2013 11 05 Basic Defense Against Viruses & Malware

This blog post is not meant to be an exhaustive list of security practices, but a simple, bare introduction to some things you can do to help secure your computer remain uninfected by viruses and other malware. I urge you to use this blog post to begin your own education and research into this topic.

Consider this: royal families all have security – body guards and such. But they have learned over the centuries that any security can be breached. They learned long ago it’s best if the members of the royal family ALSO know how to defend themselves. The same principle applies to you and me. You can trust your computer environment entirely to your I.T. person or department, but you are well advised to learn the basics of security yourself.

No royal guard or I.T. department are impervious to assault!

Turn off the preview pane on your inbox:

That preview pane can lead to true pains! When you preview an email it’s the same as if you opened it. Many bits of malware are designed to piggy-back on emails and are triggered by viewing the email, and it makes no difference to the malware if you use the preview pane or open the email.

Unfortunately for us, malware can be designed to be triggered as soon as it hits your mailbox, whether you open it or not, though this is somewhat rare. Therefore it’s important to ensure your email provider scans all incoming and outgoing emails.

Consider carefully before you open unsolicited emails from people or companies you don’t know:

Surprising almost no one, email is one of the main ways the bad guys get viruses and other malware onto your computer. Phishing is the process of using bulk, unsolicited emails to try to sneak their way onto computers. Spear Phishing is the same thing except it targets specific individuals. It’s easy for the bad guys to get your email address from the infected computer of someone who has you in their contact list. They can then send you infected emails that seem to come from your friend.

It’s hard to judge which emails are threats. Just keep this problem in mind – and keep that antivirus system up-to-date.

Do not use an admin account to browse the Internet:

Malware that infects your computer generally runs using the same permissions and rights as do you. Logging on all the time with an admin account automatically gives malware admin level access to your computer. Yes, yes; malware can use various rights escalation techniques to gain admin rights, but by make it easy for them?

The usual reason people site to always use an admin account is they need to be able to install software and device drivers. Well…create a separate admin account for such times; then make sure your own is a standard account. You don’t like two usernames and passwords? How much more painful would it be to lose all your data to ransomware or a trojan?

Use two web browsers:

People need to secure their web browsers, but that often breaks vital websites. Most of us have experienced that one. A good option is to use two web browsers; one only for those vital websites and another for general browsing. Lock that second one down as much as possible using add-ons and extensions.

Configure Sandboxie to work with your secure, general browser:

Run your web browsers under the supervision of Sandboxie or a similar product. Your browser works normally but changes are intercepted by Sandboxie and go away when you close your browser – like a sandbox raked clean. That means changes made during your browsing session to your Windows registry, configuration files, cookies, downloads…everything, go away when you close the browser. Malware cannot succeed without writing data to your computer.

You might apply Sandboxie to either your secure or general browser; or both. It depends on your own personal preferences.

The main problem are those downloaded files I mentioned two paragraphs back. Sandboxie gives you the option to keep completed downloads. This helps filter out unwanted and hidden downloads that often infect computers.

It takes a bit of effort to get used to how Sandboxie works but is well worth the effort.

Install only necessary software and apply updates as they become available; remove software you no longer need:

Every bit of software on your computer opens up new avenues of ingress by the bad guys. You can close many security gaps in your computer by removing unnecessary software and keeping the remainder of your programs up to date.

Two examples are Adobe Flash and Java. Each have many known vulnerabilities and are certain to contain many we don’t yet know. Check here for a list of security issues associated with Adobe Flash and Java. Both these software packages are very useful, but both come with a potential cost.

These are merely examples. ALL software, including operating systems such as Mac OS X, Linux and Windows, etc., have the same problem. While it would be beneficial if you learned even the basics of such vulnerabilities, you don’t have to. Simply remove software you don’t need and those particular security holes are gone; then ensure you apply updates in a timely manner.

Install antivirus and antimalware, keep it up-to-date and monitor it regularly; perform regular boot time virus and malware scans:

This seems like a no-brainer, but there are many people out there who don’t “believe” in running antivirus and anti-malware software. Some of them are even I.T. pros. Don’t you believe it! Your corporate auditors believe in using antivirus programs!  Every computer, virtual or hardware, must run its own security software to be as safe as possible. Even better is to setup automatic monitoring, alerts and reporting, then keep an eye on the logs.

Run only one antivirus package at a time. They tend to detect each other as threats and can wreak havoc with your system.

Make sure you security software is kept up-to-date. Old virus definitions aren’t going to help you much.

Regularly use competing security software to perform a boot-time scan of your system. For instance, if you use Microsoft Security Essentials on your computer, you can create a Kaspersky Rescue CD boot disc to perform the boot-time scan. Boot the computer to the CD – update Kaspersky – then perform a complete system scan.

All mainstream security software is about as effective as the others; perhaps 97% or better. None are 100% effective. AVG, MS Security Essentials, Kaspersky, Symantec, etc., are all good, but one may detect a threat that others don’t, especially those pesky zero-day threats.

How often should you perform boot-time scans? You have to decide; once a week, once a month – or even daily. Some factors to consider are: the importance of your data; how exposed you are to threats; how often you are able to take your computer offline for such scans; how good your security monitoring is.

Backup files regularly, and test the backups:

The best computer security in the world can be compromised, and sometimes is! Create multiple backup plans and stick to them – automate them wherever possible – and make sure you perform test restores. You don’t have to restore the entire backup (though that would be great) , a small random selection of data will do to give you confidence the rest of the data is in restorable condition.

Store your backups securely using multiple different media and in multiple physical locations. Consider what would happen to all those hard earned backups if your house or office burned to the ground! Offsite backups are essential to all businesses.

Plug in external storage only when necessary: USB drives, thumb drives, etc.:

Many people habitually leave their thumb drives, external USB drives and other external drives attached to their computer all the time. This is not a good idea. Here’s why…

Bad guys of all kinds attempt to access remote computers – including yours! – and any content they may find useful upon them. Any computer attached to the Internet is a target.
The bad guys’ skills range from not-very-much to professional, well trained, experience hackers who know more about computers than just about everyone else on the planet. However, no matter how skilled they are, they cannot access a disk that is not connected to a computer.

Think about what is on your mobile drives (thumb drives, USB drives, SD cards, etc). Is the data on there private information? Is it embarrassing? Is it financial in nature? Maybe it’s proprietary information, or there could be lots of personal information on all the employees of the company for whom you work.

Whatever it is, does it really need to be attached to your computer all the time, even when you are out of the office and aren’t actually using your computer? All you’re really doing is giving the bad guys time to figure out a way to get at your data.

Think about it, and the possible consequences…

Dennis Strain
Enclave Managed Networks
Box 365, Smithers, BC, Canada V0J 2N0

dstrain@bcenclave.ca
877-877-8793 toll free phone & fax