Preventing Malware and Safe Computing


The following are some valuable tips for maintaining a secure PC and ensuring that your PC will not get infected in the future.


Backups :


It is extremely important that you make regular backups. Having these can make all the difference if your PC ever has a problem.


Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  http://aumha.org/freeware/freeware.php
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
• For the zipped version:
  Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now create a fresh system restore point

Download SysRestorePoint to your desktop and unzip it to it's own folder.

• Double click SysRestorePoint.exe so that we can make a new system restore point.
• A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.

• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

If you run Vista Premium, Business or Ultimate you have the ability to set automatic backups of your files.

• Click Start > All Programs > Accessories > System Tools > Backup Status and Configuration
• Click Back up files, and then follow the steps in the wizard.
• Select where you want to back up to ... another partition,hard drive, CD or DVD.
• Select which files you want to back up :
  
  Pictures, Music, Videos, E-mail, Documents, etc
  
  
• Select how often to back up:
  
  Daily, Weekly or Monthly.
  
  
• Select the day/time
  
  Then click on Save settings and Exit.

To restore the files:

Click Restore files and then follow the steps in the wizard.


Note:
The ability to set up automatic backups is not included in Windows Vista Home Basic ; however, Windows will periodically remind you to back up your files. It is NOT recommended to backup to the same drive that your Operating System is located on.




Now if you ever have a PC problem, you should easily be able to restore your PC to a previous time.



Peer-to-Peer ( p2p ) programs :


Peer-to-peer programs, eg : LimeWire, Bitlord, Kazaa, are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.

You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.


Note :

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (msn, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.



Security Programs :


It is essential these days to have a few security programs installed and running on your machine. However, there are a few caveats, you should not install more than one anti-virus or firewall. This actually does more harm than good, and will cause a lot of issues for your PC.

• It is important to have a good anti-spyware program. We highly recommend MalwareBytes Anti-Malware and SUPERAntiSpyware
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Some good free firewalls are Online Armor or Outpost or Sunbelt Personal Firewall.
  Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.
  
  
• Here are some good anti-virus programs, make sure you only use one though :
  AntiVir or avast! or AVG.

It is important to keep these programs up to date. I would recommend using them once every 10 days.



Internet Browsers :


Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe.

• Mozilla's Firefox browser is fantastic, as is Opera. Both are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  While Opera can be downloaded from Here.

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

• NoScript - for blocking ads and other potential website attacks
• McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extras :


Below are a few more steps that we highly recommend

• OpenDNS is a very valuable feature that we strongly endorse here. It gives your PC the benefit of extra safety and increased browser speed. Enabling this takes hardly any time and is not complicated at all, even novice users will be able to set it up with the guide below.
  
  Another huge advantage of using OpenDNS is that it blocks phishing websites from loading on your computer. It uses data from Phishtank, a community site that is also used by Yahoo! Mail to determine if some particular website is part of any online phishing scam.
  
  To set this just have a look at the easy-to-use guide here
  
  
• There are certain programs that are security vulnerabilities, it is recommended that you keep everything updated. Two of the main vulnerabilities are Java and Adobe Reader. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. Make sure to uninstall all previous versions of Java as well since they can be exploited.
  
  You can also find the latest version of Adobe Reader here
  
  
  Suggestion :
  
  Foxit is a great free PDF alternative. It uses fewer system resources and is not vulnerable to the exploits affecting Adobe Reader. Providing full PDF functionality, Foxit is rapidly becoming the PDF reader of choice for many. Get it here
  
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Advanced Tips :


The following suggestions are considered to be rather complicated for the average user, so I only recommend them if you know what you are doing or have a desire to learn more complicated procedures. A few of these programs listed below are paid products, I have tried to use free alternatives but it hasn't always been possible.

I have also tried to link to tutorials for each of the tools recommended. This tutorial is not to answer questions on how to use them


Image Backups

What is an image backup ? To put it simply, it will back up all your data into a single file, including system and registry data, allowing you to do an easy, fast, and complete PC restore should your computer ever crash.

