Configuring Your Computer for
Virus/Worm/Trojan Security
The recent
round of viruses are prime examples of the new and ever more malicious ways that
virus makers continue to create to infiltrate your computer. The new
generation of worms can reproduce independently and mail themselves to
users. Even more disturbingly, certain email worms do not even need
attachments to spread — they can be activated simply by switching
folders or viewing an email in Outlook's preview pane. Today, viruses have
added the Web to their bag of tricks, using ordinary web pages, as well as
email, to spread — a development that will likely spawn a whole new
generation of web-savvy worms. It is therefore more important than ever
to practice safe computing, although it can be tough to find a balance
between adequate security and reasonable functionality. Below are some
strategies the experts suggest for keeping viruses, hackers and worms
out of your computer. On another page, we provide links to background
reading as well as various
tools and resources for fighting unwelcome intruders. We hope
that, together, these will help you ensure your system is secure.
Get a firewall. You
can download trial versions from one of these
vendor sites. Although not foolproof, firewalls keep hackers
out of your computer by placing a barrier between it and the
Internet and filtering incoming and outgoing traffic according to
certain rules. They also provide added protection against malicious
code. Conventional wisdom used to hold that only those with
dedicated connections needed this measure. Dial-up users were not
vulnerable. Security experts maintain this is no longer true. The
dangerous new generation of worms puts all users at risk. Get a
totally
free firewall here.
Install good anti-virus software.
You can download trial versions from any of these
vendor sites. Update your virus definitions weekly, if not
daily. I cannot emphasize this point enough. Many people seem to
feel that once you have installed anti-virus software, your job is
done. Not true. New viruses emerge every day. A lot of people were
caught by Nimda because they happened to encounter an infected web
page between scheduled updates. It is critical to update your
software with the latest virus definitions frequently.
Many anti-virus programs provide a facility to automate this task.
Get totally
free Antivirus Software here.
Keep Auto-Protect enabled,
in both your firewall and your anti-virus software. Once these
programs are installed, they will place small icons in your system
tray, at the right-hand end of your Windows Taskbar. You can access
these programs by double-clicking on their respective icon. Once the
program starts up, you should see a message that auto-protect is
enabled, along with a "Disable" button. You may need to occasionally
disable auto-protect (to install software, for example). Make sure
it is re-enabled afterwards, especially when you are online.
Configure your anti-virus software to scan all files, not just
program files. The slight performance degradation is worth the added
security.
Be wary of ALL
email attachments, even those from trusted friends. Not
only do many worms swipe people's address books, sending themselves
out under seemingly legitimate names, many also masquerade as
harmless documents. The Anna virus, for example, was disguised as a
sexy photo of tennis star Anna Kournikova; the Mother's Day virus,
as a gift order confirmation. Remember that Word and Excel files are
also vulnerable to viruses. Use WordPad or Microsoft's
Word Viewer to preview Word documents without opening.
Virus scan all attachments before opening. In Eudora, you can do
this by right-clicking on the attachment filename and selecting
"Scan with (name of your anti-virus software)". First, you must
locate the attachment from the File Browser tab on the left of your
screen. Attachments are stored in Eudora's attachment folder, which
is under the Qualcomm folder in the Program Files directory. It is
equally important to scan attachments in Outlook or Outlook Express.
Be especially wary of executable attachments. These are
files with an EXE, VBS, or SHS extension. They can include the many
entertaining cartoons, games, polls, and other diversions
circulating around the Net. Such files are programs that run when
you click on them (in some cases, without you even needing to take
any action). That amusing Shockwave game could be harmless, but it
could also mask a virus or malicious script. NEVER
open a file called "readme.exe." It's the Nimda worm; legitimate
readme files have a TXT extension. Many experts recommend that you
delete any email attachment with an EXE, VBS, or SHS
extension, unless it is a file you are expecting. Even then,
virus-scan it before opening.
Do not assume any file is safe.
A longstanding truism held that certain types of files - TXT, GIFs,
JPGs, etc. - were OK to open. This may be true, but virus makers are
devious. Windows, by default, hides file extensions. Virus makers
can use this feature to disguise their handiwork as something
innocuous, tricking unwary users into opening attachments. That is
how the Anna virus masqueraded as a harmless photo. The true
filename of the virus was AnnaKournikova.jpg.vbs.
Users who had their file extensions hidden saw an attachment named
AnnaKournikova.jpg. Those who clicked it probably believed it to be
a harmless photograph. In fact, it was a nasty Visual Basic script.
To prevent such deception, double-click the My Computer icon on your
Windows desktop. In the resulting window, click the View menu and
select Folder Options. In the Folder Options dialog box, click the
View tab, and uncheck "Hide file extensions for known file types."
Click OK to confirm your selections. Now you will be able to see
complete filenames.
Plug Microsoft Outlook's notorious security holes,
and those in Internet Explorer. Nimda
is not the only virus or worm to target Microsoft products. The many
security weaknesses in these two programs make users easy prey for
virus makers. Microsoft has released several patches that address
specific security holes. The patch for the vulnerability that Nimda
exploits — actually a weakness in Internet Explorer — is
here. If you use Outlook, download and install the latest
security patches for your version of the software. Windows 98 and
2000 users can use the Windows Update feature in the Start menu. For
more on patching Outlook and IE, see
these resources.
Intercept hostile scripts.
