Implement a strict policy on downloading from the Internet. Employees could be inadvertently putting your network in jeopardy by opening attachments or downloading executables. Everything must be virus-checked. If you are not sure what the file is, don't open it. The policy should also prohibit forwarding hoax virus warnings and chain letters, as these can be as troublesome as viruses themselves. It can be embarrassing for your organisation if an employee forwards these to contacts or customers.
Unwanted file types such as .vbs, .exe, .chm and .scr files may contain hidden viruses. You should prevent them from entering the network. Viruses also hide their true identities by using "double extensions". Well-known viruses such as Love Letter (which was a .txt.vbs file) and Anna Kournikova (.jpg.vbs) caused problems as they seemed to be risk-free. Set up your network to stop any double extension file from entering via the e-mail gateway.
Turn off Windows Scripting Host if you don't need it - many worms rely on scripting, but chances are most of your users don't.
Keep up to date
It is worth subscribing to an e-mail alert service that warns you about new viruses emerging. Also make sure that you are up-to-date on any new security loopholes, patches or software issues, which are often exploited by virus writers. Subscribe to a vulnerability mailing list (like the one operated by Microsoft at www.microsoft.com/technet/security/bulletin/) then you can apply fixes where appropriate before new viruses come along.
With these simple guidelines in place, you can seriously reduce your networks' risks of exposure.
Jason Holloway is UK country manager at F-Secure.
This was first published in October 2002