Version Control – v2.5 – dated March 2014 – general updates, links and additions for Windows 8
Version Control – v2.4 – dated February 2013 – fixed free AV review link
Version Control – v2.3 – dated March 2012 – added paragraph re stored passwords in browsers
Version Control – v2.2 – dated December 2011 – added paragraph re telephone scams
Version control – v2.1 – dated November 2010 – updated online scanner details.
Version control – v2.0 – dated November 2010
This article is intended to provide you with general hints and tips for PC security, as well as some suggestions for reputable, tried and tested programmes that can help you maintain a clean system. It is aimed at the more inexperienced user and those users not familiar with the possible dangers presented by the internet. It is not intended to be a comprehensive guide to security – rather it will provide you with guidelines that will help defend against the large number of viruses, Trojans, rootkits and other nasties that lurk in the undergrowth of the internet. So, once you’ve read through this article, have a think about what you need to do to improve your security and reduce the risks of infection.
This article is laid out in such a way that allows users to easily find sections that are of interest or particular download links or articles for further reading. There are 7 main sections
- Description of Potential Threats
- Securing and Updating Your System
- Suggested Protection Applications.
- System Backup
- Online Scanners.
- Download Links
- Description of Potential Threats section – details many of the most common types of threats prevalent today and includes advice on how to avoid and minimise the risk of infection.
- Securing and Updating Your System section – details what type of applications you might need and how to keep your system updated.
- Suggested Applications section – details various protection applications, the purpose of the application, and, where possible, general tutorials for use.
- Backup section – details ways to back up your data and help minimise the loss of important documents, photographs and so on.
- Online Scanners section – provides links to online-based scanners, generally run by the major antivirus vendors, which should be used to provide an alternate audit of your system.
- Download Links section – contains links to applications that can help you secure your system, including free and paid Antivirus, Firewalls, scanners and other protection programmes.
Colour coding has been used throughout this article in the following way:
- Main Section Headings are coloured Orange with large size font and bold formatting.
- Sub-section Headings are coloured Purple with bold and italic formatting.
- Download and online scanner links are coloured Sienna with bold formatting.
- Article and Tutorial links are coloured Blue with bold formatting.
All links have been tested and reviewed and are safe and correct at the time of writing. Links are regularly reviewed to ensure they remain accurate.
Please note that TSF does not promote, or is associated with any software mentioned in this article. Where software is mentioned, or links provided, they are done, as far as practically possible while maintaining the readability of the article, on a purely alphabetical basis.
Note: this is NOT a ‘self-help’ guide, nor is it intended to be – it is intended to make users aware of the risks they face while using the internet – and it provides suggestions and advice on how to best mitigate those risks. Any user looking for specific advice should post in the General Security forum, or, if you are infected, or think you may be infected, then refer to this thread for further instructions.
Description of Potential Threats
The purposes behind malware
Many years ago most viruses etc were created with the intention of disrupting networks for ‘fun’, or for allowing virus creators to shout ‘I did it – it was me!’ Things have changed since then. Nowadays the idea is to make money from other people’s misery. Identity theft is common, scams trying to sell you worthless applications abound and spam networks and botnets are all the rage – all in an attempt to make money. This is not just a few pounds or dollars we are talking about – one group of bad guys known as the Russian Business Network is estimated to turn over somewhere around $200m dollars a year – yes $200 million! Criminals constantly update their malware to avoid detection, resist removal and ensure they receive a return on their ‘investment’.
Please read on to find out how you can reduce the risks of infection and what you can do if you do become infected.
Pop ups and Rogue Applications
One of the most obvious things to avoid on the internet is clicking ‘OK’ to a pop up. Many inexperienced users still click ‘OK’ without a moment’s thought. Unless you can be 1000% sure that you know the source of the pop up and that the originator is someone to be trusted, do not click ‘Yes’ or ‘OK’ to a pop up. Many pop ups will try and convince you that you need a specific codec to watch a video. Usually such a codec is not needed and instead you will receive a package of malware.
