Worms Are for Suckers - ' Advice for Avoiding Worms ' (
Page 2 of 2 )
One positive implication of this is that you can pretty safely ignore the details in these stories. When it comes to meaningful advice one can discern from them, it amounts to these points:
- BE VERY SKEPTICAL OF ANY ATTACHMENT IN E-MAIL. This doesnt mean that you shouldnt trust any attachment at all, but unless you know the sender and were expecting the file, you should scrutinize it and not open it unless you can determine that its legitimate.
- Keep your antivirus software and firewall up to date. They arent perfect, but they help a lot.
- If your mail client can block all executables, let it. Most worms, including NetSky, will be blocked just by this. If not, find some other way to do it. Its just not worth being able to mail executables around. Incidentally, both Outlook and Outlook Express have done this for years, and therefore their users have been immune to these worms.
Some administrators are going to the extreme these days of stripping all attachments from e-mail. This isnt exactly cutting off your nose to spite your face, because it really would solve the problem, but its quite unkind to users unless you give them a reasonably convenient way to safely exchange files with outsiders. The existing solutions for users to exchange files are no bargain either. Peer-to-peer networks have become the alternate infection venue of choice for worm writers.
I trust myself with these things more than I trust the average user, but I have yet to see a worm attack arrive on my computer that I didnt immediately recognize as a worm attack. You can just tell that they werent written for you by a real human being. Clearly other people are being fooled, and repeatedly, I suspect, because if youre going to fall for one of these I assume you could fall for all of them. And its from those people that we need to protect ourselves.
On a sad note, believe it or not, Friday was the 10th anniversary of spam. Yes, all began when an immigration law firm posted an advertisement for help with the 1994 Green Card Lottery to all manner of irrelevant newsgroups (the example is from fr.comp.os.linux). I remember this incident. There was outrage at the time that now seems really quaint. How dare someone break netiquette in the pursuit of commercial gain!
As Netcraft describes in their account of the anniversary, the wrong lesson was quickly learned. Spammers saw that there was no enforcement and the rules were merely suggestions. Usenet lost all usefulness within a few years, and e-mail is heading in the same direction.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: 
More from Larry Seltzer
