Sunday, June 25, 2017
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: jorgea
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 39

People Online People Online:
Visitors Visitors: 80
Members Members: 0
Total Total: 80

Online Now Online Now:
Click here to visit OS-Cubed, Inc.
Viruswarn banner

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of  You can always access old content at .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.


  Viruswarn Forums
Subject: Viruswarning best practices 9/21/2002

You are not authorized to post a reply.   
Author Messages
Lee Drake

05/20/2002 1:32 PM  
I've received a large number of new subscribes to the Virus warning list in the wake of SirCam and NIMDA. I'd like to welcome all our new subscribers. I also would like to send you out some information on securing your systems that David, Brett and I have sent out little by little over the last few months of operating Virus Warning. Here are some frequently asked questions we get: 1) What can I do to secure my system? First you have to look at what the threats are. You have basically 5 ways that a virus or worm can get to your system: 1) Through your email - these days this is the most prevalent way for a virus to spread. Most email viruses take advantage of a number of security holes in popular email products, as well as the naiveté of users. Many users, when they see an attachment - just go for it. They say "Ohh goody - someone sent me something" double click it and worry about what's in it later. This is the MOST COMMON WAY that viruses get spread today. It makes sense then to be sure that your Virus scanning software scans your email - preferably before it even hits your mailbox. Norton Antivirus does a great job of this - McAfee a slightly less effective job. (The reason I say Norton is that it scans both Outgoing and Incoming mail - McAfee only scans incoming mail at this time). 2) By being hacked from the internet - the spread of DSL and Cable Modem connections have meant that people frequently leave their computer on - even when it's not attended. It also means that you typically have an open system just waiting on someone to try to infect or take it over. There are a number of steps you can take to lock down a system, including unlinking NETBIOS from your internet connection, and using a product such as Zone Alarm Pro. 3) Through shares on your system - These days most computers are hooked to a server, or share data between each other - it's easy, it's fast - and it's dangerous. Because now you can get infected both through your own email or hacking, but also if the computer you're plugged into is hacked or compromised. If a domain server gets infected, it can spread that infection to literally thousands of computers in seconds. Your main protection on this sort of vulnerability is keeping up to date on patches, and running server-side virus scanning software. 4) Through disks you share with others - you can still get a virus from someone else's floppy disk, or it's contents. The best protection from this is scanning all media before using them in your computer. 5) Through the web - The advent of NIMDA introduces another source for nasty virus - the web server. If someone else's IIS server gets infected it's possible in some cases, for that machine to push down onto other machines it's infection. Your best protection here is an up to date browser, and local internet based virus scanning. What can I do to prevent myself from getting a virus? Gone are the days when you can update your virus signatures every week or 2 weeks and hope to avoid the majority of virus'. I'd strongly recommend DAILY updates - perhaps even 2x per day. Not 5 hours after NIMDA was released on the net it had infected and damaged thousands of servers. Almost every popular virus scanning software allows automatic updating of the virus signatures. Be sure this is set up, is operating, and is downloading any new signatures 1x per day at least. Also be sure you have a virus scanning software that is no more than one year old - the older virus scanning engines aren't nearly as fast or complete as the newer ones. Finally be sure that your virus scanner is configured to protect your email, your internet connection, as well as your drives and files - most default installations leave all or some of these out. I would set my explorer interface to SHOW ALL file extensions (not to hide them). You do this from tools/folder options/view in most versions of Windows. This way if someone sends you a virus it's REAL extension is displayed. A common way to spread viruses is to rename them something like: myPicture.jpg.exe . A file named something like that is ACTUALLY an executable program, but it will look like a picture at casual glance if you don't check carefully. The next recommendation is that, if you're internet connected, and not behind a firewall, you unbind TCP/IP from the netbios interface. This is a multi-step process, but well worth it: check from instructions. In addition to the unbinding of TCP I'd recommend those with broadband connections get the program ZONEALARM (or some other equivalent software for blocking internet attacks). I recommend this EVEN IF YOU ARE BEHIND A FIREWALL. The reason being that if you do somehow get an attack through email - it won't be able to send information from your computer out onto the internet if zone alarm is installed. You can get zonealarm, for free, at If you have more than one internet connected computer, or even if you don't, it's pretty cheap to purchase and install a hardware based firewall as well. Linksys makes one that commonly retails for under $100 these days - and it's well worth it. Finally, you should download and install Microsoft's "critical update notification option". is where you go for that one. The critical update notifier will tell you, as soon as you login to the interet, if there are any security critical updates you need on your machine. I'd also periodically run windowsupdate and be sure that you have the latest patches and service packs for Internet Explorer. This should be done roughly once per week. If you're an office user you should do the same thing with and be sure that your office apps are up to snuff. If you use Outlook or Outlook express for email, be sure that you have Tools/Options/Security tab/Zones set to "restricted zone" for both. This effectively disables scripting in email messages. You should (for outlook) be sure you've downloaded and applied all internet security patches for the tool. Outlook express is updated by updating Internet Explorer. What should I do if I DO get infected? First off - don't panic - in many cases it can be fixed IF you do so correctly. The first thing to do is disconnect your machine from the internet - the vast majority of machines these days probe for other people on the internet, or send out emails to all your friends with the virus in them. If you physically (by unplugging the cable) disconnect from the internet - you're much less likely to be a vector for a the virus on other people's email, shares, etc. Second - if you're not comfortable with computers - this is a good time to call an expert. If you are you probably know what to do - Get the latest signatures, check for a "cleaner tool" on the virus vendors site, boot from a known clean disk, and scrub your system good. If it refuses to boot, call an expert. What if I run a server that's available on the internet? If you're in this category, and you're looking to me for answers, then you probably need to hire someone qualified to do this. Running an internet based server is not for the faint of heart - it requires a significant investment in time and security issues. If you don't feel comfortable in this role - GET SOMEONE WHO IS to do it for you. What good is this list? Will it keep me bug free? Unfortunately worms and viruses spread too fast to make that sort of guarantee. This list serves to let people know when a particularly virulent virus appears, or when a virus with a new mode of infection appears. But just reading this list won't protect you from anything - you MUST take action for that to happen. We don't provide any guarantee on the timeliness of our announcements - we do them as quickly as possible and have sometimes been before the major news agencies - but certainly not every time. What about hoaxes? There are any number of virus hoaxes - it's sometimes hard to tell the real warnings from the fake ones. We've yet to announce a hoax on viruswarn - and we don't intend to. We encourage you to check anything out before you pass it along as well. All our announcements are based on confirmed observations of the bug and it's confirmation from at least 2 sources. If you want info about virus and worm hoaxes check out these links: A typical hoax message will say - "Pass this along to all your friends" and will cite "sources at Microsoft" or "Sources at Norton" without giving you a specific link to check it out. If you see any of these warning signs it's a darn good idea to check it out before spreading it. Lee Drake, Moderator
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning Best Practices > Viruswarning best practices 9/21/2002

ActiveForums 3.6
  Register or Login

Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement