Wednesday, January 24, 2007

Protect your Computer

I found this article http://forums.majorgeeks.com/showthread.php?t=44525 in "Major Geeks" website - it's very good and I agreee with all points. In fact it's almost exactly what I do to protect my own computer. Note that the article assumes you are not using one of the commercial security packages like Nortons or McAfee.


How to Protect yourself from malware!
Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running Windows XP SP2 (which you really should be running if your PC supports it) see the below link before updating:You should check for Windows Updates at least once a month. Go to the below link to get your updates or check to see if you need any:Note: If you have problems getting your Windows Updates, see if the below thread helps:2) Anti Virus: make sure you have one and keep it updated. Here are some good free ones:These are better than Symantec/Norton or McAfee because they are free and because they are not so system resource hungry. The recent versions of Symantec/Norton and McAfee have become very bloated. This does not mean they do not work. If you have either of them and are happy with it, stick with them. But whatever you choose remember to Only Run ONE AV!


3) Firewalls

A firewall is software or hardware that acts like a gate to help protect your computer against hackers and some computer viruses and worms that try to find unprotected computers that are connected to the Internet. This gate allows you to you to accept connections from sources you trust, and it keeps the gate closed for ones you don't trust. A firewall works by examining information coming from and going to the Internet. It identifies and blocks information that comes from a dangerous location or seems suspicious. If you set up your firewall properly, hackers searching for vulnerable computers cannot detect your computer (often referred to as a stealthed connection).


There are two kinds of firewalls:
  1. Hardware Firewall - normally built into a router if you use one. If you do have a router with a firewall, make sure you enable it. And also password protect your router, especially if it is a wireless router. Wireless routers can be less secure because they use radio frequencies to communicate with your PC. So if you use a wireless router, you can help enhance the security of your network by enabling the firewall and by requiring a password to connect to your network. Make sure you also enable encryption on your wireless network.
  2. Software Firewall - special software that you must install. Use a software firewall even if you do have a hardware firewall. But only use one software firewall. Running multiple software firewalls is unnecessary and using more than one software firewall on the same connection could cause issues with connectivity to the Internet or other unexpected behavior.
If you don't have a Software Firewall, get one of these below. The first four are free versions. I don't care if you're on dial up or High Speed....you must have a firewall or you can get infected faster than you can download any tools to fix your problems.Note: For Win XP SP2 users, after installing any of these firewalls, you must make sure to disable the firewall that is part of WinXP SP2. It is enabled by default, and it does not provide adequate protection and is only an incoming (uni-directional) firewall. Similar to antivirus applications, you must use only one software firewall. The information in the following will help you disable the firewall: Windows Firewall Some of the above firewalls may automatically disable the Windows firewall for you, but it is best to check for your self.

For additonal info about the problems with Windows XP SP2 firewall read these:4) Get a Temp File/Cookies/index.dat cleaner5) SpyWare Scanners/Removers and Prevention (Some are even free)NOTE:
I do not recommend using multiple full blown blocker/scanner/removal tools (like Ewido, MS Antispyware, SpySweeper, and CounterSpy) at the same time as a long term solution. Doing that temporarily to clean a system is okay, but long term you may find that it slows your system down too much. It is okay to run one of these, along with the other items listed above because the others are not too resource hungry (that is, as long as you do not use Spybot's Teatimer).


NOTE: There are loads of bad (also called rogue) anti-spyware programs available out there. You should familiarize yourself with the list maintained at the Spyware Warrior website. See: Rogue/Suspect Anti-Spyware Products & Web Sites


6) Adjust Active X security settings
  • In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
    • Set 'Download signed Active X controls' to Prompt
    • Set 'Download unsigned Active X controls' to Disable
    • Set 'Initialize and Script ActiveX controls not marked as safe' to Disable
    • Set the Installation of desktop items to Prompt
    • Set the Launching programs and files in an IFRAME to Prompt
    • Set the Navigate sub-frames across different domains to Prompt
    • Click OK and OK again.
7) Use Mozilla FireFox in place of Internet Explorer.


8) Uninstall Microsoft Java and Replace with Sun Java

You may already have Sun Java if on a newer OS. Just get the current version of Sun Java installed. The link to it is given below.

