Atlantic MutualWhen it counts

Virus Protection - Best Practices

There are now over 60,000 computer viruses.   Each day an average of 20 new viruses are created, so keeping your antivirus software updated is critical.  Still, up-to-date antivirus software alone is not enough. We must also follow the principle of "avoidance" and other best practices. 

Consider the morning of May 5, 2000, when the Love Bug worm was launched.  Protection from any AV vendor was not available for 1-2 days.  While many individuals had up-to-date virus protection, this worm did over $10 billion in damages.  This is why all suspicious attachments should be deleted without opening them.   It's only a matter of time until the next major destructive worm surfaces, as the Goner worm did on December 4, 2001.

The following are guidelines which promote the best practices in protecting your PC from the numerous malicious threats in EMAIL, Web browsing, and other environments:

General Best Practices for Virus Prevention

1.  Never Open Suspicious Attachments -- Assume that ANY attachment you receive may be potentially infected, even if you know the author well.  Since viruses spawn from an infected PC and it's address book, viruses will most likely come from family, friends, or business associates.   When processing EMAIL, only open attachment types that you are expecting.  Avoid opening any EMAIL attachment, if it appears to be of a suspicious nature.  Virus writers use social engineering tricks to tempt individuals into "taking the bait" on attachments, so always be careful.

2.  Detach all EMAIL Attachments into a special folder for scanning -- Always detach EMAIL into a quarantine folder. For example, create a folder on your hard drive called DOWNLOAD. With your EMAIL package, detach all eligible attachments into the DOWNLOAD folder. After detaching, then scan the DOWNLOAD folder with Virus Scan using the ALL FILES settings. McAfee does not provide complete  integration with all EMAIL packages.  This is the best way to ensure EMAIL attachments don't bypass virus scanning controls.

3.  Keep your virus protection up-to-date -- You are far more likely to get a brand new EMAIL virus in current circulation or outbreak mode, than an older virus that has been contained and is no longer active.

4.  Scan your system monthly -- Monthly scans with the standard default settings and "ALL FILES" settings quarterly.  This will eliminate any possible brand new resident viruses, that you may have picked up earlier.

5.  Stay informed -- A major new outbreak will surface about once per quarter. Usually, the media will highlight these plus our company provides formal alerts. Please follow the guidelines shared to avoid problems during these major attacks.

6.  Education -- At home, it is important to educate all family members on safe EMAIL practices and how to avoid computer viruses.

7.  Ensure your Recycle Bin is eligible for scanning -- Most AV products exclude the recycle bin, where the new SirCam virus can now hide and reside. In McAfee you can look at System Properties and Exclusions. If the Recycle Bin is shown as an Exclusion - remove this entry so that scanning can take place.

8.  New vulnerable extension types should be covered by your Virus Protection Software -- Make sure VBS, LNK, PIF, SCR, HT?, BAT, and others are present in the default extensions. This will improve your real time virus protection for some of the latest threats.

9.  Avoid going to any URLs in EMAIL messages that are suspicious in nature -- A new approach for virus writers is to infect web pages with scripts, however most mainstream sites should remain safe.

10.  Keep your Windows environment patched with all "Critical Updates" -- A new approach for virus writers is to infect web pages with scripts, however most mainstream sites should remain safe.  A best practice is to update monthly to keep your system as secure as possible.

Go to http://windowsupdate.microsoft.com/ and select Product Updates and then check Critical Updates.  After applying them you will need to reboot your workstation.

11.  Keep up-to-date with Internet Explorer patches -- The Nimda virus modeled after Code Red, created a brand new paradigm where visiting infected web sites can lead to PC virus infections.  The best approach is to stay with the latest browser edition (that you can run) and latest service pack.   

12.  Do not accept any files offered to you during WebSite visitations -- Any file ending in EML, NWS, JS, EXE, etc. are signs of an infected website and these agents can infect your PC as well.  If a web site automatically alters your home page settings, the PC should be scanned with the latest virus definitions to ensure viruses were not transmitted as well.

13.  Do not accept any files offered to you during Instant Messenger sessions -- There are a number of IRC based viruses that can infect your PC from others you may be communicating with through instant messaging.  It is best to use this communications tool for "chatting" only. 

14.  Be careful of Virus Hoax alerts -- Do not believe all EMAIL you receive from the Internet as virus hoaxes are abundant.  You can research these as noted below, but hoaxes are designed to create confusion or even to cause individuals to delete files (SULFNBK.EXE hoax).  Never follow steps to delete files or alter your system configuration based solely on an EMAIL message, but research first (see #15 below).  

15.  Monitor the latest major threats that are emerging -- McAfee, Norton, Trend and other AV providers provide the latest breaking news on emerging threats. When the media highlights a new threat, pay close attention to this so you can avoid becoming infected. 

Some Key Links for the Latest Virus Threats

Best Real-Time:   http://www.messagelabs.com/viruseye/default.asp     

McAfee: http://vil.nai.com/VIL/newly-discovered-viruses.asp   

Norton:   http://www.symantec.com/avcenter                                

Trend:  http://www.antivirus.com/vinfo

F-Secure:  http://www.f-secure.com/v-descs/_new.shtml

 

General Best Practices for EMAIL Client Software

(e.g., Outlook, Eudora, Pegasus)

1.  Use Free Internet EMAIL in conjunction with EMAIL client programs -- Yahoo offers a free Internet based EMAIL system alternatives that scans all attachments automatically with Norton's latest virus definitions. Microsoft's Hot Mail also provides the same capability using McAfee. Either of these facilities provide an excellent means of protection for home or secondary business accounts.  The key advantage is you can route any suspicious EMAIL to these accounts for a secondary virus check to ensure it is clean.  This second "cross check" can be valuable to ensure a suspicious attachment is not infected.

Yahoo with Norton:   http://mail.yahoo.com 

Hotmail with McAfee:  http://www.hotmail.com

2.  Avoid the In-Box "Preview Pane" -- If you use Outlook or Outlook Express, set the options to avoid the "preview mode" which could automatically launch malicious code in harmful attachments. Even if you are completely up-to-date, 20-30 new viruses are created daily and this vulnerability could allow an infection to occur even with McAfee enabled.

3.  Use "Plain Text" mode for processing EMAIL -- Some EMAIL clients support toggling between HTML and plain text viewing modes.  Plain text is always safer as infected attachments can be hidden within an HTML message.  

4.  Install and keep update with security patches -- Unfortunately, only 2% of all users world have properly patched their Outlook clients, so they are still vulnerable to mass mailing viruses.  The Outlook security patch will disable most attachment processing and limit functionality.  However, your system is much better protected from malicious code. Information for your specific version of Outlook can be found at:

    http://office.microsoft.com/downloads

 

What are the characteristics of Suspicious EMAIL attachments?

1.  Always delete any attachment (without opening it) that ends in:  EXE, VBS, SCR, PIF, COM, BAT, or SHS.

2.  Avoid all "fun" animated attachments (e.g., jokes, cartoons, animations). By doing so, you may be a risk of permanent data loss, reloading Windows, or hours of repair work. You could also automatically spread copies of the virus to your friends, families, and business associates.

3. Avoid EMAIL attachments, where "emoticons" are used in the to tempt readers to launch a joke, animated display, or other program. If it seems out-of-character based on the author's style for EMAIL, then this message is most likely generated from a virus.

    Examples:  Here's the document you requested ;-)        Take a look at this :-) 

4. Do not open and always delete suspicious or unexpected EMAIL messages from an unknown source.

5. Never launch an attachment from a known EMAIL source, if this message is highly unusual or out of character for that individual. Some viruses will manipulate the EMAIL address book and send messages to everyone in it, (i.e., so messages from friendly sources can also be dangerous).

6. Avoid following any instructions from "Administrators", "Microsoft", or other legitimate sources that you receive via Internet EMAIL (e.g., virus writers can make these messages appear to come from legitimate sources). Most software companies always require you to go to their web sites to download software, so never launch any EXE attachments that might appear to come from legitimate sources.


GeoApps Pages
[Hosting] [Lists] [Links] [Files] [Help] [Home] [Anti-Virus]

Having trouble? Send e-mail to WebMaster@geoapps.com GeoApps Website designed and hosted by GeoApps