MALWARE PREVENTION
virusvault.us
 
HOME   SIGNS OF MALWARE   HOW DID I GET MALWARE   MALWARE PREVENTION  P2P  EXAMPLE

MALWARE:

Tips For Reducing Your Risk:

While these recommendations are no guarantee of a malware free computer, they should help to reduce your risk. In no special order:

Simply knowing what constitutes a safe action on a computer and what may not will help you tremendously.

Stay Updated: (configure computer)

It is essential that you keep your operating system (Windows) browser (Internet Explorer and Firefox) and any other software updated. Updates will "patch" any know vulnerabilities that could be exploited to possibly install malware to your computer. 

Visit Windows updates on a regular basis to check for any critical updates or use the auto update feature: Windows 2000/XP/Vista/W7 all have features built in that will automatically download updates for you. Use the auto update features available in most other software.

Microsoft alone issued in Feb 2010 13 updates (5 "critical") to patch vulnerabilities in Windows, IE and Office.

Many third party web applications are also being targeted. These need to be kept updated to patch vulnerablilities that could be exploited.

Consider installing Secunia's Software Inspector which will detect insecure versions of many applications. There is also the Secunia online scanner which will detect "up to a few dozen of the popular web applications like Adobe, Flash, iTunes, QuickTime" etc. See Web Browsing below.

Know what you are Installing: (good judgment)

Many programs can come bundled with extra 3rd party software. This is especially true of shareware and freeware. It may or may not be spelled out in the EULA. You may be installing more than you think you are. Read the fine print. Avoid any surprises. Do not install files from ads, popups or random links.

Even legitimate malware free software can install (by default) unwanted add-ons like toolbars, change your start page and add other features if the options are not unchecked first.  I would treat any software that comes with add-ons with suspicion. More and more legitimate software is coming with useless add-ons like tool bars. 

A screenshot of the desktop game ABC Scrabble and its third party malware add-on Webhancer, which is installed by default:

                                                      webhancer   
              

 Spend some time looking and you can always find a "clean" alternative to any software. 

Web Browsing : (good judgment, stay updated) 

Attacks are  increasing via web based applications like Adobe products, Quick Time, Java- any software that might interact with a web site. Take advantage of the auto update features available in some software. They need to be kept updated as much as possible for the same reason: patching vulnerabilities that could be exploited.

Its also not necessary to actually visit a "bad" website. Legitimate web sites can unknowingly host malicious code (until its realized) that could redirect you to a maliciuos website or the site could contain malicious code in ads that could attempt to push malware or generate scareware popups requesting you to download and install software.

You could also be redirected via a link in spam e-mail, social networking sites, ads, pop ups, blogs etc to a site that is hosting exploits. 
A malicious web site is counting on a unpatched browser and/or older unpatched software in order to successfully push and execute malware on your machine. No vulnerability present, no hack can take place.


Don't be tempted to have a website request that you install software to your computer--- for any reason.
Do not click on offers to "scan" your computer. Do not click on pop ups or banner ads.
Do not fall for fake threats that virus, trojans etc have been found on your computer and you are prompted to install software to remove the threats.
Use the  ALT+F4 keys to close the window or bring up task manager by clicking CRTL-ALT-DELETE at once. Under the Task Manager tabs click on the Applicatons tab and then on each item listed then "end task' one by one. Would you trust these items below? The variations of the pop ups are limitless. The whole point is to get you to download and install software (malware).


                           Examples of web page pop ups requesting you to install software to your computer:

scareware prompt

popupwarning

scareware prompt



 ActiveX  Prompts :

Malicious ActiveX prompts are not quite as popular as they use to be:
Fake ActX
ActiveX

ActX




There are legitimate reasons for using ActiveX Controls: Do you trust the web site to install components?

activeX



SCAREWARE/ROGUEWARE:

These items below may look like real Windows messages and icons but they are not. One way this bogus scareware can be installed is by clicking popup messages on the internet  like the examples above or visting or getting redirected to malicious websites or bogus links in spam, social sites etc.

You could be prompted to install software or a fake 'scan' of your computer may take place, you will then be prompted to download and install software.  This scareware may have similar sounding names and looks just like legtimate software. Some of the icons can look just like Windows Security Center icons and have the same looking features.  It may all look legit and convincing but there is only a single purpose:

The only purpose is to get you to '"register or activate" the software in order to remove the fake items it found while scanning. You will then be taken to a website where you will of course lose money and be handing over your E-mail and credit card information.

Dont be fooled or tempted to activate or register any of this software. They go by many many different names. The fake popups, warnings, scanning and the prompts to "register or activate the software" are all the same. Icons in the system tray means the scareware is installed on your computer and you will be bombarded with popups and messages about virus, trojans etc and to register/activate the software in order to remove the threats. Some of  this malware can also install more malware to your computer and/or disable your real antivirus or anti-malware software from starting up,scanning or updating.
More about scareware here.
Installed "scareware" icons and popups:
                                                                                                                                                                                                                                       scareware               scareware                                                                                                                                
From left to right below in the system tray: Security Tool, Security Tool, Internet Antivirus Pro, Trust Solider, Windows PC Defender. Some of this scareware can resurface with exactly the same looks, icons etc. only the name changes. The icons shown in the 'security tool' warning popup above are all fake or rogue scareware icons.

Scareware icons



Scareware typical looking registration/activation nag screens:



fake AV reg
Dr.guard scareware



E-Mail: (configure, good judgment)

One item that doesn't get mentioned very much is your E-mail. Any prevention scheme must include safely using E-mail. E-mail in general is a huge vector for distributing malware. Never view, open or click attachments, never click on links no matter how tempting or legitimate the message. Even if you get a E-Mail from someone you know, its possible that there computer or account information has been compromised. 

Outlook Express is the most exploited E-mail client. Why? because its widely used, but just because its bundled in Windows does not mean you have to use it. Windows Service Pack 2 made many positive changes to the default settings of Outlook Express.

"84.5% of all E-Mails in circulation are spam. 90.4% of unwanted emails in circulation contain links to spam or malicioius web sites". (Websense Labs, 2008).

For email configuration help and more information about email visit  New Improvements To Outlook or  Heise Security,  

Instant Messaging Software/Social Networking/P2P File Sharing: (configure, good judgment)  

More social engineering tricks and software vulnerabilities. Don't click on links, files or accept downloads unless you are sure its from a trusted source. Keep the software updated to patch possible exploits. 

If you use P2P (peer to peer) file sharing to install files- then you are much more likely to encounter malicious code in a downloaded file. There is plenty of malware distributed on p2p networks. Can you really trust the source of the file?

"from over a month of data: 68% of all downloadable responses in Limewire containing archives and executables contain malware"
(A study of Malware in Peer-to-Peer Networks, 2006)

Warez, cracks and keygens are also very popular for carrying a variety of malware payloads. If you go looking for these you will  no doubt encounter malware.

A Secure Browser: (configure computer)

Keep your browser updated to patch possible exploits. If you have/use more than one browser keep it updated also. See first item above. A automated tool for hardening/securing Internet Explorer 8.0. Changes the default settings. Requires site registration.  Read the FAQ first. Consider using a alternate browser. Internet Explorer is and will continue to be the most eploited browser simply because its the most widley used.

Install Antivirus software and Malware ( spyware) removing software: (install software)

Two or three at the most, anti-malware apps on your computer is plenty. More is not better.  You need both a antivirus and a anti-spyware (malware) application. They both scan for different threats. Only use one antivirus, but you can have and use more than one anti-spyware application. Its critical that they be kept updated in order to cover new threats. Use the auto update features. Do occasionally scans with them. Your scanning frequency is really a function of your computer habits. 

*There is no reason why your computer can't stay malware free. If either of these are constantly finding malware etc. on your computer than most likely you need to make changes to your computing habits.* 

There is a boatload of malware removing software out there. There are many to avoid. A excellent list of "rogue" malware software to avoid or ones to use is kept in this  database.

Use a Firewall: (install software)

What it won't do: A firewall by itself will not protect or prevent you from: opening  E-mail attachments, clicking on and following a link, installing files via p2p networks, visiting  a malicious website or downloading and installing malicious files.

A good software firewall might help to alert you to chatty processes that request a outbound connection, malicious or not. If the prompt happens to be a malicious file then it simply means the malware is already present and functioning on your machine. 

Some malware can easily disable firewalls, launch other Window components or simply use a already existing connection. Allowing all traffic, ignoring or just clicking through the prompts wont do you any good if you happen to have malware present on your computer. 

Limited Account: (configure, good judgement)

Most people have all users using full administrator rights. Set up and use limited accounts (a account with lesser privileges, LUA in XP) for different users for everyday use. This will offer *some protection or limit the impact from malware.* This is what UAC (User Account Control) in Windows Vista and Windows 7 attempts to address.  How to set up and use limited accounts. If you use Vista or Windows 7 learn how UAC can help you.

Back Up: (configure, good judgement)

There are many options for saving data; CD/DVD, USB memory sticks, 2nd hard drive, internet storage sites etc. You should routinely backup any data and or files you can not afford to lose. This would be content you created like documents, photos etc. Its really a "just in case" be it hard drive failure or a computer that must be formatted due to malware.

Not sure who said it first, but its worth repeating: "Security is a Process, not a Product."
All Right Reserved © 2005, last update by DMA 01/10Made with Nvu
 
Design downloaded from Free Templates - your source for free web templates