Refuse to run unknown programs.
Our computers do what they do because of the program code that runs on them. Without programs, a computer is a useless box. Microsoft Word code turns it into a word processor. Internet Explorer code turns it into a web browser. Napster and KaZaa code turns it into a file server. The functionality of today's general purpose computers is limited mostly by the imagination of the author of the program.
Some people imagine and create programs that do things most of us would not desire. Virus code may turn our computer self-destructive. Denial of service code may turn our computers into attack vehicles used to bring down online services. Remote control trojan code may allow others to take complete control of our computer, eavesdropping on our communications, collecting our passwords, and accessing our accounts.
Since program code controls the computer, it is very important that we not run code written by people we don't know or trust. Running code turns our computer over to the author of the code. Generally, we trust software vendors not to write hostile code because it would not be good for their business. Independent software authors provide useful programs and a large amount of such code runs today's Internet. However, it is important to realize that when we run code written by someone we don't know or trust, we are taking a risk. We must weigh that risk against what we have to lose on our computer.
Today's computers are used for a variety of different functions. We must be very careful about using a computer that is used to access sensitive business or personal information as an indiscriminant Internet exploration tool or entertainment system. While that screen saver, game, or free utility may seem useful or entertaining, the code may contain surprises and it resides on the same computer that we use for other, more critical or sensitive purposes.
It is very easy these days to attach hostile code to fully functional, seemingly harmless software. This is commonly done to pirated software, executable pictures, and screen savers which may then be made available via web sites, email attachments, ftp sites, shared drives, or instant messaging. They then get passed from person to person. Quite often, when these trojaned programs are run on our computer, they notify the world or a specific individual via email or bulletin board postings that our computer is up for grabs. After that, our computer can be controlled, without our knowledge, at the whim of whomever gets the message.
Antivirus software can help us to refuse to run code that is known to be hostile but it cannot protect us against unknown hostile code. The situation is similar to flu shots. Every year, a new vaccine must be developed that recognizes the new flu virus strains. With computers, new virus strains come out almost daily so the AV software must be upgraded almost constantly.
There are always some unlucky folks who get infected before the AV software is updated. In the days of floppies and SneakerNet, this was usually only a few people because it could take weeks or months for hostile code to spread. But with today's worldwide networking, a large number of people and computers may be affected before AV updates can be created and distributed. The ILOVEYOU virus is proof of that and it was rather simple and benign. There is also the threat of hostile code that knows how to disable AV products which is getting more common.
Anti-Virus software should be viewed as a vaccine to help prevent infection from known diseases. It will not protect against newly released and rapidly traveling viruses nor will it act as a cure once an infection occurs. By then, it may be too late. The disease may have caused irreparable damage. It is also important to realize that any protective software (antivirus, personal firewall, encryption, VPN, etc.) that resides on a desktop computer and is controlled by the operator can be subverted by hostile software. The best prevention is to refuse to run unknown programs, use a safer account for day to day use, and keep computer software up to date so someone can't force their code to run on our computers because of a defect. Anything less is a game of Russian Roulette.
Where Might We Find Hostile Programs?
Examples of programs that can take control of our computer include:
Exchanging Executable Files
Do not exchange executable email attachments as it promotes unsafe practices. If you need to distribute executables, do so on a web or read-only file server. If you need to collect executables, do so from a web server submission or write-only file server...preferably one where the user is authenticated. Be aware of the risks associated with anonymous, public storage.
Configure Applications to Refuse Unknown Programs
Sometimes our programs will trust, accept, and run code on our behalf. While this behavior provides useful functionality and ease of use, it also increases risk. We can protect ourselves from such a scenario by configuring applications so macros, scripts, and other code types are either disabled or at least prompt for permission before running.
Don't Let Others Circumvent Our Refusal to Run Unknown Programs
It may seem obvious but if someone has physical access to our computer, they can almost certainly run any code they want on it. This is particularly true of single user computers running things like Windows 95/98 and MacOS regardless of any add-on security software or configuration. It is fairly easy for someone to install software that captures our keystrokes, intercepts our communications, and makes the information available to them over the network. If we can't prevent physical access to our computer, here are some things that may help prevent someone else from running unknown programs on it. While the suggestions certainly won't provide complete security, they will make it more difficult for someone to tamper with the computer which may result in a mistake you'll notice or simply cause the person to lose interest.
Mimimize the Consequences of Mistakes
Once malicious software is run on our computer, it can do anything including disabling anti-virus software and personal firewalls. We can limit the damage malicious software can cause by operating our computers using safer accounts for day to day use. For Windows computers, this translates into using a 'standard' or 'limited' account for daily use. The run-as command can be used on the few occasions when Administrator privilege is necessary. Windows UAC feature makes it even easier. Macintosh computers should also be set up to use a safer account. Likewise, unix users should not use the root account for daily activities and the su command can be used when it is needed.