Following on my gentle rant about the idiot who wrote a cautionary article about Antivirus 2010 without once accepting responsibility for infecting himself or giving his readers any advice on how to avoid infecting themselves, in response to a couple of emails asking, essentially, “So, how do I avoid becoming infected?” here’s a lil enchiridion you can print out and tape to your forehead, if you wish. *heh*
Some folks would say to just use a ‘nix (Linux or Unix–BSD or some such) and not bother with further security measures, and they have a point. Most of ’em though, keep it covered with an artful comb over. ๐
Seriously, ‘nixes are structurally less vulnerable and are a far, far smaller target, as well, and each of those things offer some protection. But threats designed to attack Linux and Unix OSes (including the OSX GUI-crippled BSD) do exist, and simple privacy concerns would compel any intelligent ‘nix user to have decent firewalls and practice other safe computing practices, so in some (small) part, what I’m about to say regarding safe computing practices for Windows users applies across the board.
1. Use your head. Learn the general nature of threats that exist and think about what you are doing when you use a computer. Simple common sense, which apparently is not all that common. Don’t blythely and unthinkingly “click” your way through your computer use and expect that you’ll not infect yourself. You probably will, if that’s your mindset.
2. Learn how to configure your firewalls and make sure they’re turned on. Always. I had some loon “support” person for my cable internet service once tell me to turn off Stateful Packet Inspection in order to solve a connectivity issue. I quickly escalated the call to someone who didn’t have his head up his ass (who then determined that, as usual, the problem was on my ISP’s end. Naturally. *sigh*). If I’d blindly obeyed the instructions from the idiot, major portion of my router’s firewall would have been disabled. Dumb. Really dumb.
And do have a “hardware” firewall (your router is probably running an embedded Linux with its own firewalling capabilities) for your network and each computer with its own software firewall. See here for a short FYI.
3. Make sure EVERY computer on your network is fully patched for known OS and application security flaws. Secunia Personal Software Inspector (PSI) is a good tool for Windows users to use to locate and patch insecure software on your computers. Most contemporary ‘nix distros do a Good Enough job of helping folks do this via built in tools.
4. Make sure EVERY computer on your network is fully equipped with reliable antimalware software from reputable companies, and that ALL antimalware is always kept up to date and that ONLY ONE antimalware software is set to continually monitor computer behavior and automatically scan email, etc.
But. Do NOT rely on your antimalware software(s) to automatically update themselves and automatically scan your computers. At least once a week, manually update and scan.
5. NEVER–no! NEVER, ever open email attachments without FIRST manually scanning them with your primary up-to-date antimalware software. Never. I once had an infected attachment sent me from The Most Trusted (computer related) source I knew. A guy who was and is an Ultimate Computer Geek. He slipped up, but because I did as HE had taught me and scanned it manually, the fact that my anti-virus had somehow missed it on autoscan of emails didn’t matter.
6. Refuse to allow yourself to click on popups. No. Just DO NOT DO IT! First, what in the heck are you doing using a browser that allows popups, anyway? Get a modern browser, configure it to kill popups or get an extension that’ll do it. If you do see a popup, CLOSE THE TAB instead of clicking on the popup. You do not need to be on that site anyway, since the site owner is such a rude ass.
Along those lines, if you can find the Windows Messenger Service by running services.msc, kill, kill, kill it with extreme prejudice. Both it and Windows Live Messenger have proven to be vectors for several pests to sucker naive or stupid users, and they’re both just as useless as teats on a boar anyway, IMO. ๐
7. This is old school, but the old DOS habit of scanning ALL software–including shrink-wrapped media from commercial sources–before installing is Just Good Sense. Of course you should manually scan all software–or, really, any files downloaded–before invoking them, but yes, scan even shrink wrapped media as well. Seriously. How do you think I’ve been able to keep my own computers malware-free for more than 20 years?
Once a month or so, trip on over to Eset or Trendmicro or some other reputable site and perform a free online scan, just in case. (Just CLICK above, or you can Google for the latest addresses.)
8. Make an image of your operating system drive on each computer when you are satisfied it is clean and running properly. If you have a Western Digital or Seagate hard drive, those companies offer the Acronis disk imaging software free for your use. Perform regular backups of your data. Windows 7 has a Good Enough backup software built in.
9. Create and use strong passwords. Use them. Here are some resources: 1, 2, 3. Me$$y$oft seems to want a Windows Live ID to view that last page.
Print out all your passwords and LOCK THEM IN YOUR SAFE. Do NOT put them on sticky notes all over your monitor, etc. (I see it in every single office I work in and many homes. Dumb. Really, really dumb.) Your computer is likely full of personal information, and intrusion from the internet isn’t the only way for it to be compromised.
10. Log onto your computer with a strong password and “lock” your computer when you step away from it. Set up a guest account that has almost NO privileges. Set up a user account for your normal, day-to-day use that has lowered privileges (not an admin account) and start programs/processes that require admin privileges by right-clicking and selecting “Run as administrator.” Sure, you will have to “log in” with your admin credentials for that process, but it’s much safer to operate day-to-day this way than always running your sessions with admin credentials. Vista and Win7 UAC prompts are Good Enough for most uses in shielding folks from doing stupid things, IF folks are paying attention, but this adds another Good slowdown point, giving folks the opportunity to consider, “Do I really want to run this program?”
11. Elect to run high risk apps in a sandbox. An easy-peasy freebie to allow this is Sandboxie.
Well, this was just off the top of my head, and I’m sure I’ve left some things out, but these simple steps, practiced consistently, should help keep most folks malware-free. It may seem like a lot to do, but once folks develop good habits, impact on normal computing tasks is minimal at most.