Ten ways to defend against viruses

Keeping antivirus software up to date is critically important for all platforms, even if some of the operating systems, such as Macintosh and Linux, aren't as widely targeted by virus threats. But the key to ensuring that your network remains virus-free is something beyond the deployment of dependable antivirus solutions. Companies must educate employees about safe computing practices and enforce policies to safeguard the network. Here are some ways to help prevent malicious code from wreaking havoc at your company.

1. Enforce strict policies. Downloading executables or documents from the Internet is unacceptable, and anything that runs in your organization should be virus-checked and approved first. Unsolicited executables, documents, spreadsheets and such shouldn't be run inside any organization. If you don't know that something is virus-free, assume it isn't. Ideally, employees and staff shouldn't be allowed to have anything they don't actually need.

2. Block any unwanted file types at the e-mail gateway. Viruses often use file types such as .vbs, .shs, .exe, .scr, .chm and .bat to spread. It's unlikely that your organization will ever need to receive files of these types from the outside.

3. Block any file that has "double extensions" from entering your organization. Some viruses attempt to disguise their true executable nature by using double extensions. Files with names such as love-letter-for-you.txt.vbs or annakournikova.jpg.vbs may appear at first to be harmless graphic or ASCII text files.

4. Set a firm policy on hoaxes. Hoax virus warnings and chain letter e-mails can be as disruptive as viruses themselves. Not only do hoaxes spread misinformation and waste staff time and resources, but they can also be embarrassing to organizations whose employees forward them to contacts or customers. Here's a sample hoax policy:

"You shall not forward any virus warnings of any kind to anyone other than [insert name of the department or staff member who looks after antivirus issues]. It doesn't matter if the virus warnings have come from an antivirus vendor or been confirmed by any large computer company or your best friend. All virus warnings should be sent to [insert name] and [insert name] only. It is [insert name]'s job to send all virus warnings, and a virus warning that comes from any other source should be ignored."

5. Change the CMOS bootup sequence so that, rather than booting from drive A: if you leave a floppy in your machine, you boot by default from drive C:. This should stop all pure boot-sector viruses (like Form, CMOS4, AntiCMOS and Monkey) from infecting your systems. Should you need to boot from a floppy disk, the CMOS can easily be switched back.

6. Make regular backups of important work and data, and check that the backups were successful.

7. Subscribe to an e-mail alert service that warns you about new, in-the-wild viruses. There are many antivirus vendors and security sources that regularly publish alerts of new virus threats (see Computerworld's antivirus vendor listings).

8. Keep an eye on Microsoft's security bulletins. These warn of new security loopholes and issues with Microsoft's software.

9. Produce a set of guidelines and policies for safe computing, and distribute them among employees. Make sure that every employee has read and understood them and that they know whom to contact if they have questions.

10. Keep your antivirus software up to date across the enterprise.

Chris Belthoff is senior security analyst at Sophos PLC.

Ten Steps to Safer Computing Apart from using antivirus software, there are plenty of simple measures you can take to help protect yourself and your company from viruses and virus hoaxes. 1. Don't use documents in .doc or .xls format. 2. Don't launch unsolicited programs or documents. 3. Forward warnings to one authorized person only. 4. If you don't need Windows Scripting Host, turn it off. 5. Follow software companies' security bulletins. 6. Block unwanted file types at the e-mail gateway. 7. Change your computer's bootup sequence. 8. Write-protect floppies before giving them to other users. 9. Subscribe to an e-mail alert service. 10. Back up programs and data regularly.

Tips From Security Experts

Stories in this report:

• Editor's Note: Tips From Security Pros
  
• The Story So Far: IT Security
  
• Know Thy Users: Identity Management Done Right
  
• Opinion: Feeling Insecure About Databases
  
• Evaluate Outsourcing Partners
  
• Strengthen Security During Mergers
  
• Thwart Insider Abuse
  
• Privacy Protection, Step by Step
  
• Plug IM's Security Gaps
  
• Boost Your Security Career
  
• The Almanac: IT Security
  
• Buffer Overflow
  
• The Next Chapter: IT Security
  
• Thwarting attacks on Apache Web servers
  
• Tips for Securing Your Windows Operating System
  
• The Hacker's Wireless Toolbox Part 1
  
• How to defend against internal security threats
  
• Ten ways to defend against viruses
  
• Decoding Mobile Device Security
  
• Five ways to thwart threats to your network
  
• Secrets to the best passwords
  
• Social engineering: It's a matter of trust
  
• Five tips for effective patch management
  
• Security Basics: Where to Start
  
• Steps to a secure operating system
  
• WLAN chip sets open a new door to insecurity