4.8 Preventing Viruses in Windows Preventing viruses in a Windows world means implementing the lessons we learned from DOS and adding a few new ones. 4.8.1 Install Antivirus SoftwareAn up-to-date antivirus software package is a convenient way to prevent most computer virus infections. 4.8.2 Disable Booting from Drive ADisabling booting from drive A will prevent boot viruses from infecting your machine, unless they are placed there by a dropper or multipartite program. 4.8.3 Don't Run Untrusted CodeWhen friends and business associates send me unexpected or untrusted files with the exploitable extensions listed in Table 3-1, I usually delete them right away. If I suspect the file is legitimate , I will try to open the file in a nonthreatening way. For example, if someone sends me a rich text file (RTF), I will open it up in WordPad. There are known exploits of .RTF files in MS Word, so I open the file up in an application with less of a chance to cause harm. Using this philosophy I have never been infected by an email bearing a virus or Trojan. Of course, if I'm sent a file that I'm expecting and I have taken the appropriate security precautions (such as disabling document macros, running a virus scanner, etc.), then I feel safer when opening the file. 4.8.4 Install Service Packs and UpdatesInstalling the latest service packs and updates is a great way to close known security holes. Although slow to respond, Microsoft fixes weaknesses in their operating systems with every service pack. Install the in-between patches to stay more current.
4.8.5 Reveal File ExtensionsWhen I receive a new, unexpected file, I always examine the type of file it is before double-clicking on it. I never open or execute files with potentially dangerous consequences ( .COM, .VBS, .EXE , etc.). As we discussed earlier, Windows often hides file extensions by default, and will allow files to hide their extensions even if you explicitly told Windows not to. The .SHS , . LNK , .DESKLINK , .URL , .MAPIMAIL , and .PIF extensions are just some of the extensions hidden by default that may contain malicious code. To force Windows to reveal all file extensions, follow these instructions:
4.8.6 Limit Administrative LogonsNT security experts recommend not routinely logging on to NT with administrator rights (full access) unless you need the additional rights. If you have Windows 2000, use its Run As feature when you need a higher level of permissions. That way, if a malicious program gets loose, it functions under the more restrictive rights of the logged on normal user . Clearly the effects of viruses, like Remote Explorer, can be minimized.
4.8.7 Tighten SecurityOnly the Windows NT platform has the ability to implement file and resource security. Begin by assigning users and administrators alike, the lowest level of permission they need to perform their job. Using REGEDT32.EXE , make sure the crucial parts of the registry only allow administrative access (Windows 2000 comes with stronger default registry security enabled. Make sure your Guest account is disabled. Use the flexibility and power of group permissions, policies, profiles, and security policies to implement strong security. Disable unnecessary services and startup programs. Document what is normally running on the server. Remove floppy diskettes from the computer when not needed. Lastly, maintain good physical security to all computer resources. If you follow all of these steps, you've gone a long way toward preventing the spread of computer viruses and other forms of malicious mobile code in a Windows environment. |
Team-Fly |
Top |