The rules in this section are binding for all Web Plus users

Web Plus users are not allowed:

• To use Web Plus service for bulk or individual mailing of promotional letters or nonsense messages, unless such communications have been expressly agreed to by the receiving Web users. Web Plus users are, likewise, not allowed to disseminate such messages with the help of their mailing lists or newsgroups if by doing so, they violate the procedures of the relevant mailing lists or newsgroups.

• To use Internet resources via Web Plus in a manner that violates the applicable procedure of resource use and has brought a complaint from the resource administrator.
  Note:
  The owner of any information or technical resources on the Web is free to make its own rules about how that resource is to be used. The resource owner or administrator will post its resource use requirements or a reference to same at the point of entry to the resource concerned. Any such requirements are binding for all users. The user must either comply with such resource use requirements or terminate his use of the resource immediately.

• To interfere with the work of Web Plus networks or security therein, to make attempts at using Web Plus service to gain unauthorized access to any computer in the Web, or to create impediments for Web Plus users or any other Web users.

• To use Web Plus service to disseminate threats, obnoxious propositions, slanderous or improper information, or any other information whatsoever that may be perceived as insulting or offensive. Specifically, Web Plus users are not allowed to disseminate pornographic or erotic material, information that may be perceived as disrespectful with regard to any races or religious communities, as well as information containing explicit language or calls for violence.

• To use Web Plus service to agitate for or promote any political party or religious movement, association or group.

• To use Web Plus service to disseminate any information or software products in violation of copyright. Web Plus users are not allowed to upload any textual material, sound or video recordings or parts of recordings without prior consent in writing from the author or copyright owner thereof.

• To use Web Plus service in violation of any laws or international agreements of the Russian Federation.

• To use Web Plus service in any way that would endanger Russia's national security or defense capability, or the safety and good health of any people.

• To upload any application to their Web Plus server that would generate a bulk data flow, without the prior written consent of Web Plus.

• To violate the Internet User Guidelines (available at http://www.ofisp.org/documents/ofisp-005.html)

User Resource Settings

Any Web user is, to an extent, exposed to the risk of unauthorized and ill-intended third-party use of his Web resources. Every user must, therefore, take all the necessary steps to set up his resources in such a way that would deter unauthorized third-party access, and react promptly upon discovering any evidence of such unauthorized use.

The following resource settings may be targeted by intruders:

• open email relay (SMTP relay); see safety setting advice at http://www.mail-abuse.net/ any utility that would enable a third party to conceal its vehicle of unauthorized access (an open proxy server, etc.); access to such utilities can be restricted using packet filters and built-in access management devices.
  
  

• More security tips for users of Web Plus services are available at http://www.security.wplus.net/

Security procedures for users of services with authorized access

This Contract certifies your entitlement to Web Plus service. Please keep it in a safe place while you are using Web Plus service. In the event of controversy, a Web Plus employee may ask you to present your copy of the Contract. If you have signed your Contract electronically, make sure you are able to correctly indicate all the Contract details advised to you at registration and produce a receipt evidencing your initial connection payment.

Keep the list of your identification details away from where others can see it, and separately from your copy of the Contract.

Do not tell your identification details to anyone. Remember that Web Plus services are available to you on a strictly individual basis. In fact, disclosure of your identification details is a violation of the Terms and Conditions of Service giving Web Plus grounds to fully terminate your service.

If you suspect that your identification details could have become known to another person, you are to change your password immediately by using the Password Change section on your secure personal page at stat.wplus.net, or call Web Plus customer support. You are recommended to change your password every three weeks.

No Web Plus employee can gain access to your password. This provision is intended for extra security. If you have lost your identification details and find yourself unable to change your password, you should come to our offices with your copy of the Contract and a picture ID. Web Plus will not change your password unless you present your original copy of the Contract (or the details of your Contract and a receipt, if you registered electronically) and a picture ID.

Security Recommendations for Users of Services with Authorized Access

Do not start any software you obtained from an unreliable source. Do not open email attachments, even if the email was received from someone you know well. Attachments may contain viruses or Trojans. First save the attachment to a file, then check it with your antiviral kit.

Remember that intruders can be quite resourceful when they are seeking to obtain your authentication parameters or make you run a software that would steal those parameters from you (software of this type is called Trojan). Be on your guard. Read our typical trap list at security.wplus.net/traps.htm.

You don't have to believe all the scary new virus warnings on the Web, especially if the warning tells you to forward it to all your friends. This message may turn out to be merely a Web joke (www.security.wplus.net/hoaxes.html) Check pout HoaxBusters.ciac.org for more information on Web jokes and ?happy- letters.

If you have received an email from someone you don't know - a person or an organization - most likely it-s a spam (obnoxious advertising) (see www.security.wplus.net/spam.html) and it didn-t come to you by accident. To prevent further emails from that sender, send a note to the network administrator of the server where that email came from (www.security.wplus.net/complain.html). If that doesn't work, enter the spam sender-s address into your blacklist of filtered senders (www.wplus.net/support/post.html).

