Avoiding Harmful Attacks
Spreading Harmful Infections
Many
viruses and other harmful attacks spread through file downloads,
attachments in e-mail messages, and data files that have macros,
ActiveX controls, add-ins, or Visual Basic for Applications (VBA) code
attached to them. Virus writers capitalize on people’s curiosity and
willingness to accept files from people they know or work with, in
order to transmit malicious files disguised as or attached to benign
files. When you start downloading files to your computer, you must be
aware of the potential for catching a computer virus, worm, or Trojan
Horse. Typically, you can’t catch one from just reading a mail message
or downloading a file, but you can catch one from installing, opening,
or running an infected program or attached code.
Understanding Harmful Attacks
Phishing is a
scam that tries to steal your identity by sending deceptive e-mail
asking you for bank and credit card information online. Phishers spoof
the domain names of banks and other companies in order to deceive
consumers into thinking that they are visiting a familiar Web site.
Phishers create a Web address that looks like a familiar Web address but is actually altered. This is known as a homograph.
The domain name is created using alphabet characters from different
languages, not just English. For example, the Web site address “www.microsoft.com” looks legitimate, but what you can’t see is that the “i” is a Cyrillic character from the Russian alphabet.
Don’t be fooled by spoofed Web sites that looks like
the official site. Never respond to requests for personal information
via e-mail; most companies have policies that do not ask for your
personal information through e-mail. If you get a suspicious e-mail,
call the institution to investigate and report it.
Spam is
unsolicited e-mail, which is often annoying and time-consuming to get
rid of. Spammers harvest e-mail addresses from Web pages and
unsolicited e-mail. To avoid spam, use multiple e-mail addresses (one
for Web forms and another for private e-mail), opt-out and remove
yourself from e-mail lists. See the Microsoft Windows and Microsoft
Outlook Help system for specific details.
Spyware is
software that collects personal information without your knowledge or
permission. Typically, spyware is downloaded and installed on your
computer along with free software, such as freeware, games, or music
file-sharing programs. Spyware is often associated with Adware
software that displays advertisements, such as a pop-up ad. Examples of
spyware and unauthorized adware include programs that change your home
page or search page without your permission. To avoid spyware and
adware, read the fine print in license agreements when you install
software, scan your computer for spyware and adware with detection and
removal software (such as Ad-aware from Lavasoft), and turn on Pop-up
Blocker. See the Microsoft Windows Help system for specific details.
Avoiding Harmful Attacks Using Office
There are a few things you can do within any Office
2010 program to keep your system safe from the infiltration of harmful
attacks.
Make sure you activate macro, ActiveX, add-in, and VBA code detection and notification.
You can use the Trust Center to help protect you from attached code
attacks. The Trust Center checks for trusted publisher and code
locations on your computer and provides security
options for add-ins, ActiveX controls, and macros to ensure the best
possible protection. The Trust Center displays a security alert in the
Message Bar when it detects a potentially harmful attack.
Make sure you activate Web site spoofing detection and notification. You can use the Trust Center to help protect you from homograph attacks. The Check Office documents that are from or link to suspicious Web sites
check box under Privacy Options in the Trust Center is on by default
and continually checks for potentially spoofed domain names. The Trust
Center displays a security alert in the Message Bar when you have a
document open and click a link to a Web site with an address that has a
potentially spoofed domain name, or you open a file from a Web site
with an address that has a potentially spoofed domain name.
Be very careful of file attachments in e-mail you open.
As you receive e-mail, don’t open or run an attached file unless you
know who sent it and what it contains. If you’re not sure, you should
delete it. The Attachment Manager provides security information to help
you understand more about the file you’re opening. See the Microsoft
Outlook Help system for specific details.
Avoiding Harmful Attacks Using Windows
There are a few things you can do within Microsoft Windows to keep your system safe from the infiltration of harmful attacks.
Make sure Windows Firewall is turned on.
Windows Firewall helps block viruses and worms from reaching your
computer, but it doesn’t detect or disable them if they are already on
your computer or come through e-mail. Windows Firewall doesn’t block
unsolicited e-mail or stop you from opening e-mail with harmful
attachments.
Make sure Automatic Updates is turned on.
Windows Automatic Updates regularly checks the Windows Update Web site
for important updates that your computer needs, such as security
updates, critical updates, and service packs. Each file that you
download using Automatic Update has a digital signature from Microsoft
to ensure its authenticity and security.
Make sure you are using the most up-to-date antivirus software.
New viruses and more virulent strains of existing viruses are
discovered every day. Unless you update your virus-checking software,
new viruses can easily bypass outdated virus checking software.
Companies such as McAfee and Symantec offer shareware virus checking
programs available for download directly from their Web sites. These
programs monitor your system, checking each time a file is added to
your computer to make sure it’s not in some way trying to change or
damage valuable system files.
Be very careful of the sites from which you download files.
Major file repository sites, such as FileZ, Download.com, or TuCows,
regularly check the files they receive for viruses before posting them
to their Web sites. Don’t download files from Web sites unless you are
certain that the sites check their files for viruses. Internet Explorer
monitors downloads and warns you about potentially harmful files and
gives you the option to block them.
Using the Trust Center
The Trust Center
is a place where you set security options and find the latest
technology information as it relates to workbook privacy, safety, and
security from Microsoft. The Trust Center allows you to set security
and privacy settings—Trusted Publishers, Trusted Locations, Trusted
Documents (New!), Add-ins, ActiveX Settings, Macro Settings, Protected view (New!), Message Bar, External Content, File Block Settings (New!),
and Privacy Options—and provides links to Microsoft privacy statements,
a customer improvement program, and trustworthy computing practices.
View the Trust Center
- 1. Click the File tab, and then click Options.
- 2. In the left pane, click Trust Center.
- 3. Click the links in which you want online information at the Microsoft Online Web site.
- Show the Microsoft Excel privacy statement. Opens a Microsoft Web site detailing privacy practices.
- Office.com privacy statement. Opens a Microsoft Office Web site detailing privacy practices.
- Customer Experience Improvement Program. Opens the Microsoft Customer Experience Improvement Program (CEIP) Web site.
- Microsoft Trustworthy Computing. Opens a Microsoft Web site detailing security and reliability practices.
- 4. When you’re done, close your Web browser or dialog box, and return to Excel.
- 5. Click OK.