Avoiding Harmful Attacks

Spreading Harmful Infections

Many viruses and other harmful attacks spread through file downloads, attachments in e-mail messages, and data files that have macros, ActiveX controls, add-ins, or Visual Basic for Applications (VBA) code attached to them. Virus writers capitalize on people's curiosity and willingness to accept files from people they know or work with, in order to transmit malicious files disguised as or attached to benign files. When you start downloading files to your computer, you must be aware of the potential for catching a computer virus, worm, or Trojan Horse. Typically, you can't catch one from just reading a mail message or downloading a file, but you can catch one from installing, opening, or running an infected program or attached code.

Understanding Harmful Attacks

Phishing is a scam that tries to steal your identity by sending deceptive e-mail asking you for bank and credit card information online. Phishers spoof the domain names of banks and other companies in order to deceive consumers into thinking that they are visiting a familiar Web site.

Phishers create a Web address that looks like a familiar Web address but is actually altered. This is known as a homograph. The domain name is created using alphabet characters from different languages, not just English. For example, the Web site address "www.microsoft.com" looks legitimate, but what you can't see is that the "i" is a Cyrillic character from the Russian alphabet.

Don't be fooled by spoofed Web sites that look like the official site. Never respond to requests for personal information via e-mail; most companies have policies that do not ask for your personal information through e-mail. If you get a suspicious e-mail, call the institution to investigate and report it.

Spam is unsolicited e-mail, which is often annoying and time-consuming to get rid of. Spammers harvest e-mail addresses from Web pages and unsolicited e-mail. To avoid spam, use multiple e-mail addresses (one for Web forms and another for private e-mail), opt-out and remove yourself from e-mail lists. See the Microsoft Windows and Microsoft Outlook Help system for specific details.

Spyware is software that collects personal information without your knowledge or permission. Typically, spyware is downloaded and installed on your computer along with free software, such as freeware, games, or music file-sharing programs. Spyware is often associated with Adware software that displays advertisements, such as a pop-up ad. Examples of spyware and unauthorized adware include programs that change your home page or search page without your permission. To avoid spyware and adware, read the fine print in license agreements when you install software, scan your computer for spyware and adware with detection and removal software (such as Ad-aware from Lavasoft), and turn on Pop-up Blocker. See the Microsoft Windows Help system for specific details.

Avoiding Harmful Attacks Using Office

There are a few things you can do within any Office 2007 program to keep your system safe from the infiltration of harmful attacks.

1. Make sure you activate macro, ActiveX, add-in, and VBA code detection and notification. You can use the Trust Center to help protect you from attached code attacks. The Trust Center checks for trusted publisher and code locations on your computer and provides security options for add-ins, ActiveX controls, and macros to ensure the best possible protection. The Trust Center displays a security alert in the Message Bar when it detects a potentially harmful attack.

2. Make sure you activate Web site spoofing detection and notification. You can use the Trust Center to help protect you from homograph attacks. The Check Office documents that are from or link to suspicious Web sites check box under Privacy Options in the Trust Center is on by default and continually checks for potentially spoofed domain names. The Trust Center displays a security alert in the Message Bar when you have a document open and click a link to a Web site with an address that has a potentially spoofed domain name, or you open a file from a Web site with an address that has a potentially spoofed domain name.

3. Be very careful of file attachments in e-mail you open. As you receive e-mail, don't open or run an attached file unless you know who sent it and what it contains. If you're not sure, you should delete it. The Attachment Manager provides security information to help you understand more about the file you're opening. See the Microsoft Outlook Help system for specific details.

Avoiding Harmful Attacks Using Windows

There are a few things you can do within Microsoft Windows to keep your system safe from the infiltration of harmful attacks.

1. Make sure Windows Firewall is turned on. Windows Firewall helps block viruses and worms from reaching your computer, but it doesn't detect or disable them if they are already on your computer or come through email. Windows Firewall doesn't block unsolicited e-mail or stop you from opening e-mail with harmful attachments.

2. Make sure Automatic Updates is turned on. Windows Automatic Updates regularly checks the Windows Update Web site for important updates that your computer needs, such as security updates, critical updates, and service packs. Each file that you download using Automatic Update has a digital signature from Microsoft to ensure its authenticity and security.

3. Make sure you are using the most up-to-date antivirus software. New viruses and more virulent strains of existing viruses are discovered every day. Unless you update your virus-checking software, new viruses can easily bypass outdated virus checking software. Companies such as McAfee and Symantec offer shareware virus checking programs available for download directly from their Web sites. These programs monitor your system, checking each time a file is added to your computer to make sure it's not in some way trying to change or damage valuable system files.

4. Be very careful of the sites from which you download files. Major file repository sites, such as FileZ, Download.com, or TuCows, regularly check the files they receive for viruses before posting them to their Web sites. Don't download files from Web sites unless you are certain that the sites check their files for viruses. Internet Explorer monitors downloads and warns you about potentially harmful files and gives you the option to block them.