Post Your Prevent Malware/Spyware/Adware Thread Here
Leonardo
Wake up and smell the glaciersEagle River, Alaska Icrontian
We've a thread on spam prevention; and we've plenty of threads on infestation removal. It's time for a malware/spyware/adware prevention thread .
How does a user most likely encounter spyware?
What sites or services are most likey to transmit malware?
...and so forth
I'll start this. Avoid P2P programs, especially Kazaa. If you just have to share some files, you should consider Kazaa Lite or WinMX.
How does a user most likely encounter spyware?
What sites or services are most likey to transmit malware?
...and so forth
I'll start this. Avoid P2P programs, especially Kazaa. If you just have to share some files, you should consider Kazaa Lite or WinMX.
0
Comments
Just stay away from the pr0n sites, and P2P programs. Watch what files are opened, and always have up to date anti-virus. I can't count how many customers I ask "do you have any up to date anti-virus" and they say "yea I ran a scan last night" and it is norton 2000 that has expired 4 years ago.
file
1. Use text-only email-- note that plain text hyperlinks can be cut and pasted, if you know the source is to be trusted, from plain-text email to your browser URL address bar.
2. Do not accept files transfers offered to you by an unknown party on any chat or IM session you may have open.
3. Keep active and frequently updated AV and anti-trojan software running on your computer all the time it is online, and do scans also when box is offline.
4. Block unsigned ActiveX from remote sites.
Medium or stronger security when browsing a site you do not KNOW is trusted is a good idea. Note that you can declare Microsoft's sites as trusted in your browser, it has site "White List" functionality built into it deep into the Security zone structure it uses. What I do is this to accomplish that:
I get into the trusted sites pane. I UNCHECK the sites must be of type https box.
I enter http://www.microsoft.com as trusted URL. Since microsoft now uses subareas from that main domain, all Microsft subareas will be covered by this entry. That is the ONLY URL I white list for IE.
Internet zone is medium security plus a few limiters, like not running any unsigned ActiveX. This blocks most sites from feeding junky ActiveX to me even in IE.
I go further, as there are doubtless undiscovered bugs in MOST code, there is no such thing as a perfect program, only very good ones with the major bugs removed and most minor oines also fixed. There is no such thing as a perfect compiler, either-- very good ones, yes, perfect no.
What I do is this:
Unknown sites get investigated from a Sun Java based browser, like Mozilla or FireFox or non-static Opera-- there are others, Epihany among them, whihc will surf sites that are questionable and based on Windows that have no ActiveX support but do run Java Script of Sun type and can handle most JScript that is also Sun compliant as to functionality. I also use Linux, but I have been in IT a long time, and it DOES have a learning curve. However, there are about 113,000+ malwares that will NOT run on Linux at all even if the browser has massive holes in it-- so I learned Linux in self-defense.
Linux does not do most of my business stuff as well as Windows software that fits like an old shoe that is well known and well broken in but not worn through, with some exceptions-- Open Office 1.1.1 is one, and if you want to learn that first you can install it on your Windows and use it, free of charge. This suite has document, spreadsheet, presentation, and drawing functionality in it. I use the first three, have things thta are more powerful already purchased.
So, my personal box, with Linux on it, picks up ALL my email, and is used for most web research. It also does most FTP, scans for Windws and Linux and Unix viruses and trojans, and burns archives to CD as well as Windows can. THAT kind of functionality is easy to establish on Linux if your hardware is compatible with it, and as of the last three months, most hardware in common use can be made to work with Linux.
Some say this last is overkill, but for now that is how I choose to do it. The only times I have had to reload Windows XP are after a major hardware change-- on my boxes and my mother's box (in her case, would be a full 98 Se that got reloaded, and that has only happened after major hardware changes in the last three plus years). She gets email, via Opera. I think that her email functionality will get translated and transferred intact to Thunderbird, she and I do not like some feature accesses for the features of the Opera client, but she is liking it more and more now so that might stay the same.
As Mr. Kwitko says, common sense is a large part of this prevention, but KNOWLEDGE helps define what is considered common sense for different folks.
There is most of what comes on Microsoft's free Security Guidance kit on http://www.microsoft.com/security/ and I recommend that subsite (which is becoming a full site area) highly for those who want to learn what Microsoft says is common sense.
John D.
Use at least a software firewall. Im considering hardware but have had no probs sofar with software.
Av. Need i say it. Norton has worked for me but there are other good ones.
The apps in primesuspects spywareguide. Update and run at least ones a month.
Don't use IE. I'm not sure if it's true or i'm mistaking but other browsers seems more secure. Please correct me if i'm wrong.
That's all i can think of now. Oh since i stopped using apps that had spyware in them i've had no problem really. Read what download.com has to say since it says if apps contains spyware.
Some of the browsers that do not run ActiveX are better for pure Windows security, but will not always work on all legit sites that DO depend on ActiveX. So, there might be a few Exceptions for decent sites htta DO use ActiveX. For those limited sites, IE probably is best browser, but be careful what sites you include in the sites you limit to IE only..
John D.