Anti-micro-dollar lovers, you are good. If I tell you, I have no virus firewall now, but I am not afraid of "Happy Time", I am not afraid of "red code" (red code ", not afraid of" Nimda), not afraid you send me an HTML web bomb , I am not afraid that you send me your careful malicious help file, not afraid of "Ice", not afraid ... Because I have been thinking about preventing your way, I can do what I can do, so I can prevent microwa. When you see the major anti-virus vendors in promoting a certain virus, you have to think: I can give me a small surgery, but make my machine immune to this viral? Maybe everyone can still recall the famous "love" virus a year and a half. When I heard that this virus is to use the VBS exhibition, I will think that I can't move? Yes, it is indeed, my method earliest issued in the article "Preventive Danger Mail" on the "Computer Branch" in 2000, in "Computer Lovers" 2002, 2002, 2002 The article "Several dangerous documents that need to be preserved" is basically moving into the article, in fact, people who have used the method a year ago, they should be spared in the latter virus frenzy. difficult. It is better to teach people to fish with fish, so I want to tell you how I found this solution. When I learned from the anti-virus manufacturer, I learned that it used the WScript.Shell object to prevent the registry, I immediately thought that the Windows Script Host component (Win98 users should take this program) However, there is no direct unloading tool under Windows 2000, so I want to have a method of manually deleting. By repeating experiment, there is "anti-" article "Regsvr32 / u wshom.ocx and regsvr32 / u wshext.dll To disable the method of WScript.Shell dangerous objects. This method is feasible, but here is also correct, actually "defense", the regr32 / u wshext.dll said in the article is extra, of course, this is not the most effective way, because I later discovered Simple and more effective remedies: [Remedi 1] Prohibition of Windows Script Host Components: Put the wscript.exe and cscript.exe under the Windows directory to other places or change the name, because this is not even if the script virus is still This scheme is the most feasible for ordinary users who have never derived with the script. If you only want to ban dangerous objects, keep the script run function, then there are dangers in three objects (I know), in addition to the WScript.Shell that is said above, and FileSystemObject and Scriptlet components, the former can access the file system, The latter can generate. HTA type virus file ("Happy Time" in the hard disk ("Happy Time" is used in this way), and the two objects are registered in Scrrun.dll and Scrobj.dll, so if you want to use REGSVR32 / U to reverse registration If there is a dangerous component, then Wshom.ocx, Scrrun.dll, Scrobj.dll should be prohibited from being prohibited, which is also a point of complement to the "anti-defense" text. In fact, many script viruses have occurred after "love". If you have adopted a friend of the "defense", you should have nothing.
As for "anti-" said through Regsvr32 / U Msoe.dll to ban Outlook email objects to prevent viruses from spreading through it, actually is wrong, sorry, I didn't have a careful date, msoe. DLL is actually the component of Outlook Express, which does not prevent viruses from passing through Outlook.Application (Note that Outlook is not Outlook Express) to virus email, the correct method sees the 20: [Remedi 2] Prohibit the mail function : The easiest way to ban the Outlook.Application object is the simplest way to ban the Outlook.exe installed in Outlook.Application. This can effectively prevent most of the script viruses from spreading viral emails through it. However, on the Machines with IIS's NT and 2000, the virus should also be considered to send an email through the CDONTS component, so a friend who has installed IIS can consider using the Regsvr32 counter-registration to fall under the system directory cdonts.dll. Sampled small surgery is to be responsible for your friends, and several mail viruses have been eruped on the Internet, so that this is also responsible for the entire network. And this small surgery does not let us lose any normal letter of sending function, why not? The net network brings us the world's Web, a beautiful HTML makes our web fresh, but the virus, bombs are swarmed through them, and IE's vulnerability will make us a bitter. Dealing with these things, in addition to upgrading our IE, upgrading outside our firewall, we have a lot of things. Let's talk about my recipe 3: [Remedi 3] Carefully use our web function: If you don't care about some beauty, you can not use the web-mode desktop, do not display the web content of the folder, or Simply delete the Web directory under the Window directory. Friends using OE should also note that when you write a letter in HTML format, you may be written into the virus, or you don't use the letter in the HTML format, or open the OE edit HTML source file function (in "View" Under the menu, you also need to pay attention to your letter's HTML source file. If a blank letter is there, there is a source file above all the best, then you don't send it in the HTML format, [Remedi 2] You can't ban this normal sending information, friends who have received your letter may be like you.
Of course, in addition to carefully use the web function, we should also set more secure. This is a very simple but very important job, but there are very few articles mentioned. In fact, IE default security settings are not the safest, because it considers higher availability, so let's customize its security settings, let IE more secure! [Recipe 4] Safer the IE setting: Open the "Internet Option" under "Tool" in IE, start our surgery. First click on the "Internet" area, and reset it to "high", then click the "Web site" area, then click "Site", join us to our trusted Web site Address, and reset it to "in". Take such a practice because you don't know if you don't know this site, so we must think that all sites who have never been there are unsafe, and they should be considered " Limit site "and should apply the highest security settings. This way even if it accidentally entered a bad site, because it does not have JS and VBS script running capabilities, there is no cookie, you can't use iframe vulnerability, it will not be destroyed. Now, many people have been controlled by the bad website to control IE, which can be seen from the software downloads such as "IE setting recovery modifier". In fact, as long as the above operation is simply, these sites and "limited site" can be effectively prevented. Also, if you set the security level, you can't set it to "low", even the trusted site, this is because this setting allows the site to do whatever, you don't want your username and password being trusted by your username and password. You don't want to be credited to run the program on your machine, so the confident site has the security level to be "in", this is called anti-human heart. Of course, you can even set the security level of "local intranet" by "medium low", so there will be no content run in the case you don't know.
