<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

MALWARE - "An Ounce of Prevention..."

Published on
71,883 Points
8,083 Views
38 Endorsements
Last Modified:
Awarded
Editor's Choice
MALWARE - "An Ounce of Prevention ..."

The old adage about prevention being exponentially better than a cure was never truer than in the malware fighting business. As the owner of a small computer repair business, about 80% of my income is from cleaning infected computers and trying to recapture lost data - data usually lost because of a system crash caused by malware.

"Malware" is kind of a generic term for all of the Viruses (virii?), Trojans, Worms, and all other forms of infection that wander around the Internet on websites and through email.

For as long as I have been in the computer business, the top three types of sites for spreading malware are (1) Peer-to-peer (sharing) sites, (2) Gambling sites, and (3) Pornography sites. Through the years, I have often worked with customers who go to either (1) or (2), but I've never met anyone who ever went to a (3). I guess that some computers get lonely and go there to meet other computers - when the owner isn't looking.

The recommendations I've listed below are going to cost you about ONE U.S. dollar per week - hold your thoughts for a minute.

Yes, I know, there are freebie programs out there that can provide a good level of security to a knowledgeable user. I also know that the vast majority of users are not Geeks, and they don't want to know how to configure this, modify that, or amplify the morpitude of the ramafrasitz.

The advice below is what I pass on to MY customers, in the hopes that I won't have to be cleaning the same infections that I cleaned last month... and two months before that,... and 6 months ago. (Gotta love teen-age boys in a household - guaranteed 3-4 repair jobs a year.) These are just regular folks who want do the basics of using the Internet for surfing and swapping email jokes with their friends - and do so with some relative measure of security and protection.

THE LIST:

1. Name brand anti-virus/anti-spyware application. You MUST HAVE "On-Access" scanning going on for any file you access and any connection you make to the Internet. You cannot open a file that you brought home from the office (or any other source) and you cannot open an attachment in an email message, and you cannot connect to a website - unless you have some application running that is going to "On-Access" scan the file, the attachment, or the connection.

I currently recommend ONLY Microsoft Security Essentials (MSE) to all of my customers. It is free to anyone using it on 10 or fewer computers. This is a personal preference and a personal recommendation. It is fairly intuitive for set up and configuring and you can 'throttle' the amount of process capacity it uses. The user can initially schedule it to AUTOMATICALLY run all updates and scans and never have to configure anything again.

There are different download sites for different areas of the world, but U.S. customers may use: http://www.microsoft.com/security_essentials/

I also install Malwarebytes (Pro) on all computers that come through my repair shop.
This will give your on-access, 24/7 protection and augment the protection of MSE
http://www.malwarebytes.org/ (About US$25 each)

Please note that if you are going to being running Malwarebytes (MBAM) with other security software, you should keep this link handy. It gives detailed instructions for avoiding conflicts between MBAM and other applications.

http://forums.malwarebytes.org/index.php?showtopic=10138

2. User Accounts. For Windows XP and older versions of Microsoft OS, the "Default" Account Type created was an 'Administrator' account. When Mom or Dad create new accounts for the kids, every one of them now has the ability to install new programs their friends give them at school, that they received via email, or given to them by their new best friend in a chat room. There is virtually no limit to what an "Administrator" account can do on the computer and no one should be on the Internet with an account with Administrator privileges.

If you get bitten by some kind of malware bug - while logged in with an Administrator account - the bug can run itself with "Administrator" privileges. A very dangerous situation. Using only Limited accounts for surfing is not a 'cure-all' form of protection against every instance of malware, but it does give you one hell of a lot of passive protection.

"Limited" or "Standard" accounts are the type that everyone in the family should be using when they log in. Of course, there does need to be one Administrator account for adding programs and installing devices, but protect that account with an adult controlled password - and only use it when needed.

3. Hardware Firewall. I have never been a fan of any software FW product. Use the native Windows FW on your computers (any OS after XP SP2) and add a small Linksys or Netgear FW/Router (hardware) at your incoming internet connection. Windows seems to play nice with either of these systems and your protection is much enhanced - compared to running without one.

