How to Protect yourself from malware!

[chaslang]

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.


1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows XP SP2 (which you really should be running at a minimum if your PC supports it) see the below link before updating. If you already have Windows XP SP3 then you don't need to worry about SP2 since you are more current already.

• Get Your PC Ready for Windows XP SP2

You should check for Windows Updates at least once a month. Go to the below link to get your updates or check to see if you need any:

• Windows Update

Note: If you have problems getting your Windows Updates, see if the below thread helps:

• Help with Windows Update

VERY IMPORTANT NOTE:

Before you decide to skip getting your Windows Updates for whatever reason you think you have, make sure you read the below link and understand the possible risks to your security.

Cleaning a Compromised System


2) Anti Virus: make sure you have one and keep it updated. Here are some good free ones:

• AntiVir Personal Edition - for Win 2K/XP/ Vista 32bit and 64 bit
• Avast! Home Edition
• Comodo AntiVirus - for Windows XP (SP2) / Vista (32 and 64 bit versions)
  • WARNINGS:
    • Ask Toolbar may be installed by default but you can uncheck this during the install or uninstall it anytime afterwards if you decide you do not want this feature later.
    • This includes both the a firewall and an antivirus. Do not install the firewall part if you already have a firewall.
• PC Tools AntiVirus Free Edition - forWin 2K/03/XP/Vista
• AVG Free Edition - SEE BELOW NOTES and Warnings:
  • The newer AVG programs ( ones after AVG7.5) have been problematic for some people and it also falsely detects as problems, active-X killbit settings that SpywareBlaster and others have added to your registry to protect you. ( see this blurb from Grisoft: http://free.avg.com/ww.faq.num-1319#faq_1319 ). Due to these issues, caution is advised with using AVG8. See the following for additional info: http://forums.majorgeeks.com/showpost.php?p=1158394&postcount=2
  • Many people have found that AVG with LinkScanner and other features to be to resource hungry (becoming bloatware). You may want to install without LinkScanner and look into disabling certain other features. Check this link out: http://free.avg.com/ww.faq.num-1338
  • Warning: Personal observations are that AVG will dramatically slow down all operations of your PC so please be adware of this and take note if the general startup, shutdown, and overall operations appear to slow down. If you experience this, uninstall it, reboot, and use one of the other programs.

These are better than Symantec/Norton or McAfee because they are free and because they are not so system resource hungry. The recent versions of Symantec/Norton and McAfee have become very bloated. This does not mean they do not work. If you have either of them and are happy with it, stick with them. But whatever you choose remember to Only Run ONE AV!

3) Firewalls

A firewall is software or hardware that acts like a gate to help protect your computer against hackers and some computer viruses and worms that try to find unprotected computers that are connected to the Internet. This gate allows you to you to accept connections from sources you trust, and it keeps the gate closed for ones you don't trust. A firewall works by examining information coming from and going to the Internet. It identifies and blocks information that comes from a dangerous location or seems suspicious. If you set up your firewall properly, hackers searching for vulnerable computers cannot detect your computer (often referred to as a stealthed connection)


There are two kinds of firewalls:

1. Hardware Firewall - normally built into a router if you use one. If you do have a router with a firewall, make sure you enable it. And also password protect your router, especially if it is a wireless router. Wireless routers can be less secure because they use radio frequencies to communicate with your PC. So if you use a wireless router, you can help enhance the security of your network by enabling the firewall and by requiring a password to connect to your network. Make sure you also enable encryption on your wireless network.
2. Software Firewall - special software that you must install. Use a software firewall even if you do have a hardware firewall. But only use one software firewall. Running multiple software firewalls is unnecessary and using more than one software firewall on the same connection could cause issues with connectivity to the Internet or other unexpected behavior.

If you don't have a Software Firewall, get one of these below. You can try the ones listed below. They are listed in an order of best to worst based upon leaktesting that has been perfomed by Matousec You will notice that the Windows XP SP2 is the worst performer on the list. I don't care if you're on dial up or High Speed....you must have a firewall or you can get infected faster than you can download any tools to fix your problems. If you use Vista, make sure you check for compatibility before choosing a firewall. The firewalls list with blue links are free, the ones in green are not free.

