Use virus protection software
I recommend the use of anti-virus software on all Internet-connected computers. Be sure to keep your anti-virus software up-to-date. Many anti-virus packages support automatic updates of virus definitions. I recommend the use of these automatic updates when available.
Use a firewall
I strongly recommend the use of some type of firewall product, such as a network appliance or a personal firewall software package. Intruders are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.
- Make a boot disk in case your computer is damaged or compromised
To aid in recovering from a security breach or hard disk failure, create a boot disk which will help when recovering a computer after such an event has occurred. Remember, however, you must create this disk before you have a security event.
Make regular backups of critical data
Keep a copy of important files on removable media such as ZIP disks or recordable CD-ROM disks (CD-R or CD-RW disks). Use software backup tools if available, and store the backup disks somewhere away from the computer.
Don’t run programs of unknown origin
Never run a program unless you know it to be authored by a person or company that you trust. Also, don’t send programs of unknown origin to your friends or coworkers simply because they are amusing — they might contain a Trojan horse program.
Disable scripting features in email programs
The most significant impact of this vulnerability can be avoided by disabling all scripting languages. Turning off these options will keep you from being vulnerable to malicious scripts. However, it will limit the interaction you can have with some web sites.
Many legitimate sites use scripts running within the browser to add useful features. Disabling scripting may degrade the functionality of these sites.
Don’t open unknown email attachments
Before opening any email attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognize. The Melissa virus spread precisely because it originated from a familiar address. Malicious code might be distributed in amusing or enticing programs.
If you must open an attachment before you can verify the source, I suggest the following procedure:
- Be sure your virus definitions are up-to-date
- Save the file to your hard disk
- Scan the file using your antivirus software
- For additional protection, you can disconnect your computer’s network connection before opening the file.
Following these steps will reduce, but not wholly eliminate, the chance that any malicious code contained in the attachment might spread from your computer to others.
Disable hidden filename extensions
Windows operating systems contain an option to “Hide file extensions for known file types”. The option is enabled by default, but you can disable this option in order to have file extensions displayed by Windows. After disabling this option, there are still some file extensions that, by default, will continue to remain hidden.
Keep all applications, including your operating system, patched
Vendors will usually release patches for their software when vulnerability has been discovered. Most product documentation offers a method to get updates and patches. You should be able to obtain updates from the vendor’s web site. Read the manuals or browse the vendor’s web site for more information.
Turn off your computer or disconnect from the network when not in use
Turn off your computer or disconnect its Ethernet interface when you are not using it. An intruder cannot attack your computer if it is powered off or otherwise completely disconnected from the network.