Tuesday, May 03 2005 @ 11:23 AM CDT
Contributed by: filbert
Up on SANS.org
, the latest edition of The SANS Top 20 Internet Security Vulnerabilities.
The "Top 20" is actually two top 10 lists, one for Windows users, the other for Unix users. Obviously the Windows list has little impact on Unix and vice versa. Also, some of the Windows vulnerabilities are focused on Windows servers (which I imagine few people actually run at home).
The short recommendations for Windows users:
1. Stay current with the latest versions of operating systems and software, especially web browsers and anti-virus software.
2. Don't use peer-to-peer software (i.e. Napster, GNUtella, KaZaa) unless you know what you're doing (both technically and legally).
3. Implement a firewall between yourself and the Internet--either a software firewall on your computer, or a firewall on your network at the Internet connection point--preferably both (i.e. "defense in depth").
4. Avoid using the Microsoft products Internet Explorer (the web browser), Outlook, and Outlook Express (the mail clients) if at all possible. The Bad Guys target these programs, and they have a long nasty history of serious vulnerabilities.
5. Don't open any e-mail (the message itself or an attachment) from anybody you don't recognize. Delete suspicious e-mails immediately. Don't use the "preview feature" -- that's the same as opening the mail message. Turn on e-mail checking in your antivirus software. It will slow you down a bit. Getting infected will slow you down a lot more.
6. Don't use instant message unless you know what you're doing.
More on the SANS Top 10 for Windows: