 BEST PRACTICES: PC World's Avoid viruses & Scams |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
  |
  Jun 26 2004, 06:32 AM
Post
#1
|
|
 Security Reporter  Group: News Reporters Posts: 491 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
Article: Think Before You Click to Avoid Viruses and Scams http://www.pcworld.com/howto/article/0,aid,116586,00.asp KEY BEST PRACTICES HIGHLIGHTED 1. Don't click e-mail attachments: Most viruses and worms arrive on your PC in the form of e-mail attachments. A few of them exploit security flaws in Windows or in your browser to launch automatically, but if you keep your programs updated, your chances of being infected via this route are slim to none. Instead of exploiting software flaws, some of the worst recent viruses rely on recipients' tossing out common sense and launching a lethal e-mail attachment. Common executable--and therefore dangerous--file-name extensions include .bat, .com, .exe, .pif, .scr, and .vbs (to read a discussion of dangerous file types, go to February's Windows Tips column). To elude the dangerous-attachment filters built into most e-mail programs, virus authors may enclose their nasty code in a .zip or .rar archive file. 2 .Don't believe the return address: Though an e-mail message may claim it's from your bank, your ISP, or even your boss, that doesn't mean it is. Spammers and virus mailers generally spoof the From address field in their messages with a legitimate address that they've stolen. You may even have received spam from yourself as a result of this clever technique. 3. Don't believe the message: To persuade you to launch a virus-laden mail attachment or provide your personal information, virus authors must earn your trust. They try to accomplish this by composing convincing-looking messages that appear to be sent from Microsoft, your ISP, or some other entity you do business with. The message may even contain links to a counterfeit version of the company's Web site, complete with genuine-looking graphics and corporate logos. Often the message laments that the company is experiencing technical problems, and that it needs you to click an executable attachment. You don't need to rely on your intuition to determine whether this message is truthful. If the message hasn't been verified by a company representative via phone or in person, it almost certainly contains a virus. Microsoft doesn't e-mail updates to its customers, and neither should your ISP. 4. Don't believe the link, either: A link in an e-mail message that claims to point to a Citibank Web site may not really go there. Devious phishing scams use the wonders of HTML to snooker you into uploading your Social Security number, PIN, credit card number, password, or other sensitive data to a scammer's Web site. A carefully crafted e-mail message purporting to be from your bank, PayPal, or some other institution (and often also containing links to the real company's Web site) warns that you must update your records there. The biggest tip-off should be this: Banks and ISPs don't lose your information and then send e-mail requests for you to reenter it online. Another tip-off is that the link text and the real underlying URL don't match. Always examine log-in Web pages and their URLs closely. If you do get hooked by creeps on a phishing expedition, notify your bank, ISP, or other institution immediately. 5. Don't download the browser code: You're browsing the Web via Microsoft's Internet Explorer when suddenly an official-looking dialog box pops up, asking if you want to download a browser plug-in. Why not? You do the same thing all the time when using Microsoft's Windows Update Web site. This one even has a digital certificate (see FIGURE 3). But if you want to avoid a flurry of pop-ups, undesirable toolbars, a home-page hijacking, or worse, don't do it. Certificates won't protect you from adware and other online annoyances borne by these ActiveX controls. If you're really unlucky, you could end up with the dreaded CoolWebSearch infestation (see last month's Internet Tips column for tools that can remove this hard-to-exterminate browser parasite). This post has been edited by harrywaldron: Jun 26 2004, 06:34 AM -------------------- |
 |
 
|
|
Jun 28 2004, 02:02 AM
Post
#2
|
|
 Forum Addict Group: Global Moderator Posts: 20,575 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
This should be must reading for everyone. Thanks for posting it here.
John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
Jun 28 2004, 12:30 PM
Post
#3
|
|
 Guru at being a Newbie Group: HJT Team Posts: 5,715 Joined: 8-April 04 Member No.: 96 |
QUOTE This should be must reading for everyone. That's why I pinned it. Great post (as usual), Harry. We encourage posting to this thread any additional best practices for security. -------------------- You know everybody is ignorant, only on different subjects.
Will Rogers To stay secure is to stay updated. Calendar of Updates. |
|
|
|
|
Apr 8 2005, 09:22 PM
Post
#4
|
|
|
Member Group: Members Posts: 83 Joined: 28-March 05 From: 41'00"S174'.00"E Member No.: 15,557 |
 Hi guys,tutorials are great.One security issue;just tested firewall@Guards Up &Port Authority-Kerio passed with flying colours BUT reportedly I'm being PINGED! Is there any way to close this vulnerability??I don't like being PINGED-even tho I ping to test modem/connectivity etc.Just installed TRACE ROUTE which is fun but can't close that port.Hope this is relevant to this Forum. |
|
|
|
|
Apr 18 2005, 10:21 PM
Post
#5
|
|
 Forum Regular Group: Members Posts: 319 Joined: 5-February 05 From: my closet Member No.: 11,427 |
cool,
i added all .xxx into nortons "rules" for spam. ty igo -------------------- THE FORK IN THE ROAD CAN ONLY BE TRAVELED IN ONE DIRECTION
|
|
|
|
|
Nov 27 2006, 11:16 AM
Post
#6
|
|
 New Member Group: Members Posts: 4 Joined: 27-November 06 Member No.: 97,957 |
That a key factor for security purpose..Very good advice
Now I'm set in my head "think twice before execute" welldone harrywaldron |
|
|
|
|
Nov 27 2006, 02:27 PM
Post
#7
|
|
 Forum Regular Group: Members Posts: 347 Joined: 30-June 06 From: SC Member No.: 74,073 |
|
|
|
|
|
Jun 25 2007, 05:56 PM
Post
#8
|
|
|
Member Group: Members Posts: 17 Joined: 25-June 07 Member No.: 139,316 |
yes excellent points all of them, if i can add one more, its always best to scan individual files when downloaded, so any .zip file you or even .exe file, right click and do a quick scan on the file and make sure there is no adware or spywere in the file before you open it, this has saved me a few times so ya something to do ;)
-------------------- |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2008 - 08:59 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.