How to avoid virus infection:
1) Turn off and remove unneeded services. By default, many operating
systems install auxiliary services that are not critical, such as
an FTP server, telnet, and a Web server. These services are avenues
of attack. If they are removed, threats have fewer avenues of attack.
2) Always keep your patch levels up-to-date, especially on computers
that host public services and are accessible through the firewall,
such as HTTP, FTP, mail, and DNS services.
The Microsoft Update site (
http://windowsupdate.microsoft.com) is
the place to start for getting the patches. The best download is
the Critical Update Notification. This tool will alert you to the
existence of new patches, as they become available.
3) Enforce a password policy. Complex passwords make it difficult to
crack password files on compromised computers. This helps to prevent
or limit damage when a computer is compromised.
4) Configure your email server to block or remove email that contains
file attachments that are commonly used to spread viruses.
This is the list of attachment suffixes that are considered by
Microsoft to be potentially malicious (are blocked by Outlook XP):
.ade, .adp, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .prf, .reg, .scf, .scr, .sct, .shb,
.shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh
5) Train employees not to open attachments unless they are expecting them.
Also, do not execute software that is downloaded from the Internet
unless it has been scanned for viruses. Simply visiting a compromised
Web site can cause infection if certain browser vulnerabilities are not
patched.
6) Remove unneeded shares. If you don't want people to access your
files, then disable the File and Printer Sharing from the Control Panel.
Some points about your existing tips:
- Can you get a virus from just viewing the mail? YES. If you have not
installed the Outlook security patches from Microsoft, then simply by
previewing or opening the mail, an attachment can execute without any
interaction. No click required.
- Preventing viruses from "seeing" scripting:
JS (aka Microsoft JScript or ECMAScript) is another scripting type.
However, removing the registry associations is no guarantee that the
script will not run. The way to stop scripts from running is to remove
or rename the scripting host. To do that, rename or delete WSCRIPT.EXE
and CSCRIPT.EXE.
7. Today's web sites contain active content and often it is necessary to download a special [script] viewer or plugin to view this content. In Internet Explorer especially, the plugin / viewer can be automatically downloaded! You can set your "Internet Options" in your Control Panel to warn you when a plugin / viewer is needed to download to view the web site content. Many of these plugins can contain destructive ActiveX or JavaScript controls that WILL take control of your computer with hurricane force!
Listed here are some SAFE plugins to download:
· Macromedia Flash / Shockwave [upgrades too] [much of Bowzer Bird Design is created with Flash MX and you will need this plugin to view it]
· Real Audio [upgrades too]
· Windows Media Player [upgrades too]
Let your tuition warn you when you enter a site that requires you to download a viewer / plugin. DON'T DO IT!!
8.
Microsoft Security Notification Service
This service provides summary information from every Microsoft security bulletin. Security bulletins are technical documents discussing newly discovered security vulnerabilities, and provide information on what products are affected, the risk the vulnerabilities pose, and how to eliminate them. Click the link to subscribe. You will have to register first with Microsoft Net and then on the Newsletters page, choose the Microsoft Security Notification Service.
In OutLook, Window's programs and Windows OS's, there are many vulnerabilities a hacker/cracker can find and enter you system withevil intentions. Here, you will find what "patches" "fixes" or "SP's" to download and install to close the "loopholes."
The Security Notification can be directly emailed to you or you can choose from the left side bar which ones you want info for and than download them individually.