November 1, 2001

4 Min Read
Protect Your PC

Protect Your PC

Part II

By Doug Carner

Last month's TechTalk columnprovided simple steps to vaccinate your business computers against maliciousscripting viruses. This month you will learn how to safeguard your web surfingand business e-mail against deadly computer viruses.

Web Security

If you use Microsoft Outlook to receive e-mail, a virus-infected message caneasily use Window's powerful ActiveX controls to initiate a full virus invasion.Why take the chance? Since Outlook shares many of its security settings withInternet Explorer, you can protect both programs at the same time. The onlydownside is that some websites will now need to ask your permission to load. Itmay be a bit annoying, but it is truly better to be safe than sorry. Here's whatyou do:

  • Once your computer is up and running, open Internet Explorer (web browser).

  • Click on the TOOLS menu up top, then click on INTERNET OPTIONS. A new window will appear.

  • Click on the SECURITY tab and four icons will appear at the top of the window.

  • Click on the left-most icon labeled INTERNET and then click on the CUSTOM LEVEL button.

  • At the bottom of the new window, select "Medium" as the custom setting.

  • Click on the RESET button, and then confirm the change you are making.

  • At the top of the window, scroll through the list of settings and find the one labeled "Run ActiveX controls and plug-ins." Change the setting from "Enable" to "Prompt."

  • The next item is labeled "Script ActiveX controls marked safe for scripting." Change this setting on this item from "Enable" to "Prompt."

  • Click on the OK button at the bottom of the window. This will bring up a confirmation question. Select YES.

  • Now select the next icon at the top of the window, LOCAL INTRANET. Again click on CUSTOM LEVEL.

  • Select "High" from the list, click the RESET button, and confirm this change.

  • As we did before, change the "Run ActiveX controls and plug-ins" and "Script ActiveX controls marked safe for scripting" items from "Enable" to "Prompt." Click OK and confirm your changes.

  • Select the third icon at the top of the window, TRUSTED SITES, and click on CUSTOM LEVEL.

  • Select "Medium" from the list, click the RESET button, and confirm this change.

  • Again change "Run ActiveX controls and plug-ins" and "Script ActiveX controls marked safe for scripting" from "Enable" to "Prompt." Click OK and confirm your changes.

  • Select the forth icon, RESTRICTED SITES, and click CUSTOM LEVEL.

  • Select "High" from the pick list, click RESET, and confirm this change.

  • For the last time, change "Run ActiveX controls and plug-ins" and "Script ActiveX controls marked safe for scripting" from "Enable" to "Prompt." Click OK and confirm your changes.

  • Click OK to exit this section and then exit Internet Explorer.

If you browse the Internet using Netscape Navigator, here is what you'll do:

  • Once your computer is up and running, open the Netscape browser.

  • Click on the EDIT menu and then on the PREFERENCES option.

  • Click on "Advanced" and a list of options will appear on the right.

  • Uncheck ENABLE AUTO-INSTALL and uncheck ENABLE JAVA.

  • Click OK to save your changes and then exit the Netscape browser.

You are now very well protected against all known (and most unknown) virusinvasions that try to self-install themselves to your computer. Your primaryvulnerability lies in the fact that you might unintentionally invite a virusinto your system. Unfortunately, this is very easy to do with e-mailattachments.

E-Mail

It may surprise you to learn that Microsoft's Outlook program is unable toshow you the "real" file type when attachments have dual extensions.An attachment labeled FAMILY.JPG might seem safe in Outlook, even though thereal file name could be FAMILY.JPG.EXE and it is likely hiding a dangerousvirus. It is extremely unlikely that a legitimate source will ever send you afile with dual extensions.

Never open any attachment unless you are either expecting the message or seepersonal information in the message body. Even then, you should verify theattachment has only one extension. In Outlook you only need to select SAVEATTACHMENTS from the FILE menu. Now you will see the complete file name. You cancancel this save function since it was just a method to help determine thesafety of an attachment.

As a last journey into the land of healthy paranoia, files that end in .BAT,.COM, .EXE, .PIF and .SCR (just to name a few) can never be guaranteed safe. Forexample, HAPPY99.EXE was a popular e-mail attachment that displayed a beautifulfireworks show on your computer screen. It was also a pervasive virus.

You must use prudent judgment. A decent virus-checker program, such as McAfeeVirusScan or Norton AntiVirus, will catch all but the newest viruses. Whilethese programs are quick to react, they are often the cures after your computerhas been infected. By now you have implemented the Windows settings noted inpart one of this column (see last month's issue), and you have just finishedimplementing the browser and e-mail precautions noted here. You can now safelynavigate the hazardous waters of the web as you work.

Doug Carner is the vice president of marketing for QuikStor Security& Software, a Sherman Oaks, Calif.-based company specializing in security,software and management for the self-storage industry. For more information,call 800.321.1987; e-mail [email protected];visit www.quikstor.com.

Subscribe to Our Weekly Newsletter
ISS is the most comprehensive source for self-storage news, feature stories, videos and more.

You May Also Like