Safe computing guide


At the moment, your system is connected to a network and/or to the Internet, you are probably benefiting from productivity- and life-enhancing information access services. Sending and receiving emails, chatting online with friends, surfing the Internet via web browsers, and downloading data or program files are a few of the most common activities that also expose systems to malicious code threats like computer viruses and Trojans.

The power of today's computer can as easily access useful information as make you the dupe of viruses that hide in email attachments. It is too easy to inadvertently trigger today's sophisticated viruses that will immediately mass-mail themselves out to, and infect all your friends', customers and colleagues' computers. The real-world global virus outbreaks like W97M_Melissa, VBS_Loveletter (a.k.a. LoveBug), VBS_Fireburn, W97M_Resume and VBS_Newlove have shown how effective malicious code technology can be. There are more than 50,000 viruses today, new viruses come out daily, any of them could be the next LoveBug virus!

To reduce the risk of virus infections, and of inadvertently triggering or spreading them to other people, Trend Micro would like to share some easily implemented "safe computing" practices. Put these into effect on your machine today and they will help keep you using today's advanced computer information access technology without falling prey to viruses and other malicious code!

To make your system more robust, follow these practices outlined below to set up and configure your system. The general idea is to make it difficult or impossible for viruses to run.

Disable the Windows Scripting Host Functionality

This is to prevent Visual Basic script viruses like VBS_LoveLetter from running, so that they cannot activate, spread or cause damage to files.  A typical PC does not need Windows Scripting Host (WSH) to function normally. You can always change your mind later and reinstall WSH by repeating these steps and re-selecting "Window Scripting Host" checkbox.

Windows 98 systems

WSH is installed by default when you install Windows 98 or Internet Explorer 5. To prevent scripts (or .VBS files) from running:
  1. Open the Control Panel by selecting "Start","Settings" and then "Control Panel".
  2. Double click on "Add/Remove Programs"
  3. Select the "Windows Setup" tab

  1. Double-click on "Accessories"
  2. Unmark the "Windows Scripting Host"
  3. Click the "OK" button

Windows 95 systems

Windows 95 systems do not come with the Windows Scripting Host. However, the WSH is installed automatically when you install Internet Explorer 5 or above. To disable scripts (with the extension, .VBS) from running on Windows 95 systems:
  1. Start "Windows Explorer"
    (To do this, select "Start", "Programs" and then "Windows Explorer".  Please note, this is not the same as Internet Explorer.)
  2. Select "View" then select "Option"
  3. Select the "File Types" tab
  4. Search and select "VBScript Script File"
  5. Click "Delete" and then confirm the removal by selecting "Yes"

Windows 2000 Systems

The Windows Scripting Host is installed by default on Windows 2000 systems. To disable scripts (with the extension .VBS) from running on Windows 2000 systems:
  1. Start Windows Explorer
  2. Select "Tools" then "Folder Options"

  1. Select the "File Types" tab
  2. Search and Select "VBScript Script File"
  3. Click "Delete" and then confirm the removal by selecting "Yes"

Windows NT 4 Systems

Windows NT 4 systems do not come with the Windows Scripting Host. However, the WSH is installed automatically when you install Internet Explorer 5 or above. To disable scripts (with the extension .vbs) from running on Windows NT 4 systems:
  1. Log on with Administrator's right
  2. Start Windows Explorer
  3. Select "View" and then "Options"
  4. Select the "File Types" tab
  5. Search and Select "VBScript File"
  6. Click "Remove" and then confirm the removal by selecting "Yes"

Do Not Hide File Extensions of Known File Types

All Windows operating systems, by default, hide the known file extensions in Windows Explorer. This feature can be used by virus writers and hackers to disguise malicious programs as some other file formats, such as text, video or audio files. For example, a malicious program file named "readme.txt.exe" is displayed as "readme.txt" in Windows Explorer (see illustration below). Therefore users are often tricked into clicking the "text" file and then into inadvertently running the malicious file.

To avoid this confusion, you are recommended to change the Windows Explorer setting to "Not hide the File Extension of known File Types." This can be achieved by clicking on one of the following files, and saving it to your local hard drive, then double-clicking on the file to run:

Windows 95, 98 and NT 4 users:

Windows 2000 users:

NOTE: If you have problems downloading or if you receive an error, download zipped versions of these registry files here.

