[转载]Windows Security Checklist——To Do and Do Not
文章作者:Larry Stevenson, aka Prince_Serendip, CastleCops Staff WriterNo one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malwares almost to zero. We have done Firewalls, AntiVirus and Anti-Trojan applications. Now we begin our next installment of the Windows Security Checklist, Part 2: To Do and Do Not.
It is not as complicated as it may first appear, although there is a lot of information to absorb. The Security Experts, 1st Responders, Special Response Team members and Host Consultants at CastleCops can help you if you have questions about any of these techniques and applications. The applications featured here are compatible with all Windows platforms, unless otherwise noted.
Be very cautious if you feel you must use any P2P (peer-to-peer) network service for sharing/swapping files across the Internet. In fact, we would prefer you do not use P2P such as KaZaA, Morpheus, BearShare, Grokster and Audiogalaxy at all, as these are rife with malwares.
Do not expose any drive folder other than the one chosen for access by these services. Secure your sensitive files on any computer you use to connect to the Internet. Do not place private files in folders that are configured as shared. Keep your virus scanner on at all times. Better yet, use a File/Folder Access Protection application to lock access to all other areas of your hard drive. Applications you could use are: WinPatrol, FileChecker, and WinGuard Pro. To get extra help, tips and advice for WinPatrol come to the WinPatrol Forum at CastleCops.
Secure your Instant Messages (IMs). A good idea is to use an IM encryption utility to secure your MSN, Yahoo, AIM, or ICQ messages, but the encryption will only be effective if the utility is used on both ends. ZoneLabs: IMsecure/Pro and Trillian/Pro provide encryption security for Instant Messaging. They have both pay and freeware versions.
Disable file transfers in IM programs, as this feature, can enable the sharing of more than you intend. AIM, .NET Messenger, and others let you disable file transfers from the Preferences or Options menus. If someone wants to send you an image or file, use e-mail to verify that their request is valid.
Do remember that even though only one computer is actually making the internet connection, any other computer sharing that connection, or which is sharing files on a network, needs the same protection.
Do require a login user name and password for every computer connected to your Local Area Network (LAN). For any hard drives that are configured as shared: Windows 98 users - require a user name and password; Windows XP users - do not configure share permissions to allow "anonymous logon" or any access by groups or users outside your LAN.
Do not ever let a downloaded application or any downloaded executable to launch on its own. Be cautious of downloading files that end in exe, bat, vbs, and com. Scan them with your antivirus, anti-spyware and anti-trojan applications before unzipping and opening them. Most AV and AT applications allow individual file scans. Do not expect the real time monitors of your AV and AT to catch them all.
Do not accept and run an ActiveX Control or Java Class unless it comes signed and from a trusted site. It is best to force your browser to prompt you for permission. If you are using Internet Explorer, these settings are located under Control Panel > Internet Options > Security > Internet - Custom Level. Mozilla, Netscape, and Opera users are prompted by default.
If you are using Internet Explorer disable "Install on Demand" so your browser will be forced to prompt you if additional components are needed in order to display certain content. This setting is located under Control Panel > Internet Options > Advanced.
Do not enable JavaScript for e-mail or e-mail attachments. While JavaScript may be fine for Internet browsing, it can be dangerous when enabled for e-mail. For more detailed instructions on how to disable JavaScript in various e-mail softwares see Improving Your Computer Security.
Disable HTML or use plain text for e-mail. Use an e-mail content filter for web bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Current e-mail worms can execute just by your viewing HTML-formatted content. Firetrust: Benign can help you combat the malwares in e-mails. You are welcome to visit the CastleCops Firetrust Benign Forum.
Always view e-mail attachments seperately and only after they have been scanned for malwares.
Do not submit secure forms on insecure servers.
Do not ever use e-mail to send private financial information such as credit card numbers, bank account numbers, or your SSN/SIN. Even if you use encryption and the e-mail is for legitimate business, you cannot be certain that the recipient will protect this information once it is delivered and unencrypted.
Never respond to e-mail asking for private information. Telephone your financial institutions and ask them about it. Any e-mail you receive requesting your credit card or bank account numbers, or SSN/SIN either by e-mail or by a web site link is likely to be an identity theft scam.
Be sure your browser is SSL-capable (Secure Socket Layer) and the encryption strength, or cypher strength, is not less than 128-bit. Most secure websites will not accept browsers with less.
As always, keep your operating system (OS) and browser up-to-date, in addition to any service or application that has access to the Internet. Apply updates and patches from Microsoft, as they are released. To learn more about what is being updated on a timely basis go to Calendar of Updates and also visit the Updates Forums at CastleCops.
Best regards and always take care of your security.
页:
[1]