Allan Dyer
A Hong Kong ISP has sent its' customers advice on guarding their networks during the festive season. It would be nice to see ISPs helping their customers with their security more - if they gave better advice. Here are their DOs and DON'Ts, with my comments:
- DON'T open or forward anonymous emails
This rule might help you avoid a little spam. While anonymous emails are strange, they are not a particular security risk. Most email-aware viruses will use the victim's address or forge the address, so you will probably receive viruses in emails from an address that you might recognise and trust. Treat any unexpected email with suspicion. - DON'T open emails of strange file name
Unfortunately, we are not told what a strange file name is. Don't open any attachments that you were not expecting. A double file extension, like iamavirus.txt.vbs is extremely suspicious, and should never be opened. - DON'T open emails without a subject
Like the first rule, it might help you avoid a little spam, but viruses usually make the subject attractive in some way. DO pay particular attention to emails received on 24 Dec, 31 Dec, 1 Jan, 14 Feb, Black Fridays as these are the beloved dates of the hackers
Oh, and add the dates of festivals for other major religions, each country's National Day (hackers and virus writers are not restricted to particular religions or countries), dates of major events (June 4th, September 11th). Then add the virus writers' birthday, or his girlfriends', or the birthday of a famous person. For the record, I do not recall a significant information security event on Friday 13th in the past decade, but I have had quite a few press interviews on or just before the date in that time.
The truth is that you need to be vigilant every day. There is a suggestion that more viruses are released near the end of the summer (are bored teenagers writing viruses in the long vacation, and releasing them before returning to school?), and others try to blend in with the rush of holiday greetings (remember W32/Ska.A, better known as Happy99?). There are viruses that trigger a payload on a particular date, but it is too late if you start checking your machine for CIH on 26th April! Also remember that Happy99 continued to spread well for two years, despite the obvious datedness of the subject.
- DO update anti-virus applications from time to time
Yes, good, except, lets make that "as often as your anti-virus developer provides updates" - in many cases, this now means daily, or more frequently.
OK, ISP, nice to see you making an effort. Try harder next year.