NHS safe computing advice
1. Introduction
There are currently (depending on how you measure) something like 60-75,000 known viruses and worms. While the likelihood of more than a few hundred of these ever being in circulation at one time is quite small, some 10-20 new viruses or variants appear a day. When one does escape "into the wild", network worms and mass mailer viruses can sometimes spread worldwide before anti-virus vendors have had time to produce updates. Even daily anti-virus updates are not always enough to ensure safety from all possible threats.
While all possible precautions are taken at the network level to minimise the spread and impact of worms and viruses, it is not possible to make the process totally transparent. Protection from viruses and worms is not a process that can be left entirely to system administrators, security officers, and anti-virus software. The best efforts of administrators and security experts are not sufficient: all computer users must also play their part by taking simple precautions like those described below.
2. Anti-Virus Is Not Enough
It is the responsibility of all computer users in the NHS to ensure that they have effective anti-virus software in place. By effective, we mean properly installed, configured and kept up-to-date. Security managers can offer advice and systems suppliers (including GP Systems Suppliers) can offer suitable software on request, but individuals and departments must take some responsibility for their own desktops and internal networks and take the initial steps.
Furthermore, anti-virus software is limited in the type of malicious software it can detect and disinfect. Many of the threats we now see on NHSnet, such as Code Red and Nimda are not the simple viruses and worms we have been used to, and anti-virus packages do not always detect them everywhere, nor do they always completely reverse their ill-effects. Make sure anti-virus is installed and kept up-to-date on your system, but don't assume that as long as it is, you don't have to do anything else. Anti-virus can't catch everything, but people can catch most things by being cautious.
3. Avoid Unauthorised Software
Programs like games, joke programs, cute screensavers, unauthorised utility programs and so on can cause difficulties even if they're genuinely non-malicious. Sometimes it is forbidden to install them, as a matter of local policy. If in doubt, check. Be particularly cautious about programs found in unsafe environments such as Internet chat-rooms, newsgroups, unsolicited email and so on. If such programs are claimed to be some form of anti-virus or anti-Trojan utility, there's a high risk that they are actually in some way malicious.
4. Treat All Attachments with Caution
It makes sense to be cautious about email attachments from people you don't know. However, if attachments are sent to you by someone you do know, don't assume they must be OK because you trust the sender. Worms generally spread by sending themselves without the knowledge of the person whose account they spread from. It's worth checking with the sender that they intended to send a message, and if so, whether they intended to include any attachment. If you were expecting an attachment from them, this may not apply. However, one recent virus sends out an email telling you that a "safe" attachment is on the way, then sends out mail with a copy of itself as an attachment.
Bear in mind that even a legitimate, expected attachment can be virus infected: worms and viruses are related, but slightly different problems. Regard anything that meets the following criteria with particular suspicion:
- If they come from someone you don't know, who has no legitimate reason to send them to you.
- If an attachment arrives with an empty message.
- If there is some text in the message, but it doesn't mention the attachment.
- If there is a message, but it doesn't seem to make sense.
- If there is a message, but it seems uncharacteristic of the sender (either in its content or in the way it's expressed).
- If it concerns unusual material like pornographic web-sites, erotic pictures and so on.
- If the message doesn't include any personal references at all, (for instance a short message that just says something like "You must take a look at this", or "I'm sending you this because I need your advice").
- If the attachment has a filename extension that indicates a program file (such as those listed below).
- If it has a filename with a "double extension", like FILENAME.JPG.vbs or FILENAME.TXT.scr, that may be extremely suspicious. As far as Windows is concerned, it's the last part of the name that counts, so check that against the list below to find out whether it's a program like those listed, masquerading as a data file, such as a text file or JPEG (graphics) file.
- In all the above instances, it is recommended that you check with the sender that they knowingly sent the mail/attachment in question.
5. Avoid Unnecessary Macros
If Word or Excel warn you that a document you're in the process of opening contains macros, regard the document with particular suspicion unless you know that it's supposed to contain macros. Even then, don't enable macros if you don't need to. It may be worth checking with the person who sent it to you that it is supposed to contain macros.
6. Be Cautious With Encrypted Files
If you receive an encrypted (passworded) attachment, it will normally be legitimate mail from someone you know, sent intentionally (though the sender is unlikely to know in the event that they have a virus). However, that doesn't necessarily mean that it isn't virus-infected. If it started out infected, encryption won't fix it. Furthermore, encrypted attachments can't usually be scanned for viruses in transit: the onus is on the recipient to be sure the the decrypted file is checked before it's opened. This goes not only for heavyweight encryption packages such as PGP, but for files compressed and encrypted with PKZip or WinZip.
6.12.01
