In-Depth

Best Practices: Avoiding Computer Worms

F-Secure releases a dozen tips to help users avoid common worm problems

• By Mathew Schwartz
• 12/03/2003

To cut the costs of user error, it’s up to security administrators to properly train, and re-train, employees about the dos and don’ts that lead to improved corporate security.

Anti-virus vendor F-Secure released its top recommendations for corporate users to mitigate worms:

1. Wrangle Outlook. Since “most of the worms which use e-mail to propagate use Microsoft Outlook or Outlook Express to spread,” if your company uses Outlook, lock it down. Prioritize security updates from Microsoft and all operating system upgrades to avoid problems.
   
2. Avoid e-mail attachments. “When possible, avoid e-mail attachments both when sending and receiving e-mail.” This won’t be possible for every company, of course, but try to promote a culture in which attachments are the exception.
   
3. 3. Show file extensions in Windows. A “helpful” feature of Windows often hides file extensions for users. Trouble is, that “business plan” file might actually have a “.vbs” extension on the end, and that often spells worm. F-Secure notes the way to show extensions: “This is done through Explorer via the Tools menu: Tools/Folder Options/View … uncheck 'Hide file extensions for known file types.'”
   
4. Treat some files like the plague. Does a file extension end in “.vbs” or “.shs” or “.pif”? Forget it. It’s almost certainly a worm.
   
5. Beware double extensions. Once file extensions are revealed, also beware of any files that seem to have double extensions, such as “name.bmp.exe” or “name.txt.vbs,” since only the last extension matters (see #4).
   
6. Sharing is bad. In general, folder sharing makes systems less secure, since it opens a conduit for someone to access a computer where none previously existed. Avoid sharing when possible, and never ever “share your full drive or your Windows directory,” says F-Secure.
   
7. Turn off that modem. “Disconnect your network or modem cable when you're not using your computer—or just power it down,” says F-Secure. If a computer is on, and its network connection is on but no one is sitting at it, why take a chance?
   
8. Trust your gut. Strange e-mail from someone you know? Possibly written in a foreign language? Do your homework—contact the known person and verify that he/she sent the attachment before you open it. Chances are a virus copied itself and sent itself to you.
   
9. Avoid advertisements, explicit names. Don’t touch attachments received from advertising e-mails. Ditto for sexually explicit names. They’re bait.
   
10. Beware a pretty picture. Latest-generation virus attacks dress like the real thing—a Microsoft support page, for example. Just because a sender nails the graphic design look of something that seems familiar doesn’t mean it’s real.
    
11. Avoid attachments from strangers via instant messaging (IM). “Never accept attachments from strangers in online chat systems such as IRC, ICQ or AOL IM,” F-Secure warns.
    
12. Avoid newsgroup downloads. Usenet is an excellent resource for trading information. Unfortunately, “these are often used by virus writers to distribute their new viruses,” frequently disguised as per above instructions.