By Doug Carner
Last month's TechTalk column provided simple steps to vaccinate your business computers against malicious scripting viruses. This month you will learn how to safeguard your web surfing and business e-mail against deadly computer viruses.
If you use Microsoft Outlook to receive e-mail, a virus-infected message can easily use Window's powerful ActiveX controls to initiate a full virus invasion. Why take the chance? Since Outlook shares many of its security settings with Internet Explorer, you can protect both programs at the same time. The only downside is that some websites will now need to ask your permission to load. It may be a bit annoying, but it is truly better to be safe than sorry. Here's what you do:
- Once your computer is up and running, open Internet Explorer (web browser).
- Click on the TOOLS menu up top, then click on INTERNET OPTIONS. A new window will appear.
- Click on the SECURITY tab and four icons will appear at the top of the window.
- Click on the left-most icon labeled INTERNET and then click on the CUSTOM LEVEL button.
- At the bottom of the new window, select "Medium" as the custom setting.
- Click on the RESET button, and then confirm the change you are making.
- At the top of the window, scroll through the list of settings and find the one labeled "Run ActiveX controls and plug-ins." Change the setting from "Enable" to "Prompt."
- The next item is labeled "Script ActiveX controls marked safe for scripting." Change this setting on this item from "Enable" to "Prompt."
- Click on the OK button at the bottom of the window. This will bring up a confirmation question. Select YES.
- Now select the next icon at the top of the window, LOCAL INTRANET. Again click on CUSTOM LEVEL.
- Select "High" from the list, click the RESET button, and confirm this change.
- As we did before, change the "Run ActiveX controls and plug-ins" and "Script ActiveX controls marked safe for scripting" items from "Enable" to "Prompt." Click OK and confirm your changes.
- Select the third icon at the top of the window, TRUSTED SITES, and click on CUSTOM LEVEL.
- Select "Medium" from the list, click the RESET button, and confirm this change.
- Again change "Run ActiveX controls and plug-ins" and "Script ActiveX controls marked safe for scripting" from "Enable" to "Prompt." Click OK and confirm your changes.
- Select the forth icon, RESTRICTED SITES, and click CUSTOM LEVEL.
- Select "High" from the pick list, click RESET, and confirm this change.
- For the last time, change "Run ActiveX controls and plug-ins" and "Script ActiveX controls marked safe for scripting" from "Enable" to "Prompt." Click OK and confirm your changes.
- Click OK to exit this section and then exit Internet Explorer.
If you browse the Internet using Netscape Navigator, here is what you'll do:
- Once your computer is up and running, open the Netscape browser.
- Click on the EDIT menu and then on the PREFERENCES option.
- Click on "Advanced" and a list of options will appear on the right.
- Uncheck ENABLE AUTO-INSTALL and uncheck ENABLE JAVA.
- Click OK to save your changes and then exit the Netscape browser.
You are now very well protected against all known (and most unknown) virus invasions that try to self-install themselves to your computer. Your primary vulnerability lies in the fact that you might unintentionally invite a virus into your system. Unfortunately, this is very easy to do with e-mail attachments.
It may surprise you to learn that Microsoft's Outlook program is unable to show you the "real" file type when attachments have dual extensions. An attachment labeled FAMILY.JPG might seem safe in Outlook, even though the real file name could be FAMILY.JPG.EXE and it is likely hiding a dangerous virus. It is extremely unlikely that a legitimate source will ever send you a file with dual extensions.
Never open any attachment unless you are either expecting the message or see personal information in the message body. Even then, you should verify the attachment has only one extension. In Outlook you only need to select SAVE ATTACHMENTS from the FILE menu. Now you will see the complete file name. You can cancel this save function since it was just a method to help determine the safety of an attachment.
As a last journey into the land of healthy paranoia, files that end in .BAT, .COM, .EXE, .PIF and .SCR (just to name a few) can never be guaranteed safe. For example, HAPPY99.EXE was a popular e-mail attachment that displayed a beautiful fireworks show on your computer screen. It was also a pervasive virus.
You must use prudent judgment. A decent virus-checker program, such as McAfee VirusScan or Norton AntiVirus, will catch all but the newest viruses. While these programs are quick to react, they are often the cures after your computer has been infected. By now you have implemented the Windows settings noted in part one of this column (see last month's issue), and you have just finished implementing the browser and e-mail precautions noted here. You can now safely navigate the hazardous waters of the web as you work.
Doug Carner is the vice president of marketing for QuikStor Security & Software, a Sherman Oaks, Calif.-based company specializing in security, software and management for the self-storage industry. For more information, call 800.321.1987; e-mail email@example.com; visit www.quikstor.com.