Unsolved
This post is more than 5 years old
1.5K Posts
0
7309
Infection Prevention
This page was put together by the SpywareHammer News and Articles Team.
Preventing Infection can seem like an impossible task. In some ways it is, but there are measures one can take that will severely minimize the chances of infection, or re-infection, depending on how you arrived at this article.
There are a few things that you would do well to remember before continuing with these guidelines.
A) Nothing is 100% Secure.
B) Too much Security is just as bad as having not enough, but that is another issue altogether (more on that below).
C) The best defense is a good offense. To that end, one should become knowledgeable, use common sense, and absolutely MUST keep the operating system fully patched (updated).
Security Programs - The Basics
1) Always use just one each of these type of security programs:
- Anti-Virus
- Anti-Malware
- Third Party Software Firewall
System instability, as well as reduced security, could result from using conflicting security programs. A detailed explanation of this can be found here: Do's and Don'ts of Security Programs
2) Always keep your Security Software up to date and certainly running in real time (where applicable). There is little or no use having a Security Program installed that is outdated or disabled: it will not be able to detect the latest threats and you will end up with an infected system.
3) Perform a full system scan using your Anti-Virus software at least once per week. Tailor your schedule to suit your needs. Some may need to scan more often...some less often, depending on particular usage. Anytime you may notice peculiar system behavior or performance, obviously you should perform another scan. Delaying your investigation of such an issue could result in a potential infection spreading across the internet. You wouldn't delay investigating an issue with your bank account...would you?
You can find an in-depth explanation of Security Programs here: Do's and Don't's of Security Programs
You can find a comprehensive list if good FREE Security Programs via the below links:
Anti-Virus
Anti-Spyware/Malware
Firewalls
Extra Security
1) Use an On Demand Scanner:
It is a good idea to keep at least one program on board that can be used as an On Demand Scanner. The reason for this is because the protective software vendor for your particular security program isn't on the same "update" schedule as all the other vendors. This results in some variance in updated definition files among the various security software available. Using another on board "On Demand Scanner" that offers no real time or resident protection, will not conflict with your full time Security Programs but will serve to render you a "second opinion" if ever in doubt.
NOTE: You must disable your resident protection before running an On Demand Scanner.
Some good FREE On Demand Scanners:
.
2) Monitor file and registry activity:
With Windows Vista and Windows 7 there is a feature called User Account Control (UAC), that will notify you and ask for confirmation before allowing certain changes to be made to the system. This feature is not available with NT systems earlier than Windows Vista.
There is a program called WinPatrol that is designed to monitor the activity on the system in a similar way that UAC will.
NOTE: DO NOT disable UAC if you install WinPatrol, as it is still very much needed.
You can find a list of the features of WinPatrol HERE. The links on the WinPatrol web page will take you to a description of what each feature does.
3) Online Scanners:
There are many Online Scan Engines available today that not only will perform a full system scan, but will also disinfect what is found. Online Scans are recommended for the "Second Opinion" regarding some questionable finding from your on board protective software.
Note: You will need to disable all active protection before running an online scan. And it is advised that you use Internet Explorer to run these scans. Most will require that you use Internet Explorer, but some will accommodate other browsers as well.
You can find a list of Online Scanners here: Online Scanners under the heading "Full System Scans".
4) Check what is flagged as malicious:
Investigate ANYTHING found to be malicious during a scan. It would serve you well to investigate first, rather than to happily click away a file that was in fact a "false positive" finding due to a "bug" in the software. Microsoft critical core files have, from time to time, been flagged as malicious. In theory, these critical files cannot be deleted but a security application that arrests one of them could certainly result in quite the wrestling match which could ultimately result in a non-boot situation.
You can check single files at a variety of web sites. They use a wide range of scanners from the top security companies. If a scan on one of these sites shows bad results from more than one of the scan engines, then it's a pretty good bet that you should at least quarantine it. If, on the other hand, nothing bad results from the scan then you should report your suspicion to the software vendor so they can correct their signature definition files database. You can find a list of single file scan engines here: Online Scanners under the heading "Individual File Scan".
If any of the above methods report that a file is indeed malicious, then it is good practice to investigate the finding further. You can do this by using your preferred search engine to see if there are any discussions on the infected file and the best way in which to remove it. You can also go to the forum for the security vendor that flagged the file and start a discussion. Different vendors will report the same infection by different names, so you should always use the exact name that any vendor reported.
