Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Answers to common security questions - Best Practices


  • This topic is locked This topic is locked
10 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 01 July 2011 - 01:46 PM

Best Practices for Safe Computing - Prevention of Malware Infection

Common sense, Good Security Habits and safe surfing is essential to protecting yourself from malware infection. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice these principles and stay informed. Knowledge and the ability to use it is the best defensive tool anyone could have. This includes educating yourself as to the most common ways malware is contracted and spread as well as prevention.

Important Fact: It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

 

Earlier this year, Bromium published “Endpoint Protection: Attitudes and Opinions,” a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end users are a weak link.

End Users Remain Biggest Security Headache as Compromised Endpoints Increase

 

2013 was a wildly visible year for cyber security and online privacy...And yet for all the visibility, punditry, and drama, new data suggests that internet users are still terrible at choosing a good password...

It’s 2014 And Our Passwords Aren’t Getting Better

Therefore, security begins with personal responsibility.


Tips to protect yourself against malware infection:

:step1: Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to How To Access Windows Update.

 

:step2: Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

 

:step3: Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. If you must use file sharing, scan your downloads with anti-virus software before opening them and ensure Windows is configured to show file extensions - Why you should set your folder options to “show known file types”.

 

:step4: Avoid Bundled software. Many toolbars, add-ons/plug-ins, browser extensions, screensavers and useless or junk programs like registry cleaners, optimizers, download managers, etc, come bundled with other software (often without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware and browser hijacking which may change your home page and search engine. Thus, bundled software may be detected and removed by security scanners as a Potentially Unwanted Program (PUP), a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Since the downloading of bundled software sometimes occurs without your knowledge, folks are often left scratching their heads and asking "how did this get on my computer." Even if advised of a toolbar or Add-on, many folks do not know that it is optional and not necessary to install in order to operate the program. If you install bundled software too fast, you most likely will miss the "opt out" option and end up with software you do not want or need. The best practice is to take your time during installation of any program and read everything before clicking that "Install" or "Next" button. Even then, in some cases, this opting out does not always seem to work as intended.

 

:step5: Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

 

:step6: Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.
* Microsoft Security Advisory (967940): Update for Windows Autorun
* Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

 

:step7: Always update vulnerable software like browsers, Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these and several other popular programs have vulnerabilities that malicious sites can use to exploit and infect your system.

* Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
* Time to Update Your Adobe Reader
* Adobe Security bulletins and advisories
* Microsoft: Unprecedented Wave of Java Exploitation
* eight out of every 10 Web browsers are vulnerable to attack by exploits

 

Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Tools of the Trade: Exploit Kits

To help prevent this, install and use Secunia Personal Software Inspector (PSI), a FREE security tool designed to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.

 

:step8: Use strong passwords and change them anytime you encounter a malware infection, especially if the computer was used for online banking, paying bills, has credit card information or other sensitive data on it. This would include any used for taxes, email, eBay, paypal and other online activities. You should consider them to be compromised and change all passwords immediately as a precaution in case an attacker was able to steal your information when the computer was infected. Many of the newer types of malware are designed to steal your private information to include passwords and logins to forums, banks, credit cards and similar sensitive web sites. Always use a different password for each web site you log in to. Never use the same password on different sites. If using a router, you also need to reset it with a strong password.

 

:step9: Don't disable UAC in Vista or Windows 7, Limit user privileges and use Limited User Accounts in Windows XP.

 

:step10: Know how to recognize Email scams and do not open unsolicited email attachments as they can be dangerous and result in serious malware infection. For example, Zbot/Z-bot (Zeus) is typically installed through opening disguised malicious email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. Once infected, Zbot downloads and executes CryptoLocker Ransomware as a secondary payload. CryptoLocker will encrypt all your data files using a Public and Private key pair. Once the encryption of the data is complete, decryption is usually not feasible and your personal data is lost forever unless you pay the ransom. This particular infection is primarily aimed at corporate and business environments but some home users have reported being infected.
* Using Caution with Email Attachments
* How to Avoid Getting a Virus Through Email
* Safety tips for handling email attachments

Prevention Tips for CryptoLocker:
* US-CERT: CryptoLocker Ransomware Infections: Prevention
* Bleeping Computer CryptoLocker Prevention Guide
* Emsisoft Blog: CryptoLocker – a new ransomware variant and how to prevent infection
* Krebs: How To Avoid CryptoLocker Ransomware

Also beware of Phone Scamming.

Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license...Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes...Do not trust unsolicited calls. Do not provide any personal information.

Avoid tech support phone scams: What you need to know
Don’t fall for phony phone tech support
Avoid scams that use the Microsoft name fraudulently

 

 

Finally, Back up your important data and files on a regular basis. Some infections may render your computer unbootable during or before the disinfection process. Even if you're computer is not infected, backing up is part of best practices in the event of hardware or system failure related to other causes.
* Windows Backup - The essential guide
* Windows Backup Guide

It is also a good practice to make a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.). Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistant to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made.

 

Security Resources from Microsoft:
* How can I help protect my computer from viruses?
* Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
* Threats and Countermeasures: Security Settings in Windows Server 2008 and Windows Vista
* Microsoft Solutions for Security: The Antivirus Defense-in-Depth Guide

Other Security Resources:
* US-CERT: Safeguarding Your Data
* US-CERT: Good Security Habits
* Simple and easy ways to keep your computer safe and secure on the Internet
* Malware Prevention - Preventing Re-infection
* Hardening Windows Security - Part 1 & Part 2
* How to Stop 11 Hidden Security Threats

Browser Security Resources:
* Configuring Internet Explorer for Practical Security and Privacy
* How to Secure Your Web Browser
* LowerMyRights
* Safe Web practices - How to remain safe on the Internet
* Use Task Manager to close pop-up messages to safely exit malware attacks

Simple Ways To Secure Your Privacy:
* The Simplest Security: A Guide To Better Password Practices
* Securing Privacy Part 1: Hardware Issues
* Securing Privacy Part 2: Software Issues
* Securing Privacy Part 3: E-mail Issues
* Securing Privacy Part 4: Internet Issues
 
Other topics discussed in this thread:


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 01 July 2011 - 01:52 PM

Choosing an Anti-Virus Program

Choosing an anti-virus is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, availability of quality/prompt technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. Every vendor's virus lab and program scanning engine is different. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware. You may need to experiment and find the one most suitable for your needs. For more specific information to consider, please read SANS Institute Choosing Your Anti-virus Software.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-virus vendors before they can add a new threat to database definitions. Further, if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything. Malware writers have the advantage since no matter how hard security vendors attempt to stay on top of new threats, there is always a short time-frame in which a new malicious file goes undetected and can infect a computer without detection. Just because one anti-virus or anti-malware scanner detected threats that another missed, does not mean its more effective. Every security vendor's lab and program scanning engine is different. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware.

