Malware Info‎ > ‎

1. Prevention

1. Prevention   |  2. Detection    |  3. Removal

Howto Prevent Malware Infestation

  • Install OS Updates
  • Don't Open e-mail attachments
  • Safe browsing
  • Knowing your system
  • Running an Antivirus software package
  • Disabling un-needed features and services
  • Utilizing a firewall
  • Disabling Javascript for PDF readers


1. Automatic Updates - First and foremost, one of the best things you can do to protect yourself is to ensure that you have Automatic updates enabled for your operating system (most likely Windows XP, Vista, or 7).  By enabling automatic updates, security related updates and bug fixes will be downloaded and installed to your computer. 

This can not be stressed enough - if you do not have the latest security updates, an attempt will be made to hack your machine.  Tools are constantly released in the underground and on public sites that automatically go searching for vulnerable targets that can be exploited.

Automatic updates should always be enabled and there's not really a good exception.  If you have updates that are failing, you may want to start scanning to see if there's some sort of malware that is preventing them from installing.  You can also try renaming the %windir%\SoftwareDistribution to %windir%\SoftwareDistribution.old to reset.
 
 5. Don't open e-mail attachments - Unless you know for certain that an attachment you received from someone in an e-mail is clean, don't open it.  If the file extension is .vbs or .exe or it has two extensions, like .jpg.exe or .docx.vbs, then don't open it period.

 Even if you receive an e-mail from someone you know, you can not assume it is safe to open.  One of your contacts may have gotten infected and the infection is causing them to e-mail everyone in their contacts in an attempt to spread.  Be very careful with attachments!
2. Safe Browsing - The majority of all malware infections occur because a user downloads or visits malicious content.  If you hadn't visited that particular website, you would have not been infected.  Don't visit sites you're not supposed to be visiting. 

Cracking, Hacking, Warez, and other illicit sites are notorious for infecting their users.  The majority of these websites try to install something on your machine as soon as you visit them using some sort of browser exploit.  The others usually package malware within their downloads.  These sites, also, often just continuously pop up other websites that pop up more websites that pop up new websites and so on which increases the chances that you will get infected somewhere along the line.  Avoid these websites!

Porn websites can also infect their users.  They may claim that you need to download some file in order to view their content.  Don't fall for this!  This is most likely an attempt to infect your computer. 

Safe browsing cannot be stressed enough.  When you get infected, most of the time you're at fault.  You can sometimes stumble across a website that can sneak a virus on to your machine without warning, but the majority of the time it's because safe browsing wasn't practiced.  A computer doesn't develop a virus on it's on out of the blue.  It's not like a common cold someone gets every now and then.  Computer viruses are more like HIV.  I've written a few tips you can use to protect yourself here, here, and here.  I will continue to update with more ways to protect yourself when I can.


 6. Keep an eye on running processes - A very good way to confirm that your computer is running clean is by knowing your system.  Some computers have different processes running by default on their machine.  Some common processes are svchost.exe, explorer.exe, dwm.exe (in vista/7 only, known virus in XP), winlogon.exe.  There's probably about 45-50 more processes running on your computer. 

To see what processes you have running, hit ctrl+shift+escape on your keyboard to pull up the task manager, click over on the "Processes" tab, and then go through the list to see what all you have running on your machine.  Go to google and type each of their names into a search to see if any of the names are associated with any known malware. 

By learning your computer's processes, you will be able to spot bad processes easier in the event you get infected.  Be sure to check each time you install software so you can observe any new processes that may show up.
3. Antivirus - It's considered important to have some sort of antivirus solution running resident on your machine to protect you in the event that you do come across any malicious file. 

AVs do a decent job at preventing an infection from reaching your machine.  They also have heuristics that can help prevent unknown viruses from infecting your computer, which is beneficial if a new exploit tries to install something silently.  The AV's heuristics may detect the attempt to silently install the malware and prevent it from infecting your machine.  Heuristics are nice, and sometimes they work, but it's not a perfect solution. 

Since writing malware is a very popular hobby for the blackhats, there's a lot of new "0-day" malware that comes out daily that can successfully infect your machine, regardless if you have an AV or not.  It could be a few days before your AV updates its definitions list to prevent the new type of infection, but if you have already gotten infected with it, you might not be able to download the new definition update anyway.  This is one of the reasons why I, personally, do not run an Antivirus.  An AV sits in your computer's memory, and the majority of the time that it scans something, it's clean, which means it just slowed down my access to that file for no reason.

AVs will slow your computer down, and occasionally can cause conflicts with other software, and especially games.  I have not run an AV in over 3 years, and I have not had a virus.  However, I take rather drastic measures, keeping most of my browsing virtualized and any downloaded content is opened in a virtual machine before I consider it safe to run on my non-virtual environment.  I highly suggest anyone who is not at least an intermediate computer user to use some sort of AV that is listed on my Virus Tools page.  AVs can help protect users who have not learned how to browse safely or do not want to fool with virtual machines.


 7. Disable unneeded features and services - Another way to harden your machine against internet attacks is to reduce the amount of software you have running in the background. 

The more applications and services you have running, the more likely your computer can be compromised.  Since vulnerabilities are discovered every day, it can be hard to keep your application software up-to-date.  If you have any software that you know you don't use then consider uninstalling it or at least disabling it.  If a vulnerability is found against an application that has network capability it could create an attack vector for a hacker.  Minimize your software.  Don't install anything you don't use.  Uninstall all that you don't use.  Update all that you do use the best you can.

Windows comes with a lot of services enabled by default that you may not need running.  You can view these services by going to start->run "services.msc" or by going to start->"services.msc" in Vista and 7.  This will display the Services configuration dialog where you can set startup parameters for background services.  Be careful, though, as some services are required for the machine to boot!  Research the services to see which ones you need.  Also note that some malware may install themselves as services.  It helps to learn what services exists so you can also point out which ones are bad.  You may be interested in some of the services packs I've created for Windows 7 and XP.
4. Firewall - A firewall is an extra security measure you can use to prevent certain network based attacks. 

A firewall creates a barrier around your computer and tries to prevent unauthorized access by weeding out unknown, or unlearned network activity.  Firewalls can prevent botnet clients and backdoors from affecting your computer.  However, some of these types of infections will disable any firewalls it detects in an attempt to reveal itself to the world and providing you little or no security.

However, assuming you practice safe browsing habits and you do not get infected, a firewall can help protect you against unknown security exploits in your software or operating system by revoking access to any remote user who attempts to connect to your machine.  Unbeknown by a lot of people is that today's home-based wired and wireless routers have an integrated firewall in them that offers similar protection by "stealthing" your computer's ports to the Internet.

 8. Disable Javascript capabilities in your PDF reader - Disabling Javascript from executing in your PDF reader, such as Adobe Reader or Foxit Reader, can reduce the likelihood of being infected by a PDF.  Some PDFs can invoke malicious scripts that can compromise your machine.  Most PDFs that you read do not require Javascript in order to read them and it's highly recommended you disable Javascript to protect yourself.

Disable for Adobe Reader: Open Adobe Reader.  Go to Edit->Preferences.  Locate the "Javascript" option on the left and select it.  Untick the "Enable Javascript" checkbox.  Click OK.

Disable for Foxit Reader: Open Foxit Reader. Go to Tools->Preferences. Locate the "Javascript" option on the left and select it.  Untick the "Enable Javascript" checkbox.  Click OK.


Continue to Detection -->


1. Prevention   |  2. Detection    |  3. Removal

Comments