Two years after the first Outlook .vbs worm and five years after the first Office macro virus, too many users are still victimized. We could group these people into two categories:
1. People who use these products at work, and depend on a dedicated IT staff for their system maintenance.
THERE IS ABSOLUTELY NO EXCUSE WHY THIS GROUP SHOULD STILL BE FALLING FOR VBS/MACRO WORMS
Any System Administrator who is still having problems protecting his/her systems against these attacks after 2+ years should be immediately fired, have their MCSE revoked, and not be allowed to used anything more complex than an abacus.
2. Home users who like these products for their powerful capabilities yet simple interfaces. They may not be the most technically adept, and understandably may not know where to start when it comes to protecting their systems.
As a public service for group 2, and unfortunately I suspect for too many in group 1, I've assembled these tips for basic Windows security for non-technical people:
1. To protect yourself from vbs/Outlook worms, the easiest thing you can do is disable windows scripting
2. To protect yourself from Office macro viruses, there are several things you can do:
3. Disable NetBIOS. Unless you really need this service for a home network, the default NetBIOS settings expose you to all kinds of nastiness when you go online. Much more information is available at Shields Up! For the impatient, skip to Web Bondage section and follow the links for your Operating System at the bottom of the page.
- Turn on macro virus protection. In Word 97 and Excel 97: from the Tools menu, click Options. On the General tab, check Macro Virus Protection. In Word 2000 and Excel 2000: open the Tools menu, point to Macro and select Security and set it to the level you want. High security will open only signed macros. Recommend using this setting unless you use macros, then use medium. Medium security will always brings up the macro dialog protection box that allows you to disable macros if you are unsure.
- In Word, use .rtf file extensions instead of .doc. rtf files by design can't carry macros
- Just say "NO". When Office prompts you to open a macro, the safest option will always be to decline
4. Safe surfing. If you use Internet Explorer for browsing, Open Tools, Internet Options. Select the Security tab, highlight the Internet zone, and press the Custom Level button. Disable all ActiveX options. You may also want to play with the other options, especially the scripting ones (I disable the
"Allow paste operations via script")
5. Finally, New vulnerabilities and exploits are always being discovered. As part of your regular system maintenance you should check the Microsoft Security Bulletins , download and install patches, and update your system regularly (At least weekly or monthly).
Well, that all I can come up with for now, and I'll bet I've missed some of the biggest holes out there. Append any other tips that may be useful as a reply to this post.