You must assume all end users will ignore or forget any of the advice this book gives about running untrusted code. You must assume that end users will visit malicious web sites, open any email, run any attachment, and use infected diskettes and programs. The truth is that end users shouldn’t have to concern themselves with how to prevent malicious code. They just want to use their computer and surf the Web.
If you want maximum malicious code protection, disable Internet access, uninstall any Internet browsers, remove email, and disable the floppy drive. If you only need reasonable protection the following recommendations, summarized from previous chapters, are the steps you should make to any PCs under your control. If you are a network administrator, take this list and tell your staff to accomplish each item on every PC. I promise you that if you follow these steps, the number of malicious mobile code attacks against your environment will be minimized.
Introduced in Chapter 2, and discussed in nearly every chapter after, installing a reliable, up to date antivirus scanner is the single best thing you can do to prevent malicious mobile code. The bigger question is where to scan: desktop, file server, email gateway, or firewall.
Also discussed in Chapter 2, disabling the ability for a PC to boot from drive A will prevent boot sector viruses from infecting a hard drive’s partition ...