Security vendors use different scanning engines and different detection methods such as Heuristic Analysis, Behavioral Analysis, Sandboxing and Signature files (containing the binary patterns of known virus signatures) which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus or anti-malware database is updated can also account for differences in threat detections.

Further, each vendor has its own definition (naming standards of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, Good Security Habits and safe surfing provides the most complete protection.

Free Antivirus programs: (choose and install only one).
* avast! Free Antivirus <- includes Google Chrom pre-checked by default during installation but gives you the option to uncheck
* Microsoft Security Essentials <- includes the option to join the customer experience improvement program
* Bitdefender Antivirus Free Edition
* Avira Free Antivirus <- includes option to install Avira Browser Safety Add-on to your browser
* AVG Anti-Virus Free Edition <- includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation but gives you the option to uncheck

-- As noted above in red many anti-virus vendors are bundling toolbars and other software with their products. If pre-checked by default that means you need to uncheck that option during installation if you don't want it. This practice is now the most common revenue generator for free downloads by many legitimate vendors and is typically the reason for the pre-checked option.

Note for Windows 8 users: Windows 8 integrates Windows Defender on Windows 8, a more robust version of Windows Defender (and uses that name) for its anti-virus (and anti-malware) protection. Although it uses the same name, it is not the same as Defender in previous operating systems. Windows 8 Defender provides the same level of protection against malware as Microsoft Security Essentials (MSE), therefore, you cannot use MSE with Windows 8.Since Windows 8 Defender includes anti-virus protection, it may be disabled by the installation of a third-party anti-virus program. If a trial anti-virus came preinstalled on your computer, it most likely turned Windows 8 Defender off (disabled) to avoid conflicts. Windows 8 Defender will remain disabled until the third party anti-virus has been completely uninstalled and then Windows 8 Defender needs to be activated if you choose to use it.. If you want to use Windows 8 Defender you need to completely uninstall the third-party anti-virus and activate it.If you want to use another anti-virus it is recommended to disable Windows 8 Defender before installing a different antivirus software.


IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Microsoft and major Anti-virus vendors recommend that you install and run only one anti-virus program at a time

You don’t need to install more than one antivirus program. In fact, running more than one antivirus program at the same time can cause conflicts and errors that make your antivirus protection less effective or not effective at all.

Should I use more than one antivirus program?

* Symantec's statement
* AVG's statement
* Bitdefender's statement
* Microsoft Security Essentials statement <- click Details

Edited by quietman7, 17 July 2014 - 06:33 PM.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 01 July 2011 - 01:58 PM

Replacing your Anti-virus

IMPORTANT: Before removing (or reinstalling) your existing anti-virus, you should download and save the setup file for the anti-virus you are going to replace it with. Also download any specialized removal tools available from the vendor for your current anti-virus in case you need them. If is not uncommon for some anti-virus programs to not completely uninstall itself using the usual method of Add/Remove Programs in Windows XP or Programs and Features in Vista/Windows 7/8. Sometimes the uninstall will work more effectively if you first stop and disable the antivirus' service or perform the removal in safe mode.

Revo Uninstaller Free or Portable is an alternative to Programs and Features or Add/Remove Programs. Revo provides a listing of all installed software by installation date and when removing a program, it does a more comprehensive job of searching for and removing related registry entries, files and folders. Just follow these instructions...How to use Revo Uninstaller.

In many cases anti-virus vendors also provide clean-up utilities or removal tools on their web sites to remove remnants left behind after uninstalling or for a failed uninstall so always check there first. It's best to download directly from the vendor's site to ensure you are using the most current version of the uninstall utility as it is not uncommon for third party hosting sites to have outdated versions which may not work properly.

Comprehensive List of Uninstallers and Removal Tools for Antivirus Software



Summary of steps to replace an existing anti-virus
  • Before removing your old anti-virus, download and save the setup file for the anti-virus you are going to replace it with.
  • Download any specialized removal tools available from the anti-virus vendor for your current anti-virus in case you need them.
  • Disconnect from the Internet.
  • Uninstall your current anti-virus following vendor's instructions - sometimes uninstalling in safe mode works better.
  • Run the anti-virus vendor's specialized cleanup utility if needed.
  • Reboot normally and install the replacement.
  • Reboot again if prompted to ensure the anti-virus is working properly before reconnecting to the Internet.
  • Connect to the Internet and immediately download the latest definition database updates.

 

Why should you use Antivirus software?

Among the ~800 pages of new threat intelligence is a new study that attempts to quantify the benefit of running up-to-date anti-virus (AV) software. The study leveraged data from over a billion systems worldwide and it turns out that systems that do not have up-to-date AV are 5.5 times more likely to be infected with malware than systems that are protected...
Anti-virus Software is Dead…Really?



Using unprotected computers on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. Using anti-virus software will help minimize the risk and help to prevent the computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle.

How do folks who claim they do not use an anti-virus and never get infected know for certain that their computer is malware free? Many of today's attackers employ advanced techniques which involve sophisticated Botnets, Backdoor Trojans and rootkits to hide their presence on a computer. Without proper security tools including an anti-virus which can detect such malware, you can never be absolutely sure your computer has not been infected.
 
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 19 September 2011 - 01:19 PM

Supplementing your Anti-Virus Program with Anti-Malware Tools

An anti-virus program alone does not offer enough protection and does not provide comprehensive protection. It cannot prevent, detect and remove all threats at any given time. Anti-virus software is inherently reactive...meaning it usually finds malware after a computer has been infected. Further, if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything.

Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.

Anti-malware programs generally tend to focus more on spyware, adware and PUPS (potentially unwanted programs). However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used.

* The Difference Between Antivirus and Anti-Malware
* Antivirus and Antispyware Software: What's The Difference?
* What Is the Difference Between Antivirus & Antispyware?
* Use Anti-Virus and Anti-Spyware Software

Since no single product is 100% foolproof, it is recommended to supplement your anti-virus by performing scans with trustworthy security tools like:
* Malwarebytes Anti-Malware: How to scan and remove malware from your computer
* SUPERAntiSpyware: How to use to scan and remove malware from your computer

Note: Just like with anti-virus programs...There is no universal "one size fits all" solution that works for everyone and there is no single best anti-malware. Every vendor's lab and program scanning engine is different. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware. You may need to experiment and find the one most suitable for your needs.

