Uncreative Labs

Posted: Sat Jun 17, 2006 9:53 pm

I've got a document I started writing for UCL's how-tos section and never really got around to finishing it. If anyone wants to finish or contribute to the document (spelling and grammar checking is probably needed) they'll be given credit in the document itself.

In addition, you've got a document you can print out and give to friends and family who might need the help.

Malware Prevention Document wrote:

Spyware prevention
------------------

There are many programs out there to remove malware, but they have to be used and will often react to a malicious program
being installed rather than prevent it from being installed. By that time, the damage may be done. There are many easy
things you, the computer user, can do to prevent malware from infecting your computer.

The list of things you can do to prevent malware infections includes:
1. Install a spyware removal program
2. Don't install anything you did not intend to install.
3. Be wary
4. Keep an eye on your system and how it performs. If it suddenly changes, look for a cause.
5. Try to keep your system as spyware free as possible, like deer, where there's one program there's often more.
6. Avoid toolbars and "cute" or "neat" programs
7. Use Windows Update
8. Don't run as Administrator
9. Avoid using file sharing programs
10. File types

Install a Spyware Removal Program

If you install a spyware removal program, update it, and run it regularly (2-4 week intervals) you're much less likely to have a large infection on your computer. At the time of this writing, August 2005, Lavasoft Ad-Aware is one of the best spyware removal programs. It is free, and available from <http://www.lavasoft.de>.

When choosing a spyware removal program, do some research on it before installing it. There are some programs that do remove some spyware, but don't remove others. There are also programs that are spyware themselves. There is a review of spyware removal programs at Ars Technica, <http://www.arstechnica.com>.

Don't Install Anything You Did Not Intend to Install

Programs don't just appear on computers. Someone had to install them or put them on a disk in the system to run. If you find that there's an install program running that you did not start yourself (or that someone in your household didn't start) you should exit out of it. (Please note that some system administrators distribute updates this way--check with the system administrator if you have one.)

On a related note, watch for programs that "just appear." They can also be signs of a malware infection. (If you have a shared family PC, it may be a good idea to create and use multiple user accounts.)

Be Wary

There's a common saying about doing something with a computer: When in doubt, ask. (Don't mess up your expensive hardware because you screwed up.) Keep an eye on your system, and don't pay any attention to pop up ads that tell you you may be infected with spyware. If you thing you might be, don't follow the advice of anything on screen. You should manually start your spyware removal program, and do a full scan.

For those with Windows NT, Windows 2000, Windows XP, Windows Server 2003, or a future version of Windows, you should know what every entry in your task manager process list is. (Go to Start> Run and type taskmgr. Click on the processes tab.) Check this often, and if anything strange appears find out what it is. If it's bad, take steps to remove it.

Keep an Eye on Your System

As stated above, software doesn't just appear on computers. Computers also don't just slow down or change the way they do something. If you notice your system acting differently than normal, you should attempt to determine why. If there were no changes to the system, then chances are it's something bad. Run your spyware removal program and antivirus program (that's another document) to see if they find anything.

A sudden slowdown may not indicate a malware infection. Your system may be busy processing something or worse yet, paging. When a system starts paging, it's moving information from a full "fast" memory into a less full "slow" memory. (Simplified for the average user.) If you notice a lot of hard drive activity, try quitting some programs and see if it stops.

Try to Keep Your System As Clean As Possible

You should not put off maintaining your system and removing bad programs. If you know you've got one piece of malware, there's often going to be more. In fact, some programs are written to invite more bad programs to your computer.

Avoid Toolbars and Other "Cute" or "Neat" Programs

While not all software in these categories are bad, they can be the vehicle for delivering spyware to your system. Some programs pretend to be "useful" programs such as a program that gives you the weather in your area, but are really just a front for spyware. You should avoid installing such programs unless you know the place you're getting them from can be trusted to be spyware free.

Use Windows Update

Windows is not, and will not, and cannot be error free. As Microsoft finds bugs and security holes, however, they release patches to fix them. By using Windows Update, you can minimize the chances of an exploit in your system being used to spread or further infect you.

Don't Run With Administrator Privaleges

For most everyday computing tasks, you do not need Administrator privaleges. By only turning on the privaleges you need, you can prevent programs from abusing your system. To do this, you'll have to create user accounts, a task at which more information can be found from either (For Windows) Microsoft's web page <http://www.microsoft.com> or by searching with your preferred search engine.

Avoid Using Filesharing Programs

File sharing programs can give you access to files that are infected with malware, contain viruses, or do some other bad thing. If you don't know what you're doing, a filesharing program can be the source of a malware infection.

Joined: 01 Oct 2004 Posts: 169 Location: behind you!

One of the largest sources of infections come from Internet explorer itself. A section could be added on how to setup Internet explorer to treat all websites as hostile unless you decide to trust them. Although even this is not going to stop everything and mention of third party (IE. firefox / opera) browsers might be a good idea. I have had no problems with firefox causing infections like I do with Internet explorer. Give me an xp system running IE and I'll hoze it in 5 minutes flat.

Joined: 02 Oct 2004 Posts: 594 Location: Western NC

Also a section on editing the hosts file (one of the best, but least understood, ways of protection). I'm not fond of plagiarism, but there should be plenty of info out there to use...

Joined: 01 Oct 2004 Posts: 169 Location: behind you!

Good idea tra. I forgot about that. Just set known bad sites (like ad sites) to 127.0.0.1 so they never make a connection. It's also a good place to check as some malware use the hosts file to redirect you to their sites. Would be a simple writeup but not one for a new user (or even your average user)

Just a little word of warning though, Some sites pass you through ad server first (like ketv.com dose */a local news channel in omaha*/) and will not work after doing this.