Malware

Practices

• Only buy software or documents from trustworthy sources: If you want to buy a particular software application or digital file that you will download to your computer directly, do your homework and make sure the manufacturer and its source are reputable. There are special Web sites dedicated to reviewing software and guaranteeing a product is not harmful. One such site is Download.com . Software on this Web site is reviewed by the editor and other users. The site even gives you rankings on the quality of the software.

• Don’t download software to make your payment: Payments over the Internet happen through a regular Web page with a form that you must complete with your personal information, shipping address, billing address and credit card information. A legitimate Web site should never require that you download an application to your computer in order to process the payment. If a site does require this, ask if you can give the payment information over the phone or by fax.

• Always check that the connection is secure before making a payment online: Make sure the payment form where you enter your personal information, billing address, and credit card information is secure. You can identify this by looking at the address of the Web page. On secure Web sites, the address begins with “https://” instead of the typical “http://”. Also, your browser should display a lock icon. Internet Explorer displays this in the lower right hand corner of the window as in the picture below.

  

• Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

• Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example):

  1. Open the Spybot application and look for the navigation bar on the left side of the program.
  2. Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom.
  3. Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats.
  4. Select all the threats and click the button labeled Fix selected problems.

Settings

• Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. This lowers your chances of contracting a computer virus. To set real-time protection (using Symantec Norton Antivirus as an example), right-click on the Symantec Norton Antivirus icon in the icon tray in the right-hand bottom corner of the screen, then select "Enable File System Real-time Protection."

• Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:

  • Scanning all files: All files on the computer will be checked regardless of the extension or file type.
  • Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc".
  • Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.

  If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method.

• Set your firewall to filter ports: Make sure your firewall is filtering the ports that correspond to your applications. For example, Internet Explorer uses port TCP-80, so you would set your firewall to only allow Internet Explorer to use that port. This way you keep any possible intruders from using that port to steal documents.

• Set your web browser security level to Medium or High: Your browser's security level setting determines how much active content it allows. Internet Explorer has pre-defined "Default Level" security levels to choose from. You may also customize these Default Level security settings, which is more involved than simply selecting a Default Level.

  To set a pre-defined Default Level:

  1. In Internet Explorer, click on Tools > Internet Options.
  2. Select the Security tab and click the Default Level button.
  3. Make sure the Internet zone (globe icon) is selected in the window, and move the slider to Medium-High or High. Click Apply.

  Note the differences between the settings:

  • The Medium security setting generally allows active content. The browser will run programs, sometimes only after prompting you, that perform animations, allow the browser to read documents in various formats, and otherwise improve your browsing experience. However, this also allows these programs to possibly introduce malicious or unwanted code or files to your computer.
  • The High security setting prevents active content entirely. While this gives your computer better protection from malware, it may prevent you from viewing content on many Web sites.

Tools

• Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

  Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

  PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

• Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

• Malware removal applications: Malware removal applications can remove viruses and other harmful programs that might have been installed in your computer without your knowledge. There are many commercial and free malware removal applications, including Spybot , Ad-Aware , and Pest Patrol . They are designed to remove spyware, pop-up ads, and malware that traditional anti-virus packages don't remove completely.

• Rootkit detection software: Rootkits cannot be detected by ordinary anti-virus programs because they are very good at hiding themselves. You need special software to detect rootkits, such as RootkitRevealer  by SysInternals and F-Secure Blacklight .