• Comodo Personal Firewall
  • WARNINGS:
    • Ask Toolbar may be installed by default but you can uncheck this during the install or uninstall it anytime afterwards if you decide you do not want this feature later.
    • This includes both the a firewall and an antivirus. Do not install the antivirus part if you already have an antivirus.
• Outpost Firewall Free
• Outpost Firewall Pro - this version includes the below protection
  • Advanced firewall for secure connections
  • Antispyware to keep your PC spyware-free
  • Host protection to block zero-day threats
  • Web control to protect your PC from web-borne threat
• Jetico Personal Firewall - shareware version
• PC Tools Firewall Plus <-- make sure you uncheck the options to install Google Toolbar and Threatfire free edition. There's is no sense in installing excess baggage.
• Online Armor Personal Firewall (free edition) - can be quite resource hungry so if you have limited memory and/or a slow processor, do not us this firewall.
• ZoneAlarm Pro - this is not the free version
• Jetico Personal Firewall v.1 - free version
• Kerio Personal Firewall
• Sygate Personal Firewall Free <--- with the Symantec acquistion of Sygate, I do not know how much longer this will be around or be free!
• ZoneAlarmFree - no longer supports Win9x or Me platforms. The new 7 version of Zone Alarm free includes Zone Alarm Security Suite, making the download larger then it used to be. Do not install the Security Suite. Also the free firewall now has some minor nag screens.
• Filseclab Personal Firewall Professional Edition

Notes:

1. For Win XP SP2 users, after installing any of these firewalls, you must make sure to disable the firewall that is part of WinXP SP2. It is enabled by default, and it does not provide adequate protection and is only an incoming (uni-directional) firewall. Similar to antivirus applications, you must use only one software firewall. The information in the following will help you disable the firewall:Windows Firewall Some of the above firewalls may automatically disable the Windows firewall for you, but it is best to check for your self.
   • For additonal info about the problems with Windows XP SP2 firewall read these:
     • How Secure is Windows Firewall
     • Is Microsoft's Firewall Secure?
     • Windows Firewall Flaw may hide open ports
2. For Vista users, your built-in firewall is better than the one in XP but most still feel that it is not a adequate firewall and lacks certain capabilities.
3. We often get questions about testing your firewall for security and open ports. You can use sites like the below to do this:
   • http://www.hackerwatch.org/probe/
   • http://www.auditmypc.com/
   • http://www.grc.com/lt/leaktest.htm
   • http://www.pcflank.com/
   • http://www.personalfirewall.comodo.com/onlinetest.html

4) Get a Temp File/Cookies/index.dat cleaner

• CCleaner

5) AntiSpyWare Tools


Three types of tools exist:

• Realtime blocking (i.e. protection) tools that may also be a scanner and removal tool
• after the fact scanner
• non-realtime protection no scanner

Realtime blocking tools - pay tools and free tools - ONLY USE 1 REALTIME BLOCKER

Pay Tools

• SUPERAntiSpyware- (recommended purchase) if you purchase this, you get protection. It will only be a scanner (see below) if you don't buy it.
• Malwarebytes Anti-Malware - if you purchase this, you get protection. It will only be a scanner (see below) if you don't buy it.
• CounterSpy - 15 day trial!
• Spy Sweeper - if you don't buy it, it will not fix anything
• Spyware Doctor - if you don't buy it, it will not fix anything

Free Tools

• AntiVir Personal Edition - includes antispyware, anti-rootkit and more ( see: http://www.free-av.com/en/pages/6/comparative_chart.html ). Do not install another AV if using this.
• AVG Free Edition - includes antispyware protection. Do not install another AV if using this.
• Comodo AntiVirus + Firewall - Provides antivirus and firewall protection.
  • WARNINGS:
    • Ask Toolbar will be installed by default but you can uncheck this during the install or uninstall it anytime afterwards if you decide you do not want this feature later.
    • This includes both the a firewall and an antivirus. Do not install this if you already have an antivirus.
    • You may want to read the below link if your are unfamiliar with configuring protection software:
      • Configuring CIS for Maximum Security with ZERO Alerts for Novices
• Microsoft Windows Defender - this version is only for Windows 2003, XP and is not highly recommended as protection and scanning is not adequate.
• SpyWare Guard - Not Recommened! - was quite useful at one time but now is very outdated and will not protect you from most new malware; however, having this installed is still better than no protection.
• Spyware Terminator - this version does install their Web Security Guard toolbar which is like McAfee's SiteAdvisor.
• Windows Defender for Vista
  • For Vista, Windows Defender has been much improved ( but still not the best choice but better than none ) and may be a useful free alternative and it comes already installed. On many PCs it is enabled by default. On others it is disabled by default. This may be a matter of the country where the PC is purchased.

After the fact scanning tools

• SUPERAntiSpyware - free version has no realtime protection but provides a useful scan/removal feature. See the below link for a comparison of the free and paid version which is recommended
  • http://www.superantispyware.com/superantispywarefreevspro.html
• Malwarebytes Anti-Malware - free versions is only a scan/removal tool.
• AVG Anti-Spyware - Free version becomes scan only if you don't purchase after the trial period ( AVG Antispware has been discontinued as it is included in AVG8 AntiVirus )
• SpyBot-Search & Destroy
  • Use the Immunize feature.
  • Use SDHelper which integrate into Internet Explorer to block your browser from downloading bad programs from known malware sites.
  • I don't recommend activating the TeaTimer which does provide realtime protection but has been problematic in the past. Some people have fewer problems with it then others so you may wish to give it a try as a realtime blocker and decide for yourself.
  • On Vista, Spybot will install a security center service.

Non-realtime protection no scanner

• SpyWare Blaster Install it, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites.

What do we recommend ?

• one realtime blocking tool from the list
• Spybot - installed as recommended using SDhelper and Immunize
• SpywareBlaster with all protection enabled.

IMPORTANT NOTEs:

1. Use only one realtime blocker - I do not recommend using multiple full blown blocker/scanner/removal tools (like AVG Antispyware paid version, Comodo BOClean, CounterSpy, MS Windows Defender, SpySweeper, SpywareGuard, and Spyware Terminator) at the same time as a long term solution. Doing that temporarily to clean a system is okay, but long term you may find that it slows your system down too much. It is okay to run one of these, along with the other items listed above because the others are not too resource hungry (that is, as long as you do not use Spybot's Teatimer).
2. Beware of Rogue Tools - There are loads of bad (also called rogue) anti-spyware programs available out there. You should familiarize yourself with the list maintained at the Spyware Warrior website. See: Rogue/Suspect Anti-Spyware Products & Web Sites

6) Adjust Active X security settings

• In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
  • Set Download signed Active X controls to Prompt
  • Set Download unsigned Active X controls to Disable
  • Set Initialize and Script ActiveX controls not marked as safe to Disable
  • Set Installation of desktop items to Prompt
  • Set Launching programs and files in an IFRAME to Prompt
  • Set Navigate sub-frames across different domains to Prompt
  • Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
  • Click OK and OK again.

7) Install a backup browser just incase you run into problems with Internet Explorer

Some malware can affect your browser's ability to connect to the internet. Since Internet Explorer is the built-in default browser for Windows, most people still have and use it. Thus it is the most likely candidate for being attacked by malware. At the current time ( Jan 2010 ), Internet Explorer is actually more secure than FireFox, Chrome, Opera and Safari. And IE8 does a better job at blocking malware too. In the past, people used to say "use Firefox, it's safer", this is not the case anymore since Firefox's popularity grew and it is frequent cause of malware problems now. In addition, recent reports show Firefox to have a greater number of security holes than IE.


The above being said, it is still a good idea to have a couple alternative browsers installed for the case where one gets broken ( either due to malware or for other reasons ) and internet access may be blocked with one browser and not the other. A few choices that you may want to look at are included below:

• Mozilla FireFox
• Google Chrome
• Opera
• Apple Safari for Windows

You must also remember that no browser will protect you from yourself. If you access questionable sites, download illegal pirated or cracked software, keygens...etc or go to porn type websites then no browser will be secure enough.

For people with young children, you may want to consider installing Glubble It is a FireFox addon for families with children under 12 years of age. It enables families to be sure they only see the best of the web. It allows you to control which sites your kids are allowed to access.

8) Uninstall Microsoft Java ( only applies to older OS's like pre Win XP SP2 ) and Replace with Sun Java

You may already have Sun Java if on a newer OS or a newer PC. Just get the current version of Sun Java installed. The link to it is given below.


Microsoft no longer supports Java and it is often a source of installed spyware and hijacks so it is a good idea to remove Microsoft Java Virtual Machine and Install Sun Java. To remove it follow these steps.

• Select Start > Run and Enter "RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall" in the Open box, and click ok.
• Click Yes to confirm that you want to remove the Microsoft VM
• When prompted, reboot the computer
• Remove the following items: (Systemroot is where windows is installed (usually C:\Windows)
  • The \%Systemroot%\Java folder
  • The file java.PNF from the \%Systemroot%\inf folder
  • The files jview.exe and wjview.exe from the \%Systemroot%\system32 folder
  • The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Java VM
  • The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ InternetExplorer \ AdvancedOptions \ JAVA_VM

• As an alternative to the above steps you can try the below tool to remove MS Java. Download and run the MSJVM Removal Tool 1.0a

• Note Windows 98 or ME users, you cannot use the current version of Sun Java, you must use one of the older 5.0 update versions. The last one is available here: Sun Java Runtime Environment (9x\ME)
• Skip this item if running Win 98 or ME. Now install Sun Java Runtime Environment (JRE) from here: http://java.sun.com/javase/downloads/index.jsp When you install this latest version of Sun Java, be sure to uncheck the options to install the Google Toolbar for Internet Explorer and Google Desktop (that is unless you want this additional baggage). Be sure to use the option to Test your Java Virtual Machine (JVM) when you finish. It will only take about a minute and it verifies your installation is good.

Make sure you check that you have the lastest version of Sun Java installed by clicking the link. If you have an older version, install the new version and then remove all old versions. It would also be a good idea empty the Sun Java cache periodically because many baddies will store themselves there.

You can choose a different language if you need it from the top menu on that page. (Any files or registry entries not found or errors can be ignored and go to the next step)

9) Disable the AutoRuns Feature used to spread malware

Run this procedure: Disabling AutoRuns

10) Use Passwords & Create Restricted User Accounts

All user accounts should have password protection. Especially on Win NT, 2K, XP, and 2003 systems. Make sure you do not leave the Administrator password account password blank. This is the default. Also it is a good idea to completely disable the Guest account. When you choose your passwords, choose them wisely. Do not make them too short and do not choose anything that would be easy to guess.

When creating user accounts on WinNT, 2K, XP, and 2003 systems, it would be a good idea to only have one account with administrator priviledges. Create all other user accounts as restricted users. Especially for your children. This will prevent them from installing anything that you do not approve and install for them. It will also save you a lot of time cleaning up the mess that will occur when they have unrestricted access to the PC.

It the most secure option would be to never surf the internet on an account having administrator priviledges, but doing this will cause certain difficulties for some people.


11) Security starts with you! Becareful what you download and from where!

• There are loads of free programs and services out there that people just love to download from. These are programs like Kazaa, Imesh, etc. They quite often come bundled with lots of malware that will cause you significant problems. Misconfiguring these programs can leave you open to sharing personal and sensitive information from your PC (even passwords and financial information). Read this on how it has been used for identity theft:
  • http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

You are downloading unknown/untested files which may be infected from unknown sources directly onto your PC and while these programs are running you are sharing your PC with the whole world since these programs will allow others access to your PC bypassing the firewall and other security programs. I strongly advise avoiding these programs and servers completely. But if you must use them, choose more wisely. See the below link which can help you make a more educated choice:

Spyware Info's Clean and Infected File Sharing Programs

• Avoid installing services and applications which you do not use in your normal daily routines. It is not necessary for them to be loaded all the time. The above P2P programs are a great example of this. Many programs that autoload at startup can just be run on an as needed basis.
• Also it should go without saying but....avoid the porn sites! They are notorious spreaders of more than one kind of smut. In addition many porn (and some non-porn) sites that have various forms of videos that they are trying to get you to watch online or download and watch, are causing vast amounts of people to become infected. These infections typically occur because the trick you into downloading a codec required (supposedly) to view the videos. What you normally wind up with is an infection that is grouped into the SmitFraud aka Zlob family of infections! Thus, DO NOT DOWNLOAD CODECS from anywhere except from a reputable site like Major Geeks!
• Don't download cracks, serial numbers, cheats etc for commercial programs. Besides being illegal, you will often find you are getting more than you bargained for (i.e. malware!!!!).
• Also be very careful to read popups before clicking on them. You probably do not want what they are selling and sometimes the correct answer may be the opposite of what you think. They will choose wording meant to confuse you.
• Do not open e-mails coming from unknown or distrusted sources. Many viruses and trojans spread via e-mail messages. You can always check with the originator to see if they sent something to you.
• Especially be careful with attachments. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated antivirus program.
• Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it congests the Internet even more than it already is. If you respond to their email where it says something like "to be removed from our list", all you are doing is confirming your email address is valid and you just got yourself added to a load more spamming lists.
• Never add any site to your Trusted Sites Zone unless it is absolutely necessary to run something you really need (like for work).
• Finally, when installing any software, read the license agreement carefully before accepting. You may be surprised what you will find. Like thousands of people who had to have LOP infections and other malware removed from their PCs who did not read the license agreement in Messenger Plus (which is not related to Microsoft).

