End users seem prone to fall for every hoax and every encouragement to “click here,” which makes it especially difficult for support professionals to protect those PCs.

Here are some tips geared toward safeguarding your users against their own gullibility and protecting your servers against virus attacks.

  • Tell your end users not to open attachments unless they are expecting them, and not to run programs they download from the Internet unless they have been scanned for viruses.
  • Encourage end users to keep Windows and Internet Explorer updated with the latest security patches. Simply visiting a Web site can cause infection if certain patches are not installed, so if possible, set up automatic updates for Windows and IE.
  • By default, many operating systems (especially server versions) install with extra services that you don’t need, such as an FTP server, telnet, and a Web server. Remove any that are not critical so a virus has fewer avenues of attack.
  • Be quick to disable or block access to network services when a blended threat exploits one of them, and keep it sealed off until you can apply a fix.
  • Keep patch levels up to date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, Mail, and DNS services.
  • Use strong passwords yourself, and enforce an aggressive password policy that requires complex passwords and frequent changes. This helps limit the damage in the event that a computer is compromised through a back door.
  • Configure your e-mail server to block or remove e-mail that contains file attachments that are commonly used to spread viruses, such as VBS, BAT, EXT, PIF, and SCR files. Recommend to users that they send any files that legitimately need to be mailed in those formats in compressed archives (ZIP files).
  • Frequently check the security advisories provided by the makers of anti-virus software to find out what the latest threats are. An excellent one is the Security Advisories list from Symantec