Free malware scanning/removal programs which can be used to supplement your anti-virus and anti-spyware or get a second opinion:
* Kaspersky Virus Removal Tool - How to use the Kaspersky Virus Removal Tool
* Sophos Virus Removal Tool <- detects and removes rootkits
* ESET Rogue Applications Remover
* Avira PC Cleaner
* Panda Cloud Cleaner - How to disinfect computer with Panda Cloud Cleaner
* Hitman Pro
* Malwarebytes Anti-Rootkit
* Dr.Web CureIt
* Microsoft Safety Scanner - How to use the MS Safety Scanner
* Windows Malicious Software Removal Tool
* Windows Defender Offline <- detects and removes rootkits
* MicroWorld eScan AntiVirus Toolkit (MWAV)
* Norman Malware Cleaner
* McAfee Stinger Tool - How to use Stinger
* Trend Micro System Cleaner
* Trend Micro Fake Antivirus (FakeAV) Removal Tool

For a list of other recommended security tools (i.e SpywareBlaster, WinPatrol) and resources, please refer to:
* Bleeping Computer's Freeware Replacements For Common Commercial Apps
* Bleeping Computer's List of Antivirus, Antimalware, And Antispyware Resources

As a general rule, using more than one anti-spyware program like Malwarebytes Anti-Malware, SuperAntispyware, Windows Defender, Spybot S&D, Ad-Aware, Spyware Terminator, etc. will not conflict with each other or your anti-virus if using only one of them for real-time protection and the others as stand-alone on demand scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware.

Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-malware database is updated can also account for differences in threat detections. Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.

If using multiple real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc.) together at the same time, there can be conflicts as a result of the overlap in protection. These conflicts are typical when similar applications try to compete for resources and exclusive rights to perform an action. They may identify the activity of each other as suspicious and produce alerts. Further, your anti-virus may detect suspicious activity while anti-malware programs are scanning (reading) files, especially if it uses a heuristic scanning engine, regardless if they are running in real-time or on demand. The anti-virus may even detect as threats, any malware removed by these programs and placed into quarantined areas. This can lead to a repetitive cycle of endless alerts or false alarms that continually warn a threat has been found if the contents of the quarantine folder are not removed before beginning a new security scan. Generally these conflicts are more of an annoyance rather than the significant conflicts which occur when running two anti-virus programs in real time.

By the way, you can also supplement your security tools and get a second opinion by performing an Online Virus Scan.
* List of free online Anti virus scanners
* List of online Anti virus scanners
* Top Free Online Virus Scan Services
.
 
For those using Malwarebytes Anti-Malware, I recommend taking advantage of the real-time Protection Module in the full (Premium) version which uses advanced heuristics scanning technology to monitor your system and prevent the installation of most new malware, stopping malware distribution at the source. This technology dynamically blocks malware sites & servers, prevents the execution of malware, proactively monitors every process and helps stop malicious processes before they can infect your computer. Keep in mind that this feature does not guarantee something will not slip through as no product can detect and prevent every type of malware. The database that defines the heuristics is updated as often as there is something to add to it. Also keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute.

Enabling the self-protection module controls whether Malwarebytes creates a safe zone to prevent malicious manipulation of the program and its components. For more specific information, please refer to:Malicious Website Blocking (IP Protection) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. IP Protection is also designed to block incoming connections it determines to be malicious. More information about IP Protection can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

Those who purchase the full version receive a license key via email to activate the protection module. The license includes a lifetime of free upgrades and support. For corporate and business customers, annual licenses are required. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs. If any conflicts between Malwarebytes and another security program are reported, suggested solutions are usually provided in these FAQ topics:Note: A 14-day trial of Malwarebytes Anti-Malware Premium is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

Emsisoft Anti-Malware is another program I would recommend. It is antivirus platform that includes anti-malware protection which uses two scanning engines and three security levels (or layers) of protection to prevent the installation of malware and stop malicious processes before they can infect your computer. These layers consist of surf protection, a dual-engine file guard, and advanced behavioral analysis which is extremely difficult to penetrate. EAM continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. The behavior blocker is able to detect unknown zero-day attacks without signatures.

EAM combines its technology with Bitdefender Anti-Virus utilizing live cloud-verification for superior detection and removal of malware infections effectively. Emsisoft Pro offers a full anti-malware solution which you can run alongside your favorite antivirus as extra protection without conflicts. Compatibility with other security products is constantly tested. Emsisoft Pro includes a malware removal guarantee and personal assistance in emergency situations. For more information, please refer to:Note: By default Emsisoft Anti-Malware installs as a free fully functional 30-day trial version with real-time protection. After the trial period expires you can either choose to buy a full version license or continue to use it in limited freeware mode which still allows you to scan and clean infections. The freeware mode no longer provides any real-time protection to guard against new infections. However, even if the trial is still enabled, you can easily turn off all real time protection and just have it running as on-demand scanner only. After the trial period expires nothing really changes except that the options to activate real-time protection are no longer available without purchasing the full version.

Edited by quietman7, Today, 12:30 PM.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 15 November 2011 - 08:19 AM

Choosing a Firewall

Choosing a firewall is a matter of personal preference, your needs, your technical ability/experience, features offered, user friendliness, ease of updating, ease of installation/removal, availability of quality/prompt technical support from the vendor and price. Other factors to consider include effectiveness, the amount of resources it utilizes, how it may affect system performance and what will work best for your system. A particular firewall that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone. You may need to experiment and find the one most suitable for your use and your system. For more specific information to consider, please read:
* How to choose a firewall
* Understanding and Using Firewalls

There is always the option to use Windows built-in Firewall. Most concerns you may have heard or read about the Windows Firewall were in the XP operating system so many users were advised to use third-party alternatives. Microsoft significantly improved the firewall to address these concerns in Vista and then added more improvements in Windows 7/8. These are 5 Reasons Why the Windows Firewall is One of the Best Firewalls.


Windows Vista Firewall offers two-way filtering for better security than it did in XP but it is still limited. The firewall is combined with IPsec, turned on by default and set to a basic configuration that works in tandem with the Windows Service Hardening feature. If the firewall detects activity that it considers prohibited behavior according to the Service Hardenings preset rules, the firewall will block the suspicious activity. Another feature in the Vista firewall is that it can set rules based on three different types of networks using the Rules Wizard so creating firewall rules is much simpler.

By default, most (not all) outbound filtering is turned off (outbound connections are allowed) and inbound filtering is turned on (inbound connections are blocked/not allowed). Why? This is what Microsoft has to say:

Matt Parretta, a former spokesperson for Microsoft's PR agency, Waggener Edstrom, offered this defense: "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network. After they upgrade to Windows Vista or purchase a new PC with that OS, they will be prompted on the first launch of every application that touches the network: Instant Messaging, IE, e-mail, Windows Media, iTunes, every self-updating app such as Adobe, and so on. Unless they click 'allow', the app will be broken and won't function properly. The out of box experience would be poor, and they would soon be desensitized to the prompts."

