Best Practices for Safe Computing - Prevention of Malware Infection
Common sense, Good Security Habits and safe surfing is essential to protecting yourself from malware infection. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice these principles and stay informed. Knowledge and the ability to use it is the best defensive tool anyone could have. This includes educating yourself as to the most common ways malware is contracted and spread as well as prevention.
Important Fact: It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.
- End Users Remain Biggest Security Headache as Compromised Endpoints Increase
- Studies prove once again that users are the weakest link in the security chain
- Social Engineering: Attacking the Weakest Link in the Security Chain
- Social media platforms...a hotbed of cyber criminal activity
- Millions of users open spam emails, click on links
Therefore, security begins with personal responsibility.
Tips to protect yourself against malware infection:
Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to How To Access Windows Update.
Avoid pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.
Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. Malicious worms, backdoor Trojans, IRCBots, Botnets, and rootkits spread across P2P file sharing networks, gaming and underground sites. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. If you must use file sharing, scan your downloads with anti-virus software before opening them and ensure Windows is configured to show known file extensions.
Avoid Bundled software. Many toolbars, add-ons/plug-ins, browser extensions, screensavers and useless or junk programs like registry cleaners, optimizers, download managers, etc, come bundled with other software (often without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, pop-up ads browser hijacking which may change your home page/search engine, and cause user profile corruption. Thus, bundled software may be detected and removed by security scanners as a Potentially Unwanted Program (PUP), a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Since the downloading of bundled software sometimes occurs without your knowledge, folks are often left scratching their heads and asking "how did this get on my computer." Even if advised of a toolbar or Add-on, many folks do not know that it is optional and not necessary to install in order to operate the program. If you install bundled software too fast, you most likely will miss the "opt out" option and end up with software you do not want or need. The best practice is to take your time during installation of any program and read everything before clicking that "Install" or "Next" button. Even then, in some cases, this opting out does not always seem to work as intended.
Beware of Rogue Security software and crypto ransomware as they are some of the most common sources of malware infection. They spread malware via a variety of common vectors...opening a malicious or spam email attachment, executing a malcious file, web exploits, exploit kits, malvertising campaigns, non-malware (fileless) attacks, drive-by downloads, social engineering, scams and RDP bruteforce attacks against servers particularly by those involved with the development and spread of ransomware.
- Anatomy of a ransomware attack
- Spotlight on Ransomware: Common infection methods
- Spotlight on Ransomware: How ransomware works
- RDP brute force based attacks are on the rise
The best defensive strategy to protect yourself from malware and ransomware (crypto malware) infections is a comprehensive approach to include prevention. Make sure you are running an updated anti-virus and anti-malware product, update all vulnerable software, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, disable VSSAdmin.exe, close Remote Desktop Protocol (RDP) if you do not need it and routinely backup your data...then disconnect the external drive when the backup is completed.
- How to Protect and Harden a Computer against Ransomware
- How To Lock Down So Ransomware Doesn't Lock You Out
- SANS Enterprise Survival Guide for Ransomware Attacks
- Ransomware: Best Practices for Prevention and Response
- Ransomware: 7 Defensive Strategies
- How to Strengthen Enterprise Defenses against Ransomware
- Best practices for securing your environment against ransomware
- Ransomware Do's and Dont's: Protecting Critical Data
- How Businesses Can Best Defend Against Ransomware Attacks
- 11 things home users can do to protect against ransomware
- 22 Ransomware Prevention Tips for the home user
- Why Everyone Should disable VSSAdmin.exe Now!
You should also use an Anti-Exploit program to help protect your computer from zero-day attacks and rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files AND stop it rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.
...Prevention before the fact is the only guaranteed peace of mind on this one.
How do I decrypt files encrypted by ransomware?
Some anti-virus and anti-malware programs include built-in anti-exploitation protection so be sure to familiarize yourself with all their features and settings.
Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.
* Microsoft Security Advisory (967940): Update for Windows Autorun
* Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows
Note: If using Windows 7 and above, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.
Always update vulnerable software like browsers, Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these and several other popular programs have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Time to Update Your Adobe Reader
- Adobe Security bulletins and advisories
- Microsoft: Unprecedented Wave of Java Exploitation
- eight out of every 10 Web browsers are vulnerable to attack by exploits
Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.
Tools of the Trade: Exploit Kits
To help prevent this, install and use a Software Updater to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.
Use strong passwords and change them anytime you encounter a malware infection, especially if the computer was used for online banking, paying bills, has credit card information or other sensitive data on it. This would include any used for taxes, email, eBay, paypal and other online activities. You should consider them to be compromised and change all passwords immediately as a precaution in case an attacker was able to steal your information when the computer was infected. Many of the newer types of malware are designed to steal your private information to include passwords and logins to forums, banks, credit cards and similar sensitive web sites. Always use a different password for each web site you log in to. Never use the same password on different sites. If using a router, you also need to reset it with a strong password.
