Malware

Practices

• Delete suspicious emails with attachments: Attachments are the main way malware gets onto your computer. Attachments include office document files (e.g., with .doc or .xls suffixes), program files (e.g., with .exe or .bat suffixes), and compressed files (e.g., with .zip suffixes), all of which can contain malware. The CERT Coordination Center advises users to apply the so-called "KRESV" test to detect suspicious emails. KRESV stands for:

  • Know: Do you know the sender?
  • Received: Have you received email from the sender before?
  • Expect: Are you expecting the e-mail?
  • Sense: Do the subject header and attachment name make sense?
  • Virus: Does it contain a virus? You will need antivirus software to check this.

  If an email with attachments fails any of these tests, delete it. If you know the sender, contact him or her to make sure that the message is legitimate.

• Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

• Disable wireless connection interfaces when you are not using them: Attackers may use flaws in wireless interfaces such as Bluetooth to enter your mobile device and send you malware. To protect yourself, disable these interfaces when you are not using them.

• Beware of “disguised” attachments: An example is a .gif file with an extra “.exe” extension, where “.exe” is an abbreviation for “executable.” Opening such a file will almost certainly do something bad to your computer, since the sender felt the need to disguise the file’s actual nature. Do not open such files. Inexperienced users may see the “.gif” or other seemingly safe extension and ignore the “.exe”, “.bat”, or other add-on.

• Download anti-virus updates: Installing anti-virus software is the first step towards protecting yourself against viruses (see Tools below). But for this software to do its job, you must keep it up to date with information on the latest viruses. New viruses are constantly being created. Anti-virus software vendors try to keep up with these new viruses by issuing virus signature updates and making them available online. Falling behind on updates can allow a new virus to slip through without being detected by the anti-virus software. Most anti-virus software has an option for automatic updates or notification of update availability.

• Keep email software up-to-date: Your email client (e.g., Microsoft Outlook) is the software package you use to receive, send, and organize email. Defects in email clients may allow viruses or other malware to get through. New problems of this kind are regularly being discovered and reported, and updates and patches (a downloadable piece of software that repairs a security or other “hole” in the software) are eventually released to address them. Periodically check for updates to your email client. Updates for Microsoft Outlook and Microsoft Outlook Express are available here . If available, subscribe to an email notification service that tells you when a patch has been released. For example, you can subscribe to the by visiting the Microsoft Security Notification Service .

• Use alternative email software: Microsoft Outlook Express is well documented as the email client most vulnerable to attack, so you may want to switch to an alternative client. Microsoft Outlook is more expensive but much safer. Other applications include Mozilla Thunderbird  and Eudora . Although no email client is invulnerable, the less commonly used clients are less likely to be targeted.

• Perform frequent backups: Save your important data on a regular basis so that you can recover from a malware attack or intrusion. Thumb drives, CDs, and DVDs are good storage and transport media for large amounts of data. If possible, store your backup media in different location from the computer itself to keep them from both being destroyed in a fire or other disaster.

Settings

• Disable automatic reading of emails: Sometimes just opening or reading an email can be as devastating as opening an infected attachment. To minimize this risk, you should turn off a common feature of many email clients: automatic preview/open. If an email looks suspicious, don’t open it unless you’re sure your email application has the latest security patches. Instead, quarantine or delete the email.

• Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. This lowers your chances of contracting a computer virus. To set real-time protection (using Symantec Norton Antivirus as an example), right-click on the Symantec Norton Antivirus icon in the icon tray in the right-hand bottom corner of the screen, then select "Enable File System Real-time Protection."

• Configure automatic anti-virus scans: Some PDA anti-virus applications let you set them to scan your PDA automatically when certain conditions are met. For example, it may scan your files every time you synchronize your PDA with your personal computer. Make sure you read the instructions and features of your software, and set up automatic scans if possible.

• Disable the Bluetooth interface: According to some phone manufacturers, the only way to fully protect yourself from bluesnarfing is to disable the Bluetooth interface of your phone when you are not using it. Depending on your phone or PDA model, you may have to go to a configuration panel to disable the Bluetooth interface. To disable Bluetooth in a mobile device with Palm OS:

  1. Click on the Systems Preferences icon.
  2. Under Communications, select Bluetooth.
  3. Check "Off."

• When using webmail, make sure that your webmail provider offers an antivirus tool. Because access to the Web is so widespread, many people use webmail when on the road. Webmail allows you to check your email from a Web browser, instead of an email application. Most webmail providers now offer an automated antivirus tool that lets you check email attachments for malware. By using this tool you can catch malware before it gets downloaded onto your computer.

Tools

• Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

  Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

  PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

• Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

• Server-side email protection: Some Internet Service Providers (ISPs) and email providers offer server-side protection, which attempts to screen out harmful emails before they reach your machine. With server-side protection you don’t have to worry as much about updating anti-virus software because the provider does all the work for you. This is not a perfect solution, however, because some harmful emails do get through. QMail  is a popular email server software package that provides this security feature.

• Rootkit detection software: Rootkits cannot be detected by ordinary anti-virus programs because they are very good at hiding themselves. You need special software to detect rootkits, such as RootkitRevealer  by SysInternals and F-Secure Blacklight .