Although most outbound filtering is disabled, Vista’s firewall does provide limited outbound filtering which users may not be aware of as it is essentially invisible.

Jason Leznek, Microsoft senior product manager, told Computerworld that outbound filtering rules "are enabled by default for core Windows services as part of Windows Service Hardening, which enables the firewall to understand specific behaviors Windows services should have, and block them if they are doing something unexpected (ie, via an exploited vulnerability). Windows Firewall also protects the computer by blocking certain outgoing messages to help prevent the computer against certain port scanning attacks."

Outbound filtering can be configured to provide an additional layer of security and it does provide corporate and business administrators control over applications (i.e. peer-to-peer file sharing) they may want to restrict. Any such applications that require outbound access must be added to the rules list by using the firewall with the Advanced Security Microsoft Management Console (MMC). Configuration may be confusing for some and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. Inbound filtering can be turned on or off and through various tabs and configuration settings.

For more specific information about configuration and security, please refer to these articles:
* Windows Vista Security and Data Protection Improvements
* Understanding Windows Firewall settings
* The Windows Vista Firewall explained
* How to Allow a program to communicate through Windows Firewall
* Netsh Commands for Windows Firewall with Advanced Security

For an independent review read these articles (some include a response by Microsoft regarding outbound filtering as quoted above):
* Review of the Windows Vista Firewall by Arun Kumar, MVP
* Security Blanket: Vista's Outbound Firewall
* Windows Firewall: the best new security feature in Vista?
* Vista Firewall Fails on Outbound Security
* Windows Vista's Firewall


Windows 7 Firewall is similar to Vista and also offers two-way filtering for inbound and outbound traffic. However, Windows 7 adds a few new features in the firewall and related network-safety areas such as separate configuration settings for private (Home or Work) and public networks.

The Vista firewall was built on a new Windows Filtering Platform (WFP) and added the ability to filter outbound traffic via the Advanced Security MMC snap-in. With Windows 7, Microsoft has tweaked the firewall further and made it much more useable, especially on mobile computers, by adding support for multiple active firewall policies.

The Windows 7 Firewall refines the much-improved firewall that was included in Windows Vista, and brings its "hidden" advanced features out into the open. Many users, including some IT professionals, were unaware that you could filter outbound traffic, monitor and otherwise perform advanced configuration tasks for the Vista firewall, because none of that was apparent from the Firewall applet in Control Panel. With Windows 7, Microsoft has created a built-in host firewall that is much more functional than its predecessors and now poses a viable alternative to third party host firewall products.

What's new in the Windows 7 Firewall?

As with Vista, the basic settings for the Windows 7 firewall are accessed via the Control Panel applet. Unlike Vista, you can also access the advanced settings (including configuration of filtering for outbound connections) through the Control Panel instead of having to create an empty MMC and add a snap-in...

The Vista firewall allows you to choose whether you are on a public or private network. With Windows 7, you have three choices - public network, home network or work network. The two latter options are treated as private networks...With All-Network types, by default the Windows 7 firewall blocks connections to programs that are not on the list of allowed programs. Windows 7 allows you to configure the settings for each network type separately,...

What's new in the Windows 7 Firewall?

For information about using the Windows 7 firewall, managing settings, blocking programs from accessing the Internet, opening/closing ports or disabling firewall notifications, please refer to:
* Understanding Windows Firewall settings
* How to Manage the Windows 7 Firewall

For an independent review read:
* Security in Windows 7: Firewall and Networking
* Should You Use Windows Firewall?

Windows 8 comes with a built-in firewall that is similar to the one found in Windows 7.
Windows 8 Firewall from start to finish


Windows Firewall Tools which can be used to extend the default Windows firewall behavior and used for quick access to define rules and configure the most frequently used options.
* Windows Firewall Control for Windows 8, 7, Vista - alternate download link
* Windows 8/7 Firewall Control - alternate download link
* Windows Firewall Notifier


IMPORTANT NOTE: Using more than one software firewall on a single computer is not advisable. Why? Using two firewalls could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware-based firewall (a router) and a software firewall (i.e. Kerio, ZoneAlarm, Comodo, etc) in conjunction.

Edited by quietman7, 10 July 2014 - 04:53 AM.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 18 February 2012 - 08:41 AM

Glossary of Malware Related Terms

What is Malware?
What is Spyware?
What is Adware?
What is a Drive-by download? - Anatomy of a drive-by download web attack

What is Rogue software?
What is Ransomware?
Symantec: Ransomware A Growing Menace
TechNet Blogs: The past year has been one of expansion for ransomware
McAfee Blog: Ransomware
US-CERT: CryptoLocker Ransomware Infections
BC CryptoLocker Ransomware Information Guide and FAQ
Emsisoft Blog: CryptoLocker – a new ransomware variant
Cryptovirology: Extortion-Based Security Threats and Countermeasures

What is a Spyware Dialer? - Understanding Spyware, Browser Hijackers, and Dialers
What are Potentially Unwanted Programs (PUPS)? - McAfee White Paper: Potentially Unwanted Programs

What is a Worm?
What is a Backdoor Trojan? - Backdoors explained
What is a Botnet?
What is an IRCBot?
What is a Backdoor.IRC.Bot
Bots and Botnets — A Growing Threat
What is a Zombie Bot?
What is a Botnet (Zombie Army)?
What is a Remote Access Trojan (RAT)?
What is a Remote Access Trojan (RAT)?

What is a Virus?
What is a File infecting virus?
What is a Boot sector virus?
What is a Polymorphic virus?
What is a Metamorphic virus?
What is a Script (Macro) virus?

Camouflage in Malware: from Encryption to Metamorphism
The Difference Between a Virus, Worm, Trojan Horse and Blended Threats
What is the difference between viruses, worms, and Trojans?
Trojan FAQs: Common Trojans and how they work

What are Alternate Data Streams (ADS)?
What is Spam?
What is a Spambot?
What is a Web Crawler?

