Why do I need to know how to protect yourself and tighten security?
Why did I get infected in the first place?
- Here are a number of recommendations that will help to protect yourself and tighten security and which will contribute to making you a less likely victim:
- Watch what you download! Many freeware programs and P2P programs are amongst the most notorious, coming with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.
There is no such thing as a free lunch and many “free” programs on the net contain adware or spyware.
Read carefully the EULA before installing anything and if it says “Supported by Advertising” or similar wording be very wary and expect problems and pops ups etc.
Be careful what add-ons, toolbars and extensions you install in your browser. Very few of them are needed, useful or safe. All the majority of these add-ons will do is slow down browsing and cause unwanted adverts and pop ups on your computer.
Be extremely careful when downloading from software sites. A high number of these sites use their own “download manager” which stealthily installs so called “optional” programs that cause pop ups, adverts and search diverts, unless you are scrupulous about watching what it does, and carefully uncheck every thing it offers, apart from the program that you actually want.
- Once a file has been downloaded then scan it with your antivirus, BEFORE opening it As a double check I recommend scanning it at: Kaspersky Application Advisor which will give a recommendation based on other user input and what the file appears to do. If it is safe then it will say so. Unknown files are automatically given a caution rating and bad files are marked with a red Warning.
- Set your folder options to “show known file types“. The default for windows is to hide known file types and that way, when you receive an email saying open this picture or read this important document, you don’t see the .exe at the end. Once you set known file types to show, it is much less likely that you will accidentally click on a malware file & open it, thinking that it is a picture from a friend or a document that you are expecting. This shows you how to set it for Windows 7 or Vista and this for Windows 8.1
- Watch out for sites that insist you need a special codec to watch the video or listen to music on the site. 99% of the time they are trying to install malware. If you already have Windows Media player, Flash, Quick time or Real player installed, there should never be any need to install a special player or codec from the site.
- Phishing and Identity theft: Be very wary of links in emails allegedly coming from your Bank, Building Society, Insurance Company, PayPal, etc. Hover your mouse over the link to see whether it is the correct Bank website etc. If the address showing in the hovered link isn’t the same as the address it says it is, then don’t click on it. Go to your bank’s website via a known good link. If you do happen to accidentally click on a suspicious link, don’t panic, but simply close the browser window and definitely don’t enter any information in the site. This Microsoft page has some very helpful advice.PayPal, Banks, Credit card companies, Gas, Electric, Telephone, Your ISP etc. NEVER send html form attachments in an email, telling you to fill in the form and submit it. Just delete any email with an HTML form attachment and don’t even think about filling it in.We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don’t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says “you have won a prize” or “sign up to this website for discounts, prizes and special offers”
- Malicious Email attachments: Be very careful with email attachments.
The basic rule is NEVER open any attachment to an email, unless you are expecting it. Now that is very easy to say but quite hard to put into practice, because we all get emails with files attached to them. Our friends and family love to send us pictures of them doing silly things, or even cute pictures of the children or pets.
Never just blindly click on the file in your email program. Always save the file to your downloads folder, so you can check it first. Most ( if not all) malicious files that are attached to emails will have a faked extension. That is the 3 letters at the end of the file name. Unfortunately windows by default hides the file extensions so you need to Set your folder options to “show known file types. Then when you unzip the zip file that is supposed to contain the pictures of “Sally’s dog catching a ball” or a report in word document format that work has sent you to finish working on at the weekend, you can easily see if it is a picture or document & not a malicious program. If you see .EXE or .COM or .PIF or .SCR or .JS at the end of the file name DO NOT click on it or try to open it, it will infect you.
While the malicious program is inside the zip file, it cannot harm you or automatically run. When it is just sitting unzipped in your downloads folder it won’t infect you, provided you don’t click it to run it. Just delete the zip and any extracted file and everything will be OK. You can always run a scan with your antivirus to be sure.
- Smart Screen Filter: Keeping it turned on at all times will protect yourself and tighten security a lot. If you are using Vista or Windows 7, then Internet Explorer 9 ( on vista) and 11 ( on W7) has an inbuilt smart filter that scans all websites that you visit and all web based downloads. It will alert you and block access to known infected websites and unknown or malicious executable files that you are attempting to download. It won’t block Zip or Rar files.
