Guidelines for safer computing

March 22, 2001 Sophos Press Release

As well as keeping your anti-virus software up to date there are other ways in which you can reduce the chances of virus infection inside your company. Below we list some of the guidelines you might like to consider for safer computing.

* Network administrators
* Users

Guidelines for network administrators

  1. Have a strict policy in your organisation that downloading executables and documents from the net is unacceptable, and that anything that runs in your organisation has to be virus-checked and approved first. Unsolicited executables/documents/spreadsheets etc. should not be run inside any organisation. If you don't know that something is virus-free assume it isn't. Ideally, staff should not be allowed to have anything they don't actually need. However, you might want to consider providing a selection of games/screen savers for staff to use which have been virus-checked.
  2. Block any unwanted file types at the email gateway. Viruses often use file types such as VBS, SHS, EXE, SCR, CHM and BAT to spread. It is unlikely that your organisation will ever need to receive files of these types from the outside. If this is the case Sophos recommends blocking all of them at the email gateway - whether they are virus infected or not.

    Sophos MailMonitor can help you block unwanted file types at the email gateway.
  3. Some viruses attempt to disguise their true executable nature by using "double extensions". Files such as LOVE-LETTER-FOR-YOU.TXT.VBS or ANNAKOURNIKOVA.JPG.VBS may appear to be harmless graphic or ASCII text files at first glance at the file name. Sophos recommends blocking any file which has "double extensions" from entering an organisation.

    Again, Sophos MailMonitor can help you block suspicious filenames such as these at the email gateway.
  4. Hoax virus warnings and chain letter emails can be as disruptive as viruses themselves. Aside from spreading misinformation and wasting staff time and resources, it can be very embarrassing for your organisation if an employee forwards these to contacts or customers. A firm hoax policy such as this should be put in place:

    "You shall not forward any virus warnings of any kind to anyone other than <insert name of the department or staff member who looks after anti-virus issues>. It doesn't matter if the virus warnings have come from an anti-virus vendor or been confirmed by any large computer company or your best friend. All virus warnings should be sent to <insert name>, and <insert name> alone. It is <insert name>'s job to send round all virus warnings, and a virus warning that comes from any other source should be ignored."

    You may also like to consider adding a live hoax information feed to your website or intranet.
  5. Change the CMOS bootup sequence so that rather than booting from drive A: if you leave a floppy in your machine, you boot by default from drive C: instead. This should stop all pure boot sector viruses (like Form, CMOS4, AntiCMOS, Monkey, etc) from infecting you. Should you need to boot from a floppy disk the CMOS can easily be switched back.
  6. Make regular backups of important work and data, and check that the backups were successful.
  7. Subscribe to an email alert service that warns you about new, in-the-wild, viruses. At the same time consider adding a live virus information feed to your website or intranet to ensure your users know about the very latest computer viruses.
  8. Keep an eye on Microsoft's security bulletins. These warn of new security loopholes and issues with Microsoft's software.
  9. Produce a set of guidelines and policies for safe computing and distribute them amongst staff. Make sure that every employee has read and understood them and that if they do have any questions they know who to speak to. You may want to base these on the Sophos user guidelines below.

[TOP]

Guidelines for users

  1. Use Rich Text Format instead of DOC files which can harbour viruses. You can automatically save all of your Word documents as RTF by selecting Tools|Options|Save and choosing Rich Text Format as the default format from the drop down menu.
  2. Do not run, download or forward any unsolicited executables, documents, spreadsheets, etc. Anything that runs on your PC should be virus checked and approved first.
  3. Any email you weren't expecting should be treated with suspicion, even if it comes from someone you know. It is worth calling whoever sent it to you to check that they intended to send you the email.
  4. Do not open any files with a double file extension, (e.g. iamavirus.txt.vbs). Under normal circumstances you should never need to receive or use these.
  5. Do not download executables or documents from the internet. These are often used to spread computer viruses.
  6. Although JPG, GIF and MP3 files cannot be infected with a virus, viruses can be disguised as these file types. Jokes, pictures, graphics, screensavers and movie files should be treated with the same amount of suspicion as other file types.
  7. If in doubt, always ask your IT department for advice, do not open the file or email.
  8. If you think you have been infected with a virus inform your IT department immediately. Do not panic or interrupt other users.
  9. Any virus warnings or hoaxes should be sent to the IT department who can confirm whether or not it is genuine. Do not forward these warnings to anyone else; unless you are signed up to an official virus alert service it is unlikely to be a genuine warning.
  10. If you have to work at home ensure that you follow the same procedures there as you do at work. Viruses can easily be brought into an organisation along with work that has been done on a home PC.

Anti-virus software will prevent the vast majority of viruses from entering an organisation but it is not fool-proof. It is your responsibility to ensure that you don't get infected with a computer virus.