What is Whistler Bootkit
What Is A Rootkit?
What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

What is a TDSS rootkit?
TDSS: Rootkit technologies from the beginning
TDSS part 1 - TDSS part 2: Ifs and Bots - TDSS part 3: Bootkit on the Other Foot
TDL4 Top Bot: The indestructible botnet
Memory Forging Attempt by a Rootkit: TDL4 variants
Bootkit: the challenge
TDL4 Rootkit Bypasses Windows Code-Signing Protection
TDSS loader has now got legs - a self-propagation mechanism
The Worm, the Rogue DHCP, and TDL4
Stalking TDL4: All Access Pass to the Hard Drive
POPUREB vs. TDL4
TDL4 rebooted and its hidden partition table
A New TDL4 with a Stealthy New Twist: creates hidden partition table

ZeroAccess (Max++) Rootkit:
Olmasco bootkit: next circle of TDL4 evolution
TDL4 Infection Update Win32/Olmasco MAXSS Pihar
ZeroAccess / Max++ / Smiscer Crimeware Rootkit
Dissecting the ZeroAccess Rootkit
MAX++ sets its sights on x64 platforms
ZeroAccess (Max++) Rootkit
ZeroAccess Gets Another Update
ZeroAccess rootkit malware shifts to user-mode
ZeroAccess malware revisited - new version yet more devious

These are .pdf documents with more comprehensive information.
ZeroAccess an advanced kernel mode rootkit
Rooting about in TDSS
The Evolution of TDL: Conquering x64
Defeating x64: The Evolution of the TDL Rootkit
TDL3: The Rootkit of All Evil?
Backdoor.Tdss.565
TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Each security vendor uses their own naming conventions to identify various types of malware. Names with Generic, PUP or Patched are all very broad categories and differ widely from vendor to vendor.


What is Distributed Denial-of-Service Attacks (DDOS)
What is Denial-of-Service Attacks (DOS)
How Distributed Denial of Service Attacks Work
Understanding Denial-of-Service Attacks (DOS)
What everyone needs to know about DDoS
How Zombie Computers Work: Distributed Denial of Service Attacks

For information about malware vectors, please read:
Malware Infection Vectors: Past, Present, and Future
How Malware Spreads - How did I get infected
 

Who Writes Malicious Programs and Why? Hackers and malware writers come from differnet age groups, backgrounds, countries, education and skill levels...with varying motivations and intents. Below are a few articles which attempt to explain who these individuals are and why they do what they do.

 


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#7 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 27 September 2012 - 09:38 AM

Why you should not use Registry Cleaners and Optimization Tools

There are numerous programs which purport to improve system performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization and registry cleaning features alongside anti-malware capabilities. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. There is no statistical evidence to back such claims. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

:step1: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

:step2: Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Further, some vendors who offer registry cleaners use deceptive advertisements and claims which are borderline scams. They may alert you to finding thousands of registry errors which can only be fixed to improve performance if you use or buy their product.

:step3: Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

:step4: Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

:step5: The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Microsoft support policy for the use of registry cleaning utilities

...Windows continually references the registry in the background and it is not designed to be accessed or edited. Some products such as registry cleaning utilities suggest that the registry needs regular maintenance or cleaning. However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. Microsoft cannot guarantee that these problems can be solved without a reinstallation of the Operating System as the extent of the changes made by registry cleaning utilities varies from application to application...Microsoft does not support the use of registry cleaners...


Unless you have a particular problem that requires a specific registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly is dangerous and could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great. The major source of orphaned registry entries is poorly uninstalled programs so using a good uninstaller program is a much better way to keep the registry clean.If you want to improve computer performance, please read: Slow Computer/Browser? Check here first; it may not be malware
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#8 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 07 June 2013 - 01:18 PM

I have been hacked...What should I do? - How Do I Handle Identify Theft, Scams and Internet Fraud

If your system was hacked, you should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, taxes, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised.

If using a router, you also need to reset it with a strong logon/password before connecting again. Consult these links to find out the default username and password for your router, and write down that information so it is available when doing the reset:

These are general instructions for how to reset a router:

  • Unplug or turn off your DSL/cable modem.
  • Locate the router's reset button.
  • Press, and hold, the Reset button down for 30 seconds.
  • Wait for the Power, WLAN and Internet light to turn on (On the router).
  • Plug in or turn on your modem (if it is separate from the router).
  • Open your web browser to see if you have an Internet connection.
  • If you don't have an Internet connection you may need to restart your computer.

For more specific information on your particular model, check the owner's manual. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.

Banking and credit card institutions should be notified immediately of the possible security breach. You should also file a report with your local law enforcement agency which most likely will have a Cyber Unit specializing in tracking down hackers and prosecuting them. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.

If you were the victim of Internet/Phone fraud or a scam, you should also file a report.

For more detailed instructions as to what you should do, please read:


Reporting Internet Fraud, Scams and Identity Theft:


Note: Below are resources for determining if you have been hacked and how to identify the attacker. While these are suggestions you can try, it is strongly recommended to allow law enforcement authorities to conduct the investigation if the hacking is confirmed and you have been the vicitim of fraudulent financial transactions or stolen funds...they have the resources and expertise to identify hackers and prosecute them.

How to Tell if someone has accessed your computer:

.
Investigating Hacking:

 

 


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#9 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 22 October 2013 - 10:13 AM


About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings

Many programs, toolbars, add-ons/plug-ins, and browser extensions come bundled with other free third-party software you download from the Internet (often without the knowledge or consent of the user). In some cases, they may be included in Installers or Downloaders found at hosting sites such as CNET, BrotherSoft, Softonic, FreewareFiles and Tucows. These bundled packages, installers and downloaders can often be the source of various issues and problems to include Adware, pop-up ads, browser hijacking which may change your home page and search engine, and user profile corruption.

When a vendor includes bundled software, they do so as a way to "pay per install" and recoup associated business costs. This practice is now the most common revenue generator for free downloads and is typically the reason for the pre-checked option. If pre-checked by default, that means you need to uncheck that option during installation if you don't want it. If you install too fast, you most likely will miss the "opt out" option and end up with software you do not want or need. Even if advised of a toolbar or Add-on, many folks do not know that it is optional and not necessary to install in order to operate the program. Since this sometimes occurs without your knowledge, folks are often left scratching their heads and asking "how did this get on my computer."

Regardless of where you go to download software, you always have to be careful with deceptive download links. Clicking on the incorrect link may redirect to another download site which uses heavy and confusing advertising with more download links. On almost every site, including safe software download sites, you may encounter an obtrusive green "Download Now" button as a type of advertisement. These buttons ads come from third party ad networks and work well because many users are capricious by nature. Clicking on one of these "Download Now buttons" (thinking its the one you want) often results in downloading a program the user did not intend to download.

* Safe software download sites – Beware of deceptive download links & PUPs
* How-To Geek: Why We Hate Recommending Software Downloads To Our Readers

Toolbars, add-ons and bundled software can install themselves in various areas of your operating system to include your browser and Windows Registry. Since some of their componets and behavior are determined to be harmful, some anti-virus and anti-malware tools may detect them as Potentially Unwanted Programs (PUPs) and/or Potentially Unwanted Applications (PUAs) which do not fall in the same category as malicious files such as viruses, Trojans, worms, rootkits and bots.

