¡§Prevention is better than Cure¡¨. We would like to emphasize that the protection against virus and worm attacks before it actually hits you is a better measure than recovery after you are infected. Please follow the guidelines below.
1. Install protection tools- Install anti-virus software to prevent your machine from virus attack.
- Keep your virus signature (also called virus definition file) updated daily before the start of the office hour. We recommend automating the update process.
- Schedule at least a weekly scan of your harddisk to check for viruses. The scheduled scan could be done in non-peak hours, such as during the lunch-break or after office hour.
- Turn on ¡§Scan ALL files¡¨ option in your anti-virus software. Do not just scan program files. Many current virus and worms are distributed via other forms like .EML, .VBS and .SHS.
- Do not allow other people to use your computer unless really necessary. These people might introduce malicious software and virus to your machine. In case you really need to allow third party accessing your computer, limit their access privilege to restricted folders and drives.
- Avoid sharing out folders. If there is a valid reason to do so, share the folder with user name and password settings. The setting can restrict an infected machine from implanting virus/worm on that share folder.
- If your are using Windows 2000 Professional or Server versions and if you do not need the web service (IIS) on your machine, uninstall/disable it. Many current worms try to exploit vulnerabilities on IIS.
- This principle also applies to other applications like SQL server, DNS server, etc.
- Do not open e-mail attachments from unexpected sources. Some viruses / worms disguise itself as season's greetings / celebrations. Do not execute any attachment unless you are sure what it does.
- Use MS Office Viewer (Word / Excel / Powerpoint) to read office documents attached to emails. These viewers do not run the macro scripts embedded in the documents and can therefore avoid macro viruses. They are available for download at the Microsoft web site.
- Check floppy diskettes, CD-ROMs and files downloaded from the Internet (especially those from unknown origin) with anti-virus software before use.
- Patch the commonly used software, including the operation system, browser and office application.
- Monitor the latest patch information, e.g. turning on the Windows Update feature or subscribe to information security news.
- When managing the anti-virus software of a corporation, turn on the ¡§central management option¡¨ of your anti-virus solution. The option allows you to manage and monitor virus signature update, virus-scanning schedules, scanning reports and infection status of all machines in a central location.
- The email system is not the only transport medium of virus/worm. Consider screening mechanisms in other transport media like web browsing and FTP access as well to block virus/worm.
- Restrict external parties, e.g. guests and contractors, from tapping into your network before you have approved their machines are clean.
- Create one or more Emergency Recovery Diskette/CD-ROM and put in a safe place. This is a diskette/CD that helps to start your system. Create also the Rescue Diskette of your anti-virus software. The rescue diskette helps you to delete any virus in your system during recovery.
- Backup your data regularly to another media (e.g. tape or server) other than your local harddisk. Data can be recovered even if your machine is totally crashed.
- Subscribe to information security and virus news, e.g. HKCERT and your corporate anti-virus software provider mailing group.
- Develop reporting, response and recovery procedure to handle security incidents that include virus infection. Define the responsibilities of users and response/recovery personnel.
- Do not send hoaxes to others. Hoaxes often spread fake alarms. They usually come in an email in a chain letter fashion describing some highly unlikely type of virus. A hoax usually has no reference to a trustworthy third party who can validate the claim of the message.
- Using illegal software is very dangerous. It may contain virus, worm or trojan. You may infect your own system by installing them on your machine.
- Make sure your server and PC does not boot from floppy diskette drive or CDROM drive. Change the BIOS setting to boot from the local hard disk only. This is an effective measure against boot sector viruses.
- Make sure your Windows Explorer show all file extensions. Go to ¡§Tools à Folder Options à View¡¨ and deselect ¡§Hide file extensions for known file types.¡¨
- Configure your firewall to restrict outgoing traffic. The outbound filter can effectively stop most of the trojans from making outbound connections to leak confidential information. Firewall filtering for incoming traffic only is not safe enough.
