Safe Hex - Safe Computing Tips
Courtesy of the alt.comp.virus newsgroup participants.
(These "anti-malware" pages are the result of a continuing cooperative effort.)
© Claymania Creations 2001 - 2013. All rights reserved.
Please note that this document is quite dated (last updated in 2008).
Some of the infomation is still of interest so I'm keeping the document up for posterity only.
Some of the old links have been removed.
Safe Hex - A collection of suggestions
intended to help you defend against viruses, worms, trojans (oh my!),
malware and other questionable code.
use and update anti-virus software
- Keep your
operating system and programs patched
using alternative web browser and email software
- Be cautious
when reading email with attachments and downloading files
- File formats
your operating system properly
- If you
still get hit by a virus...
1. Install, use and update anti-virus software
Anti-virus software will prove to be very helpful in defending your
computer against malicious code - provided it's used correctly. These
are recommendations for you to get the most out of your anti-virus program:
- Choose a good anti-virus
Note that you shouldn't blindly follow the recommendations
of your favorite PC magazine. Research and read user product reviews.
- Keep it up-to-date.
Anti-virus programs can only protect you from what they know about.
Since new viruses surface every day, it's very important for you
to update your anti-virus program regularly.
- Use it!
An unused anti-virus program is obviously useless. Use your anti-virus
program to scan new files you just downloaded or to do routine scans.
If you are not very knowledgeable about computers and viruses you
may benefit from using the memory resident scanner. If, however,
you know what you are doing, then you probably can live without
- Don't rely on it.
Modern anti-virus programs detect malicious code quite reliably
but it is very important to remember that NO anti-virus program
is perfect. No anti-virus program on Earth can compensate for
imprudence or unsafe software. No anti-virus program will ever detect
all viruses all the time.
- Use it intelligently.
Some anti-virus programs offer some questionable features and gadgets.
You shouldn't use a feature just "because it's there".
For example, AV scanner certification messages are essentially useless
and only serve to advertise AV software.
2. Keep your operating system and programs patched
You are strongly advised to apply all security-related patches for your
software as they become available. Here is a list of some of the most
"essential" patches. It is only a partial list:
You can use the Windows
Update and Office Update
sites to keep your system up-to-date. Note that they work with Internet
Explorer only. You may have to lower your Internet security settings
in order for them to function correctly. Don't forget to set your security
preferences to a higher level again when you are done.
3. Consider using alternative web browser and email
Microsoft's popular Internet Explorer and Outlook Express programs have
been known to be somewhat "buggy" and are often targeted by
malicious "programmers". You may benefit from using alternative
software. Here is a list of alternatives:
- Email programs:
Note that security holes may
be discovered in these programs as well (though probably less frequently),
so it's a good idea to check for updates regularly.
You'll be able to import your IE Favorites to most of these browser alternatives. Be very careful to set IE security settings for all zones to maximum:
including the My Computer zone: http://support.microsoft.com/default.aspx?kbid=182569
(And consider using IE only for downloading Windows updates and critical security patches for your particular version of Windows. When finished, make sure your security settings for all zones are back to maximum.)
4. Be cautious when reading email with attachments
and downloading files
You should never, ever (and we really mean it!) do the following:
- Never open email attachments
from someone you don't know
- Never open email attachments
forwarded to you even if they're from someone you know
- Never open unsolicited
or unexpected e-mail attachments until you've confirmed the sender
actually meant to send them. If you know the sender and you are
absolutely sure they intentionally sent the attachment, then
scan it with an up-to-date virus scanner before opening it.
- Never pay attention
to virus warnings or even forward them unless you subscribe to a
serious virus newsletter.
- Never obtain software
from "warez" sites or peer-to-peer programs like Kazaa.
Get it from known, trusted sources only.
Note: Some files can best
be tested by first invoking their associated application and then using
the "Open" function of that application. For example, picture
image files such as JPG and GIF can be tested by invoking the picture
viewer of your choice. When such files are received as email attachments
or downloaded, they should first be saved to some test or download folder
(you can create one for this purpose). Then you can use your picture
viewer application to safely open the file. If there is something amiss
with the tested file your viewer will complain and you can just delete
Similarly, sound files such as MP3 and WAV can also be tested by first
invoking your player of choice. Alleged Text (TXT) files should also
be opened by first invoking Notepad. Never double click on these files
while in Explorer or in your email client until they have been tested
in this way. There may be a hidden
file extension or CLSID
(class ID extension).
