This chapter can only give you an overview of the virus problem. If you have the misfortune to be a systems or network administrator responsible for protecting your customers from malicious software, you will need to do some serious research into virus and anti-virus technology, and I recommend that you take advantage of the information resources listed in this chapter. If you're an administrator or manager, you certainly can't afford to rely on vendor sales executives or consultants to make all the decisions for you. More often than not, these people are better acquainted with the interface of their product range than with its real-world application to real-world virus management problems.
For your delectation, we offer some guidelines that should make your computing life safer.
Check all warnings and alerts with your IT department. If you are a manager or administrator, make sure that there is a known policy by which only authorized personnel can pass on alerts. This cuts down on panic, curbs dissemination of hoaxes and other misinformation, and reduces the risk of inappropriate action that might be worse than no action.
Don't trust attachments. The sender might have no malicious intent, but he might not be keeping his anti-virus software up-to-date either.
Remember that worm victims don't usually know that they've sent you an infected attachment. There is no such thing as a trusted account. If someone sends you an attachment, especially if there's no obvious reason they should, confirm with them that they did so knowingly.
Use anti-virus software and keep it updated. However, don't assume that using the latest updates makes you invulnerable.
If your environment allows it, disable the Windows Scripting Host. For a good summary of the process, across platforms, see http://www.sophos.com/support/faqs/wsh.html.
If you use macro-virus-friendly applications like Word, ensure that macros are not enabled by default. Recent versions of Office allow macros in a document to be disabled as a default option. If you receive a document with macros from a trusted source, ask for verification. But don't trust this option absolutely.
Disable default booting from diskette in CMOS.(This blocks infection from pure boot sector viruses.)
Keep your browser, mail client, macro-friendly applications, and other vulnerable applications up-to-date with the latest patches.
Back up, back up, back up