2. Don't open unknown email attachments
Before opening any email attachments, be sure you know the source
of the attachment. It is not enough that the mail originated from
an address you recognize. The Melissa virus spread precisely because
it originated from a familiar address. Malicious code might be distributed
in amusing or enticing programs.
If you must open an attachment before you can verify the source,
we suggest the following procedure:
a. save the file to your hard disk
For additional protection, you can disconnect or lock your computer's
network connection before opening the file.
b. scan the file using your antivirus software
c. open the file
Following these steps will reduce, but not wholly eliminate, the chance
that any malicious code contained in the attachment might spread from
your computer to others.
3. Don't run programs of unknown origin
Never run a program unless you know it to be authored by a person
or company that you trust. Also, don't send programs of unknown
origin to your friends or coworkers simply because they are amusing
-- they might contain a Trojan horse program. These programs seriously
hurt Internet Security.
4. Disable hidden filename extensions
Windows operating systems contain an option to "Hide file extensions
for known file types". The option is enabled by default, but
you can disable this option in order to have file extensions displayed
by Windows. After disabling this option, there are still some file
extensions that, by default, will continue to remain hidden.
There is a registry value which, if set, will cause Windows to hide
certain file extensions regardless of user configuration choices
elsewhere in the operating system. The "NeverShowExt"
registry value is used to hide the extensions for basic Windows
file types. For example, the ".LNK" extension associated
with Windows shortcuts remains hidden even after a user has turned
off the option to hide extensions.
5. Keep all applications, including your operating system, patched
Vendors will usually release patches for their software when a vulnerability
has been discovered. Most product documentation offers a method
to get updates and patches. You should be able to obtain updates
from the vendor's web site. Read the manuals or browse the vendor's
web site for more information.
Some applications will automatically check for available updates,
and many vendors offer automatic notification of updates via a mailing
list. Look on your vendor's web site for information about automatic
notification. If no mailing list or other automated notification
mechanism is offered you may need to check periodically for updates.
6. Turn off your computer or disconnect from the network when
not in use
Turn off your computer or disconnect its Ethernet interface when
you are not using it. An intruder cannot attack your computer if
it is powered off or otherwise completely disconnected from the
Be aware of the risks involved in the use of "mobile code"
may attach a script to something sent to a web site, such as a URL,
an element in a form, or a database inquiry. Later, when the web
site responds to you, the malicious script is transferred to your
The most significant impact of this vulnerability can be avoided
by disabling all scripting languages. Turning off these options
will keep you from being vulnerable to malicious scripts. However,
it will limit the interaction you can have with some web sites.
Many legitimate sites use scripts running within the browser to
add useful features. Disabling scripting may degrade the functionality
of these sites.
8. Disable scripting features in email programs
Because many email programs use the same code as web browsers to
are often applicable to email as well as web pages. Therefore, in
addition to disabling scripting features in web browsers, we recommend
that users also disable these features in their email programs.
It is important to Internet security.
9. Make regular backups of critical data
Keep a copy of important files on removable media such as ZIP disks
or recordable CD-ROM disks (CD-R or CD-RW disks). Use software backup
tools if available, and store the backup disks somewhere away from
10. Make a boot disk in case your computer is damaged or compromised
To aid in recovering from a security breach or hard disk failure,
create a boot disk on a floppy disk which will help when recovering
a computer after such an event has occurred. Remember, however,
you must create this disk before you have a security event.
11. Consult your system support personnel if you work from home
If you use your broadband access to connect to your employer's network
via a Virtual Private Network (VPN) or other means, your employer
may have policies or procedures relating to the security of your
home network. Be sure to consult with your employer's support personnel,
as appropriate, before following any of the steps outlined in this