This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
prevention [2011/02/25 03:51] gt500 created |
prevention [2020/12/13 03:25] (current) gt500 |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | Place Holder | + | <note important> |
+ | |||
+ | |||
+ | ====== Keeping Your Computer Clean ====== | ||
+ | |||
+ | In this day of evasive malware that can easily prevent your security applications from running and protecting you, it is even more important that you protect your computer from all of the nasty viruses, trojans, spyware, adware, rogues, etc. that are floating about on the Internet. This article will deal with several aspects of protecting your computer, including cleaning your computer up after getting infected. | ||
+ | |||
+ | ===== 1. Prevention ===== | ||
+ | |||
+ | Understanding how to prevent infection is very important. This section has two subsections: | ||
+ | |||
+ | === a. Software Methods === | ||
+ | |||
+ | It is important to have a good [[http:// | ||
+ | |||
+ | == I. Anti-Virus: == | ||
+ | |||
+ | First we will concentrate on real-time security. This is things like your anti-virus that is protecting your computer. A lot of us have heard about Norton and McAfee, because they pay a lot of money to get manufacturers to install their software on new computers. The fact is that neither of these are good security applications, | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | == II. Anti-Malware: | ||
+ | |||
+ | Having a good anti-virus is not enough. You will also need a good anti-malware or anti-spyware software with real-time protection. These types of applications will go above and beyond anti-virus software, concentrating on the types of things that anti-virus software is the most likely to miss. Here is a list of recommended software: | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | == III. HOSTS File: == | ||
+ | |||
+ | Even with a good anti-malware/ | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | == IV. Browsers: == | ||
+ | |||
+ | On top of those layers of security, understand that there are other aspects of security that are important. Most of us are browsing around the Internet with a web browser that has the '' | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | == V. Updates: == | ||
+ | |||
+ | It is very important to keep your software updated. Not just Windows, but also the various applications you use on a daily basis, such as; your web browser, your plugins and extensions for your web browser, your instant messaging clients, your e-mail client, your office suite, and of course any and all security software that you have. | ||
+ | |||
+ | Most of these applications have update notifications of some sort. For instance, OpenOffice.org will tell you that a new update is available, and ask you if you want to download it. Both Opera and Firefox will download and install updates automatically (with advanced settings to tweak how they do it). But when it comes to Microsoft applications, | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | In addition to making sure that you are getting all of the updates for all of the Microsoft applications that you use, you need to make sure that you are getting all of the updates for things like Java, Adobe Flash, and Adobe Reader. //I cannot stress how important it is to keep these plugins up to date to help avoid infection.// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | If you are not sure what applications on your computer require updates, then here are a couple of resources that are invaluable: | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | == VI. Autorun: == | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | Sadly, this convenience [[http:// | ||
+ | |||
+ | So, what can you do to guard yourself from this? The best course of action is to disable autorun. Here are several tutorials on how to do this: | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | == VII. Peer-2-Peer: | ||
+ | |||
+ | Peer-2-Peer (P2P) networking is a very common way to share files, and more than that it is the biggest way to pirate music and video on the Internet. Unfortunately, | ||
+ | |||
+ | OK, so maybe you don't care that you are sharing your private files all of the time, or that some (if not all) of the content you are sharing is being shared illegally. Even if that is the case, you have to remember that there are other people using these filesharing networks who do not understand this. This sets up a case where viruses, like [[http:// | ||
+ | |||
+ | Is there never a need for P2P filesharing? | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | === b. User Methods === | ||
+ | |||
+ | More important than security software is the knowledge that a user (that would be anyone using a computer, aka: you) has about threats on the Internet. In this section we will attempt to cover the most common ways that malicious software gets on your computer - aka: tricking you into thinking that it's something you want. | ||
+ | |||
+ | == I. Download This Codec: == | ||
+ | |||
