Avoiding Harmful Attacks
Spreading Harmful Infections
Many
viruses and other harmful attacks spread through file downloads,
attachments in e-mail messages, and data files that have macros, ActiveX
controls, add-ins, or Visual Basic for Applications (VBA) code attached
to them. Virus writers capitalize on people’s curiosity and willingness
to accept files from people they know or work with, in order to
transmit malicious files disguised as or attached to benign files. When
you start downloading files to your computer, you must be aware of the
potential for catching a computer virus, worm, or Trojan Horse.
Typically, you can’t catch one from just reading a mail message or
downloading a file, but you can catch one from installing, opening, or
running an infected program or attached code.
Understanding Harmful Attacks
Phishing
is a scam that tries to steal your identity by sending deceptive e-mail
asking you for bank and credit card information online. Phishers spoof
the domain names of banks and other companies in order to deceive
consumers into thinking that they are visiting a familiar Web site.
Phishers create a Web address that looks like a familiar Web address but is actually altered. This is known as a homograph.
The domain name is created using alphabet characters from different
languages, not just English. For example, the Web site address “www.microsoft.com” looks legitimate, but what you can’t see is that the “i” is a Cyrillic character from the Russian alphabet.
Don’t be fooled by spoofed Web
sites that look like the official site. Never respond to requests for
personal information via e-mail; most companies have policies that do
not ask for your personal information through e-mail. If you get a
suspicious e-mail, call the institution to investigate and report it.
Spam
is unsolicited e-mail, which is often annoying and time-consuming to
get rid of. Spammers harvest e-mail addresses from Web pages and
unsolicited e-mail. To avoid spam, use multiple e-mail addresses (one
for Web forms and another for private e-mail), opt-out and remove
yourself from e-mail lists. See the Microsoft Windows and Microsoft
Outlook Help system for specific details.
Spyware
is software that collects personal information without your knowledge
or permission. Typically, spyware is downloaded and installed on your
computer along with free software, such as freeware, games, or music
file-sharing programs. Spyware is often associated with Adware
software that displays advertisements, such as a pop-up ad. Examples of
spyware and unauthorized adware include programs that change your home
page or search page without your permission. To avoid spyware and
adware, read the fine print in license agreements when you install
software, scan your computer for spyware and adware with detection and
removal software (such as Ad-aware from Lavasoft), and turn on Pop-up
Blocker. See the Microsoft Windows Help system for specific details.
Avoiding Harmful Attacks Using Office
There are a few things you can do within any Office program to keep your system safe from the infiltration of harmful attacks.
1) Make sure you activate macro, ActiveX, add-in, and VBA code detection and notification.
You can use the Trust Center to help protect you from attached code
attacks. The Trust Center checks for trusted publisher and code
locations on your computer and provides security
options for add-ins, ActiveX controls, and macros to ensure the best
possible protection. The Trust Center displays a security alert in the
Message Bar when it detects a potentially harmful attack.
2) Make sure you activate Web site spoofing detection and notification. You can use the Trust Center to help protect you from homograph attacks. The Check Office documents that are from or link to suspicious Web sites
check box under Privacy Options in the Trust Center is on by default
and continually checks for potentially spoofed domain names. The Trust
Center displays a security alert in the Message Bar when you have a
document open and click a link to a Web site with an address that has a
potentially spoofed domain name, or you open a file from a Web site with
an address that has a potentially spoofed domain name.
3) Be very careful of file attachments in e-mail you open.
As you receive e-mail, don’t open or run an attached file unless you
know who sent it and what it contains. If you’re not sure, you should
delete it. The Attachment Manager provides security information to help
you understand more about the file you’re opening. See the Microsoft
Outlook Help system for specific details.
Avoiding Harmful Attacks Using Windows
There are a few things you can do within Microsoft Windows to keep your system safe from the infiltration of harmful attacks.
1) Make sure Windows Firewall is turned on.
Windows Firewall helps block viruses and worms from reaching your
computer, but it doesn’t detect or disable them if they are already on
your computer or come through e-mail. Windows Firewall doesn’t block
unsolicited e-mail or stop you from opening e-mail with harmful
attachments.
2) Make sure Automatic Updates is turned on.
Windows Automatic Updates regularly checks the Windows Update Web site
for important updates that your computer needs, such as security
updates, critical updates, and service packs. Each file that you
download using Automatic Update has a digital signature from Microsoft
to ensure its authenticity and security.
3) Make sure you are using the most up-to-date antivirus software.
New viruses and more virulent strains of existing viruses are
discovered every day. Unless you update your virus-checking software,
new viruses can easily bypass outdated virus checking software.
Companies such as McAfee and Symantec offer shareware virus checking
programs available for download directly from their Web sites. These
programs monitor your system, checking each time a file is added to your
computer to make sure it’s not in some way trying to change or damage
valuable system files.
4) Be very careful of the sites from which you download files.
Major file repository sites, such as FileZ, Download.com, or TuCows,
regularly check the files they receive for viruses before posting them
to their Web sites. Don’t download files from Web sites unless you are
certain that the sites check their files for viruses. Internet Explorer
monitors downloads and warns you about potentially harmful files and
gives you the option to block them.
Using the Trust Center
The Trust Center
is a place where you set security options and find the latest
technology information as it relates to workbook privacy, safety, and
security from Microsoft. The Trust Center allows you to set security and
privacy settings—Trusted Publishers, Trusted Locations, Trusted
Documents (New!), Add-ins, ActiveX Settings, Macro Settings, Protected view (New!), Message Bar, External Content, File Block Settings (New!),
and Privacy Options—and provides links to Microsoft privacy statements,
a customer improvement program, and trustworthy computing practices.
View the Trust Center
Click the File tab, and then click Options.
In the left pane, click Trust Center.
Click the links in which you want online information at the Microsoft Online Web site.
- Show the Microsoft PowerPoint privacy statement. Opens a Microsoft Web site detailing privacy practices.
- Office.com privacy statement. Opens a Microsoft Office.com Web site detailing privacy practices.
- Customer Experience Improvement Program. Opens the Microsoft Customer Experience Improvement Program (CEIP) Web site.
- Microsoft Trustworthy Computing. Opens a Microsoft Web site detailing security and reliability practices.
When you’re done, close your Web browser or dialog box, and return to PowerPoint.
Click OK.