Pop ups telling you that your system is already infected are another speciality – nowadays they look almost identical to genuine scanner/AVs – and many users are tricked into buying a worthless programme. If you receive such an offer, do not buy anything. Your system was probably not infected in the first place but as soon as you click on the ‘OK’ button you could well find that you really are infected. The main aim of these types of scams is to extract payment for a worthless programme. Such applications are known as ‘rogues’ or ‘rogue software’. This MS Article provides some useful tips, although users should note that it does promote Microsoft applications. You can find a list of rogue applications at Lavasoft’s Rogues Gallery and also at S!Ri’s Blog.
Users also find it difficult sometimes to exit or shut down pop up windows. Some will close normally when clicking the ‘X’ at the top right corner, but others simply refuse to go away. A useful method is to press Alt + F4 – hold down the Alt key (usually bottom left of your keyboard) and then press the F4 key (usually in the row of keys above the number keys). If this still does not work, you may have to perform a forced shut down of your system or a quick reboot.
A more recent development has been something known as ‘Ransomware’. This is an infection that encrypts your data and then asks for payment in exchange for the encryption key. This is a clever and devious infection. You will have to pay anything between $40 and $300 dollars (US) to have your data restored – and payment must be made within 3 or 4 days. At this time, there is no way to break the encryption – the private key required is stored on the criminal’s server. The infection can be prevented from running by using Windows Software Restriction Policies and data can be restored using Shadow Volume Copies created by System Restore. External backups can also be used – yet another reason to backup important data.
For more details on this infection, including prevention techniques, file restoration and more, please refer to this guide by Grinler at BleepingComputer
Many users still click ‘Yes’ or ‘OK’ when asked if they want to download a file. You need to stop and ask yourself some questions. Were you trying to download a file? Do you know the source of the file? Is the file name recognisable? If you answered ‘No’ to any of these questions, then why are you still willing to download the file? Unless you know the source of the file, perhaps a file you specifically requested from a reputable site, then never download an unknown file. The chances are it will include an infection and could allow an attacker to take over your system.
This also applies to files included as e-mail attachments. If you don’t know the sender, delete the e-mail and ask questions later. If necessary make a note of the sender’s e-mail address and reply with a fresh e-mail.
Phishing is a process that attempts to persuade the user to part with valuable personal information, such as site passwords or credit card details. E-mail is often used to tempt you into clicking a link and re-directing you to a false website. In many cases you may receive a supposed communication from your bank or PayPal or similar institution asking you to confirm your account/login details. The communication will often cite some false security concerns, such as they think someone may have tried to access your account, and so on. The idea is that you click on the link and then input the relevant details. Of course, you are not visiting the real site but a very clever imitation site which will capture your details and may be used to empty your bank account or create false credit cards in your name. NOTE – in many cases these ‘communications’ will have elements of poor grammar or spelling – this is a sure sign that something is not quite right and you should be on your guard immediately.
NOTE: Banks and other financial institutions will never contact you by e-mail and ask you to confirm security details by re-entering them to a website.
Avoid the nastier sites on the web, like pornography, hacker sites, sites offering ‘freebies’ and other dubious sites. By even just going to such a page – not doing anything else mind, just visiting the site – can result in an infection. This is known as a drive-by – without your knowledge or consent you can find your system is home to some real nasties. One of the Security companies reckoned that by the end of 2013 200,000 infected pages appeared every day.
P2P File Sharing
P2P (Peer to Peer) file sharing programmes are a great way for malware authors to share their wares. The actual P2P application itself might be clean, but you have no guarantee that the files you download are clean. Please note that TSF will not provide assistance with regard to P2P applications. You should read this article for more information.
Telephone scams are not new but they do seem to be on the increase and are therefore something to guard against. This is where you receive a call from someone purporting to be from a support company or similar organisation. They will claim that your PC has been compromised/infected/is having problems and they will offer to help. This ‘help’ will involve you allowing the caller remote access to your computer – once you have provided your credit card details of course. Once they have access to your system they will be able to do anything – including dropping malware files. Then your system really will be compromised – and your credit card will now be compromised.
These people are very persistent – questioning them about how they know about your system will rarely produce an answer. Are they telling the truth?
The answer is simply NO. No matter what they may claim, they cannot possibly know that there is anything wrong with your system.
The best thing to do is end the call immediately.
Reputable companies such as Microsoft, or any other software company, will never call you to tell you your system has problems – never.
A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. There are zero days between the time the vulnerability is discovered and the first attack.