Here are some suggestions

DriveImage ( my personal recommendation, it is also free )
Acronis
Macrium Reflect



Limited User Account

Using a Limited User Account can help decrease the effect of malware and other potential damaging things for your PC. A Limited User account lets you use most of the capabilities of the computer, but only an Administrator can make changes that affect other users of the computer.

Have a read of the following article for more detailed instructions on how to go about setting it up

Click


Tip : This sort of account would be very beneficial to use among any children in your family, or among those who are not comp savvy that have access to your PC.



DropMyRights

The following program is only for use on on Windows XP machines, this tool is not needed on Windows Vista or Windows Server 2008, because by default users are not administrators.

It can be downloaded from here


This program greatly increases the security of Windows XP by running selected programs in a restricted environment ( i.e. with lower rights ) even when logged on to Windows XP as an Administrator. It simply blocks them from performing certain security-breaking functions.


You can find a guide here on how to use it here



Sandbox Programs

One of the best forms of protection that you can use for your PC is a sandbox program. In laymans terms, what they do is let you install and run programs in a virtual environment, so any changes made will happen in the virtual environment and not in the real PC.

So if your PC was to get infected by a piece of malware while in this virtual setting, or anything else that may damage the machine, all you have to do is close this virtual session, reboot the PC, and it will be back to normal.


Here are some sandbox programs that I recommend

Returnil
Sandboxie



HIPS

These programs may conflict with your other security protection programs. If this is the case ( ie : you notice massive slow down or BSODs ) then uninstall them.


HIPS ( Host Based Intrusion Prevention System ) is considered as one the best steps in protecting your PC. What these programs do are prevent changes made to your PC by unauthorised sources. It allows you to very closely monitor what runs on your PC.

Here are some recommendations

ProcessGuard
Threatfire ( there is a tutorial located in this link as well )
DriveSentry ( this is a firewall so it will conflict with other firewalls )


Now after all these steps, your PC will be extremely secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps cant help fix it, we will be here to help you out


Regards

The GeeksToGo Team

That article was awesome! I do some of what it suggests, but that really gives a good way to have a secure computer. It also answered several questions I had/explained some things I didn't quite understand. Thank you for taking the time to write that...I will be doing this to 3 of my computers tomorrow.

However, I would imagine that some of these programs and tools have system requirements higher than Windows 98. Do you have any suggestions or different programs that I can operate on that computer. It gets little internet use...it is our 4th computer.

You can see its basic specs at the bottom of my signature--its the gateway 450.

Thanks again!

I honestly have no idea what works and doesn't work on Windows 98. I suggest try working through the suggestions and skip any that say they don't work for that OS in the requirements field.


Glad you liked the guide

Do you recommend Comodo firewall?

Or are the ones you recommended here better?

I don't recommend Comodo anymore as they have bundled in the anti-virus and anti-spyware program into it. There is too much risk of a user then having two anti-virus programs running, which would cause them a lot of problems.

Its good though, just make sure you uncheck the box for their anti-virus and anti-spyware

Thanks! I decided to install Sunbelt and I like it way better than Comodo already. I used Comodo for about 6 months and was really annoyed with all of the warnings every time the programs that I trusted tried to update. It was a little too advanced for me I think. Sunbelt doesn't have all the warnings and seems easier to work with.

Usually this is the case when the firewall is in 'learning' mode and is something a (in my opinion) good firewall -should- do.
However for the average joe it's a little too complicated at times as the details they give you can get overwhelming.

Regards,
Olrik

I thought I was really computer literate until I tried to figure out what was wrong with my system...guess I just knew enough to be dangerous lol. Thanks to your site I was able to remove the malware from my computer and now I'm in the protection mode so that things hopefully won't go wrong again in the future. I'm a little confused tho. I downloaded all the software that was suggested in the removing malicious code thread...and now in addition to those I need to install these listed above? I currently also have Spybot Search and Destroy and Adaware on my system, so I'm not sure if I should uninstall those and install the ones listed above or not. Also do I install all the spyware programs listed? ie. spyware blaster, spyware guard, and MVPS Hosts?

Thanks in advance for the clarification!

Many of these recommendations are very easy, and have little, if any impact on system performance. Others like backups, registry backups, system restore points are just common sense, and good insurance. If you've been infected before and are looking to prevent it from happening again, or minimize its impact, there's really no reason not to do everything recommended here.

