In association with heise online

Preventive measures

Mail malware

With most malware intruding through emails, it is important that antivirus software guards this gateway, although healthy suspicion will still be necessary when handling emails, as antivirus software often does not protect from the latest, still unknown viruses.

The most important step is to handle attachments correctly. Even file types that seem harmless at first glance may hide malware. Malware can even be found in BMP files. If you want to be on the safe side, you should only open requested or expected attachments. If there are any doubts, you should first contact the sender to make sure, since the sender's address is by no means evidence of a virus-free email: many kinds of malware exploit sender addresses from the local address books, and worm emails more often come from known rather than unknown mail addresses.

Our email check provides detailed information on the typical risks associated with emails and the settings to be used to ensure optimum security. Users can also request test mails to be sent to reveal typical vulnerabilities without any risk.

Other malware

Today, more and more malware emerges that is disseminated through security holes without any user action involved. The Lovsan/Blaster worm, for instance, exploited a vulnerability in the Windows RPC/DCOM service (port 135), and the Sasser and Korgo worms spread through a security hole in the LSASS service (ports 139, 445).

Both worms emerged after Microsoft had provided patches for the respective security holes. The continued relatively high degree of dissemination of Lovsan and Sasser shows that many systems still lack the required patches. Even many corporate networks are not properly protected. A notebook infected with Sasser and connected to the corporate network bypasses the firewall and may cause the network to break down completely. Even if not all of the computers have these security holes, a handful of computers is enough to produce a noticeable load on the network.

The most important measure of protection against such viruses is to install current patches. Once a month, every second Tuesday, Microsoft publishes updates that deal with critical security issues. Users should activate the automatic update function of their Windows platform to receive the relevant patches automatically.

A hardware router with an integrated firewall may protect the computers behind it from (worm) attacks via the Internet. Alternatively, a personal firewall, such as the Windows Firewall integrated in the Windows XP Service Pack 2, can block access from the Internet to services on the PC. For home users this is a particularly useful protection since basically home PCs should not allow access to services from the Internet.


  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit