Best Practices for Safe Computing

Best Practices for Safe Computing – Prevention of Malware Infection

Common sense, Good Security Habits and safe surfing is essential to protecting yourself from malware infection. No amount of security software is going to defend against today’s sophisticated malware writers for those who do not practice these principles and stay informed. Knowledge and the ability to use it is the best defensive tool anyone could have. This includes educating yourself as to the most common ways malware is contracted and spread as well as prevention.

Important Fact: It has been proven time and again that the user is a more substantial factor in security than the architecture of the operating system or installed protection software. Therefore, security begins with personal responsibility.

Tips to protect yourself against malware infection:

:step1: Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you’re not sure how to install updates, please refer to How To Access Windows Update.

:step2: Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

:step3: Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. If you must use file sharing, scan your downloads with anti-virus software before opening them and ensure Windows is configured to show file extensions – Why you should set your folder options to “show known file types”.

:step4: Avoid Bundled software. Many toolbars, add-ons/plug-ins, browser extensions, screensavers and useless or junk programs like registry cleaners, optimizers, download managers, etc, come bundled with other software (often without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware and browser hijacking which may change your home page and search engine. Thus, bundled software may be detected and removed by security scanners as a Potentially Unwanted Program (PUP), a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Since the downloading of bundled software sometimes occurs without your knowledge, folks are often left scratching their heads and asking “how did this get on my computer.” Even if advised of a toolbar or Add-on, many folks do not know that it is optional and not necessary to install in order to operate the program. If you install bundled software too fast, you most likely will miss the “opt out” option and end up with software you do not want or need. The best practice is to take your time during installation of any program and read everything before clicking that “Install” or “Next” button. Even then, in some cases, this opting out does not always seem to work as intended.

:step5: Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads – How did I get infected.

:step6: Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.
* Microsoft Security Advisory (967940): Update for Windows Autorun
* Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

:step7: Always update vulnerable software like browsers, Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these and several other popular programs have vulnerabilities that malicious sites can use to exploit and infect your system.

* Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
* Time to Update Your Adobe Reader
* Adobe Security bulletins and advisories
* Microsoft: Unprecedented Wave of Java Exploitation
* eight out of every 10 Web browsers are vulnerable to attack by exploits

Quote

Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications…for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Exploit Kits – Anatomy of an exploit kit

To help prevent this, install and use Secunia Personal Software Inspector (PSI), a FREE security tool designed to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.

:step8: Use strong passwords and change them anytime you encounter a malware infection, especially if the computer was used for online banking, paying bills, has credit card information or other sensitive data on it. This would include any used for taxes, email, eBay, paypal and other online activities. You should consider them to be compromised and change all passwords immediately as a precaution in case an attacker was able to steal your information when the computer was infected. Many of the newer types of malware are designed to steal your private information to include passwords and logins to forums, banks, credit cards and similar sensitive web sites. Always use a different password for each web site you log in to. Never use the same password on different sites. If using a router, you also need to reset it with a strong password.

:step9: Don’t disable UAC in Vista or Windows 7, Limit user privileges and use Limited User Accounts in Windows XP.

:step10: Know how to recognize Email scams and do not open unsolicited email attachments as they can be dangerous and result in serious malware infection. For example, Zbot/Z-bot (Zeus) is typically installed through opening disguised malicious email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. Once infected, Zbot downloads and executes CryptoLocker Ransomware as a secondary payload. CryptoLocker will encrypt all your data files using a Public and Private key pair. Once the encryption of the data is complete, decryption is usually not feasible and your personal data is lost forever unless you pay the ransom. This particular infection is primarily aimed at corporate and business environments but some home users have reported being infected.

* Using Caution with Email Attachments
* How to Avoid Getting a Virus Through Email
* Safety tips for handling email attachments

Prevention Tips for CryptoLocker:
* US-CERT: CryptoLocker Ransomware Infections: Prevention
* Bleeping Computer CryptoLocker Prevention Guide
* Emsisoft Blog: CryptoLocker – a new ransomware variant and how to prevent infection
* Krebs: How To Avoid CryptoLocker Ransomware

Also beware of Phone Scamming.

Quote

Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license…Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes…Do not trust unsolicited calls. Do not provide any personal information.

Avoid tech support phone scams: What you need to know
Don’t fall for phony phone tech support
Avoid scams that use the Microsoft name fraudulently

Finally, Back up your important data and files on a regular basis. Some infections may render your computer unbootable during or before the disinfection process. Even if you’re computer is not infected, backing up is part of best practices in the event of hardware or system failure related to other causes.
* Windows Backup – The essential guide
* Windows Backup Guide

It is also a good practice to make a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.). Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistant to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made.