While we're at it, let's briefly address the way some newsreaders may
view images and other file types. For example, Free Agent (a free newsreader
has a dangerous item under the File menu called "Launch
binary attachment". It will allow the execution of those jpegs
and gifs with hidden exe (executable) extensions. (That's a bad thing.)
Instead, the user should click on "Decode binary attachment"
and the uuencoded file will be decoded into the Agent folder for viewing
after invoking your viewer of choice and opening the file.
Additionally, it is wise to consider
configuring your email program to display messages as "text only" and not "HTML".
HTML can easily include malicious scripting (which may "do something" unwanted automatically), malicious links (usually obfuscated and too easy to click) and other unwanted junk.
Keep in mind that if you send HTML email, many anti-spam solutions may agressively target HTML formatted email as SPAM.
5. File formats
Stop using DOCs (if at all possible). Instead, use pure Rich
Text Format for your documents, because that doesn't support the
macro language. There's a caveat to this unfortunately. Some macro viruses
intercept File SaveAs RTF and save a file with a .RTF extension
which actually contains a DOC format file! So it needs to be real RTF. Tell the people that you deal with that you would rather they sent
you RTF or CSV (Comma-Separated
Variable) files rather than DOC or XLS.
- Microsoft RTF Security Bulletin - May 22, 2001
6. Configure your operating system properly
7. Preserving your privacy
You should never, ever (and again, we really do mean it!) do
- Never use the "Unsubscribe"
feature of spam emails or reply to spam mails because by doing so,
you confirm the validity of your email address and the spammer can
keep on sending you unsolicited commercial email, which you probably
The proper way to deal with spam is to delete it and, if you wish
to do so, complain about it to the sender's Internet Service Provider
(you need to analyze the message
headers to determine the ISP, do not rely on the sender's
alleged email address which is probably forged or fake in most cases).
- Never select the option
on web browsers for storing or retaining user name and password.
- Never disclose personal,
financial, or credit card information to little-known or suspect
- Never use a computer
or a device that cannot be fully trusted.
- Never use public or
Internet café computers to access online financial services
accounts or perform financial transactions.
8. Miscellaneous tips
- Pay attention to files
with multiple extensions. Generally, the last extension is the relevant
one. For example, a file named
is an executable program (.exe) and not an MP3 file!
Note, however, that if you are using Outlook Express and see a file
with three extensions, Outlook Express may consider the second extension
to be relevant, so that a file named
is an executable program (.exe) and neither an MP3 file nor
a JPG file!
(Ed. note: not a typo or mistake -- it's an Outlook Express exploit used by "Sadhound".)
That's why it's important to follow the procedure outlined in section
4 for opening unknown files. You can't go wrong by simply ignoring
any file with more than one extension.
- Set the boot sequence
to C: first in the BIOS. This can be "C only", "C,A"
or whatever you want as long as C: comes first.
- Regularly back-up your
- Install a good firewall.
9. If you still get hit by a virus...
... then the most important rule is: DON'T PANIC
Very often users will do more damage with panicked recovery attempts
than a virus or Trojan horse would have.
If your computer does become infected with a virus, the alt.comp.virus
newsgroup is a good place to go for help and/or information. You can
ask for, or find advice from a number of professionals and other experienced
Please note the following tips when using
the alt.comp.virus newsgroup:
- Do not post binaries
or virus samples.
- Be specific and include
details when asking for help.
- Disable your news reader's
ability to execute scripts embedded within HTML.
- Delete all messages
that contain attachments.
- Don't be intimidated
by all the noise there.
- Read some postings first
and search for subjects that might indicate a problem similar to
- Do not give advice if
you aren't certain it's good advice, even if you just want to be
You might benefit
from a hoax policy deployed amongst your staff. Perhaps something
like this: "Thou shalt not forward any virus warnings of any kind
to anyone other than <insert name of person in your company
who looks after anti-virus issues>. It doesn't matter if the virus
warnings have come from an anti-virus vendor, or been confirmed by
any large computer company or your Aunty Margaret. All virus
warnings should be sent to <insert name>, and <insert name>
alone. It is <insert name>'s job to send round all virus warnings,
and any virus warning which comes from any other source should be
Before you go...
- Tell all of your friends
and family to practice safe hex.
- Remember, if someday
you do encounter a virus, do not panic!
Updated: August 16, 2008