The Best Steps Toward Securing Any Windows PC
You must assume all end users will ignore or forget any of the advice this book gives about running untrusted code. You must assume that end users will visit malicious web sites, open any email, run any attachment, and use infected diskettes and programs. The truth is that end users shouldn’t have to concern themselves with how to prevent malicious code. They just want to use their computer and surf the Web.
If you want maximum malicious code protection, disable Internet access, uninstall any Internet browsers, remove email, and disable the floppy drive. If you only need reasonable protection the following recommendations, summarized from previous chapters, are the steps you should make to any PCs under your control. If you are a network administrator, take this list and tell your staff to accomplish each item on every PC. I promise you that if you follow these steps, the number of malicious mobile code attacks against your environment will be minimized.
- Install an antivirus scanner
Introduced in Chapter 2, and discussed in nearly every chapter after, installing a reliable, up to date antivirus scanner is the single best thing you can do to prevent malicious mobile code. The bigger question is where to scan: desktop, file server, email gateway, or firewall.
- Disable booting from drive A
Also discussed in Chapter 2, disabling the ability for a PC to boot from drive A will prevent boot sector viruses from infecting a hard drive’s partition ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
