Malware blocking and avoidance

From HelpDeskWiki

Although almost everyone has realised that it is foolhardy to not have an antivirus program and a firewall program, some still do not have one of these. Here are the probably best free choices:

• http://www.grisoft.com
• http://www.sunbelt-software.com/Kerio.cfm

There is some uncertainty about whether Kerio still runs on older Windows versions. The excellent Sygate firewall and info about the best version for Windows 98 can still be found here (http://forums.spywareinfo.com/index.php?s=6178aeff22e3b6ec77407b5a3697ed4d&showtopic=57739&view=findpost&p=298718).

In addition, it is necessary to also have at least two antispyware programs (http://www.local.nu/HelpDesk/index.php/Anti-spyware_software) and one antitrojan program (http://www.local.nu/HelpDesk/index.php/Anti-virus_software).

Actually, some of the best experts say that it would be better if people learned the rules of safe computing (http://www.tourbus.com/vp101.htm) instead of relying on protection provided by antivirus programs. Even the best antivirus and other antimalware programs cannot protect us against a well-designed attack by determined and highly trained criminals, and it is only a question of time before that happens. So far, we have only seen the "work" of script kiddies and not very highly trained criminals, such as the Russian mafia group behind the CoolWebSearch. A well-designed attack will exploit an unpatched and known security hole in Microsoft Windows (or one kept secret by MS and security experts or not even known by them) with a massive worm or virus attack that will spread throughout the entire Internet before the antivirus companies and MS have time to send out updates.

Some of the most reputable sources of information for spyware blocking and avoidance are SpywareWarrior (http://spywarewarrior.com/sww-help.htm#other), and SpywareInfo (http://www.spywareinfo.com/articles/hijacked/prevent.php), and ArsTechnica (http://arstechnica.com/articles/paedia/malware.ars). (If they're unavailable, keep trying; they are often attacked and blocked by spammers and spyware manufacturers.)

Here's a summary of the information on these sites:

First, you currently must use more than one anti-spyware program, since none currently find anywhere near 100% of the malware. The ones that seem good are, in pretty much approximate order:

• Microsoft AntiSpyware (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671) (previously GIANT AntiSpyware).
• Webroot Spysweeper (http://www.webroot.com)
• Lavasoft's Ad-Aware (http://www.lavasoft.com)
• Spybot Search & Destroy (http://www.spybot.info)

BE VERY CAREFUL of using anti-spyware applications not mentioned here, since there are a LOT of scams going around claiming to be anti-spyware.

In addition to these active defenses, there are several passive defenses which can keep the malware from getting onto your system in the first place. These defenses tend to overlap, so you can use all of them:

• Spybot Search & Destroy's Inoculate feature (http://www.spybot.info)
• JavaCool's SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
• IE-SpyAd (or IE-SpyAd 2 for XP systems) (https://netfiles.uiuc.edu/ehowes/www/resource.htm)

The first two work by specifically blocking known malwares; it doesn't matter what web site they come from. The latter changes the permissions for specific web sites so that they can't install software in your system. Note that SpyBot and SpywareBlaster should be updated frequently (SpywareBlaster can be updated automatically for a fee), and IE-SpyAd needs to be re-downloaded, uninstalled, and re-installed regularly.

The passive defenses all pretty much assume that you're using IE or a variant. Using a non-IE-based browser, such as Firefox or Opera can also help protect your system. However, even if you use an alternative browser, IE is still on your system, and still must be protected, even if you don't use it, since it often gets used in the background.

You also need to ensure that your system is up-to-date on all security patches. Use Windows Updates (http://windowsupdate.microsoft.com) (or Windows Automatic Updates) to ensure that your Microsoft Windows and IE are fully patched. Use OfficeUpdate (http://officeupdate.microsoft.com) to ensure that Microsoft Office programs are fully patched. For programs from other vendors, you'll need to either use their built-in update feature, or check the vendor site on occasion.

A firewall has also become a must-have nowadays. If your system is connected to a router, then that will help a lot, but a full-featured software firewall is still recommended, to help spot suspicious outgoing connections. The firewall that comes with Windows XP SP2 is intended for controlling only inbound connections.

If you have Microsoft Windows XP, and if your system seems both stable and clean, with no sign of malware, you should very seriously consider upgrading to SP2; it includes many changes to improve security (although not all features are turned on by default), and for most people, will also increase stability. IE 7, when it comes out, is expected to only support Windows XP SP2, Windows Server 2003, and Windows Vista, and is supposed to have enhanced security compared to prior versions of IE. Also, note that Microsoft Antispyware (formerly GIANT Antispyware), which is currently considered the best (http://spywarewarrior.com/asw-test-guide.htm) antispyware application, will be free only to Windows XP SP2 users.

For info on safe computer use to keep malware out, see the Malware page (http://www.local.nu/HelpDesk/index.php?title=Malware#Malware_blocking_and_avoidance)

This (https://netfiles.uiuc.edu/ehowes/www/main.htm) site by Eric Howes is probably the most comprehensive and perhaps best site on the Internet for help with IT security issues.