Effective methods to prevent computer viruses

Similar to the Homepage mail virus, it is difficult to prevent, it is really a headache, because the Windows Script Host (Script Host) is powerful, VBScript and JScript Script language can complete most of the operating system functions, as a result, they became the favorites of virus writers. using it to program virus programs is not only easy, but also using email to transmit the virus very quickly, therefore, traditional anti-virus software is always lagging behind in the prevention and control of such viruses. Therefore, we must take effective measures to prevent such viruses and protect our data and emails from infringement.
I. General rules

1. Be cautious when emails with unknown sources are found in the mailbox, especially emails with executable attachments, such as. EXE,. VBS,. JS, etc.

2. Disable the "preview" feature if necessary. Many virus codes embedded in HTML-format emails are executed during previewing. We often see the following terrorism in the media: "users only need to receive these emails with viruses, the virus can attack even if it is not opened. "The virus code is actually executed during email preview.

Currently, most mail viruses are written by VBScript (JScript) or embedded in HTML-format emails. the following solutions are proposed to address these issues:

Ii. prevent virus attacks

Windows Script Host was originally used by the system administrator to configure the desktop environment and system services to minimize management. However, WSH is of little use to most general users, therefore, it is best to disable WSH, that is, to prohibit the running environment of VBScript (JScript) files. In an enterprise environment, the system administrator prohibits clients that do not need VBScript (JScript, it is even simpler and more effective than installing anti-virus software on one platform. After WSH is disabled, most mail virus attacks can be prevented.

Several Methods to prohibit execution of VBScript (JScript) files:

1. in the "my computer"-"Tools"-"Folder Options" dialog box, click "file type" to delete the ing between VBS, VBE, JS, and JSE file extensions and applications.

2.In the Windows directory, find wscript.exeand jscript.exe, change the name or simply delete it.

3. on Win9X and Windows NT 4.0, you can use the "Add/delete programs" item in the control panel to safely delete WSH

In addition, to prevent the occurrence of a macro virus that may be contained in Outlook emails, choose tools> macros> security from the menu ", set the security level to "High Security ".

3. Prevent "replication" after a virus attack"

In VBScript (JScript), disk files and directory operations are almost all implemented through the FileSystemObject class. For most users, FileSystemObject has no major effect, therefore, you can delete or rename the FileSystemObject class from the Registry, so that virus code cannot create objects, which can effectively prevent virus replication.

 

Run regedit.exe and search for Scripting. fileSystemObject. After finding it, You can delete the Key Value or change the Key Name. Before performing this operation, please back up the registry and check and evaluate the potential impact of this operation on other related applications.

In an enterprise environment, the system administrator can compile a VBScript (JScript) program that automatically performs the preceding operations to complete quick configuration on all clients (others are the intention of Microsoft to develop WSH ).

4. Prevent "spread" after a virus attack"

Almost all mail viruses are implemented by sending a large number of infected emails. Therefore, it is critical to prevent virus scripts from obtaining the "Contact" list (Communication Thin Box) and sending emails.

Two methods are generally used to send virus code emails. One is to use the built-in CDO (Collaboration Data Object collaborative Data Object) in Windows or use the OOM (Outlook Object Model, Outlook Object Model) to send emails, when sending emails using CDO, you must have a Microsoft SMTP server. If the Microsoft SMTP server is not installed on the machine, the virus cannot send emails. Note: SMTP Server and Windows 2000 Professional cannot be installed on Win9X, while Windows 2000 Server and Advanced Server are installed by default.

1. if the SMTP server has been installed on the machine, you can add security verification to the SMTP server to prevent virus code from sending emails anonymously using CDO, for more information, see the Windows 2000 SMTP Server documentation.

2. to prevent viruses from sending emails using Outlook, you can use Outlook's "delayed mail delivery" feature, which allows users to write an email and click the "send" button, the email is not immediately submitted to the MTA (mail Transmission proxy) for transmission, but is temporarily saved in the user's "mail" folder. After the specified time, then, send a real email. This feature is implemented through the "Rules" of Outlook. After such a rule is successfully set, If you accidentally open and execute virus code such as Homepage, after a hard disk burst, you will immediately notice that a large number of emails are waiting to be sent in your "poster" folder, so that you can confirm that your machine has been harassed by viruses, you should immediately delete the emails in the "sender" and clear them from the "deleted emails" folder, so that the virus will no longer spread to other people's mailboxes. In addition, with this email delay feature, you may have a chance to correct the error message.

The mail delivery delay feature is implemented by creating Outlook rules. The specific steps are as follows:

(1) Open Outlook and click the "Tools"-"rule wizard" menu.

(2) "CREATE" a rule, select "check after email sending", and then check those emails or all emails

 

(3) Select "delay of delivery for several minutes", and enter the number of minutes after the delay.

(4) Save and apply this rule

(5) In an enterprise environment, the system administrator can export the rule to a file and then import it directly on the client.

Note: The preceding settings are for Outlook. Currently, Outlook Express does not support the creation of such rules.

5. Prevent "destruction" after a virus attack"

After a virus attack, there are a variety of destructive actions. The most serious one is the destruction of hard disk data and files. Generally, you only need to disable the FileObjectSystem object.

With the above layers of defense, your system should be able to defend against the vast majority of mail-type viruses targeting Outlook.

In addition, frequent email viruses always "Tie" themselves tightly to Microsoft Outlook, so as to attract a lot of criticism from Microsoft, So Microsoft has a hard time thinking, new Outlook security patches are constantly released. In Outlook 2002 included in the forthcoming Office XP, scripts, ActiveX controls, and Java appletons are not all disabled in HTML-format emails, but the attachments of the mail are processed in different levels ,. vbs and. is frozen by Outlook, and users cannot view or access such attachments. In addition, a warning message is displayed when the user sends an attachment with a level-1 file extension. If the file type is Level 2, you can only save the attachment to the hard disk before deciding how to process it. In addition, Outlook prompts the user when other programs access the "Address Book" and requires confirmation. In this way, the virus attack and spread are strictly restricted from several aspects.