Security

10 ways to avoid viruses and spyware

To have a fighting chance against today's rampant security threats, end users have to be informed and proactive. Here are some practical guidelines they can follow to minimize the risk of infection and attack.

To have a fighting chance against today's rampant security threats, end users have to be informed and proactive. Here are some practical guidelines they can follow to minimize the risk of infection and attack.


Oh, the deck is stacked. Don't think for a minute it's not. As a technology professional responsible for securing office networks, workstations, and servers from viruses, spyware, adware, Trojans, and other malware infections, I can tell you that the situation is only getting worse.

A Computer Economics report showed that annual worldwide malware expenses increased by $10 billion (to $13 billion) over a recent 10-year span. Google Research suggests that one in every 10 Web sites is infected with "drive-by" malware. In June 2009, the Windows Secrets e-newsletter reported that such seemingly safe Web sites as Coldwell Banker.com, Variety.com, and even Tennis.com were exposing Internet Explorer visitors to the Gumblar exploit, which threatens to compromise visitors' systems in order to propagate.

IT professionals must encourage their users to follow several security practices to minimize virus, spyware, and malware exposure. But many computer techs are too busy to spread the word, or they don't have the time to build an appropriate memo or handout.

With that in mind, here's a handy reference list of 10 steps end users can adopt to avoid infection (including when using home systems to read and send work e-mail, create, edit, and distribute documents and spreadsheets, access the corporate VPN, and perform other office tasks). Post this list on your Intranet, distribute it in an e-mail, or download the PDF version and pass it along to end users. Just be sure the word gets out. Otherwise, you're likely to find yourself losing precious time cleaning and repairing infected systems or entire networks.

1: Install quality antivirus

Many computer users believe free antivirus applications, such as those included with an Internet service provider's bundled service offering, are sufficient to protect a computer from virus or spyware infection. However, such free anti-malware programs typically don't provide adequate protection from the ever-growing list of threats.

Instead, all Windows users should install professional, business-grade antivirus software on their PCs. Pro-grade antivirus programs update more frequently throughout the day (thereby providing timely protection against fast-emerging vulnerabilities), protect against a wider range of threats (such as rootkits), and enable additional protective features (such as custom scans).

2: Install real-time anti-spyware protection

Many computer users mistakenly believe that a single antivirus program with integrated spyware protection provides sufficient safeguards from adware and spyware. Others think free anti-spyware applications, combined with an antivirus utility, deliver capable protection from the skyrocketing number of spyware threats.

Unfortunately, that's just not the case. Most free anti-spyware programs do not provide real-time, or active, protection from adware, Trojan, and other spyware infections. While many free programs can detect spyware threats once they've infected a system, typically professional (or fully paid and licensed) anti-spyware programs are required to prevent infections and fully remove those infections already present.

3: Keep anti-malware applications current

Antivirus and anti-spyware programs require regular signature and database updates. Without these critical updates, anti-malware programs are unable to protect PCs from the latest threats.

In early 2009, antivirus provider AVG released statistics revealing that a lot of serious computer threats are secretive and fast-moving. Many of these infections are short-lived, but they're estimated to infect as many as 100,000 to 300,000 new Web sites a day.

Computer users must keep their antivirus and anti-spyware applications up to date. All Windows users must take measures to prevent license expiration, thereby ensuring that their anti-malware programs stay current and continue providing protection against the most recent threats. Those threats now spread with alarming speed, thanks to the popularity of such social media sites as Twitter, Facebook, and My Space.

4: Perform daily scans

Occasionally, virus and spyware threats escape a system's active protective engines and infect a system. The sheer number and volume of potential and new threats make it inevitable that particularly inventive infections will outsmart security software. In other cases, users may inadvertently instruct anti-malware software to allow a virus or spyware program to run.

Regardless of the infection source, enabling complete, daily scans of a system's entire hard drive adds another layer of protection. These daily scans can be invaluable in detecting, isolating, and removing infections that initially escape security software's attention.

5: Disable autorun

Many viruses work by attaching themselves to a drive and automatically installing themselves on any other media connected to the system. As a result, connecting any network drives, external hard disks, or even thumb drives to a system can result in the automatic propagation of such threats.

Computer users can disable the Windows autorun feature by following Microsoft's recommendations, which differ by operating system. Microsoft Knowledge Base articles 967715 and 967940 are frequently referenced for this purpose.

6: Disable image previews in Outlook

Simply receiving an infected Outlook e-mail message, one in which graphics code is used to enable the virus' execution, can result in a virus infection. Prevent against automatic infection by disabling image previews in Outlook.

By default, newer versions of Microsoft Outlook do not automatically display images. But if you or another user has changed the default security settings, you can switch them back (using Outlook 2007) by going to Tools | Trust Center, highlighting the Automatic Download option, and selecting Don't Download Pictures Automatically In HTML E-Mail Messages Or RSS.

7: Don't click on email links or attachments

It's a mantra most every Windows user has heard repeatedly: Don't click on email links or attachments. Yet users frequently fail to heed the warning.

Whether distracted, trustful of friends or colleagues they know, or simply fooled by a crafty email message, many users forget to be wary of links and attachments included within email messages, regardless of the source. Simply clicking on an email link or attachment can, within minutes, corrupt Windows, infect other machines, and destroy critical data.

Users should never click on email attachments without at least first scanning them for viruses using a business-class anti-malware application. As for clicking on links, users should access Web sites by opening a browser and manually navigating to the sites in question.

