To prevent Trojans and worms from compromising a PC, don’t ever run unknown or untrusted executable content. Most Trojans and worms arrive via email these days. This means don’t ever click or execute files with the following extensions: (.EXE, .COM, .BAT, .CHM, .SHS, .VBS, or .JS). There are even more potentially malicious extensions than this list, but they are the main ones used by Trojan writers today. The most common Trojan arrives as a joke executable. No matter how fun the sender says it is, don’t run it. Send back a polite email telling them you never execute email attachments.

So far, you can safely click on graphic or video files (e.g., .JPG, .MPG, .AVI, .GIF, .BMP, etc.) without the threat of executing malicious code. But be wary of graphic files that are embedded within executables or executables renamed to look like graphic files. Worms have arrived as an attachment called PICTURE.EXE. Some Trojans take advantage of the fact that Windows machines do not show known file extensions by default. Hence, PICTURE.JPG can really be PICTURE.JPG.EXE. Don’t click on web links sent via email unless they point to known, safe sites. The link could be a short HTML file that downloads a malicious script file.

Although covered in more detail in Chapter 14, if you are a network administrator, you can implement security ...