Vernalex.com
 
 M  E  N  U
 - Guides
 - Links
 - Tools
 - Themes
 




 
 

Malware Guide: Protective Measures < [7/7] >


Table of Contents


Introduction

Since malware can only infect a computer if a user executes vulnerable software or manually installs it, the user can take specific measures to avoid malware. In general terms this means keep your software up-to-date, running alternate programs instead of popular ones and using a bit of common sense, suspicion and intuition. By following the below steps you will be able to minimize your chances of infection

Return to top.

Updates

The first step to protecting your computer is to keep your software up-to-date. This alleviates the problem of being infected through a software vulnerability, but also has the side effects of fleshing out various other bugs and sometimes adds additional features. Most software gets updates either through newer installs or addon patches. Depending on the program you wish to update the procedure will change, so it is a good idea to check the documentation of the program you are installing. However, you shouldn't feel that you have to update everything.

The most important programs to update are those that open data ports to your network (usually this network is the Internet). This involves mainly programs that refer to themselves as servers, but really encompasses any program that allows people to connect to you. So this includes a few built-in Windows components such as Remote Desktop or Universal Plug and Play, FTP servers, web servers, file sharing applications such as KaZaA, hosting online games, chat clients that send/receive as well as other programs that people use to access your computer from a network such as AIM or Yahoo Messenger.

The second most important programs to update are those that receive and interpret data from a network, either directly or indirectly. These types of programs include web browsers such as Internet Explorer or Netscape, email clients such as Outlook, media players such as RealPlayer or Windows Media Player, and online video games.

For updating Windows please visit Microsoft Windows Update at http://windowsupdate.microsoft.com. This website will detect which updates you require and allow you to install these updates directly from the website. If you have any problems with updating from this site it may be a good idea to visit the Windows Update Troubleshooting page. Windows Update will update all common versions of Windows, and this includes: Windows 95, Windows 98, Windows Me, Windows NT4, Windows 2000 and Windows XP. However, support for older versions of Windows (95, 98 and NT4) is fairly thin, meaning no new patches will be released for these operating systems. Do not let this worry you too much though as older versions of Windows are considered poor targets because their market concentration is too low.

For Microsoft Office Updates please visit Microsoft's Office Update site at http://office.microsoft.com/officeupdate. This website has a link to scan for Office Updates and it will check if your Office needs any updates. However, this site will only check Office 2000, Office XP and Office 2003 suites and individual components. This means if you have Office 97/98 then you cannot use this site to update your Microsoft Office product(s). If you have Office 97/98 though I highly recommend updating as Office 2000 and above are much better.

Return to top.

 

Browser / Email Client

To mitigate the chance that you will get malware through a vulnerability it is a good idea to run programs that are less mainstream. If you use a program that is less common than another then the chance of a worm infecting you is much less. Of course the decision to use a less common program has to be weighed against the problems created by using a less common program and the effectiveness of that program. Not to mention that another program could be more faulty from a security standpoint.

The most important area of selection is with your web browser. Numerous web browsers exist: Internet Explorer, Netscape, Opera, Mozilla, and other more outlandish ones. All of the newer release versions of these programs are fairly equal from a feature standpoint, except for Internet Explorer which has features that hasn't changed much in years. However, Internet Explorer comes equipped with all versions of up-to-date Windows. This means that the majority of the world already has IE installed on their computer when they buy it, and this usually means they'll use it and not consider alternatives. From a malware standpoint this means if a person wants to exploit the most computer systems through a browser flaw, then they'll really only consider Internet Explorer. This problem is exacerbated by the fact that the most common email programs, Outlook and Outlook Express, use the the Internet Explorer rendering engine to display their emails. So if there's a flaw in IE then there's a flaw in Outlook and Outlook Express also.

Of course there are downsides to using browsers other than Internet Explorer. Since most people in the world use Internet Explorer to view the Internet's web, most people design their websites with only Internet Explorer in mind. What this means that if you use a different web browser then you'll sometimes browse to a site that would look or behave differently in Internet Explorer. Without going into too much detail this shouldn't be the case. Websites are supposed to be designed around web standards set by the W3C, but most people don't know about these standards or don't care. This means that if you use an alternate browser then you'll have to expect some odd behavior, and sometimes have to use IE as a fallback browse.

For updating Internet Explorer please use Windows Update (see the updates section on information for that). For more information on browser security please visit my Windows Setup guide section on security.

Any browser that you use should have a popup blocker. This functionality is built into most browsers; including Mozilla (Firefox, Netscape 6/7), Opera, Safari, etc.. But, versions previous to Windows XP SP2's Internet Explorer do not have the native ability to stop popups. I highly recommend that you use the Google Toolbar if you do not have Windows XP, and if you have Windows XP then I would suggest using the popup blocker in SP2. A popup block is important because first it stops annoying popups, but it also eliminates popups that could coerce you into installing spyware or adware.

I personally recommend that you use Firefox though. It is the most supported alternate browser, and it has tons of options and extensions that you can use to customize it. Click on the banner below to install Firefox along with the Google toolbar.

Return to top.

 

Antivirus Applications

One of the best defenses against viruses, trojans and worms is a good antivirus program. These programs offer two distinct features. The first is manual scanning (on demand scanning) which allows you to scan a particular file or groups of files (such as all files on your hard-drive) when you want. The second is real time scanning which checks files for viruses, trojans, and worms as you execute them (so it won't let you run them). The ability to scan files as you run them is spectacular and will cut down on a lot of problems if you allow it to do so. A great deal of people will disable this feature because it "slows down their computer", but I can assure you that any decent common-day computer today can more than handle this feature. In fact, this feature won't slow down most applications (such as games) because it only scans files as you execute them, so once a program is running then it won't affect speed (unless the particular program accesses other files).

Antivirus programs rely on virus definition reference files. These are basically a database file that contains all known viruses, worms and trojans. The concept is that when it scans a file it checks the files contents against the reference file. If it locates a piece of code in the file that matches the code in the reference file then the program is a virus, worm or trojan. Most antivirus programs will then either attempt to remove the offending code from the file (this usually only works with viruses since worms and trojans are often only bad and contain no actual useful data), or will quarantine it or delete it. It should be noted that just because an antivirus program finds a program as a virus, trojan or worm does not mean you were infected. Remember that a program has to be active in memory for you to be infected. These reference files are updated are through downloading them manually and installing them, or from an automatic update feature through the program. Without updating your virus scanner it will only be able to find old stuff.

Most antivirus programs also offer a feature called heuristics. The basic concept here is that the virus scanner attempts to use some type of artificial intelligence to intelligently identify viruses, trojans and worms that it doesn't explicitly know about through references files. It identifies files by searching the file for code similar to other viruses, trojans or worms, for code that performs certain behaviors that a normal program wouldn't. Personally I find this feature fairly annoying as it has the potential to find false positives and report benign programs as malware. Luckily all of the antivirus programs I know can turn off this behavior so it isn't really a problem with me. I have been meaning to research this topic to find how useful it actually is, but if you know one way or the other then let me know. It has minimal performance impact on the computers of today, so you should leave it running unless you have issues with it.

There are dozens of good antivirus programs but generally the most well known are Mcafee (Network Associates) and Symantec/Norton. I personally prefer the Symantec Antivirus Corporate Edition scanner as it is has a nice clean interface (no skins), consumes a fairly modest amount of resources, has a good number of features, and isn't obtrusive. It also isn't free though, and generally Symantec/Norton wants home users to buy their home version. For the most part though antivirus programs are just a matter of taste as they are for the most part the same. Be careful though, a few companies that release antivirus programs for free contain (or are) spyware / adware.

Return to top.