However, I'm afraid there really isn't a one-size-fits-all solution. It depends on your risk profile, how the computer is used, whether you're willing to accept performance trade-offs, etc. Evaluate your own behaviors, and those of others using the system. For example, I only recently installed an anti-virus. I don't use any additional anti-spyware/malware protections. I simply don't visit high risk sites, or participate in high risk behavior, my system is kept fully patched, backed up nightly, etc. All our recommendations are free. If for example you store private information for third parties, or client information you'd probably want to install paid products, and go beyond these recommendations.

To relate a personal experience, I often get called to assist friends. A friend had a system that was getting infected on almost a weekly basis. It was in a work area where a number of people had access to it, and were able to access it for personal use. I used the recommendations listed here to secure it, and it has stayed clean now for a number of weeks.

I wasn't very specific answering your questions, let me try again.

My recommendation would be to uninstall Spybot and Adaware. Install MalwareBytes AntiMalware, and SUPERAntiSpyware. They're the new "dynamic duo".

Spyware Blaster, SpywareGuard, and MVP Hosts use zero system resources, and are good basic protection. An easy one to overlook is OpenDNS, however I highly recommend it.

'Ello,

I've spent most of today researching the links in your article & trying out most of the software.
Great resource!

BTW - McAfee SiteAdviser is not too happy with The Outpost site - claims it adds some unwanted stuff to the firewall installation. Gave it the yellow marking. Not sure I got to the bottom of this..... and in any case, I'm happy with Online Armour.

A couple of questions:

MalwareBytes AntiMalware and SUPERAntiSpyware do not seem to have real-time protection in their free versions. (I liked the MB scanner, though). Shouldn't I have at least one real time malware protection?

Well, only one, actually : ) I used to have Spyware Doctor but it seemed to use a lot of resources, so now I'm using SpywareGuard.

What do you think about Spyware Doctor?

It appears, from what you're saying, that the paid protection software is generally superior to the free stuff available out there. I have a paid version of Ad-Aware which includes Ad-Watch. Whenever I make changes to my system, Ad-Watch starts barking like a dedicated watchdog. It seems to detect (and alert about) almost everything, more than Spybot used to (I no longer use it), and definitely more than SG. Online Armour is also very good at it, but it appears to have one weakness: it asks me about additions to my hosts file, but it remains silent when I comment-out entries.

Anyways - really a very enlightening article, thanks.
SOADA

SpywareGuard is excellent real-time protection, thats why its included. We know that not everybody will want to pay or upgrade a program just for real-time safety.



Spyware Doctor is absolute junk. Even if it was free I still wouldn't recommend it



Not sure how you interpreted it that way because it is supposed to be the complete opposite. There are plenty of free and excellent programs that will cover all your needs as good as or better than paid versions


Glad you liked the article

But I agree that one can manage one's security well enough using only free software.
In my case, there's really not so much choice....

Funny - I had a bad feeling about Spyware Doctor, though a friend (and a couple of sites) had recommended it to me. It was using almost 200MB of memory and slowing down my machine, and I have a feeling it also was involved in a few crashes my computer had experienced recently.

SOADA

While I agree there is some terrific free software available, and we recommend free applications whenver we can, there are often benefits to paying for software. Benefits like real time scans, and options like phone support are often worth the relatively small expense. Especially, when the system is used for a commercial interest.

A little off-topic for this post, and it doesn't diminish it's recommendations at all. Perhaps we'll do something similar with paid applications in the future.

This is a FABULOUS article (and additional replies are really helpful too). I recently battled the Vundo trojan, so I stumbled across Rorschach112's incredibly patient replies to "hlfinn" over there on the atribune.org/forums. You deserve some sort of medal for your assistance. VundoFix found no infected files on my system, but Anti-Malware (MBAM) appears to have cleared up the problem. (Although the guys at VundoFix seem to be doing good work, so I intend to donate to them anyway.) Again, MANY thanks for putting together this terrific guide.
Just curious: I turned off System Restore for the entire "rescue" procedure (and ran scans in both safe and then regular modes). Do I still need to create a new System Restore point and run cleanmgr as you suggested to hlfinn?