PUPs and PUAs are a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software usually containing Adware or bundled with other free third-party software to include toolbars, add-ons/plug-ins and browser extensions. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

PUPs may also be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition.
* Malwarebytes: What are the 'PUP' detections, are they threats and should they be deleted?
* Malwarebytes Adopts Aggressive PUP Policy
* Sophos: Potentially unwanted applications
* Microsoft: How Microsoft antimalware products identify potentially unwanted software
* Lavasoft: What are Potentially Unwanted Programs (PUPS)?
* Eset: What is a potentially unwanted application? - Eset Online Scanner FAQs #15: What are Potentially Unwanted Applications?
* McAfee White Paper: Potentially Unwanted Programs
* AVG FAQ 2340: Potentially Unwanted Programs
* Symantec: Potentially Unwanted Programs

Some programs falling into the PUP category have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Since PUP detections do not necessarily mean the file is malicious or a bad program, in some cases the detection may be a "false positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. If you installed, use or recognize the program and it is not causing an issues, then you can ignore the detection.

Your anti-virus may not detect all PUPs. This is because anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. The scanning engines of anti-virus programs and anti-malware tools look for (detect) and remove different things based on the criteria used by the vendor. Anti-virus primarily protect against viruses, worms, Trojans, rootkits while anti-malware programs generally tend to focus more on adware, spyware, browser hijackers and PUPs. There can be some overlap in functionality and detection features between the two but the security vendor defines a specific threat and what Naming Standards are used.

Note: Many anti-virus programs and some security scanners have options to include or exclude the detection of PUPs because of how they are defined. If your anti-virus is not finding any PUPs, then most likely the settings have been set to exclude or ignore detection. If your anti-virus is finding but not removing PUPs, then most likely the settings are set to detect but not take any action.

Again keep in mind that not all toolbars and add-ons/plug-ins are bad. Many of them also come bundled with other free software as a common practice by legitimate vendors.
* Adobe Reader includes Google Chrome or McAfee Security Scan pre-checked by default during installation
* Adobe ShockwavePlayer includes Google Chrome or Norton Security Scan pre-checked by default during installation
* CCleaner (standard installer) includes Yahoo Toolbar pre-checked by default during installation
* Foxit Pdf Reader includes Ask Toolbar and ebay shortcut in desktop pre-checked by default during installation
* GOM Player includes Ask Toolbar pre-checked by default during installation
* GIMP includes AVG SafeGuard/Secure Search toolbar pre-checked by default during installation
* Java includes Ask Toolbar pre-checked by default during installation
* Unlocker includes Babylon Toolbar or Delta Toolbar pre-checked by default during installation


Calendar Of Updates maintains a more comprehensive list of software bundled with unwanted junkware called the:
Installers Hall of Shame.

Even many Anti-virus and security vendors bundle toolbars and other software with their products as a cost recoup measure.
* avast! Free Antivirus includes Google Chrome pre-checked by default during installation
* Avira Free Antivirus includes option to install Avira Browser Safety Add-on to your browser
* AVG Anti-Virus Free Edition includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation
* Panda Cloud AV includes Yahoo Search Assistant pre-checked by default during installation
* SUPERAntiSpyware includes Google Chrome pre-checked by default during installation
* Ad-Aware includes Google Chrome pre-checked by default during installation


Downloading TIPs - Best practices:
1. Always try to download software directly from the vendor's official home site. Look for and read the End User's License Agreement (EULA) carefully as well as any other related documentation.

2. Sometimes looking at the name of the setup file before saving it to your hard drive, will give a clue to what you are actually downloading so you can cancel out of it. If the file name does not appear correctly, do not proceed. This is especially important when using third-party hosting sites which are known to use special installers which bundle other software. Some third-party hosting sites like CNET.com publish a Software bundling Policy which you should always read.

3. Take your time during installation of any program and read everything on the screen before clicking that "Install" or "Next" button. Even then, in some cases, this opting out does not always seem to work as intended.

4. As more and more legitimate vendors are bundling software to recoup business expenses, folks need to take some personal responsibility and educate themselves about this practice.

5. If you must use CNET or similar sites, check the digital signature of the .exe file you download for validity and who actually signed it. Doing that will let you know if the file has been changed.

6. TIP: Open your browser, go to View > Toolbars and check the Status Bar box (Internet Explorer) or Add-on bar (Firefox). If you place your cursor over a link, the actual URL address will show up in the Status Bar or Add-on bar at the bottom of the browser window.

7. TIP: When searching for free software, visit the vendor's website and look for a "slim" or "zipped" version of the product as they generally are stand-alone applications that do not bundle or install anything else.


TOOLBAR & ADD-ON REMOVAL TIPS:

Many toolbars and Add-ons can be removed from within its program group Uninstall shortcut in Start Menu > All Programs or by using Add/Remove Programs or Programs and Features in Control Panel, so always check there first. With most adware/junkware it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In most cases, using the uninstaller of the adware not only removes it more effectively, but it also restores any changed configuration.

Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

Note: Some programs can be difficult to remove if their services and running processes are not disabled or turned off prior to attempting removal because they are in use. As such, it is easier to uninstall after booting into safe mode so there are less processes which can interfere with uninstalling the program.

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.
* How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome
* How to Disable Extensions and Plugins in Firefox - How to Remove Extensions/Uninstall Plugins in Firefox
* How to Disable Extensions in Internet Explorer
* How to Disable Add-ons/Extensions in Internet Explorer, Firefox and Google Chrome
* How to Disable all add-ons in Firefox, Internet Explorer

There are also more suggestion in these articles:
* How to Remove a toolbar that has taken over your Firefox search or home page
* Google Chrome Search engine and other settings taken over by an unwanted program

To reset or restore all browser settings, please refer to:
* How to reset Internet Explorer settings (all versions)
* Reset Firefox – easily fix most problems
* Restore the Default Settings in Firefox (Safe Mode Firefox)
* Reset Chrome browser settings
* Reset Default Page Settings in Google Chrome
* How to reset your browser settings in Internet Explorer, Firefox, Google Chrome, Opera, Safari

Note: Resetting browser settings is not reversible. After a reset, all previous settings are lost and cannot be recovered. All add-ons and customizations are deleted, and you basically start with a fresh version of your browser.

Uninstalling and reinstalling your browser may not resolve all issues related to toolbars and add-ons. Why? Uninstalling does not completely remove all files and folders. User Profiles are generally not removed during a typical uninstall. Thus, reinstalling does not change the existing User Profile where some browser settings may have been modified so they are automatically restored after the reinstall. That means you may still have some symptoms of browser hijacking afterwards.