+ | One of the most popular ways of tricking someone into believing that they want something malicious is to convince them that it is something they need to watch a video that they are interested in. Most people just assume that a video will play when you visit a site with a video, but what they don't realize is that when a video is loaded that two things are needed for it to play: | ||
+ | |||
+ | - The appropriate plugin for the web browser.\\ \\ | ||
+ | - A codec that describes how to decode and play the video. | ||
+ | |||
+ | Now, when you go to YouTube, and sites like it, the videos play through a plugin called Flash (which is currently made by Adobe). As long as you have the Flash plugin, which Microsoft distributes with Internet Explorer and keeps updated via Windows Update, then you are able to play videos on sites such as YouTube. When you are poking around on the Internet, sometimes you will come across videos that do not use Flash, but instead use other plugins. These normally play through Windows Media Player, but if Windows Media Player does not have the codec that describes that type of video, then you will receive an error. Some malicious websites will take advantage of the confusion surrounding codecs, and trick people into installing something malicious by showing them a webpage that looks like it has an interesting video on it, and then telling them that they need to download a codec for a video to play. This is the point at which you should close your web browser as fast as you can, and manually update all of your security software in order to run scans of your computer. | ||
+ | |||
+ | A good rule of thumb is to never click on a link to a video on some random website that you are not familiar with. Places like YouTube, DailyMotion, | ||
+ | |||
+ | == II. Your Computer Is Infected: == | ||
+ | |||
+ | Every now and then, as your are browsing around the Internet, you will get a seemingly random popup that looks like an anti-virus scan telling you that your computer is infected and asking you to click to take some sort of action to remedy the situation. Many times the popup will not look anything like your anti-virus software, but will try to look like it is some sort of official Windows popup to trick you into thinking that it is legitimate. Many times they will even use official looking Microsoft graphics to make them look legitimate, such as the following screenshot (complements of the [[http:// | ||
+ | |||
+ | {{https:// | ||
+ | |||
+ | If you see something like this, then the best course of action is to close your Internet browser immediately, | ||
+ | |||
+ | ===== 2. Removal ===== | ||
+ | |||
+ | Prevention is bound to fail every now and then. No matter how safely you browse the Internet, and no matter how many levels of security you have, your computer can still get infected. | ||
+ | |||
+ | The most obvious reason for this is that, even the most educated person can still make a mistake. Even experts will sometimes accidentally click on a link that they shouldn' | ||
+ | |||
+ | The other main reason is because anti-virus software detects viruses and malware based on whether or not it's been seen before. If something new comes out, it often takes a few days (if not weeks) for the security industry to catch up. Yes, most security applications have what are called heuristics, which are supposed to detect new variants of viruses and such without the need for them to have been seen before, but even in an application with as good of heuristics as Malwarebytes' | ||
+ | |||
+ | === a. Automated Removal === | ||
+ | |||
+ | Automated removal tools are plentiful these days, and there are a lot of rogues out there that are posing as popular removal tools just to steal your money (Malware Removal BOT, AntiMalware Pro, and MalwareBot Malware Remover are just a few of many). It is important that you make sure the get legitimate tools from legitimate download sites. | ||
+ | |||
+ | Some good malware/ | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | Also, most anti-virus software vendors have special tools designed to remove viruses. They will often be offered as one tool to remove all variants of a single virus, and so if you have multiple viruses you may need to download multiple tools. Here is a list of links to some of these tools from some anti-virus vendors: | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | Sometimes rootkits can prevent removal of common infections, and rootkits such as TDSS, TDL3, and TDL4 can be very difficult to disable and remove without a Windows CD or some other way of repairing your computer' | ||
+ | |||
+ | === b. Manual Removal === | ||
+ | |||
+ | Since automated tools cannot possibly remove everything, there are various online security communities that have forums where trained experts will be able to assist you with manually removing infections from your computer. Here are a list of some of those forums: | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | ====== Credits/ | ||
+ | |||
+ | Some of the content in this article was added or changed at the suggestions of the following contributors: | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | * [[http:// |