Obviously smart filter only works if you use Internet explorer as your browser and not if you use Firefox or Chrome.
If you are using Windows 8.1 or Windows 10, then you are much better protected, because smart filter is inbuilt to windows and scans/checks and blocks ( if needed) any file you download or open on your computer. This way it works on all browsers and any files received by email as well as web scanning.
Other browsers have similar protection that should always be left turned on:
Chrome has “Enable phishing and malware protection”
Firefox has the “Block reported web forgeries and block reported attack sites”
See HERE for how to check that they are turned on.
- Facebook, Google+, Twitter and other Social Networking sites: Don’t get carried away with what you post on these sites and remember that a lot of what you post will be public and it is rather like walking down the local High Street and shouting out to everyone in earshot, everything that happened last night, your name & address and phone number and where you hide the spare keys to your front door.
Never post when you are going away or that the house will be empty overnight. A lot of thieves, fraudsters and other criminals, hang around and monitor Social Networking sites and use the information they gain from them to do lots of nasty things to you.
Also remember what you post can be read by all your friends and often your boss. Don’t let something you wrote when you had a few drinks or you were in a silly or bad mood, come back and bite you, a few weeks, months or years later. Read more….
- Keep Windows and programs up to date.
- Windows Update and Internet Explorer. Go to IE > Tools > Windows Update > or use Start > Programs> Windows Update ( select Custom) and install ALL Critical and Security Updates listed. It’s extremely important to always keep current with the latest security fixes from Microsoft. Install ALL those patches. Internet Explorer older versions are not supported or recommended and you are strongly advised to immediately update (IE9 for Vista and IE11 for Windows 7, Windows 8 and Windows 8.1) .From 12th January 2016, there will be no further security or functional updates for any version of Internet Explorer below IE11 ( except IE9 on Vista only ). You must update your Internet Explorer version to the latest version Immediately. Windows 8 RTM also ends support on that date and you must update to W8.1 to get updates and stay safe.It doesn’t matter if you normally use an alternative browser such as Firefox, Safari or Google Chrome. Just having older versions of Internet Explorer, which are vulnerable to so many exploits, installed on your computer is enough to allow malware & exploits on to your computer with no action on your part. Microsoft now issue security updates on the second Tuesday of every month and non security updates on 4th Tuesday. Make sure you do a windows update as soon as you can after 6pm UK time or 1pm US Eastern time to get the latest updates on those days.
- Oracle Java
I do not recommend that you have Java installed at all unless you absolutely need it. The amount of malware infections that occur due to Java vulnerabilities is so high nowadays. The vast majority of users get by very well without Java but If you do need it then:
Oracle Java gets regularly updated so make sure you update that regularly and Uninstall any previous versions once you have updated. NOTE: the Java updater does not always remove the previous vulnerable versions
Please follow these steps to remove older version Java components and update.Updating Java:
- Download the latest version of Java Runtime Environment (JRE)
- Scroll down to where it says “Java Platform, Standard Edition”.
- Look in the right hand box that says “JRE” Click the BLUE “Download” button
- That takes you to the list of latest list of Java SE Runtime Environment Downloads with selections for every type of operating system
- Check the box that says: “Accept License Agreement”.
- Click on the link to download the appropriate Windows Offline Installation and save to your desktop.
- Close any programs you may have running – especially your web browser.
- Go to Start >Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
- However the much easier and less confusing way is to go to www.java.com and press the red “Free Java Download” button.
- Adobe Flash, Acrobat Reader etc Keep Adobe reader and flash updated. One of the most common avenues of infection is out dated and vulnerable versions of these 2 products. If you are using Windows 8.1 and Windows 10 then flash is inbuilt and will automatically update for Internet Explorer. You will still need to use the flash updater to keep Firefox updated. Chrome automatically updates Flash. Check whether you have the latest version of flash player HERE . Read HERE for how to set your PDF reader to open all PDF files in the PDF reader itself and not in your browser for safety reasons.
