security Docs Webcam Links About  
DOT

Virus Protection - Best Practices


There are now over 60,000 computer viruses. Each day an average of 20 new viruses are created, so keeping your Antivirus software updated is critical. Still, up-to-date Antivirus software alone is not enough. We must also follow the principle of "avoidance" and other best practices.

Consider the morning of May 5, 2000, when the Love Bug worm was launched. Protection from any AV vendor was not available for 1-2 days. While many individuals had up-to-date virus protection, this worm did over $10 billion in damages. This is why all suspicious attachments should be deleted without opening them. It's only a matter of time until the next major destructive worm surfaces, as the Goner worm did on December 4, 2001.

The following are guidelines which promote the best practices in protecting your PC from the numerous malicious threats in EMAIL, Web browsing, and other environments:

General Best Practices for Virus Prevention

  1. Never Open Suspicious Attachments -- Assume that ANY attachment you receive may be potentially infected, even if you know the author well. Since viruses spawn from an infected PC and it's address book, viruses will most likely come from family, friends, or business associates. When processing EMAIL, only open attachment types that you are expecting. Avoid opening any EMAIL attachment, if it appears to be of a suspicious nature. Virus writers use social engineering tricks to tempt individuals into "taking the bait" on attachments, so always be careful.
  2. Detach all EMAIL Attachments into a special folder for scanning -- Always detach EMAIL into a quarantine folder. For example, create a folder on your hard drive called DOWNLOAD. With your EMAIL package, detach all eligible attachments into the DOWNLOAD folder. After detaching, then scan the DOWNLOAD folder with Virus Scan using the ALL FILES settings. This is the best way to ensure EMAIL attachments don't bypass virus scanning controls.
  3. Keep your virus protection up-to-date-- You are far more likely to get a brand new EMAIL virus in current circulation or outbreak mode, than an older virus that has been contained and is no longer active.
  4. Scan your system monthly -- Monthly scans with the standard default settings and "ALL FILES" settings quarterly. This will eliminate any possible brand new resident viruses, that you may have picked up earlier.
  5. Stay informed -- A major new outbreak will surface about once per quarter. Usually, the media will highlight these plus our company provides formal alerts. Please follow the guidelines shared to avoid problems during these major attacks.
  6. Education -- At home, it is important to educate all family members on safe EMAIL practices and how to avoid computer viruses.
  7. Ensure your Recycle Bin is eligible for scanning -- Most AV products exclude the recycle bin, where the new SirCam virus can now hide and reside. In McAfee you can look at System Properties and Exclusions. If the Recycle Bin is shown as an Exclusion - remove this entry so that scanning can take place.
  8. New vulnerable extension types should be covered by your Virus Protection Software -- Make sure VBS, LNK, PIF, SCR, HT?, BAT, and others are present in the default extensions. This will improve your real time virus protection for some of the latest threats.
  9. Avoid going to any URLs in EMAIL messages that are suspicious in nature -- A new approach for virus writers is to infect web pages with scripts, however most mainstream sites should remain safe.
  10. Keep your Windows environment patched with all "Critical Updates" -- A new approach for virus writers is to infect web pages with scripts, however most mainstream sites should remain safe. A best practice is to update monthly to keep your system as secure as possible.

    Go to http://windowsupdate.microsoft.com/ and select Product Updates and then check Critical Updates. After applying them you will need to reboot your workstation.
  11. Keep up-to-date with Internet Explorer patches -- The Nimda virus modeled after Code Red, created a brand new paradigm where visiting infected web sites can lead to PC virus infections. The best approach is to stay with the latest browser edition (that you can run) and latest service pack.
  12. Do not accept any files offered to you during WebSite visitations -- Any file ending in EML, NWS, JS, EXE, etc. are signs of an infected website and these agents can infect your PC as well. If a web site automatically alters your home page settings, the PC should be scanned with the latest virus definitions to ensure viruses were not transmitted as well.
  13. Do not accept any files offered to you during Instant Messenger sessions -- There are a number of IRC based viruses that can infect your PC from others you may be communicating with through instant messaging. It is best to use this communications tool for "chatting" only.
  14. Be careful of Virus Hoax alerts -- Do not believe all EMAIL you receive from the Internet as virus hoaxes are abundant. You can research these as noted below, but hoaxes are designed to create confusion or even to cause individuals to delete files (SULFNBK.EXE hoax). Never follow steps to delete files or alter your system configuration based solely on an EMAIL message, but research first (see #15 below).
  15. Monitor the latest major threats that are emerging -- When the media highlights a new threat, pay close attention to this so you can avoid becoming infected.
DOTFrank Siebert (Click to send a message... ) © 2002