User Profiles are stored in the following locations:

Windows XP:
C:\Documents and Settings\username\Application Data\Google\Chrome\User Data\
C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\

Windows Vista/Windows 7/8:
C:\Users\Username\AppData\Local\Google\Chrome\User Data\
C:\Users\Username\AppData\Local\Mozilla\User Data\Mozilla\Firefox\Profiles\

Another solution is to just create a new user profile and delete the old one.
* How to Create a new browser user profile in Google Chrome
* How to Create a new browser user profile in Firefox
* How to Create a new browser user profile in Opera, Internet Explorer, Firefox, Chrome

After performing the above steps...you can search for and cleanup remnants with tools like AdwCleaner, Junkware Removal Tool and Malwarebytes Anti-Malware.

If you feel uncomfortable running these tools by yourself and would like assistance, then start a new topic in the Am I infected? What do I do? forum.


Important Note: When searching for malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. Search results will yield numerous malware removal sites with "How to Guides" for removing various Toolbar, Search and Browser Hijack viruses. This is deliberately done more as a scam to entice folks into buying an advertised fix or using a free removal tool. SpyHunter (SpyHunter-Installer.exe), a dubious and ineffective program from Enigma Software with a history of employing aggressive and deceptive advertising is one of the most common "so-called" removal tools pushed by these sites. In some cases if the fix is a free download, users may be enticed to download a malicious file or be redirected to a malicious web site. In other cases you are referred to contact the site's Tech Support for assistance which is only provided for a fee. Do not follow such advice or download any removal tools from unknown or untrusted web sites.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#10 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 19 February 2014 - 05:26 PM

About In-text advertising: In-Text Ads - Text Enhanced Ads

The double-underlined random words you sometimes see on web pages in your browser is called in-text advertising and it is very common. Kontera, Text Enhance and Vibrant are are some of the more popular advertising networks that provide in-text advertising and information services.

The double-underlined word is actually a keyword embedded within text of a web page. The keyword is intended to provide consumers with information that is related to what they are reading. When hovering your mouse over this keyword, a pop up ad is displayed with a preview of the ad the text links to. This process works by allowing webmasters to insert JavaScript code into web pages that displays relevant advertisements from an inventory of advertisers. This script scans a web page and dynamically modifies keywords an advertiser has targeted on the page and double-underlines them. The words and the double-lines under them are usually blue in color but it is not uncommon for them to appear in various other colors such as red or green.

:step1: In-text advertising is a form of contextual advertising commonly used to promote business and generate revenue to offset the cost of maintaining a web site each time a website visitor clicks on an in-text ad. Advertisements from in-text ads also help to generate targeted traffic to a website and improve their natural search engine ranking.


Delivering ads to users based on their preferences. Adware programs analyze a user's Web surfing habits to determine the type of merchandise they are likely to purchase. As a result of the analysis, "contextual ads" are made to pop up periodically. Contextual marketing is widely implemented by search engines. They display ads on the results pages based on the key words users enter for a search. In addition, contextual marketing is available for Web sites in general. The service offers to place ads on pages that are geared to the audience likely to visit the site.

Definition of: contextual marketing

 

What is In-text Advertising?
In-text advertising is a monetization method that has taken the affiliate marketing world by storm. As long as you've got content, we've got a commission check with your name on it! Intextual simply scans your pages, and then selects ads that go along with the subject matter. Users will only see the ads when they hover over double hyperlinked keywords that are impossible to miss. Even if someone accidentally engages an In-text ad, the widget will disappear after a few seconds without interaction or the user can simply "X" out manually.

AdMedia: Publish In-Text Ads and Make Money Online

 

Text-Enhance is a premium service offered to you by our publishers. We work with various websites as well as software products to help them provide value to their users. Please remember that if you are seeing Text-Enhance links, this does not mean you are "infected" or are having issues with your computer. It also does not mean websites you view have been "hacked". If you are seeing these links, it means that the website you are on or a piece of software on your computer has decided to offer you this service...If you would like to disable these links from showing up, you can opt-out here.

What is Text-Enhance?

Most companies which utilize In-Text Ads have an Opt-Out procedure listed in their privacy statements or learn more about pages.

Example 1: Vibrant Privacy Statement - Vibrant Opt-Out Procedure

5. Controlling the Use of Your Information and Opting-Out


Example 2: Learn more about Infolinks <-scroll down to

Prefer to not see In-Text Ads on this site? Click here to opt-out


Example 3: Kontera Privacy Statement

If you prefer that Kontera not collect any information about your website visits for the purpose of delivering targeted advertising, you may opt out by clicking here.

Kontera Ad Choices


Do you want to disable Kontera ads?
To disable, click the link below and then refresh your internet page. If you delete or refresh your cookies, Kontera's ads will be re-activated automatically. Click here to disable.


Example 4: About Ad Choices

AdChoice is our program that lets you choose whether to receive customized advertising on eBay and on the websites of our advertising partners.

To opt out for a single browser...
To opt out for multiple browsers...

After you opt out you'll see this message: You have opted out of AdChoice. You'll still see ads with the AdChoice link and icon, but the ads won't be customized.


Example 5: Your AdChoices FAQs

Can I opt out of interest-based advertising?
Yes. The AdChoices program is all about giving you information and control so that you can make informed choices about the interest-based advertising you receive online. The AdChoices Icon—whether in an advertisement or on Web pages—gives you access to consumer choice mechanisms where you may, at any time, opt out of the interest-based advertising that you receive from participating companies.


For a list of other companies which have opt-out procedures, please refer to Ghostery Enterprise Global Opt-Out
Also see Opt Out from Online Behavioral Advertising (Beta) - Using the Consumer Opt Out Page (Beta)

Note: Since these advertising websites use Cookies, opting-out is much easier than having to delete cookies or run a series of anti-spyware scans. In some cases you can disable In-Text Ads by hovering over one of the double-underlined words with your mouse and clicking the small "?" (question mark) at the top or bottom of the popup box. This will take you to a page that explains the ads and allow you to disable them (opt-out) using another cookie. In other cases, if you click on the Advertiser's name - i.e. AdChoices - you are taken to a page which contains opt-out information. If you just delete or refresh your cookies, the in-text advertising will be re-activated and the ads will reappear. You can also add these advertising companies to Internet Explorer's Restricted sites or disable them in Firefox with third party tools so the sites cannot be accessed.


:step2: Also be aware that there are software programs and browser extensions, add-ons/plug-ins which can be installed and used to display in-text advertisements.

Linksicle offers a free search and translation utility in exchange for agreement to install the software and receive advertising. In order to keep Linksicle free you may see banner, text, pop-up, pop-under, interstitial, video, coupon, and/or in-text advertisements through the software on websites where features operate and during general internet usage...To keep use of Linksicle free you will see ads delivered by the software on websites where Linksicle’s features operate and while you browse the internet.

