So how did I get infected in the first place?
You usually get infected because your security settings are too
low.
Here are a number of recommendations to help tighten them, which will
hopefully make you a less likely victim:
Safe Computing Practices
1.)
Keep your Windows updated!
- Go to Start > Windows Update or navigate to
http://windowsupdate.microsoft.com,
and install ALL Critical security updates listed (you will need to
use Internet Explorer to do this). If you're running Windows XP, that of
course includes Service Pack 2 (SP2)!
- If you suspect your computer is infected with Malware of any type,
please do NOT install SP2 yet. Read the
SpywareInfo FAQ and
post a HijackThis log in our forums to get help cleaning your machine. Once
you are sure you have a clean system, it is highly recommended to install
SP2 to help prevent against future infections.
- It's important always to keep current with the latest security fixes
from Microsoft. This can patch many of the security holes through which
attackers can infect your computer.
Please either enable Automatic Updates under Start > Control Panel >
Automatic Updates, or get into the habit of checking for Windows updates
regularly.
2.)
Watch what you download!
- Many "freeware" programs come with an enormous amount of bundled spyware
that will slow down your system, spawn pop-up advertisements, or just plain
crash your browser or even Windows itself.
- Peer-to-peer (P2P) programs like Kazaa, BearShare, Grokster, Imesh, and
others are amongst the most notorious. If you insist on using P2P software,
please read
this article
written by Mike Healan of SpywareInfo. It is an updated and comprehensive
article about which P2P programs are "safe" to use. Another good reference
is
here.
- Note also that even if the P2P software you are using is "clean", a
large percentage of the files served on the P2P network are likely to be
infected. Do not open any files without being certain of what they are!
3.)
Avoid questionable web sites!
- Many disreputable sites will attempt to install malware on your system
through "drive-by" exploits just by visiting the site in your browser.
Lyrics sites, free software sites (especially ones that target young
children), cracked software sites, and pornography sites are some of the
worst offenders.
- Most of these drive-by attempts will be thwarted if you keep your
Windows updated and your internet browser secured (see below). Nevertheless,
it is very important only to visit web sites that are
trustworthy and reputable.
- In addition, never give out personal information of any sort online. And
never click "OK" to a pop-up unless it is signed by a reputable company and
you know what it is!
- For more general information see the first section, "Educate yourself
and be smart about where you visit and what you click on", in
this tutorial by
Grinler of BleepingComputer.
Must-Have Software
*NOTE*: Please only run one anti-virus program and one firewall
on your system. Running more than one of these at a time can cause system
crashes and/or conflicts with each other. The rest of the following programs
can be run simultaneously and will work together in layers to protect your
computer.
4.)
Antivirus
- An Anti-Virus product is a necessity. There are many excellent programs
that you can purchase. Personally, I use Vipre. It has the best of both
worlds: Fast anti-virus protection w/o slowing your system down with the
number one anti-spyware built into it. However, If you can't afford a
comercial product, some very good and easy-to-use free antivirus
programs are
Avast and
AntiVir.
Please run only one antivirus at a time!
- It's a good idea to set your antivirus to receive automatic updates so
you are always as fully protected as possible from the newest threats.
5.)
Internet Browser
- Many malware infections install themselves by exploiting security holes
in Microsoft Internet Explorer. It is strongly suggested that you consider
using an alternate browser.
- Both
Mozilla Firefox
and
Opera are
next-generation browsers that are more secure and faster than Internet
Explorer, immune to most known IE browser hijackers, and outfitted with
built-in pop-up blockers and other useful accessories.
6.)
Firewall
- It is critical that you use a firewall to protect your computer from
hackers. We don't recommend the firewall that comes built into Windows. It
doesn't block everything that may try to get in, it doesn't block anything
at all outbound, and the entire firewall is written to the registry. Since
most malware accesses the registry and can disable the Windows firewall,
it's preferable to install one of these excellent third party solutions.
7.)
Install Javacool's
SpywareBlaster
- This excellent program blocks installation of many known malicious
ActiveX objects. Run the program, download the latest updates, "Enable
All Protection" and you're done. Although it won't protect you from
every form of spyware known to man, it is a very potent extra layer of
protection.
- Don't forget to check for updates every week or so. Also see
this tutorial by
Grinler.
8.)
HOSTS file and IE-SPYAD
- Another good program is
MVPS HOSTS. This
little program packs a powerful punch as it blocks ads, banners, 3rd party
Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read
this tutorial by
WinHelp2002.
-
IE-SPYAD puts
over 5000 malicious sites in your restricted zone, so you'll be protected
when you visit innocent-looking sites that aren't actually innocent at all.
See
this tutorial by
Grinler.
Other Cleaning / Protection Software
9.)
Ad-Aware and Spybot
- If you do not already have it,
Lavasoft's Ad-Aware
is a must-have free scanner. See
this topic for
instructions on how to configure and run Ad-Aware.
-
Spybot Search & Destroy
is another must-have free scanner. See
this topic for
instructions on how to run a scan with Spybot.
- Spybot has an "Immunize" feature which works roughly the same way
as SpywareBlaster above.
- Another feature within Spybot is the
TeaTimer option. TeaTimer
detects when known malicious processes try to start and terminates them. It
also detects when something wants to change critical registry keys and
prompts you to allow this or not. See
this tutorial by
Grinler for more information.
10.)
Ewido Anti-Spyware
- An outstanding all-purpose anti-malware scanner and cleaner is
Ewido. Although
this is commercial software, the 30-day trial version will continue to work
after the trial period expires in "free mode", with automatic updates and
real-time protection disabled. See
this topic for
instructions on how to run a scan with Ewido.
11.)
Windows Defender
- Microsoft now offers their own free malicious software blocking and
removal tool,
"Windows Defender"
(Not compatible with Windows 98 and ME.) It also features real-time
protection.
12.)
Lock down ActiveX in Internet Explorer
- Even if you plan to use an alternate browser, you will have to use
Internet Explorer for tasks like updating Windows or visiting any other site
that requires ActiveX. Also, since Internet Explorer is integrated into the
Windows core, keeping it locked down is very important.
13.) Finally, after
following up on all these recommendations, why not run
Jason Levine's Browser Security Tests
They will provide you with an insight on how vulnerable you might still be to
a number of common exploits.
Happy
safe
computing!
This originally appeared on
SWI Forums;
posted by Swandog46: Jul 19 2006, 12:55 PM