home
::Find ISP ::Forum ::Info ::Links 
Forum HomeMain  SearchSearch  please registerplease register  Log inLog in  FAQFAQ  RULESRULES  
"So how did I get infected. . .?" © Tony Klein

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Forum Index -> PC Protection
View previous topic :: View next topic  
Author Message
Corrine

Administrator
 
Joined: 18 Jan 2001
Posts: 12721
Location: Upstate, NY
PostPosted: Mon Oct 31, 2005 8:30 am    Post subject: "So how did I get infected. . .?" © Tony Klein Reply with quote
"So how did I get infected in the first place?" © Tony Klein (Revised from the original article by Tony Klein. See Note*)

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices

1.) Keep your Windows updated!
  • Windows XP: Go to Start > Windows Update
  • Windows Vista: Go to Start > Control Panel > Security > Windows Update
  • Windows 7: Go to Start > All Control Panel Items > Security > Windows Update
  • Or navigate to http://windowsupdate.microsoft.com, and install ALL Critical security updates listed (you will need to use Internet Explorer to do this).
  • Service packs are the means by which product updates are distributed and may contain updates for system reliability, program compatibility, security, and more. Unless you suspect your computer is infected with malware, the latest service packs can be downloaded from Microsoft Support. Once you are sure you have a clean system, it is highly recommended to install the latest service pack to help prevent against future infections.
  • It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Either enable Automatic Updates or get into the habit of checking for Windows updates regularly.


2.) Update 3rd Party Software Programs
  • Third Party software programs have become targets for malware creators. To check if your system is missing security updates or has insecure applications installed, install the Secunia Personal Software Inspector (PSI) or visit the Secunia Online Software Inspector page.
  • The Secunia Online Software Inspector runs through your browser with no installation or download required and does the following:
    -- Detects insecure versions of applications installed
    -- Verifies that all Microsoft patches are applied
    -- Assists you in updating your system and applications


3.) Watch what you download!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others are among the most notorious. P2P programs allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner.
  • Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!

    Pre-scan downloaded files for viruses and malware at one of these multi-engine single file scan sites. Both use a dozen or more well-known anti-malware scanners in a quick, easy scan with a report of results from all.

    -- Virus Total (10mb limit): www.virustotal.com/xhtml/index_en.html
    -- Jotti's Malware Scan (15mb limit): http://virusscan.jotti.org/en


4.) Avoid questionable web sites!
  • Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.
  • Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.
  • In addition, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!
  • For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.


Must-Have Software

*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other.

5.) Antivirus
  • An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. The following antivirus software programs are free for personal use.
    -- avast! 5 Home Edition
    -- Avira AntiVir PersonalEdition Classic
    -- Microsoft Security Essentials
  • Please run only one antivirus resident at a time!
  • It is recommended to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.


6.) Firewall
  • It is critical that you use a firewall to protect your computer from hackers. (The built-in Windows Vista and Windows 7 firewall blocks both incoming and outbound, but is still written to the registry). Since most malware accesses the registry and can disable the Windows firewall, you may prefer to install a third party firewall. The following firewall programs are free for personal use.
    -- Online Armor Free (Setup instructions at http://www.tallemu.com/webhelp3/Welcome.html ; Additional assistance at the support forum at http://support.tallemu.com/vbforum/
    -- Agnitum Outpost Firewall; Guide at http://www.outpostfirewall.com/guide/index.htm for Outpost Free Firewall; Outpost FREE FAQ at the support forum here: Outpost Users Support Forum
  • Please only use one firewall at a time!


Other Cleaning / Protection Software

Of the below-listed programs, passive protection like that provided by SpywareBlaster, WinPatrol and Hosts file programs, can be used with active resident protection programs effectively. For example, the free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used.

Only scan with one program at a time should be run with a shutdown/restart between scans.


7.) Install Javacool's SpywareBlaster
  • This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
  • Don't forget to check for updates every week or so.


8.) HOSTS File Programs
  • MVPS HOSTS -- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002.
  • hpHosts -- hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites. The inclusion policy can be found at http://hosts-file.net/?s=policy


9.) Anti-Malware and Anti-Spyware Programs (Select one or two)
  • MalwareBytes' Anti-Malware
  • target="_blank" class="postlink">SuperAntiSpyware
  • Windows Defender (Note: If you use MSE, Windows Defender will be inactivated since the features are incorporated in MSE.)
  • Spybot Search & Destroy
    -- Has the Immunize feature which works roughly the same way as SpywareBlaster.
    -- Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.


10.) WinPatrol
  • WinPatrol's Host-based Intrusion Prevention System(HIPS) takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Win Patrol is a powerful system monitor. Some of the features are described here


Happy safe computing!!


Credits: Anti-spyware Community - for suggesting additions to this article

Revised: TonyKlein,Oct 30 2005, 05:00 AM
Reproduced with permission of the author.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

*The original version of this article was written in 2005 by Tony Klein and has been reproduced or linked to in over 33,000 locations!
Tony is well known in the security community for his many contributions, including the CLSID List and A Collection of Autostart Locations.
With Tony's permission, security forums maintaining this article have continued updating it to include current operating systems and software program information.

Updated 17May2010
_________________
Freedomlist.com (2000 - 2010)



Take a walk through my Security Garden
Back to top
View user's profile Send private message
Post new topic  This topic is locked: you cannot edit posts or make replies.     Forum Index -> PC Protection   All times are GMT - 5 Hours
Powered by phpBB ©    
*freedomlist.com assumes no responsibility for any postings
spacer
Find ISP | Forum | Contact Us | Add ISP | Info | Links | Site Map |
 © Copyright Freedomlist.com (2000 - 2010)