From Dick Atlee on AIMS List:
Many of you are probably totally familiar with this remarkably large set of concerns, but just for the record, among the other items of concern (beyond firewall, anti-virus, and Windows update) are making sure that:
1. the "Administrator" account has had a password set for it (in XP Home this must be done in SafeMode, since the account is hidden in normal mode).
2. Windows is set to display all filename extensions (so that dangerous attachments appears as what they really are) 3. eeveryone is aware of the extensions of attachments that should never be opened: exe zip bat cmd com cpl pif rar scr vbs
(The first two may be OK if there is agreement with the sender that they are being sent intentionally.) 4. everyone is aware that the most likely dangerous attachment source is in fact (or appears to be) someone they know.
3. everyone is aware that scanning for viruses without going into Safe Mode first is probably worse than useless, since it gives the false impression that if nothing is found, nothing is there.
4. everyone is aware that one of the most dangerous vectors (the source of most bots that forced University students to have to reformat) is the clicking of links in Instant Messenger.
5. no one is using Internet Explorer for anything but Windows update, Firefox being a good alternative -- but, in light of recent issues, that, too, must be kept strictly up to date.
6. File sharing settings are limited to the bare minimum necessary to function in your particular environment.
Items 2-4 are important because of the time lag of vulnerability between the time a new virus appears in the wild and the time a fix is created, becomes available, and is downloaded to the machine -- often 24 hours or more. Also, keep in mind that the XP firewall is a one-way firewall. If a bot takes over the machine and installs a rootkit to become invisible, the only way you'll be able to determine its presence (about which little can be done but reformatting) is if you have a TWO-way firewall that alerts you when programs on the machine are trying to access the local network or Internet.
Also see: Firewalls