Microsoft no longer supports Java and it is often a source of installed spyware and hijacks so it is a good idea to remove Microsoft Java Virtual Machine and Install Sun Java. To remove it follow these steps.
  • Select Start > Run and Enter "RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall" in the Open box, and click ok.
  • Click Yes to confirm that you want to remove the Microsoft VM
  • When prompted, reboot the computer
  • Remove the following items: (Systemroot is where windows is installed (usually C:\Windows)
    • The \%Systemroot%\Java folder
    • The file java.PNF from the \%Systemroot%\inf folder
    • The files jview.exe and wjview.exe from the \%Systemroot%\system32 folder
    • The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Java VM
    • The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ InternetExplorer \ AdvancedOptions \ JAVA_VM
  • As an alternative to the above steps you can try the below tool to remove MS Java. Download and run theMSJVM Removal Tool 1.0a
  • Now install Sun Java Runtime Environment (JRE) from here: http://java.sun.com/javase/downloads/index.jsp When you install this latest version of Sun Java, be sure to uncheck the options to install the Google Toolbar for Internet Explorer and Google Desktop (that is unless you want this additional baggage). Be sure to use the option to Test your Java Virtual Machine (JVM) when you finish. It will only take about a minute and it verifies your installation is good.
Make sure you check that you have the lastest version of Sun Java installed by clicking the link. If you have an older version, install the new version and then remove all old versions. It would also be a good idea empty the Sun Java cache periodically because many baddies will store themselves there.

You can choose a different language if you need it from the top menu on that page. (Any files or registry entries not found or errors can be ignored and go to the next step)


9) Use Passwords & Create Restricted User Accounts

All user accounts should have password protection. Especially on Win NT, 2K, XP, and 2003 systems. Make sure you do not leave the Administrator password account password blank. This is the default. Also it is a good idea to completely disable the Guest account. When you choose your passwords, choose them wisely. Do not make them too short and do not choose anything that would be easy to guess.

When creating user accounts on WinNT, 2K, XP, and 2003 systems, it would be a good idea to only have one account with administrator priviledges. Create all other user accounts as restricted users. Especially for your children. This will prevent them from installing anything that you do not approve and install for them. It will also save you a lot of time cleaning up the mess that will occur when they have unrestricted access to the PC.


10) Security starts with you! Becareful what you download and from where!
  • There are loads of free programs and services out there that people just love to download from. These are programs like Kazaa, Imesh, etc. They quite often come bundled with lots of malware that will cause you significant problems. I suggest avoiding these programs and servers completely. But if you must use them, choose more wisely. See the below link which can help you make a more educated choice:
Spyware Info's Clean and Infected File Sharing Programs


  • Avoid installing services and applications which you do not use in your normal daily routines. It is not necessary for them to be loaded all the time. The above P2P programs are a great example of this. Many programs that autoload at startup can just be run on an as needed basis.
  • Also it should go without saying but....avoid the porn sites! They are notorious spreaders of more than one kind of smut.
  • Also be very careful to read popups before clicking on them. You probably do not want what they are selling and sometimes the correct answer may be the opposite of what you think. They will choose wording meant to confuse you.
  • Do not open e-mails coming from unknown or distrusted sources. Many viruses and trojans spread via e-mail messages. You can always check with the originator to see if they sent something to you.
  • Especially be careful with attachments. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated antivirus program.
  • Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it congests the Internet even more than it already is. If you respond to their email where it says something like "to be removed from our list", all you are doing is confirming your email address is valid and you just got yourself added to a load more spamming lists.
  • Never add any site to your Trusted Sites Zone unless it is absolutely necessary to run something you really need (like for work).
  • Finally, when installing any software, read the license agreement carefully before accepting. You may be surprised what you will find. Like thousands of people who had to have LOP infections and other malware removed from their PCs who did not read the license agreement in Messenger Plus (which is not related to Microsoft).
11) The True Story About Cookies!
First let's get right to the point. Cookies are not problems that you need to be concerned with. Too many antispyware programs flag cookies and make them sound like they are high risk items. The truth is that they are not high risk problems and in most cases are actually very useful to you.
This subject has long been debated on the internet and obviously there are many opinions about cookies. Cookies are not executable programs. They are simple text files stored on your PC to help websites (and you) track useful user settings and non-personal information, like which advertisement you last saw (which prevents you from seeing the same ad over and over again).
Yes some cookies are often referred to tracking cookies, but tracking is more complicated then just having a cookie. Every website you visit would have to have knowledge of the particular cookie so that they could use it to add tracking info to it and to make use of it. You will see many antispyware programs indicating various cookies as tracking cookies and this can artifically make detection counts look very high. It is also a sore point when doing comparisons between antispyware programs. If one program detects cookies and another does not, it can make the one that does not detect them look like it is doing a bad job.
Similarly it makes the one detecting them look like a great product since it picks up things the other missed. Thus most (not all) programs will detect cookies to avoid this hazard. Don't be fooled by cookie counting. If cookies are the only thing showing up, you are in good shape. They are not harmful and you can just ignore them or if so desired, you can easily clean them using your browser or other tools like CCleaner (Crap Cleaner).
12) What to do if you do get infected!
  • If you still get an infection or already have one, you should follow the procedure given here READ & RUN ME FIRST Before Asking for Support . If this does not fix your malware problems then follow the instructions in the READ & RUN ME and create a new thread in the Malware Forum requesting help. Be sure to attach all of the logs requested in the READ & RUN ME and clearly explain your remaining problems. Also make sure you install and rename HijackThis as requested before adding your HijackThis log to the list of requested attachments.

No comments: