Piriform - Malware Prevention

rridgely

Malware Prevention Guide

Safe Computing Practices

1.) Keep Windows updated!

Go to Start > Windows Update or navigate to http://windowsupdate.microsoft.com, and install ALL Critical security updates listed (you will need to use Internet Explorer to do this). If you're running Windows XP, that of course includes Service Pack 2 (SP2)!

If you suspect your computer is infected with Malware of any type, please do NOT install SP2 yet. Read the Malware Removal Guide and post a HijackThis log in our forums to get help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.
Please either enable Automatic Updates under Start > Control Panel > Automatic Updates, or get into the habit of checking for Windows updates regularly.

2.) Watch what you download!

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.
Stay away from peer-to-peer (P2P) programs like Kazaa, BearShare, Grokster, Imesh, and others as much as possible. Using these types of programs is one of the most common ways to get infected with malware. If you insist on using P2P software, please read here to find a P2P program that is malware free.
Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!

3.) Avoid questionable web sites!

Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.
Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.
In addition, never give out personal information of any sort online. And never click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!
Try McAfee's free SiteAdvisor browser add on. It will alert you of questionable websites before you go to them. Its available for both Internet Explorer and Firefox.
For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.

Must-Have Software

*NOTE*: Please only run one anti-virus program and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other. The rest of the following programs can be run simultaneously and will work together in layers to protect your computer.

4.) Antivirus

An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free antivirus programs are:
AVG
Avast
AntiVir
Please run only one antivirus resident at a time!
It's a good idea to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.

5.) Internet Browser

Many malware infections install themselves by exploiting security holes in Microsoft Internet Explorer. It is strongly suggested that you consider using an alternate browser.
Both Mozilla Firefox and Opera are next-generation browsers that are more secure and faster than Internet Explorer, immune to most known browser hijackers, and outfitted with built-in pop-up blockers and other useful accessories.

6.) Firewall

It is critical that you use a firewall to protect your computer from hackers. Windows XP and Windows Vista users already have a firewall built into their operating system. Users of these operating systems do not have to install a 3rd party solution. However, the built in firewall in XP and Vista isn't very customizable and does not monitor outbound connections. For users wanting more control you could try one of these free alternatives:
Sunbelt Kerio Personal Firewall
Zone Alarm Free
Jetico Personal Firewall
Comodo Firewall Pro
PC Tools Firewall Plus

You can test your firewall and make sure its doing its job with the following tests: GRC Shields UP! and McAfee Hacker Watch.

7.) Install Javacool's SpywareBlaster

This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so. Also see this tutorial by Grinler.

8.) HOSTS file and IE-SPYAD

Another good program is MVPS HOSTS. This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

For information on how to download and install, please read this tutorial by WinHelp2002.
IE-SPYAD puts over 5000 malicious sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. See this tutorial by Grinler.

Other Cleaning / Protection Software

9.) SUPERAntiSpyware and AVG Anti-Spyware

If you followed the the Malware Removal Guide and already gotten help on the forum then you already have AVG Anti-Spyware and SUPERAntiSpyware. These programs are excellent at scanning for and removing spyware. The real time protection or resident protection of these programs are just trials so if you want active protection you will have to pay for them (only use one of them real time). It is sufficient to disable these programs from running at start up and just scanning with them every week or two. You do have to remember to manually update them before scanning.

10.) Lock down ActiveX in Internet Explorer

Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it locked down is very important.
Open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level."In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does?

10.) Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

Happy safe computing!

This guide is an adaptation of Tony Klein's "So How did I get infected in the first place", post on the castlecops forum and was done with his permission.