5-Minute Security Advisor - Protecting Your Computer Against Compromise

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Updated : May 7, 2002

As the Internet has become more and more popular, and as it has gotten easier to get high-speed connections to it, the danger of having an attacker assault your home computer has grown. It's tempting to think that as an individual or small business, not a large or visible company or institution, you'll be safe because no one knows your machine's on the Internet. Unfortunately, the advent of automatic tools that search for active machines and probe them for vulnerabilities means that you can't depend on invisibility to protect you. Good news: there are a number of things you can do to protect yourself.

On This Page

Developing Good Habits
Hardening Internet Explorer
Hardening Outlook and Outlook Express
If You're Using Outlook

Developing Good Habits

The first, and most critical, security measure is to develop good standards and practices for using your computer. This might seem like nagging, but it's not! Since you ultimately control which programs, Web pages, and other content is loaded and displayed on your computer, there's a lot you can do to protect yourself without any additional software or configuration changes. Security begins between your ears, not inside your computer. Here are a few habits to develop:

  • Use the right tools. There are some useful security tools that every home user should have, including a good virus scanner. Get the right tools and use them to help protect your data. (Don't forget to back up your system regularly, either!)

    Action If you have a virus scanner, tell it to check for virus updates right now. If you don't have one, get one.

  • Stay up to date. Use Windows Update to periodically check for new security updates. When you see that one's available, install it ASAP. It's not a bad idea to sign up for Microsoft's security bulletins, either; even though they tend to be pretty technical, they're a great way to stay abreast of things.

  • Sharpen your paranoia. I don't mean that you should start looking outside for black helicopters; rather, you should learn to be careful about which e-mail attachments you open and which Web sites you visit. In particular, if you get an unexpected email attachment from someone you don't know, don't open it. For that matter, if you get an unexpected attachment from someone you do know, it's worth double-checking to make sure that they meant to send it to you. This can be a hassle, but it will pay off the first time someone you know catches a virus that you are able to avoid.

  • Use a zone defense. Security zones help you protect yourself by controlling what code runs where. Make sure that you have appropriate zone settings.

Hardening Internet Explorer

Internet Explorer offers security zones that give you control over when IE will download and run content from Web sites. These zones are just groupings of sites; you can apply security settings to each zone so that all sites in that zone are subject to the same restrictions. Each zone has a security level (low, medium, high, or custom) applied to it; the higher the security level, the fewer things that There are three interesting zones for home users:

  • the Trusted Sites zone (where you explicitly put sites that you know are aboveboard, like Microsoft.com)

  • the Restricted Sites zone, where you put sites that you explicitly don't trust. Sites in the Restricted Sites zone are, well, restricted so that controls and scripts on their pages won't be executed on your local computer.

  • the Internet zone, where all web sites that aren't in another zone are lumped together.

For example, you can choose to automatically allow ActiveX controls from particular Internet sites to download and run. By making careful decisions about which sites you trust, and by thinking about how much risk your personally comfortable with, you can tailor the security zone settings on your computer to allow only the code that you want to run to be loaded.

Action Double-check the security zone settings of your Internet Explorer installation (see this guide if you need help). For most users, you'll want the Internet zone to be set to Medium security; this is the default, but it pays to double-check, especially if other people use your computer.

Hardening Outlook and Outlook Express

Outlook and Outlook Express offer a wealth of security features to help block malicious code from bothering you. However, the most important feature is still you—don't run unknown attachments! The built-in security features you can use will vary according to which version of Outlook or Outlook Express you're using.

Because Outlook and Outlook Express are full-featured mail clients, they allow you to send and receive richly formatted HTML mail. Unfortunately, just as with web pages, attackers can embed malicious HTML or scripts in HTML messages so that they're executed when you read the message or click on links it contains. Fortunately, both Outlook and Outlook Express support Internet Explorer's security zones-- you can protect yourself against malicious content in mail from untrusted sources by configuring your zones appropriately.

If you're using Outlook Express

If you're using Outlook Express, there are two primary things for you to do:

  • If you're using any version of Outlook Express older than OE 6.0, upgrade to the current version.

  • Review the security features in OE 6.0 so that you understand how they work.

Action Increase Outlook Express security by turning on its ability to block certain types of file attachments. When you do, OE will double-check each attachment against the list of file types registered as unsafe or as "confirm before opening". Here's what to do:

  • Start Outlook Express.

  • On the Tools menu, choose the Options command.

  • When the Options dialog appears, click the Security tab.

  • Find the checkbox labeled "Do not allow attachments to be saved or opened that could potentially be a virus". Check it. (See Figure 1).

  • Click the OK button.

Cc722654.5mpyc01(en-us,TechNet.10).gif

Figure 1: Outlook Express can block dangerous attachments if you tell it to do so.

If You're Using Outlook

Outlook is Microsoft's flagship e-mail client; accordingly, it has some very powerful and flexible security features, even when run in Internet mode. These features restrict which external programs may send mail, what kinds of actions Outlook can take when HTML or JavaScript messages arrive, and which types of files may be sent and received as attachments. Here are some steps you can take:

  • Make sure that Outlook is set to run in the Restricted Sites zone. This allows you to receive HTML-formatted email, but protects your computer against malicious HTML messages.

  • If you're using Outlook 98, get the Outlook 98 Security Update.

  • If you're running Outlook 2000, get Office 2000 Service Release 1a, then install the Outlook 2000 Security Update.

  • If you're using Outlook 2002, relax; it already includes these security features.

  • If you are responsible for managing your own computer, remember to check for updates regularly. You can find these updates at: https://office.Microsoft.com (Then click on "Office Update"). Windows updates can be found at: https://www.Microsoft.com/Windows (Then click on "Windows Updates").