Afterwards, files will be displayed with the complete file extension as shown:

Important Notice: There are still some file extensions, which the Windows operating system will always hide, such as the shell scrap files with the extension .shs.

Set Internet Explorer Security to at Least "Medium"

By default, the Internet Explorer Security Setting is set to "Medium." However, Trend has seen many systems where the security system was changed to "Low" by a virus, Trojan, or hacker. In this regard, we encourage every user to ensure that their security setting is set to at least "Medium", as this will reduce the risk of accidentally running a malicious file. At the "Medium" security level, Internet Explorer 5 will prompt users before running potentially unsafe content.

Internet Explorer 5 or above will also display a warning message before running any Active-X controls (as shown on the picture below).

We also advise that users always save files to the local hard drive and then scan them with an up-to-date antivirus product. If you don't have an antivirus product or your product is out of date, please feel free to use Trend Micro's free on-line scanner HouseCall at http://housecall.antivirus.com.

To automatically change the Internet Explorer 5 Security Setting to "Medium", please run the following registry file:

NOTE: If you have problems downloading or if you receive an error, download a zipped version of this registry file here.

Require a Prompt Before Opening Mail Attachments

(applies to Microsoft Outlook and Outlook Express users)
We have seen many viruses activate because users were double-clicking on incoming email file attachments. In this regard, we advise that Internet users save files to the local hard drive and then scan them with an up to date antivirus product (instead of double-clicking over the incoming email file attachments). To ensure that your system automatically prompts you to save files, please click on the file below, and save it to your local hard drive, then double-click on the file to run:

NOTE: If you have problems downloading or if you receive an error, download a zipped version of this registry file here.

Afterwards, your system will prompt you with a warning even if you accidentally click on an email attachment or read an email that has some embedded scripts.  This registry fix applies to Word documents, Excel sheets, Excel charts, PowerPoint files and HTML files.

Enable Macro-virus Warning in MS Office 97 & 2000

(applies to Office 97 and 2000 users)
By default, Microsoft Office products display a macro warning before Office documents are opened that contain macros.

However, many of the known macro viruses disable this setting to avoid being detected. To ensure that you have the macro warning enabled, please click on one of the following files below, and save it to your local hard drive, then double-click on the file to run:

Microsoft Office 97 (a.k.a. Office 8.0) users:

Microsoft Office 2000 (a.k.a. Office 9.0) users:

NOTE: If you have problems downloading or if you receive an error, download zipped versions of these registry files here.

If you are not sure if macro content that you encounter is safe, we advise to use the "Disable Macros" option.

Prompt Before Saving Changes to the Global Template

(normal.dot - applies to Word 97 and Word 2000 users)
Since almost all macro viruses attempt to modify the global template (normal.dot) before closing the active Microsoft Word session, we advise everyone to make sure that Microsoft Word will prompt before any changes are being made.

While this action will not stop all macro viruses, it will help to identify potential malicious code. If you are not sure what to do, select the "No" option and email a copy of such files to Trend Micro's virus doctors at virus_doctor@trendmicro.com. They will inspect suspicious files or documents to determine if they contain malicious macros.  To automatically make the change to Word 97 or Word 2000, please click on one of the following files below, and save it to your local hard drive, then double-click on the file to run:

Word 97 (a.k.a. Word 8.0) users:

Word 2000 (a.k.a. Word 9.0) users:

NOTE: If you have problems downloading or if you receive an error, download zipped versions of these registry files here.

Apply All the Latest Microsoft Security Updates

In order to close security holes that have been discovered since Windows was shipped and installed, we advise everyone to visit the Microsoft Update Website at http://windowsupdate.microsoft.com. Please follow the on-line instructions on how to update your system. Security updates will help prevent hackers from accessing your system and prevent viruses from running on your system. Windows 98 or Windows 2000 users can also use the Windows Update feature to get all the latest security updates. Simply click "Start" and then select "Windows Update"

Conclusions:

Safe Computing Practices mainly make it more difficult for malicious code to enter or execute on client systems. Nevertheless, the recommended safe computing practices are not intended to replace currently updated antivirus software. Users whose systems have been attacked by viruses or Trojans can tell stories about what a hassle they can be at minimum or about the important data they may have lost. In general, most viruses are mere nuisances, but every once in a while a new virus comes along that uses a new technique and causes major computer problems or threatens data or data security. These Safe Computing Practices will add a protective layer of defense to prevent viruses from running inadvertently.

Other resources: