Do not accept unsolicited file transfers from contacts when using programs such as instant messaging clients.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
Keep Adobe Reader and other Adobe software updated using the Adobe Updater.
Using an alternative PDF document reader may reduce the risk of exploitation. Different PDF readers may be affected by different vulnerabilities.
Adobe Flash is often targeted for attack, based on its widespread usage. If possible, use browser add-ons to limit the automatic loading of Flash content, allowing you to selectively enable it when needed. Keep Flash updated using the Adobe Updater.
Some malicious websites display fake videos and claim that missing codecs are required to view the content. Do not install such unknown or unfamiliar video codecs.
Do not connect to unknown or suspicious "free" Wifi networks. Some such networks are set up specifically to sniff out network traffic, stealing sensitive details in the process. Use encryption on legitimate free networks as well. See this blog entry for more information.
Do not install ActiveX components offered by websites unless you are absolutely sure they are not malicious.
Do not arbitrarily accept contact requests on social networking sites. Insure that you know the individual before adding them. Use caution when using applications and clicking links in social networking sites. For more information, see this whitepaper.
Configure Windows Explorer to always show file extensions. This can help identify malicious files that use double extensions in order to mask their true file type.
Regularly train and refresh employees on security policies and procedures.
Turn off file sharing if it is not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders.
Use strong, not-easy-to-guess passwords. When managing many users, enforce a password policy. For information on how to create strong passwords, see this blog entry.
Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. If they are removed, threats have less avenues of attack.
Using a firewall with IDS functionality can protect computers from attack and help block or detect back door server communications. For publicly accessible servers, block all incoming connections from the Internet to services that should not be publicly available. By default, deny all incoming connections and only allow services you explicitly want to offer to the outside world.
Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. Ensure that untrusted users on the computer have limited permissions and allow only those with administrator-level access to install new software. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
Procure software from reputable sources. Avoid downloading software from unofficial peer-to-peer (P2P) sources, since many threats often use this channel as a means to propagate amongst users.
When an outbreak occurs, isolate the compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media. For more information on how to do this, see this whitepaper.
Users of Symantec Endpoint Protection can also create Application Device Control policies to restrict the use of unauthorized software.
Implement application control rules to block specific threats. Symantec Endpoint Protection's Application and Device Control is a power tool that can be used to stop a specific file, block peer-to-peer (P2P) network use or protect critical files and registry entries.
Use Symantec Endpoint Protection's application and device control to block attempts to exploit the computer using PDF files.