Very often a vulnerability is discovered and reported to the software company, allowing them time to create a patch or issue an update to fix the problem. However, if a hacker is first to make the discovery, and then exploit that discovery, there is no way to guard against the exploit.
There are many software tools available to help prevent zero-days attacks, but the majority are aimed at enterprise businesses. Individual users have pretty much been left to fend for themselves in this area. However, some software and security companies are now producing tools for home users. Among those available are Malwarebytes Anti-Exploit, CrystalAEP and Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). Note that these are still developing technologies and there may be some unexpected problems.
Securing and Updating Your System
Update your Operating System
Keeping your Operating System updated sounds obvious but there are many users who either forget or do not realise that this is vital for general system security and stability. Microsoft release fixes and other bits and pieces on what is known as Patch Tuesday – the second Tuesday of each month. MS also introduced Automatic Updates as a way of ensuring that users were aware that patches were available. Make sure that Automatic Updates is turned on – you can set the updates to download and install automatically if you want, or you can just ensure you are advised when patches are ready and then decide when it’s convenient for you to install them. Here are guides to Automatic Updates for
Here is a list of all MS patches released since 1998.
Windows XP support ends on 08 April 2014. There will be no further updates or security patches issued after this date. If you have not already done so, you should consider updating to Windows 7 or Windows 8. If you intend to stick with XP then you should be aware of some precautions you can take that will at least offer you some measure of protection and reduce the risks of infection. Please read this guide or this guide.
Update other software
Your Operating System is not the only software that will require updating. Applications such as Java, Adobe Reader and Flash, for example, are updated on a regular basis, especially when a new vulnerability is discovered. Many such applications contain an automatic update function, but for those that do not you can use the free Secunia Personal Software Inspector to scan your system for vulnerable and outdated programmes.
This useful function first appeared with Windows ME and is now a standard part of Windows. It allows you to restore your system to an earlier point in time. This is handy if you have just installed some new hardware and the drivers, for example, are causing problems. Windows creates a new Restore Point when you install new software but you can also create manual restore points yourself. Information on System Restore can be found here for
IMPORTANT! If you are infected, DO NOT switch off System Restore! The Restore points may be infected, but at least your system can be restored – and then cleaned. If you switch off System Restore ALL your restore points will be deleted and you will have no way of restoring your system.
User Account Control (UAC)
UAC was introduced with Windows Vista and represented an attempt by Microsoft to persuade users that they should use an account with limited permissions when performing normal tasks, and only use the Administrator account when needing to make system changes such as installing new software. Using a limited account reduces the risk of malware infecting your system.
Either way, if you are using Windows Vista or Windows 7 do not dismiss UAC as a nuisance – it could help reduce your risk of an infection.
Internet Explorer is still the most popular browser but its popularity has meant that it is the most common target for attack. Other browsers are gradually becoming popular as well and now they are also coming under attack. Most browsers contain an automatic update feature and you should always be using the most recent version. IE uses something known as ActiveX controls and many experts believe they contribute to the browser’s vulnerability. You can read about ActiveX here.
There are, of course, some things you can do to make IE more secure – read this article by Bobbi Flekman.
You can also use alternate browsers that don’t use ActiveX controls, one of the main issues with IE.
Passwords and passwords stored in your browser
Passwords – it’s an oft mentioned topic on the internet. I can see some readers rolling their eyes and starting to scroll past this section. For those who wish to learn at least something about this subject please keep reading.
Password security is a real problem area. Many users have a variety of passwords for different sites and others simply use one single password for all sites. Does it matter? Yes, it does matter. Imagine a hacker has broken into a site you frequent and stolen a database of passwords (this happens more often than you might think). After all, why try to crack one individual password when stealing an entire database provides potentially millions of opportunities to break into Bank accounts and so on? Changing your password immediately is the right thing to do. But what if you do use the same password everywhere? The hacker will then have an opportunity to access your Bank details, Facebook and Twitter accounts and so on. The hackers know that human nature prefers to take the easy course and use only one password – next thing you know you are a victim of identity theft. By using a different password for each log on you will at least make it more difficult for any hacker to grab all your details. No password is unbreakable – using a Password Manager to create unusual and strong passwords provides a good level of protection. Ensure you log out of every site you visit – do not use the ‘keep me logged in’ facility.
