How to protect yourself from MALWARE
If you can’t keep your WINDOWS computer and application software patched and updated, and your computer protected via updated anti-virus/anti-malware/anti-spyware, and FIREWALLED — DO NOT USE THE WINDOWS OPERATING SYSTEM. Please do not allow your computer to become an open relay for malware!
Draconian Interception
For just a moment, compare running your computer on the internet to those of safe driving habits. Would you want a semi-truck driver flush behind you, operating with bad brakes on a steep mountain incline? Think about it.
Driving a vehicle mandates that your vehicle pass a State safety inspection, proving that your vehicle does meet minimum standards for safe operation on public streets and highways. I’m of the mindset that safe computing should be mandatory in order to connect your computer to the internet.
If all ISPs (Internet Service Providers) monitored every computer connecting to the internet for characteristics common to a potentially infected machine, and disconnected that machine from the internet until basic safety measures were installed and updated, we would not be experiencing such high degrees of cybercrime as is prevalent on a global basis today.
What you should do if you’re Machine Becomes Infected?
Once you discover that you have something bad on your computer, the first thing that you should do is DISCONNECT from the Internet IMMEDIATELY. As a good netCitizen, I am sure that you don’t want to be pushing your malware down to the rest of us.
If you don’t know the first thing about using another resource (such as the library or friends computer) to download anti-malware tools then you need to hire a computer professional to do this. Just as you would hire a mechanic to install new brakes on your vehicle, in order to pass the state safety inspection; you would hire a computer professional to deal with getting computer woes repaired, so that you can safely operate on the Internet highway.
Tools that you should have available to discover and clean nasties
First, install and run HijackThis[HJT] to scan your computer to find settings changed by spyware, malware or other unwanted programs. Analyze the logfile at Networktechs. It is smart to be armed with the knowledge of what type of malware you will be dealing with. Many times you will have more than one type of malware present in your operating system.
Next, run these tools in the following order:
#1 Malwarebytes (MBAM). [Free] A site dedicated to fighting malware. Run both the short and the long scan.
#2 SUPERAntiSpyware. [Free] A next generation company which specializes in anti-spyware technology.
#3 Rootkit Revealer v1.71
But I can’t run any of the anti-malware tools listed above!
You may need some of the tools listed below to figure out what processes are sabotaging your clean-up efforts:
SysInternals is a free program that controls auto-started programs.
SysInternals Process Explorer v11.33
SysInternals TCPView for Windows v2.54
Foundstone Intrusion Detection Tools [FREE]
Use Windows Task Manager to find:
- Random character file names
- High CPU usage
- Known legitimate services misspelled (example: svchost as scvhost)
Malware can hide just about anywhere! It can replace .dll files, hide in the system32 folder, be disguised as a windows service, hang out in your user profile temp directory, or even in the default profile directory. I recently found malware hidden in the program files folder itself, in a sub-directory of a legitimate software application!
If all the malware locations listed above are not enough to piss you off, malware can also load in the registry and even load while in safe mode!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
Other helper tools:
CCleaner is a freeware system optimization, privacy and cleaning tool.
Secunia Software Inspector. Checks to see that all installed software is fully patched and up-to-date
Are you guilty of clicking on short URLs or disguised email links without batting an eyelash?
I personally stay on the good side of paranoia when it comes to clicking on short urls or email links. I check the source of what I consider iffy in email, and scan site urls with Sam Spade or Unmask Parasites or will even wget a site page if I happen to be in that particular environment.
Browsers AND security
Upgrade to Internet Explorer 8 or
Download Firefox and install the following add-ons:
Finjan Secure Browsing 1.314 – Secure Browsing by Finjan
McAfee SiteAdvisor 2.9
W.O.T. 20090414 – Web of Trust
Link Extend 1.5.2 – Gives you all the information for any website you are visiting
Go ahead and Install Additional layers of security…
Download Threatfire 3
“ThreatFire 3′s ability to block installation of malware strictly by identifying bad behavior is phenomenal. It did a better (and faster) job than Norton AntiBot and even beat out Spy Sweeper, our current Editors’ Choice for signature-based anti-spyware. This free tool is an excellent addition to your security arsenal.” –PC Magazine
Download Immunet Protect (get with the cloud!)
Immunet Protect gathers strength daily as the Immunet Community grows and best of all its FREE. Already have Antivirus? Even better, install Immunet Protect alongside your existing product, and it will make the Immunet community even stronger.
So you want freedom from Big Brother?
It is the nature of the freedom beast within to want to be free from Internet control. But for the good of the entire Internet community we need to deal with this issue of global Internet security now. Think about what our banking systems and global economy would be like if the bad guys controlled it. Truth spoken, you have to give up a certain amount of personal freedom in order to maintain social freedom.
I do not personally want or desire to see the government controlling our Internet highway. I would not want to rename our beautiful country ChiAmerica…I strongly believe that we can begin to get a grip on botnets and malware if we hold ISP’s responsible for monitoring their networks for malware and all suspicious activities. The ISP should cut off all computers displaying suspicious activities from the Internet, until that particular node is safe to return to online status. We practice security with private and corporate networks, why would an ISP be considered any different when it comes to best security practices?
There will always be new hooks for malware distribution and myriad innovative stealth methods that cyber-criminals employ to gain access to legitimate computer systems. As long as we continue to fight the good fight and keep our Windows systems current, we can all rest assured that we are contributing to a healthy Internet and not opening up a back door to further global economic collapse.
Until Next Time — Stay Safe Online!
No Comments