Don't disable UAC in Windows, Limit user privileges, remove Admin Rights or use Limited User Accounts AND be sure to turn on file extensions in windows so that you can see extensions. Ransomware disguises .exe files as fake PDF files with a PDF icon inside a .zip file attached to the email. Since Microsoft does not show extensions by default, they look like normal PDF files and people routinely open them. A common tactic of malware writers is to disguise malicious files by hiding the file extension or adding spaces to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name.
Know how to recognize Email scams and do not open unsolicited email attachments as they can be dangerous and result in serious malware infection. For example, Zbot/Z-bot (Zeus) is typically installed through opening disguised malicious email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers.
- Using Caution with Email Attachments
- How to Avoid Getting a Virus Through Email
- Safety tips for handling email attachments
Beware of phony Tech Support Scamming.
Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license...Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes...Do not trust unsolicited calls. Do not provide any personal information.
For more specific information about these types of scams, please read this topic.
Important !!! Allow Windows to show file extensions. Malware can disguise itself by hiding the file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name as well as the extension. If you cannot see the file extension, you may need to reconfigure Windows to show known file name extensions.
- 50+ File Extensions That Are Potentially Dangerous on Windows
- How Hackers Can Disguise Malicious Programs With Fake File Extensions
- Why you should set your folder options to “show known file types”
Finally, back up your important data and files on a regular basis. Backing up is among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas. Some infections may render your computer unbootable during or before the disinfection process. Even if you're computer is not infected, backing up is part of best practices in the event of hardware or system failure related to other causes.
- The smartest way to stay unaffected by ransomware? Backup!
- The Backup Rule of Three
- Methods for backing up your files
- Windows Backup - The essential guide
When implementing a backup strategy include testing to ensure it works before an emergency arises; routinely check to verify backups are being made and stored properly; remove (disconnect) and isolate all backups from the network or home computer.
It is also a good practice to make a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.). Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistant to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made.
Other Security Resources:
- US-CERT: Safeguarding Your Data
- US-CERT: Good Security Habits
- How to Secure Your Web Browser
- Hardening Windows Security - Part 1 & Part 2
- How to Stop 11 Hidden Security Threats
Simple Ways To Secure Your Privacy:
- The Simplest Security: A Guide To Better Password Practices
- Securing Privacy Part 1: Hardware Issues
- Securing Privacy Part 2: Software Issues
- Securing Privacy Part 3: E-mail Issues
- Securing Privacy Part 4: Internet Issues
Resources to protect your browser, privacy & help prevent browser pop-up ads and scams:
- uBlock Origin for Chrome, Firefox, Edge, Safari, Opera, a general purpose blocker which can block both ads and scripts.
- uBlock for Chromium, Firefox, Safari
- uBlock vs. uBlock Origin: what's the difference?
- AdBlock for Firefox, Chrome, Safari, Internet Explorer, Opera
- Adblock Plus for Chrome, Firefox, Safari, Internet Explorer, Micorosft Edge, Opera, Yandex
- AdBlocker Ultimate for Firefox, Chrome, Safari, Internet Explorer, Yandex
- Adfinder for Internet Explorer
- Adguard for Chrome, Firefox, Safari, Internet Explorer, Micorosft Edge, Opera
- Malwarebytes Add-on, an extension which provides malware, scam, advertising/tracker and clickbait protection.
- HTTPS Everywhere, an extension that encrypts your communications, making your browsing more secure.
- Fraudscore for Firefox
- NoScript - NoScript FAQs
- ScriptSafe for Chrome
- Privacy Badger for Firefox, Chrome, Opera
- Ghostery for Firefox, Chrome, Safari, Internet Explorer, Opera, a tool which allows you to block beacons, trackers, advertising, analytics, widgets and cookies.
- SpywareBlaster Free...see here for detailed information..
Other topics discussed in this thread:
- Choosing an Anti-Virus Program
- Safe Steps for Replacing your Anti-virus - Why should you use Antivirus software?
- Supplementing your Anti-Virus Program with Anti-Malware Tools
- Choosing a Firewall
- Glossary of Malware Related Terms
- Why you should not use Registry Cleaners and Optimization Tools
- I have been hacked...What should I do? - How Do I Handle Identify Theft, Scams and Internet Fraud
- About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
- About In-text advertising: Text Enhanced Ads & How to remove Them
- File Sharing (P2P), Keygens, Cracks, Keygens, Cracks, Warez, and Pirated Software are a Security Risk
- There are no guarantees or shortcuts when it comes to malware removal - When should I reformat?
- Beware of Phony Emails &Tech Support Scams