You are here: Home > AntiMalware > Prevention
Archive | Prevention RSS feed for this section

Malware Prevention Guide for 2011 / 2012

This malware prevention guide is intended for the average/above average home user that wants to protect their PC using Anti-Malware products and techniques.  Some of these solutions are free, some aren’t.  If you follow this guide then there’s no reason for you to ask “what’s the best way to protect my PC from being infected?”.  If you’d like to add another way to protect your PC from malware please add it as a comment below.  The prevention tab will be linked to this post.

The malware landscape looks like this *right now* (and hasn’t changed that much this year)

Fake AntiVirus and Fake System Utilities

These fake apps are either loaded via hacked websites or trojans that already exist on your PC.  They’ll popup messages saying that your computer is highly infected or that your hard drive is damaged and ready to die. These messages are intended to scare you into buying the fake application.  

NOTE: Fake system utilities will hide all the applications and files on your computer making it look like they have been deleted.  Your files are simply hidden and not deleted…it’s just a scare tactic.


Rootkits – Rootkits are specialized malware that usually have the following characteristics and abilities:

  • they are completely hidden from your conventional antivirus and some specialized removal tools.
  • they will redirect your searches on the internet to bad sites.
  • they will disable your antivirus.
  • they will download other pieces of malware (like fake antivirus).
  • sometimes they’ll prevent your computer from booting (like the one I’m working on right now).
  • they may patch system drivers (usually just 1-2 random drivers).
  • they may infect master boot records.
  • they may allow a remote attacker to view, change, upload or delete any file on your PC and execute commands.

Preventing your Windows PC from being infected by malware

Updates – Updates are one of the most important ways you can prevent your PC from being infected.

  1. Make sure your PC is setup to install Windows critical and security updates.  By default Windows updates are installed at 3Windows 7 Automatic Updates am.  If your PC is asleep or turned off your updates will NOT be installed.  Either make sure your PC is on at 3 am or change the install time to when your PC is turned on.  You MUST reboot after your updates have been installed.  Installing your Windows updates are super critical.  If you need step-by-step instructions you can find them here.
     
  2. If you need to use Java (not to be confused with Javascript) make sure you install Java updates when they pop-up in the bottom right hand corner.  If you don’t receive an update notification then go to Java.com, download and install the latest version of Java.  If you don’t use Java just uninstall it.
     
  3. Install the latest version of Adobe Reader.  You will be notified when Adobe Reader updates are available.Adobe-Reader-Updates
     
  4. Install the latest version of Adobe Flash Player.  You will be notified when Adobe Flash Player updates are available.
     
  5. Install the latest version of the browser you are using.
    http://www.google.com/chrome
    http://www.mozilla.org/
    For IE – Check for updates. 
     
  6. If you don’t want to look for updates manually you can use something like Secunia – read more here http://secunia.com/vulnerability_scanning/personal/).
     
  7. Turn off Autorun / Autoplay.  Lot’s of people use flash drives, they’re great.  However, worms like them too (like Conficker).   If you insert a flash drive with a worm on it the worm will jump from USB to the PC instantly (and viceversa).  Turning off autorun minimizes the chance that the worm will automatically jump from the flash drive to the PC.
    How to disable autorun/autoplay in any version of Windows 
     
  8. Buy a new AntiVirus every year.  Download it or go to the store, doesn’t matter.  95% of the new clients I meet believe they norton-internet-security-2012
    have the latest antivirus because they are renewing their antivirus subscription.  Not true.  They are simply receiving antivirus database updates, not program updates.  Some antivirus applications may do program updates automatically, however I barely see this.  If you want an Antivirus / Antimalware that works really well right outta the box then grab Symantec’s Norton Internet Security 2012.  You can read about some of the features I love here.




Read full story · Comments { 21 }

2 Free Applications That Make Malware A Trivial Joke

Would you like to laugh in the face of any malware and do it for free?  If so, then have I got the power combo for you!  This combo  uses traditional signature based antivirus  and a  HIPS (host based intrusion prevention system).  With this combo you can achieve maximum protection without suffering a major performance penalty.

Here’s the 2 applications you’ll need and where to get them.  Also, below you’ll find an easy to understand explanation on how this combo works.

Free Signature Based Antivirus with Heuristics – Avira AntiVir 9 Free

Download Here

youtube Watch The Avira 9 Review

Free HIPS – GesWall 2.8.3 Free

Download Here

youtube Watch The GesWall Review

Here’s basically how these 2 applications protect you from all forms of malware.

The backbone of this combo is GesWall.  GesWall isolates applications that are used as gateways to the internet or external media, such as:

  • Web Browsers.
  • Email.
  • P2P.
  • CD’s (requires you to make an additional rule, see example)
  • USB Devices. (requires you to make an additional rule, see example)
  • Memory Cards. (requires you to make an additional rule, see example)
  • Basically anything that can connect to the internet.

When an application is isolated via GesWall it prevents the following:

  • No access to kernel – prevents kernel mode rootkits and key loggers
  • Read only access to trusted files, registry, processes etc. – prevents user mode rootkits, keyloggers, malware infections.
  • No local communications to trusted processes, e.g. windows messages, RPC, COM, WMI – prevents shatter attacks, user mode rootkits, keyloggers and malware infections.
  • No scheduled re-start – prevents backdoors, zombie bots and worms.
  • No access to confidential files – prevents leaks of confidential information.

Isolation basically means that ANYTHING from the a fore mentioned items cannot make changes to your PC .  Here’s step by step example of how this works:

  1. GesWall Free is installed on your PC.
  2. You open firefox (or whatever browser you use).
  3. GesWall will ask you if you wan to isolate FireFox.
  4. You say YES.
  5. You visit myspace.com and look at a few pages for a few hours…
  6. You click a link that redirects you to a domain hosting AV 2009 Rogue AntiVirus.
  7. You accidentally (try to) install AV 2009.
  8. GesWall prevents AV 2009 from modifying ANYTHING on your system.
  9. AV 2009′s fake UI might be running in RAM.
  10. You open GesWall, Click on Isolated Applications and then Terminate the AV 2009 application.

That is just one example of how GesWall  can protect your PC.

For our second line of defense we’ll be using Avira AntiVir 9 just in case your GesWall is not working (like you disabled it and forgot to turn it back on) or you make a download trusted and it’s actually infected.  Avira Antivir 9 provides some great protection such as:

  • AntiVirus
  • AntiSpyware
  • AntiAdware
  • AntiTrojan
  • AntiRootkit
  • Heuristics and Daily signature updates.

I’ve used this combo on over 200 malicious downloads and URL’s and it’s 100% effective so far (221 and counting).

If this article has help you or your family please ReTweet it.

Read full story · Comments { 32 }

Remove-Malware Traffic Stats