When dealing with infected files you should always "Quarantine" a file before deleting it. The reason for this is that if the finding is a false positive and you delete it, you could damage some program, or even Windows itself. This could result in a situation in which the system will not boot. If the file is in "Quarantine", then the file can be restored. There is no easy way to restore a deleted file.
NOTE: Sometimes a Windows system file will become infected and it can prove to be very difficult to remove the infection. Under no circumstances should a system critical file ever be deleted. There are specific ways and means for dealing with infected system files and this should not be undertaken unless you know what you are doing and are capable of doing it correctly. If you are ever in doubt about the procedures that should be taken when removing an infection, then you can request expert help by following the instructions below:
Go to this forum, Dell Community Malware Removal Forum And then follow the instructions in this thread Please read This Before Posting.
Protect yourself on the Internet
There are methods available that will help protect you against infections while surfing the Net.
1) SpywareBlaster is a very good, free and non-invasive tool for preventing the installation of ActiveX-based Spyware, adware, browser hijackers, dialers, and other potentially unwanted software. It will block Spyware/Tracking cookies in Internet Explorer and Mozilla/Firefox and restrict the actions of potentially unwanted sites in Internet Explorer. You should Manually check for updates at least once a week as the free version does not have an automatic updating feature.
2) Know the sites that you visit:
Always use a Site Adviser such as WOT (Web of Trust).
This will put an icon next to each link on your browsers search page:
RED = Bad Site
ORANGE = Dubious Site
GREEN = Good Site
Any site listed as Gray, means that the site is unrated.
NOTE: Be advised that even a site in green could have been hijacked and contain malicious code. Always use extreme caution when browsing the net.
There are other site advisers available, McAfee Site Advisor being just one. They all work in pretty much the same way, though WOT rates a site based on the experiences of regular internet users, while McAfee itself determines the rating a site gets.
3) Set IE to more secure settings:
Over the years, the security of Internet Explorer has vastly improved. The down side is that it is the most widely used browser in the world. For this reason, it is also the most widely targeted browser in the world. The default settings from IE, although quite adequate in some or many cases can be greatly improved with a little tweaking.
Stepping up the security levels in IE will not only help to protect you from infection, but will make browsing the net a far more enjoyable experience. After all, anything that minimizes the chance of infection is a worthwhile and enjoyable endeavor.
You can find a full list of the steps that can be taken to lock down IE, here: Securing Your Web Browser
4) Lock down your HOSTS file:
The HOSTS file is a critical element of your system's internet access that can be edited for your benefit, or detriment. Editing the hosts file manually is not recommended for the novice user. There are programs that will do this for you and a few recommended, that approach this with caution are:
MVPS HOSTS (Recommended for Advanced computer users only)
Spybot Search and Destroy (Recommended for beginner to intermediate computer users)
NOTE: DO NOT install the resident protection (TeaTimer) function of Spybot Search and Destroy. You only need to use the immunize feature of the program.
WARNING: You must read through all the information for the program that you decide to use as tampering with the HOSTS file can result in disastrous effects should something happen to go wrong. If you are unsure what the HOSTS file is, what it does, or you do not understand the information on the program vendors site, steer clear of using a HOSTS file program.
5) Limit the spread of Infection:
Using Sandboxie will run anything you install via your browser in an isolated space on the Hard Drive that will stop programs or files infecting and spreading across your system. While running a sandboxed browser, you should keep in mind that any changes made to the system during the session, including anything downloaded or installed (whether purposely or surreptitiously) will go away when the sandboxed browser is closed. This is by design and is precisely the intention and purpose for using such a program.
Sandboxie is also capable of running various other programs in an isolated area (the sandbox) so as to protect your system from unwanted changes caused by infection.
Patching (updating) a system
1) Microsoft Programs and the Windows Operating System:
Microsoft Windows Updates is the quickest, safest and easiest way to ensure that all your Microsoft programs and Windows itself are kept up to date and secure. These updates are a must have, as when a security exploit is discovered in a program, there is an update released that patches the hole. Without these updates you severely increase your chances of infection.
You should make sure that Windows Update is set to automatically download and install critical updates. By doing so you are sure to at least be protected with all of the latest "critical" updates. To do this:
Go to Start > All Programs > Windows Update > Change Settings > Install updates automatically > OK
For Windows XP you will need Service Pack 3. Support for Service Pack 2 ceased on July 13th, 2010.