12) The True Story About Cookies!

First let's get right to the point. Cookies are not problems that you need to be concerned with. Too many antispyware programs flag cookies and make them sound like they are high risk items. The truth is that they are not high risk problems and in most cases are actually very useful to you.

This subject has long been debated on the internet and obviously there are many opinions about cookies. Cookies are not executable programs. They are simple text files stored on your PC to help websites (and you) track useful user settings and non-personal information, like which advertisement you last saw (which prevents you from seeing the same ad over and over again).

Yes some cookies are often referred to tracking cookies, but tracking is more complicated then just having a cookie. Every website you visit would have to have knowledge of the particular cookie so that they could use it to add tracking info to it and to make use of it. You will see many antispyware programs indicating various cookies as tracking cookies and this can artifically make detection counts look very high. It is also a sore point when doing comparisons between antispyware programs. If one program detects cookies and another does not, it can make the one that does not detect them look like it is doing a bad job.

Similarly it makes the one detecting them look like a great product since it picks up things the other missed. Thus most (not all) programs will detect cookies to avoid this hazard. Don't be fooled by cookie counting. If cookies are the only thing showing up, you are in good shape. They are not harmful and you can just ignore them or if so desired, you can easily clean them using your browser or other tools like CCleaner.

13) What to do if you do get infected!

• If you still get an infection or already have one, you should follow the procedure given here READ & RUN ME FIRST. Malware Removal Guide . If this does not fix your malware problems then follow the instructions in the READ & RUN ME and create a new thread in the Malware Forum requesting help. Be sure to attach all of the logs requested in the READ & RUN ME and clearly explain your remaining problems.

14) How often should you run scans?

A very common question is how often should I run scans. A good rule of thumb would be to run full scans at least twice a month. If you do an excessive amount of surfing and downloading (especially P2P or torrent downloading) you may want to make it a weekly scan.

If twice a month is too much for your schedule then at a minimum you really should complete full scans once a month. And make absolutely sure that you keep all of your protection software up to date.

15) Miscellaneous Tips

1. Keep System Restore Enabled: Do not permanently disable System Restore. Many people do this and lose the safety net that it provides. It just could be the thing that saves you from having to do a total reinstall.
2. User Account Names: Since many people are sensitive about their real names being seen in logs (although we do not consider it an issue), it would be a good idea to not use your real names on user accounts you create on your PC. Also it is a good idea to not use spaces or special characters (like & or others) in your account names. And use separate accounts for each user. Do not use combined accounts. For example, Kathy & Jim should have separate user accounts named Kathy and Jim And My User Account should be MyUserAccount
3. Use Restricted User Accounts to Surf: It is highly recommended that you only use a Restricted User account ( note in Windows XP these are called Limited User accounts and in Vista they are called Standard User accounts ) while surfing the internet. This can help to keep certain malware infections off your PC since they may require admin level priviledges to do their dirty work. Some people find using restricted accounts full time to be too much of an annoyance. You can safely surf using an Admin account if you practice safe surfing, but many people are their own worst enemies and should really consider using Restricted User accounts.
4. Avoid Making Online Purchases On Public Computers - A hacker or thief can easily put a keylogger on a public computer that allows them to know everything you've typed including your credit card numbers and passwords. Stay away from public access computers when doing online shopping!
5. Don't Save Your Credit Card Numbers Online - Many reputable sites give you the option to save credit card numbers online to make future purchases easy. However, if the company's database is ever successfully hacked, your information could be exposed. It's safer to re-enter your numbers with each transaction. After all what is more important to you, you financial security or saving a little bit of time typing.