About Linksicle Advertising
How do I uninstall Linksicle?

 

You may be seeing ads as part of our advertising solution for Internet properties (such as websites or web browser extensions). This solution provides content at no cost to you and displays advertisements during your web browsing experience. It was installed by you, or someone who uses your computer.

You currently have the following plugin installed...To quickly remove all software and associated advertising provided by this product, you may uninstall the program from "Add/Remove programs" on your Windows computer.

Text Enhance Uninstall Instructions
Text Enhance Browser Extensions Uninstall Instructions

These extensions are usually bundled with other free software you download and install. Since they are often installed without your knowledge or consent, they are classified as Potentially Unwanted Programs (PUPs).

Note: Many of these extensions are cross web browser plugins for Internet Explorer, Firefox and Chrome so make sure you check all your browsers to remove or disable even if you seldom use them. See this Example: Advertising Support Uninstall Instructions

Managing-Disabling-Removing Browser Add-ons:
* How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome
* How to Manage Extensions in Google Chrome
* How to Disable Extensions and Plugins in Firefox - How to Remove Extensions/Uninstall Plugins in Firefox
* How to Disable Extensions in Internet Explorer
* How to Disable Add-ons/Extensions in Internet Explorer, Firefox and Google Chrome
* How to Disable all add-ons in Firefox, Internet Explorer

If an extension is not removable (or not found) then you need to find the root software with which it came bundled with. Generally it can be found in Programs and Features in Vista/Windows 7/8 or Add/Remove Programs in Windows XP. In most cases, using the uninstaller of the software not only removes it more effectively, but it also restores any changed configuration. Important! Reboot when done and delete the Program folder if it still exists. After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find.

Instead of Programs and Features or Add/Remove Programs in Control Panel, you can also use a third-party utility like Revo Uninstaller Free or Portable which does a more comprehensive job of searching for and removing related registry entries, files and folders. Follow these instructions for using it.

Common programs responsible for ads which may be found in and removed from Add/Remove include:

AlllCheapPeruiCe 5.2, Allyrics, BetterSurf, BLoCkTheADApp 3.2, Browse2Save, CouponMeApp, DownloadTerms 1.0, DVDX Player 3.2, Fast Free Converter, Feven 1.7, live player 3.2, LyricsViewer, LyricXeeker, LyricsWoofer, LyricsFan, Media Player 1.1, Plus-HD, Savings Bull, Savings Wizard, Start Savin, SimpleLyrics, TheBlooccker 1.3, TubeAdblOCkER, YoubeAdBlocker 1.2, Youtube Downloader HD, WatchItAdBlocake, WebCake 3.00, Websteroids, Video Media Player 1.1, Video Player, ViewPassword

Resources to help prevent advertisements & block websites:
How To Block advertisements in Firefox, Internet Explorer, Chrome, and Opera
BlockSite for Firefox
NoScript - NoScript FAQs
NotScripts for Chrome
Karma Blocker for Firefox <- intended for advanced users
Flashblock for Firefox
Block Unwanted Ads with Custom MVPS Hosts File

About Adblock Plus
Adblock Plus Overview
- Adblock Plus for Internet Explorer
- Adblock Plus for Firefox
- Adblock Plus for Chrome
- Adblock Plus for Opera
- Adblock Plus FAQs
Element Hiding Helper for Adblock Plus - How to Use the Element Hiding Helper with Adblock Plus

Resources to help protect privacy:
The Best Browser Extensions that Protect Your Privacy
How to Start Your Browser in Private Mode
Disconnect
SafeIP
DoNotTrackMe <- for Firefox, Chrome, Safari, Internet Explorer on both Mac and Windows
Ghostery <- for Firefox, Chrome, Safari, Internet Explorer and Opera on both Mac and Windows
PrivDog
HideMyAss
Free Hide IP
Privacy Badger

Ghostery allows you to block beacons, trackers, advertising, analytics and widgets.
- Ghostery download
- Ghostery - How It Works
- Ghostery General Options
- Ghostery FAQs
- How to configure Ghostery to stop Trackers
- Ghostery Community Forum
 


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#11 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 32,859 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:51 PM

Posted 23 February 2014 - 08:20 PM

File Sharing (P2P), Torrents, Keygens, Cracks, Warez, and Pirated Software are a Security Risk

The practice of using any torrent, file sharing, peer-to-peer (P2P) program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze, Skype, etc), keygens, hacking tools, cracking tools, warez, or any pirated software is a serious security risk which can turn a computer into a malware honeypot or zombie.

:step1: File Sharing, Torrents, and Peer-to-Peer (P2P) Programs

File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge.

...It is almost never safe to download executable programs from peer-to-peer file sharing networks because they are a major source of malware infections.

Software Cracks: A Great Way to Infect Your PC

Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Further some file sharing programs are bundled with other free software you may download (sometimes without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, and browser hijackers as well as malware.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites. 
:step2: Keygens, Cracks, Warez, and Pirated Software

Of six counterfeit Microsoft Office disks tested, they found that five were infected with malware. Of the twelve counterfeit Windows disks tested, they found that six could not install and run, and so could not be tested. They were duds!

Of the six counterfeit Windows disks that could run and be tested successfully:
* Two were infected with malware;
* 100% of the six copies had Windows Update disabled;
* 100% of the six copies had the Windows Firewall rules changed.

In total of the twelve counterfeit software copies that could be installed successfully (six Office and six Windows) and tested:
* Seven copies (58%) were infected with malware
* A total of 20 instances of six different types of malware code found

The Hidden Risks of Using Pirated Software

Recent research shows that websites and programs related to software piracy are likely to be infected with malware due to the way they are distributed...over 50% of all pirated files are infected with malware that are constantly repacked to evade even the most up-to-date anti-virus programs. Software piracy acts as a gateway for cybercriminals to infect computers, leaving individuals and their personal data vulnerable to malware infection.

File Sharing, Piracy, and Malware

...pirated software and cracks — programs designed to generate product keys or serial numbers for popular software and games — are almost always bundled with some kind of malware...downloading pirated software and software cracks is among the fastest and likeliest ways to infect your computer with something that ultimately hands control over of your PC to someone else.

Software Cracks: A Great Way to Infect Your PC

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

* IDC study on The Dangers of Counterfeit Software
* IDC White paper: The Dangersous World of Counterfeit and Pirated Software
* Software Piracy on the Internet: A Threat To Your Securiy
* File Sharing, Piracy, and Malware
* Pirated software carries malware payload that can cost billions

When you use these kind of programs, be forewarned that some of the most aggressive types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users