For Windows Vista you will need Service Pack 2. Support for Service Pack 0 (no Service Packs installed) ceased on On April 13, 2010. Support for Service Pack 1, will cease on July 12, 2011. If you are running Vista with no Service Packs, then you will need to install SP1 before you can install SP2.
For Windows 7, there are as of yet no Service Packs that have been officially released (written November 2010).
For any of the above Operating Systems, you also need to ensure that you have Internet Explorer updated to IE8 (or the latest version). This is to combat security flaws in previous editions.
Once you have the latest Service Pack for your system installed, you will need to keep going back to Windows Update as the updates are installed in layers. Once one layer is installed, another layer will become available. This can go on for as many as six or seven times, maybe more, depending on how outdated your system is. To ensure that you have all the available updates installed you should keep doing updates until you reboot the computer and check for updates and it reports back "Windows is up to Date". Once you receive this message, you need to reboot the computer and re-check for updates, if you still receive the "Windows is up to Date" message, then you are up to date - for now. Microsoft releases updates on a very regular basis, hence the reason that is it wise to ensure that Windows is set to download and install all critical updates automatically.
2) Non Microsoft Programs:
There are many programs that you may have installed that an attacker could use to infect the system. Two of the most commonly targeted are Java and Adobe products. Having an outdated program on board is akin to leaving the door open to your house. Remember the "common sense" suggestion above? Here's your opportunity to use it...SHUT THE DOOR AND LOCK IT! How do you do that? Update! Update!! Update!!!
For Java, you can go to the Java icon (looks like a Coffee cup) in Control Panel (set to classic view) and select the update tab and then select "Update Now".
For Adobe, you can go to Start > All Program > Adobe Product of choice > update
There are many other programs that must be kept updated at all times, but these are the main two.
3) Patching other Programs:
You may think that keeping on top of all these updates seems like an impossible task. Not so.
Downloading and installing Secunia PSI will make the job very easy.
It runs quietly in the background and will give a balloon pop-up from the task bar each time a program needs updating. Just click the Secunia task bar icon and the program will open. You will then see a list of the program(s) that needs updating, click the blue circle under the "Solution" heading, and you will be taken directly to the download for the exploited program.
Other Safe Computing practices
1) Keep all important data backed up. Data that you do not have more than one copy of, is data that you run the risk of losing.
You can find a complete overview of backup strategies here: Backup Essentials: An Overview
2) Stay away from Peer2Peer programs, Crack and Keygen sites and warez sites. These are a breeding ground for Malware and if you use them, in a short time your system will become infected, that's a given.
3) Use your email client responsibly. Be wary of every attachment and link that you receive. If something out of the ordinary appears in your inbox then get in touch with the sender by a means other than email. Even links from friends and family should be approached with care. Who's to say? Maybe their email account has been hacked and they might not be aware. You can find an in depth explanation of secure email practices here: Safe and secure use of email
4) Always proceed with caution on any Social Networking site, to name but a few: Facebook, Twitter, Bebo, myspace. Treat it the same as you should your emails. Be wary of every link and extra add-on or game, no matter who they are from. Also, go into the privacy settings of your chosen Social Networking site and ensure that all the settings are locked down.
5) As Internet Explorer is a highly targeted browser, consider using an alternative such as Firefox, Opera or Google Chrome.
Using an alternative browser will not mean that you are immune to infection, it will just lower the chances - a little.
6) Implement and use strong passwords for all your online accounts. This is not just Bank accounts, but email, social networking, eBay, PayPal, forums, and anything else that you may ever have to enter a password for. A good strong password will consist of at least ten characters, with a mixture of upper and lower case letters, numbers and symbols, (*, #, @ ) are but a few.
7) Seeing 'https', rather than 'http', in the address bar of your browser (the address may also display in a different colour) together with a 'locked padlock' icon at the bottom of your browser is a fair indication that the site is secure.
You can find a full overview of implementing strong passwords here: Creation and Implementation of Strong Passwords
Conclusion
Implementing the above suggestions and recommendations, your chances of infection will be greatly reduced. It may seem daunting at first but once you are in the habit, you will find it quickly becomes second nature. You can check how well your system is locked down at any one of these sites. They will run a series of tests on the system and report to you just how secure your system is.
NOTE: None of these sites will infect your system, they will just let you know how vulnerable your system is to infection:
F-Secure Health Check
PC PitStop Tuneup
GRC Shields Up
Surf Safe!!