There are many viruses and bomb programs to be designed for shortness, not considered very comprehensive, they often think that Windows is definitely under the C drive, and Windows's shell program is definitely Explorer.exe, think that the launch catalog is definitely in C: / Windows / START MENU / Programs / Launch / Under, change these default things can also improve security. [Remedi 5] Do not make your own system and conventional system: one can not be installed in the C drive, at least do not use Windows to make a directory name. Second, we can consider replacement of Explore.exe, the famous red code is to use the same name's Explorer left door! Of course, before the name of Explorer.exe, Win9x users should first redeem the shell = explorer.exe in System.ini to the DOS mode to replace the Explorer.exe; Win2K users should modify HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Winlogon's value explorer.exe, then replace the Explorer.exe to replace the task. Three we can change the hkey_local_machine / currentversion / skill / shell folders and user shell folders to change the Common Startup value, so that those who want to be C: / Windows / Start Menu / Programs / start / The back door written is empty. I like [Remedy 5] There are still many such a system with different methods, but this is just a small trick for a design perfect virus or bomb, but the roadblock is only needed to have some extra judgment code, so We have to set up a final roadblock, which is to make some common hazard orders, "Defense", also mentioned that it will be renamed by Del, Deltree, FDisk, Format, but such a I am very troublesome, I'm not easy to use it, so I will put a remedies for Win9x users: [Remedi six] Let us use the dangerous order only to use it: it is difficult, in fact, it is very simple, Make a Windows / Commman Directory, such as D: / MyCmd, and then create a new automatic batch file in a Windows directory, write as follows: set path =% path%; D: / mycmd Enter, then save MYDOS.BAT, every time you use a DOS command to execute this MyDoS.bat first, you can also point the "MS-DOS shortcut" under the start menu -> MS-DOS shortcut to this mydos.bat, so that after a bend, only Our own DOS way knows where the order is looking for, there is much safe. For Win2000 users, especially as servers, you should carefully learn safety knowledge, from managing your permissions, close unnecessary services, prohibiting unwanted ports, instead of using this Refusement and tricks, improving their safety technologies are correct. Of course, it is still necessary to change the cmd.exe or need, remember to change the environment variable% COMSPEC% also modified simultaneously.
There is also a way to see any way to make your system. I have to save the method of "defense" in the "defense", and more comprehensively summed it to the following remedies: [Remedi 7 】: Modify its default "open" action for the type of file that is dangerous after opening. Specific practices Take the VBScript file of .vbs as an example: "View" -> Folder option "->" File Type "in the Explorer, find the VBS file type, then select" Edit ", then" Operation " "Editing (e)" is set to the default. This time you double-click the VBS file, just use the writepad to view without running it. If it does not have an editorial operation, we can add a default editing operation, and set it to the writing board. And. VBS is dangerous file types and: .wsc, .wsf, .vbe, .jse This type of script file type, such as .shb, .shs, very few fragment files (it exists) The loophole of the program is like. HLP, .chm, .lnk, .pif This is dangerous, but because of it is often used, it will not change it, but we must be vigilant and put them. It is also good as it is as good as the .exe file. If you think about it, you can't get lightly, for example, the file type of editing operation, such as .txt file type can also create a "editing" action, then change the default "Open" action to "Edit", because The rear door program that is related to the "Ice" such that the file is related to your original default Open action (at least for the Ice River's current version, but the ice river is slightly modified, and our method will not pass, So I hope that the author of the Ice will never see this article, huh, huh). These operations can also be done by modifying the registry, such as the type .exe file type (not only "ice river", and many of the Malaysia will only change it in the registry, you can refer to other file types. Modify it. It is very practical to break through the small roadblocks that the viruses and bombs can be broken. When I used this method, I didn't have a virus like "Happy Time", but this method still prevents subsequent "Happy Time" virus call default execution action to cross infection (my friend's machine has done like this Small surgery, so "Happy Time", just popping up a writing board every 10 seconds, writing is the viral source code of Help.vbs, so that we have a "joy"). I put this easiest surgery in the end, just want to explain a simple method, as long as it is feasible, you should try it, so you can really prevent micro--.
The last thing to say is that there is such a small surgical technology, such a remedy must have a lot, we can fully explore itself, and most of the above is that I have explored, as long as you also start the brain, you will also find Such a remedies. In fact, improve the safety of our system is not necessarily waiting for security vendors to provide us, sometimes we find out the way is also very practical (manufacturers will not see such a "门 门 道"). Of course, I still hope that everyone will don't learn me, for the system safer, you must install a firewall! (I also have a lesson lesson). The above method is not a patent, so if someone wants to promote, improve, increase this type of method, or make it software, I will make my hands to agree, but remember to help me also propagate, huh, huh, call me big bear, adambear OK, there is a problem, you can give me a letter: xcbear@netese.com Contact information Name: Xiong Super Home Address: No.1, 110 Street, Ghanshan District, Wuhan, Hubei Province, China Postal Code: 430080 Email: xcbear@netese.com