You can get a used one on eBay for only about US$25-30. They are extremely easy to walk through the basic setup - and even have a 'Wizard' application that will do it for you.

4. Patches and Updates. In virtually all instances, Microsoft and the various application developers are ahead of the curve on protecting against new vulnerabilities that are released. If you - as the owner of your computer - will consistently load the patches, updates, and Service Packs as they are released, you will be taking a giant step toward protecting your system(s).

I urge anyone reading this to consider the cost of their computer, the value of their time - if they have to spend the hours needed for disinfection - and the value of all the data (pictures, movies, songs, documents, etc.) on their computer.

Weigh those costs against a dollar a week plus a few minutes of installation time and decide if it is worth it.
***********************************************************************

Some other valid Articles here on Experts-Exchange that I highly recommend you read are:
2012-Malware-Variants
Basic Malware Troubleshooting
Rogue-Killer-What-a-great-name
Stop-the-Bleeding-First-Aid-for-Malware
Latest-Malware-Threat-Windows-Stability-Center

Viruses in System Volume Information (System Restore)
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
IF YOU CAN'T RUN .EXES IN AN INFECTED SYSTEM:
Can't Install an Antivirus - Windows Security Center still detects previous AV:
HijackThis - Some Tips & Tricks:
HijackThis reports missing files on 64-bit Systems:
"Google Hijack" - Google Search Gets Redirected:
38
Comment
Author:younghv
25 Comments
LVL 38

Expert Comment

by:lherrou
Great article, and mirrors the advice I give out a lot. It has my YES vote!
0
LVL 58

Expert Comment

by:tigermatt
Very nice article, thanks younghv! Voted yes above.
0
LVL 40

Expert Comment

by:evilrix
Sweet... voted yes above.
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

LVL 32

Expert Comment

by:willcomp
I've started using MS Security Essentials on all my clients' (and my own) PCs. It's free, has real time virus and spyware scanning, and has performed well in tests (although virus tests are not a reliable indicator they do provide a rough comparison). Also requires fewer resources than most other similar software -- rough feel is that it's about equivalent to AVG.

http://www.microsoft.com/Security_Essentials/

0
LVL 61

Expert Comment

by:mbizup
Vic,

Nice work and sound advice.

Are there any warning signs or sure-fire ways for the average user to tell that a computer is infected vs just being sluggish?  That might make a good related article.

My teenage boys "only visit approved websites"   ;)

But stuff happens.

(Voted 'yes')
0
LVL 38

Author Comment

by:younghv
Hey Miriam,
The most common complaint/symptom I get from customers is that they click to go to abc.com and end up on xyz.com (or xxx.com). Being re-directed/hijacked is pretty much a 'sure-fire' way of knowing you've got a problem.

The whole sluggishness/slowing down would be a great topic for a new article. Sometimes it is as simple the old 'junk drawer' trick ... you know the one about stuff always goes in there, but never comes out?

I have uninstalled 7-8 different AV programs from computers (all trying to run at once), half a dozen printers (OLD printers), and every conceivable 'freebie' program that can be downloaded by over-active users.

Stuff that gets installed (as a general rule) has processes that start up when your computer does. It doesn't matter if the program/device hasn't been used in years, it is still ready to go (and eating up processor capacity while it waits).

Let me ponder this one for a bit and see what I can come up with.

Thanks for the vote.

Vic
0
LVL 93

Expert Comment

by:Patrick Matthews
Excellent article with very simple and yet very effective advice!

Cheers,

Patrick
0
LVL 61

Expert Comment

by:Kevin Cross
Very, very nice!
Voted yes above.

M-1
0
LVL 38

Author Comment

by:younghv
@willcomp -
Dalton, thanks for the great tip. I haven't tested that yet, but I will. If it is providing on-access protection well (and free), that is my kind of software.

As usual, you bring something to the party - thanks.
Vic
0
LVL 54

Expert Comment

by:b0lsc0tt
Great article!  Really enjoyed reading and good at covering the essentials.

