22 Mar 2001
Guidelines for safer computing
As well as keeping your anti-virus software up to date there are
other ways in which you can reduce the chances of virus infection
inside your company. Below we list some of the guidelines you might
like to consider for safer computing.
Guidelines for network administrators
- Have a strict policy in your organisation that downloading
executables and documents from the net is unacceptable, and that
anything that runs in your organisation has to be virus-checked and
approved first. Unsolicited executables/documents/spreadsheets etc.
should not be run inside any organisation. If you don't know that
something is virus-free assume it isn't. Ideally, staff should not
be allowed to have anything they don't actually need. However, you
might want to consider providing a selection of games/screen savers
for staff to use which have been virus-checked.
- Block any unwanted file types at the email gateway. Viruses
often use file types such as VBS, SHS, EXE, SCR, CHM and BAT to
spread. It is unlikely that your organisation will ever need to
receive files of these types from the outside. If this is the case
Sophos recommends blocking all of them at the email gateway -
whether they are virus infected or not.
can help you block unwanted file types at the email gateway.
- Some viruses attempt to disguise their true executable nature
by using "double extensions". Files such as
LOVE-LETTER-FOR-YOU.TXT.VBS or ANNAKOURNIKOVA.JPG.VBS may appear to
be harmless graphic or ASCII text files at first glance at the file
name. Sophos recommends blocking any file which has "double
extensions" from entering an organisation.
MailMonitor can help you block suspicious filenames such as
these at the email gateway.
Hoax virus warnings and chain
letter emails can be as disruptive as viruses themselves. Aside
from spreading misinformation and wasting staff time and resources,
it can be very embarrassing for your organisation if an employee
forwards these to contacts or customers. A firm hoax policy such as
this should be put in place:
"You shall not forward any virus warnings of any kind to anyone
other than <insert name of the department or staff member who
looks after anti-virus issues>. It doesn't matter if the virus
warnings have come from an anti-virus vendor or been confirmed by
any large computer company or your best friend. All virus warnings
should be sent to <insert name>, and <insert name>
alone. It is <insert name>'s job to send round all virus
warnings, and a virus warning that comes from any other source
should be ignored."
You may also like to consider adding
a live hoax information feed to your website or intranet.
- Change the CMOS bootup sequence so that rather than booting
from drive A: if you leave a floppy in your machine, you boot by
default from drive C: instead. This should stop all pure boot
sector viruses (like Form, CMOS4, AntiCMOS, Monkey, etc) from infecting
you. Should you need to boot from a floppy disk the CMOS can easily
be switched back.
- Make regular backups of important work and data, and check that
the backups were successful.
Subscribe to an email alert
service that warns you about new, in-the-wild, viruses. At the
same time consider adding a live
virus information feed to your website or intranet to ensure
your users know about the very latest computer viruses.
- Keep an eye on Microsoft's security
bulletins. These warn of new security loopholes and issues with
- Produce a set of guidelines and policies for safe computing and
distribute them amongst staff. Make sure that every employee has
read and understood them and that if they do have any questions
they know who to speak to. You may want to base these on the Sophos
user guidelines below.
Guidelines for users
- Use Rich Text Format instead of DOC files which can harbour
viruses. You can automatically save all of your Word documents as
RTF by selecting Tools|Options|Save and choosing Rich Text Format
as the default format from the drop down menu.
- Do not run, download or forward any unsolicited executables,
documents, spreadsheets, etc. Anything that runs on your PC should
be virus checked and approved first.
- Any email you weren't expecting should be treated with
suspicion, even if it comes from someone you know. It is worth
calling whoever sent it to you to check that they intended to send
you the email.
- Do not open any files with a double file extension, (e.g.
iamavirus.txt.vbs). Under normal circumstances you should never
need to receive or use these.
- Do not download executables or documents from the internet.
These are often used to spread computer viruses.
- Although JPG, GIF and MP3 files cannot be infected with a
virus, viruses can be disguised as these file types. Jokes,
pictures, graphics, screensavers and movie files should be treated
with the same amount of suspicion as other file types.
- If in doubt, always ask your IT department for advice, do not
open the file or email.
- If you think you have been infected with a virus inform your IT
department immediately. Do not panic or interrupt other users.
- Any virus warnings or hoaxes
should be sent to the IT department who can confirm whether or not
it is genuine. Do not forward these warnings to anyone else; unless
you are signed up to an official virus alert service it is unlikely
to be a genuine warning.
- If you have to work at home ensure that you follow the same
procedures there as you do at work. Viruses can easily be brought
into an organisation along with work that has been done on a home
Anti-virus software will prevent the vast majority of viruses
from entering an organisation but it is not fool-proof. It is your
responsibility to ensure that you don't get infected with a
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.