Of course, total security is impossible. There was an interesting case recently where a Twitter user with a high value handle suffered at the hands of a hacker. You can read this story here. Interestingly, social engineering was the key here – persuading a representative to make system changes via a telephone call, rather than cracking a password.
A Symantec survey found that almost 25% of users rely on their browser to remember passwords. And very few of those will change their passwords on a regular basis. Browser vulnerabilities are discovered on a regular basis so it pays to keep your browser up to date. If you are a victim of a phishing attack then the passwords stored in your browser are likely to have been compromised. And, if you insist on using just one password for all your log ins then you could be in trouble. How can you prevent this happening?
- Ensure your browser is up to date. Modern browsers contain various security measures that will often prevent you going to a known bad site or a spoofed site.
- Change your passwords regularly. Using the same password for a multitude of purposes is extremely bad security. Remember to use a variety of upper and lower case letters, along with numbers and special characters. For advice on creating strong passwords see this guide.
- Use a third party password manager. These usually employ high levels of encryption and security and they can also create complex passwords for you – and you don’t need to remember the password. There are a variety of such applications available such as KeePass, RoboForm, Lastpass and Access Manager – all are free.
You can also clear stored passwords from your browser at any time. It is usually as simple as checking a box. Please refer to these guides
Symantec Survey results can be found here
WiFi and Routers
With more people making use of WiFi and multiple computers, many users now have routers. These generally provide an extra layer of security such as a built-in firewall but the default name and password used to access the router are often left unchanged and this can be a serious mistake. The default settings are usually things like ‘admin’ and ‘password’ and can be easily guessed. Plus the most common default settings for the major brand routers can often be found posted on the web. Using a strong password is also vital – many users do not think carefully when creating a password, and still use words that are easy to guess. For advice on creating strong passwords see this guide.
Do you really need an AV? The answer is ‘Yes’. A good AV will provide protection – not perfect of course but as long as the programme updates its definition files regularly (daily is preferable as a minimum) then it is a very useful tool in your armour. Find one that suits you – one that you are comfortable using. That way you’ll find it easier to master the way it works.
NOTE – only ever have one AV installed and running on your system. Having more than one installed may seem like a good idea, but most AVs contain a ‘real time’ scanning system. If you have more than one installed then each system will be constantly trying to check files that the other system has just checked, and so on. We often find users reporting slowdowns, Blue Screens of Death (BSOD) and other ‘odd’ symptoms that are cured when they uninstall their second AV. Windows 8 users please note that Windows Defender is built in to the system, effectively replacing Microsoft Security Essentials.
There are a wide variety of AV programmes available. Some are free for home use and others require payment for a license. All generally do the same job. The free programmes will have little or no customer support compared with the paid versions. Many AV vendors do make use of dedicated forums that deal only with their own products and this is a useful way of providing support. Some of the forums for the free AVs are as follows:
You can review independent tests of the top paid AVs here
You can review independent test of free AVs here
For an explanation of how an AV works see this article.
What is a firewall? Think of it as a door, an entry point into your system. This door has a good strong lock. Only authorised users, in this case programmes and so on, can open the door, because you have checked them out and given them a key. Any user without a key will not be able to open the door. A bit simplistic I know but I’m sure you get the idea. A firewall can be hardware, such as a server, another PC or a router, and it can be software.
NOTE – the built-in firewall for Windows XP only monitors incoming traffic It does not monitor outgoing traffic. This deficiency was fixed in Vista and then improved further in Windows 7.
A good guide to how a firewall works can be found here.
You can test the efficiency of your firewall at ShieldsUp! – Steve Gibson’s internet vulnerability test site.
Good system security is generally acknowledged to be a combination of protection programmes and user common sense. There is no one single application that will completely protect your system..
Other than an AV and Firewall what else can you use?
Web of Trust offers a rating system that can help you determine if a site is safe to visit.
A custom HOSTS file is another useful addition. This is like a telephone directory that your system uses to find a web address. The HOSTS file is checked first to see if an address is present – if not a web server is then checked to find the relevant data. A custom HOSTS file contains a list of known bad sites and will not allow you to visit them.
If you are using Internet Explorer then you can avoid visiting bad sites by adding a list of known baddies to IE’s Restricted Sites Zone. A useful application called IE-SPYAD will install a pre-prepared list for you.