In answer to "are there any warning signs" I would have to say the sudden sluggishness is the most common and best warning sign.  Unfortunately to catch this I have found the user has to be somewhat observant and also comfortable with their computer.  No serious computer expertise is needed (trust me since I have seen coworkers catch these signs) but they need to not be the type that just double click again when something isn't going right.  From my experience this type of person will cut down the work of cleaning the computer and usually make it so the serious stuff doesn't have a chance to happen.  May be hard to teach but maybe the "take a deep breath and think" advise would help.

One suggestion I have made to the users I help and computers I have to maintain, especially remotely, is to customize the Hosts file.  I have never had an issue with the one from http://www.mvps.org/winhelp2002/hosts.htm .  Pre-Windows XP days (and limited user accounts) it was something that was a key to my prevention.  I still use it.  Vic may lose some of that regular business (*L*) so maybe just use it one the family/friend computers (those who you don't charge).  I manually change it and update it a few times a year at most.  Interested if others agree or have reasons to not use it.

Thanks for the time to write this and expertise you shared!

bol
0
LVL 38

Author Comment

by:younghv
bol - Great comments - thank you.
I've "known" Mike Burgess for a long time and use that HOSTS file on all the computers I work on.
I have bugged him to somehow automate the process and let us subscribe for patches when they come out.
He just doesn't have the programming skills to create the process, but he is willing to work with anyone who wants to figure it out.
He has worked with several people in the past, but they all seem to fade out on him.
I know we have a huge pool of talent here on EE and wonder if we could get some of our Experts to take this on.

If I knew the right Zones to select, I'd even post a question to get the ball rolling.

Vic
0
LVL 54

Expert Comment

by:b0lsc0tt
Vic,

Has there been a lot of interest expressed in doing that?  I know there is a way to run a file that will "install" the file but I could see what you mean as far as the update.

I wonder with this type of issue if a scheduled task, program or service is best though.  Would that be something a malware would then look for to possibly exploit, which they wouldn't think to do without the automated update process?  If this could happen then it would seem a reason to be cautious persuing it.  Of course if the Hosts file would be a target regardless then no worries.

As far as areas for this I would suggest .NET or maybe Java.  I am not sure what zone is common for Services but if the file is just an exe that a scheduled task or "startup menu" entry will run (hopefully just once a week or something like that) then any Windows programming language would work (e.g. C++, etc).

I don't want to take this off topic but that does sound interesting.  I am probably not the expert to write it (without learning some new stuff) but am a big enough fan that I would be glad to help if I can.  I know I have gained value for what he has provided and would be glad to have a way to pay some back. :)

bol
0

Expert Comment

by:Articles101
Voted yes above.
0
LVL 47

Expert Comment

by:rpggamergirl
Great article younghv!

*Yes, :)
0
LVL 88

Expert Comment

by:rindi
I used to install Avast! on customer's PC's up to recently, but this tool, like many other Antivirus tools, uses a lot of resources particularly just after having booted.

Meanwhile I've found a really good, free, Antimalware tool, Panda's Cloud Antivirus. This tool actually runs from the internet, there is only a small app on the PC itself which uses very low resources. It doesn't need to download signatures, as those are all "in the Cloud". This ensures that your antivirus tool is always as up-to-date as can be. According to a Computerworld test, it was able to identify up to 99.4% malware, while the next best in the test, Avira, got 98.9%. The test was done while the tool was still in beta testing, but it has meanwhile reached the first official release.

http://www.pcworld.com/reviews/product/290839/review/cloud_antivirus.html

It does real-time on-access scans, and it also creates a local cache of the engine and signatures, so you are protected while off-line too.

http://www.cloudantivirus.com/en/
0
LVL 1

Expert Comment

by:Ingo Wittig
Great article and gets my Yes Vote.   I would love to find an effective method of blocking drive-by's from poisoned sites.  That's been my number one problem is the Antivirus 2009, Antispyware XP brand of crap that my users are getting quite adept at finding.  
0
LVL 32

Expert Comment

by:willcomp
@IngoW -- Using Firefox in lieu of IE will help greatly in limiting drive-by infections. Many are propagated via ActiveX controls. NoScript and AdBlock add-ons for Firefox will provide additional protection.
0
LVL 1

Expert Comment

by:Ingo Wittig
@willcomp
Thanks for the tip.  We are forced to use IE by some of the business sites we use. But can definitely institute it for more common surfing.
0
LVL 55

Expert Comment

by:Mark Wills
Voted Yes...