Many of the newer worms use Windows scripting languages like
VBScript, Jscript, or Javascript to wreak their havoc. Scripts can
be embedded within HTML email, and — as Nimda has shown — malicious
code can also be hidden in web pages. There are a number of things
you can do to protect your system against malicious scripts. One
measure often recommended is to disable Javascript, although this
won't protect against VBScript worms. To disable Javascript in
Netscape, click Edit/Preferences. In the Preferences dialog box,
click Advanced, and remove the checkmark from beside "Enable
Javascript" (there should NEVER be a checkmark
beside "Enable Javascript for Mail and News"). In Internet Explorer,
the exact procedure varies with version. In IE 5.x, click
Tools/Internet Options, and select the Security tab. Click the
"Custom Level" button. Scroll down almost to the bottom, til you see
"Scripting." Under "Active Scripting," click Disable. Restart your
browser.
Consider alternatives to disabling Javascript.
Disabling Javascript can have both positive and negative
implications. You will no longer have to endure those annoying
pop-up windows and you'll be freed from sites that trap the back
key, leaving you no way to escape. On the other hand, many necessary
site functions are achieved with Javascript. Mouse rollovers, for
example, won't work and forms will no longer calculate correctly.
While you certainly don't want it in your email, you may find that
disabling Javascript in your browser impairs site functionality
beyond acceptable limits. One alternative is to configure this
security setting to prompt you every time your
browser encounters Javascript, although this can quickly become
annoying. Personally, I have chosen to risk leaving Javascript
enabled. Instead, I update my firewall and anti-virus software
daily, and rely on the measures already discussed, as well as these,
to protect against malicious scripts:
Use plain text email.
Many people choose to send their email messages as
HTML-formatted rather than plain text. This option essentially
endows email messages with certain Web traits, such as
sophisticated layouts, live links, fancy fonts, graphics, sound,
animation and interactivity. But HTML messages are larger and
take longer to transmit. Not all email software can read or
display such messages, in which case they come across as
gibberish. Most importantly, these messages can contain
Javascript, VBScript, or other malicious code. Many email
software programs use Internet Explorer to display
HTML-formatted email, and Explorer has known weaknesses that
worms can exploit. At the very least, disable executables in
HTML email and do not use Explorer as your mail viewer. In
Eudora, both features can be accessed through the
Tools/Options/Viewing Mail dialog box. Make sure there is no
checkmark beside "Allow executables in HTML content" or next to
"Use Microsoft's viewer." You won't have quite as much email
functionality (you won't see animated GIFs, for example), but
your system will be more secure.
Tweak your Internet Explorer security settings.
Many people recommend you use IE's maximum setting. Anti-virus
software manufacturer Symantec, for example, suggests you use
the settings
shown here. However, setting IE's security to maximum
will disable just about everything. A more reasonable compromise
may be to set IE's Internet Zone security settings to at least
Medium. This will cause your browser to prompt you before
running potentially unsafe content. To do this, click
Tools/Internet Options, and select the Security tab. Click the
"Custom Level" button. From the pop-down at the bottom of the
dialog box, select "Medium". This will reconfigure all of the
settings listed in the box at the top of the screen to an
acceptable compromise between security and functionality. You
can also customize each setting, requiring your browser to
prompt you when it encounters cookies, ActiveX controls, Java
applets, Javascript, and so on — or disabling these functions
entirely. It will take a bit of experimentation to find a
balance you can live with.
Tweak your Outlook security settings.
Even Outlook uses Internet Explorer to render HTML-formatted
email. If you use Outlook, set its security settings to match
Internet Explorer's Restricted Zone. To do this, click the Tools
menu, select Options and click the Security tab. In the top of
this panel, set Outlook to use IE's "Restricted Sites Zone".
This zone should be using the highest security settings. To
check in Explorer, click Tools/Internet Options/Security, select
"Restricted Sites" and click the "Custom Level" button. The
popdown at the botton should indicate "High". If not, change it
to do so. Configuring Outlook to use these settings will disable
ActiveX controls and prompt you before executing other kinds of
code within your email.
Don't preview emails.
Because some worms are executed by merely previewing email or
switching folders, some people suggest that you disable
Outlook's preview pane. In Outlook Express 5.5, you can do this
through the View/Layout menu. Uncheck "Show preview pane." You
can right-click on a message and select Properties/Details to
identify the source of a suspect message.
Cripple hostile scripts.
Some experts recommend disabling the Windows Scripting Host (WSH)
to protect against certain worms (KakWorm, Loveletter) and other
hostile scripts. The Windows Scripting Host is a feature of the
Windows operating systems that enables VBS files to run under
Windows 95, 98, NT 4.0, and Windows 2000. It enables users to
automate tasks in Windows by providing access to the Windows
shell, file system, registry, and more. However, it also enables
virus writers to automate certain actions without your
intervention. Because it is unlikely most users will ever need
to create VBScripts, many people suggest disabling this feature
entirely. Doing so will not interfere with Word macros, though
it could affect some web sites. The Symantec web site provides
instructions for
disabling the WSH, as well as a downloadable utility
(Noscript.exe) that will disable and re-enable it on the fly.
Back up your data and system configuration files.
Too many of us learn the hard way. Implement a daily or weekly
backup routine. Most anti-virus software programs let you make a
rescue disk you can use to recover from a disaster. Do it. Back up
your registry and the Wsock32.dll file as well. Both are frequent
virus targets. Symantec provides instructions for
backing up your registry.
Learn to identify virus hoaxes and avoid spreading
them. For some unknown reason, some
people like to spread false virus rumours via email. Fortunately,
hoaxes are usually easy to spot. They are characterized by an urgent
tone; an abundance of capital letters and/or exclamation marks;
liberal references to Microsoft, AOL or other prominent IT
companies; and the exhortation to forward the message to everyone
you know. If you believe a message is a hoax, check this
hoax list to confirm your suspicions.
