- Always logon to your computer using a limited or local user security group. If you are on a managed network and don’t know what this means, you’re probably safe. If you don’t have a managed network, and you don’t know what this means, your probably at risk, and if you are an administrator, you know better and should be using RUNAS instead of a local admin or domain admin account for your day-to-day duties;
- Only open attachments which are from known individuals and are expected. If the e-mail is not from a known sender, or if it is unexpected, it is better to check with the sender first before opening the attachment;
- Only install website related Active X, Java, Scripts, Applications, Plug-in, if you know the publisher and the act is intentional. Do not download software from the interent with a specific purpose
- Ensure that your computer is fully up-to-date with the manufacture’s security updates/downloads;
- Ensure that your anti-virus software is fully up-to-date with the lastest version and signature file;
With these basic tips, we took a single client with 5 Windows XP Professional workstations and ran them for 8 months for a trial with their anti-virus software removed. They were told to relay the above 5 steps to the employees on a semi-monthly basis, along with a small poster campaign in the break-room.
At the conclusion of the trail, none of the systems had any known infections. However it is not a reccomendation to run a system without anti-virus.