Have an antiviral kit installed in ALL the computers you will be using for Web Plus service that would protect you from Trojans and viruses in the resident monitor mode (it will scan all the programs you run and documents you open automatically). We recommend AVP (the site is www.avp.ru, but you can also buy a licensed version of AVP on CD from us at 33 Kolomenskaya Street). Update your antiviral databases at least every 3-5 days. Most antiviral kits provide free updates on the Web. If your antiviral database has not been updated in three months, the efficiency of your antiviral software is drastically reduced.

You can also protect yourself from unknown viruses and Trojans with the help of audit software (we recommend AVP Inspector). Inexplicable file changes or new files found by that software are signs of a new virus or a Trojan.

Remember that a change of password won't help if your authentication details have been stolen by a Trojan. The Trojan will be stealing them again and again until it is removed from your computer. So have an antiviral kit installed if you don't already have one.

Check your on-line statistics and your account balance at least once a week. If you notice any Web entries you don't remember making, change your password immediately.

Change your password anyway at least once a month. If you suspect that someone may have obtained knowledge of your password, change it immediately.

Restrict access to your computer with the help of access management software (check it out at http://www.tucows.com/windows.html) and a BIOS password that will be requested each time your computer is turned on or rebooted.

Make backup copies of your system files and important information and store them in a safe place (not on your hard drive), so that you can resume operation promptly in the event your hard drive crashes or you become the target of a viral aggression.

Remember that the software you are using when you are online may contain errors that make them exposed (vulnerable). These errors may allow an intruder to shut off your computer or obtain unauthorized access to it from the Web. Developers of operating systems and applications publish vulnerability/exposure updates on a regular basis (for instance, check out the Microsoft site http://www.microsoft.com/security/), as well as corrected versions of their software. Make sure the operating systems and software you use have been fully updated with ALL corrections. If not, update them immediately. Keep track of publications about new software errors and download updates promptly. We think it-s a good idea for you to subscribe to mailing lists at www.cert.ru and www.sans.org.

For better security, have an individual packet filter installed in your computer. A packet filter is a piece of software that will guard your computer against unauthorized ill-intended access from the Web, even if there is a Trojan in your computer or your software has ?vulnerability- errors, by blocking certain incoming and outgoing packets. For more information about packet filters, please refer to grc.com/su-firewalls.htm.

You don't have to install a packet filter. By default, you are already protected by a packet filter located at our access server (we guarantee a certain degree of security). Our packet filter will fend off typical Web aggressions. You can increase your level of security by adjusting the packet filter at Web Plus access server (www.security.wplus.net/aclwp.html).

If you have decided to have a packet filter installed, the thing to bear in mind is that a packet filter alone will not provide sufficient protection. You need to configure it correctly. We suggest that you should at least block acceptance of the following types of packets from the Web: Packets in TCP protocol with receiver ports 135-139 and 445, as well as packets in UDP protocol with receiver ports 137-138. This will protect you against information theft and tampering in case your computer has Web resources accessible from other PCs in your local network (folders with files). The point is that as soon as you go online these resources become accessible to all Web users (passwords don't help). Moreover, there are ways to block a computer by sending it deliberately defective packets.

Packets in TCP protocol with receiver port 80. This will protect your computer from accessing exposed/vulnerable WWW servers which may contain errors that would enable a third party to read any files in your hard drive.

If your packet filter detects an attempt at unauthorized access to your PC, try to identify the intruder's location (security.wplus.net/trace.htm) and send a complaint to his network administrator.

Don't delude yourself that viruses and Trojans only come from the Web. Those who buy pirated CDs know that increasing numbers of those contain viruses and Trojan-infected programs. If you have bought a pirated CD, at least take the trouble of checking it with a good and recently updated anti-viral kit. If you are using ICQ online chat software, never use it to create an ICQ Homepage. If you set up an ICQ Homepage, your PC will launch its own WWW server containing an error that would allow hackers to access any files in your hard drive. If you have already set up an ICQ Homepage, disable it immediately! If you need to send or receive MS Word files by email, use Rich Text Format (RTF) and require the same from your correspondents. If you receive MS Word '97 documents, take steps to guard yourself against macroviruses (http://www.security.wplus.net/ ). Use PGP (http://www.pgpi.org/) to encode your most important letters and enclose your electronic signature when writing to your correspondents on the Web (your e-signature is automatically embedded into Eudora, Outlook and TheBat at installation, and is easy to retrieve). If you would like to use the Web anonymously, look up the information at www.tamos.com/privacy/ru/.

Security Tips for Users of Services without Authorized Access

Read the previous section if you haven't. These recommendations also apply to you.

Internet connection must be established through a properly configured inter-network screen (or firewall). If only one computer will be used for Web access, an individual packet filter will serve as a firewall (see previous section for information on packet filters). For several computers, the functions of a firewall will be performed by a "floodgate" computer fitted with special software fending off attacks from the Web. You can also use a router that connects your local network to the Web. A router can serve as a partial firewall. You can download a demo version of a firewall for any Microsoft operating system from http://www.tucows.com/windows.html (go to Security section). For more information firewalls, you can go to http://www.citforum.ru/internet/securities/.

Do visit our Web security information server at http://www.security.wplus.net/.

Here's what smart people said:

"Stupidity is the dearest thing in the world. You have to pay most dearly for it."
Sharapov in "Meeting Place Cannot be Changed"