So, anymore thoughts about that "junk draw" cleanup article and registry cleaners and (more generally) good health checks ?

0
LVL 38

Author Comment

by:younghv
Hi mark_wills,
Thank you for reading this and voting.

The whole malware world evolves pretty fast and one of the newer variants actually moves some important files/folders into the "Temp" directory.

My old recommendation of running some kind of "Junk Remover" (www.ccleaner.com) is now some pretty bad advice.

After the system is thoroughly cleaned - and you're satisfied that all programs and data are back to normal, then you can clean the "junk draw".

Registry cleaners are another hot topic of debate - although I still come down on the side of using the one from CCleaner (depending on your symptoms).

Anytime we go into the registry to make modifications, we are taking the risk of seriously compromising the system. I had a rather heated debate recently with one of our Experts who thought I was making too much out my 'cautions' about doing edits.

I think that most would agree that 'prudence' is the watch-word whenever you wandering down that particular rabbit hole.

Getting late for me, but I'll respond to anything you post in the morning.

At the bottom of my Article is a listing of those similar - many by rpg who is much more technically advanced on all this stuff. Have a read.

Thanks,
Vic
0
LVL 26

Expert Comment

by:Steven Carnahan
younghv - another great article however I have to add that "teenage boys" are not the only concern anymore.  

My father told me about 10 years ago told me that he was going to buy a computer and the first thing he was going to do was get rid of the operating system because that's how people can mess with your computer. He was adamant that he would not have an OS on his computer.

Once he got a computer ( just a couple years ago) my brother would walk in on him and the printer ribbon (yes he insisted on a dot matrix) and paper were all over the place and the printer was all torn apart. He would say that there was something wrong with the printer because he could look at a web page on the screen and it was fine but when he printed it would chop off the right side. "It has to be the printer"

Understand that my dad is going to be 84 in March 2012.

Anyway, another great article like I said. I will vote yes as soon as I submit this.
0
LVL 38

Author Comment

by:younghv
What a great story - I love it!
Many of my customers are of that generation and they can be a lot of fun.

I offer a 25% Veteran's discount for any work I do and after finishing a house call on "Colonel Bill" he informed me that he really appreciated the free work.

"Free" work, asked I?

Sure he said, WWII, Korea, Santo Domingo, and Vietnam...4x25 is 100% - Free!

I agreed that he had me there and thanked him for his service. He laughed, broke out the beer and we swapped storied for a couple of hours. Then he gave me a check for the full amount.
0
LVL 26

Expert Comment

by:Steven Carnahan
"Colonel Bill" and my dad "Lucky" would get along great.  My dad was in WWII and I was in during Vietnam (not in country but a lot of buddys went and didn't come back). I do like his math though. Good thing he didn't go to the first Iraq or you would be paying him for the work.   :)  
0

Expert Comment

by:Bill_Landau
Vic - Love the Colonel Bill story.  Never occurred to me to give a discount for vets (and I'm a Vietnam vet, in-country, myself).

Much of my work is businesses, but for individuals, I already discount for my neighbors, members of my synagogue, and some others.  So I'd have to be sure to specify only one discount per client....

Bill Landau
0
LVL 38

Author Comment

by:younghv
Bill,
Welcome home brother.

I've been off-line for a few days and just starting to get caught up.
"younghv@e-e.com" if you want to come up on the net.

Vic
0

Featured Post

CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Join & Write a Comment

In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
I previously published an Experts Exchange video Micro Tutorial that describes how to scan documents to a PDF file using an excellent, free product called Foxit Reader: How to scan to a PDF file with free software (https://www.experts-exchange.co…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month