- Always use a standard or limited user account for day to day computer use, especially for internet use. This applies mostly to Windows 7 , Windows 8.1 and Windows 10 or Vista, because many programs running on XP don’t work properly unless run on an admin account. but try and see if you can work on a limited user account on XP. On W7 and Vista set UAC to highest level and always password the admin account. On Windows 8.1 or W10 only have UAC on the middle level. When a program or person tries to alter settings or add something new, then you get an alert and you cannot continue until you either allow it by typing the admin password or refuse it by pressing NO. This ONE thing will stop 99.9% of malware and unwanted programs installing. Read THIS LINK for full details about UAC
- Internet Options – ActiveX controls and Plug-ins. Go to Internet Options/Security/Internet, press ‘default level’, then OK. Now press “Custom Level.” Set the following options as described here: Setting the Internet Zone for Additional Security . Sites that you know for sure are above suspicion like online banking and other secure sites only can be moved to the Trusted Zone in Internet Option/security.
Never put sites like Facebook, Myspace, MSN or any other similar type social networking site in the trusted sites zone.Q. So why is ActiveX so dangerous that you have to increase the security for it?
A. When your browser runs an activex control, it is running an executable program. It’s no different from double clicking an exe file on your hard drive. Would you run just any random file downloaded off a web site without knowing what it is and what it does?
- Scan at http://secunia.com/vulnerability_scanning/personal / for out of date and vulnerable common applications on your computer and follow their advice and links to update them
- EMET It is highly recommended that you install Microsoft’s EMET Enhanced Mitigation Experience Toolkit 5.5 ( released 29 January 2016) which proactively protects you against the majority of 0 day exploits in windows and other common software. Read all about EMET and how it can help to keep you safer from exploits, before Microsoft or other developers can update their software. EMET 5.2 was the previous stable release ( March 2015). These 5.2 and 5.5 versions have a lot of improvements in protection capabilities over the previous EMET 4.1 and EMET 5.1.
- Install a good Antivirus and firewall. I recommend Kaspersky or Eset Smart Security for a paid for antivirus and for a free one: Microsoft Security Essentials (for Windows 7 or Vista only) Windows 8.1 and Windows 10 has inbuilt protection called Windows Defender
- Install a good Antispyware with realtime protection. I recommend 2 programs as having good real time protection as well as good cleaning capabilities SuperAntispyware or MalwareBytes Anti-malware
- Backup, Backup and Backup In the event of you being infected or becoming a victim of a bad or failed program or Windows update, the best, easiest , safest and quickest way to recover is to have a complete current image backup. I use and recommend and use ACRONIS TRUE IMAGE . I use an external hard drive WD My Book 3 TB USB 3.0 Hard Drive with Backup and do a daily incremental backup using Acronis True Image and also have the non stop file backup running, which immediately backs up all my documents and images etc ( in fact I have it set to backup any new or changed files in MY documents, My photos, My Videos and My recorded TV and my Downloads folder. That way the most that can happen is that I lose about 1 hour of work at the most or the last hour of emails.
- Passwords: If you have been infected then be aware that almost all modern malware/spyware is designed to steal your private information. That includes all passwords, log ins to forums & other websites and most of all your Bank, Credit card or PayPal details. It is vital that after you have been cleaned up you change all your passwords and in many occasions it is necessary to get in touch with your Bank or other financial body to inform them that your details may ( probably have ) been stolen
- One of the easiest ways to protect yourself and tighten security is Never, EVER use the same password on different sites. Always use a different password for each site you log in to. Don’t use simple passwords, like your name, Your Husband’s/Wife’s, your Boyfriend’s/Girlfriend’s, Your Dog’s or Cat’s name. Always use a strong password with a mixture of letters and numbers and different characters. Something like jenny, Rover, 12345, 54321, password, login or similar words are absolutely useless. You need something like TsfE£%9& to stop them being guessed
- I strongly recommend using ROBOFORM to keep & create safe secure passwords
And make sure your Antivirus and Firewall is switched on and kept updated and do not allow unknown programs or processes to access the net or your computer, always block and ask for advice
If you have followed the advice in this article then you will have learnt how to protect yourself and tighten security and hopefully be less likely to get infected in the future