There are also monitoring programmes that sit in the background and keep watch over your system without any intervention from you. They help prevent malware from installing on your system. Spywareblaster and Spywareguard are probably the best known.
For XP systems you can use a programme such as SnoopFree to let you know when a programme wants to record your keystrokes or capture your screen.
Another useful programme is WinPatrol by BillP Studios. It takes a snapshot of your system, alerts you to any potential changes and takes up minimal space and resources.
On Demand Scanners
This type of programme is simply a scanner that runs when you instruct it to do so – in other words it’s just like a normal piece of software. Many offer the ability to run scans at pre-scheduled times and some include a real time protection element to help prevent threats from installing themselves on your system. Such scanners are extremely useful as an addition to your protection. There are many scanners available, among the most popular (and tried and tested) are:
- Malwarebytes Anti-Malware by Malwarebytes.org
- SUPERAntiSpyware Free by SUPERAntiSpyware.com
Basic Data Backup
Do you backup your data? Sounds an obvious thing to do yet many users do not have any kind of backup at all. All those family photographs and videos that now sit on your computer – what would happen if, because of infection or a system failure, you were forced to re-install your Operating System and all existing data was lost? It’s really common sense to have backups and could save you untold torment. Have a look at this article for a basic emergency backup routine. Then read this article for a more in-depth study of a backup regime using Microsoft SyncToy v2.0.
Regular Data Backup
The methods involved in the Basic Data Backup do not make use of any of the commercially available options or making ISO images etc. If you prefer to image your hard drives then there are both commercial and free options available. There are two types of imaging programmes, termed ‘Online’ and ‘Offline’. ‘Online’ means that you can create an image while using Windows itself. ‘Offline’ generally refers to Linux that actually run an alternate Operating System and then create an image while Windows is not running.
All of the following are ‘Online’ programmes. Among the better known commercial options are Acronis True Image and Paragon Backup & Recovery Suite. There are freely available options as well, such as Macrium Reflect, DriveImage XML and Paragon Backup and Recovery Free. As you would expect, the free versions tend to lack some of the features of the paid programmes
Note that the above software usually requires some knowledge of Windows but you do not need to be an expert to create a backup.
Most of the major AV vendors offer the ability to do an online scan – useful as another check on your system. Why use an online scanner? An online scanner cannot be infected by malware hiding in Windows files and these scanners will not make changes to Windows core files. An AV installed on your system can be disabled or corrupted by malware. Many require you to use Internet Explorer as your browser and that means they can take advantage of IE’s ActiveX technology as part of the scan. However, most have been updated to allow use of alternate browsers such as Firefox, Chrome, Safari and Opera.
Note that some online scanners will not actually remove anything but all will provide some kind of log file detailing any findings.
Here’s a variety of online scanners (in alphabetical order):
BitDefender Online Scanner – IE, Firefox, Chrome
ESET Online Scanner – IE, Firefox, Netscape, Safari
F-Secure Online Scanner – IE, Firefox, Opera, Chrome
McAfee Security Scan Plus – IE, Firefox, Chrome, Safari
Microsoft Safety Scanner
Panda ActiveScan – IE, Firefox
Symantec SecurityCheck – IE, Firefox, Safari, Netscape
Trend Micro HouseCall – All
An increasing trend among free software offerings is the inclusion of other programmes within the installation. These are often called Potentially Unwanted Programmes (PUPs). When installing any 3rd party software pay close attention to the license agreements and carefully check each screen during the installation. Sometimes choosing the ‘Advanced’ or ‘Custom’ option is the only way to see if bundled software programmes are included. Many are simply toolbars (something you do not really need) but now and again a completely unwanted programme is installed, and you may find constant advertisements appearing. If you think you might actually want or need the bundled software, make a note of the details, cancel the installation process and research the software. If there is no option but to install the bundled software, then you should cancel the installation and look for an alternative programme.
Note that there are other browsers available.
Paid Antivirus Applications
Free Antivirus Applications
Note that fully featured paid versions are also available.
Comodo Free Firewall is now bundled with the installer for Comodo Internet Security. If you already have an AntiVirus, and want to only install the Comodo Firewall, UNCHECK the box for Install Comodo AntiVirus on the installer screen as seen here.
On Demand Scanners
There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.
Good luck and safe surfing!
© 2011 Glaswegian