8: Surf smart

Many business-class anti-malware applications include browser plug-ins that help protect against drive-by infections, phishing attacks (in which pages purport to serve one function when in fact they try to steal personal, financial, or other sensitive information), and similar exploits. Still others provide "link protection," in which Web links are checked against databases of known-bad pages.

Whenever possible, these preventive features should be deployed and enabled. Unless the plug-ins interfere with normal Web browsing, users should leave them enabled. The same is true for automatic pop-up blockers, such as are included in Internet Explorer 8, Google's toolbar, and other popular browser toolbars.

Regardless, users should never enter user account, personal, financial, or other sensitive information on any Web page at which they haven't manually arrived. They should instead open a Web browser, enter the address of the page they need to reach, and enter their information that way, instead of clicking on a hyperlink and assuming the link has directed them to the proper URL. Hyperlinks contained within an e-mail message often redirect users to fraudulent, fake, or unauthorized Web sites. By entering Web addresses manually, users can help ensure that they arrive at the actual page they intend.

But even manual entry isn't foolproof. Hence the justification for step 10: Deploy DNS protection. More on that in a moment.

9: Use a hardware-based firewall

Technology professionals and others argue the benefits of software- versus hardware-based firewalls. Often, users encounter trouble trying to share printers, access network resources, and perform other tasks when deploying third-party software-based firewalls. As a result, I've seen many cases where firewalls have simply been disabled altogether.

But a reliable firewall is indispensable, as it protects computers from a wide variety of exploits, malicious network traffic, viruses, worms, and other vulnerabilities. Unfortunately, by itself, the software-based firewall included with Windows isn't sufficient to protect systems from the myriad robotic attacks affecting all Internet-connected systems. For this reason, all PCs connected to the Internet should be secured behind a capable hardware-based firewall.

10: Deploy DNS protection

Internet access introduces a wide variety of security risks. Among the most disconcerting may be drive-by infections, in which users only need to visit a compromised Web page to infect their own PCs (and potentially begin infecting those of customers, colleagues, and other staff).

Another worry is Web sites that distribute infected programs, applications, and Trojan files. Still another threat exists in the form of poisoned DNS attacks, whereby a compromised DNS server directs you to an unauthorized Web server. These compromised DNS servers are typically your ISP's systems, which usually translate friendly URLs such as yahoo.com to numeric IP addresses like 69.147.114.224.

Users can protect themselves from all these threats by changing the way their computers process DNS services. While a computer professional may be required to implement the switch, OpenDNS offers free DNS services to protect users against common phishing, spyware, and other Web-based hazards.


Finally: 10 Things... the newsletter!

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

187 comments
rolamijeffs
rolamijeffs

gsg so how did you achieve that.(not having viruse for like 10 years)

stefan_coetzer
stefan_coetzer

My browser (Chrome) was infected with malware (Updater Service) after downloading an app discussed and recommended in the TechRepublic newsletter. Ironic! (And the last time I trust anything from TechRepublic!)

Glow79
Glow79

Thanks for the tips. I started using a free antivirus that is called UnThreat. I'm happy with it but I'm curious if you think it offers good enough protection or should I invest in a paid antivirus software?

charleswdavis6670
charleswdavis6670

Let's get original, not keep digging up old articles. It's like the jokes that come into the inbox every day - they have been forwarded so often that the sender doesn't even remember that he/she had forwarded it before. I have talked to some and they admit to forwarding without reading...

fetz
fetz

There's another nice free tool called "rkill". It's worked for me killing viruses that even Malwarebytes couldn't get rid of.

TexasJetter
TexasJetter

You say to keep antivirus/spyware programs updated, what about your OS? If you don't patch the holes then it is much harder to stay clean.

dpurvis
dpurvis

What about browsing? Obviously anti-virus and spyware apps work fine (usually) for email and scanning (after the fact). I?m seeing stats indicating that 60-80% of malicious code is being delivered through the browser. Is there any value is using Saas proxy services to pre-scan the pages like AppRiver or Webroot? I?m using a 3 layer AV/AS model and still getting hammered.

GSG
GSG

I did 1,2,3,5,6,7,8 and STILL got infected (first infection in 10 years). In fact, I had two AV's on and ran them both and they came back clean. Twenty minutes later, my viruses released their payloads. Yes, viruses. I got a copy of a Beta product that microsoft put out and it found 5 Trojans and 3 keyloggers. Since then, It's been catching the bad stuff before it hits. How can we surf smart when we get infected from sites I used to consider reputable, like CNN.com? It loads so much spyware, it's not funny.

lkjune
lkjune

For the end users, I always suggest to disable the right to modify registries. It's very helpful and help reducing infection from malwares.

BALTHOR
BALTHOR

For the attack to be this massive the entire phone system must be rerouted.We are not seeing the real Internet.Hacking is big terrorism.

ejhonda
ejhonda

Under the "sponsored links": Anti-Spyware 2009 - Free #1 Rated Spyware Remover - 100% Guaranteed - 47 Million Downloads! Which links to http://www.adware-2009.com/ Um, don't try it, kids... LOL!!!

Gis Bun
Gis Bun

#6 is a secondary reason. Why? If you know your contacts the only one you have to worry about are the phishing/spam crap. Other option is to use a free Email account when you need to register on sites which may not be truly legit or to use it for non-personal usage.

jpdecesare
jpdecesare

I'm not saying don't use A/V software. But I personally have never used any, and have never gotten a virus in almost 2 decades. I'm a Visual Studio programmer, so I have a fairly keen eye for the threats over the casual user sending emails, but even so, I get almost no spam in my addresses for the domain I bought years ago. This isn't a boast session, I honestly want to know, how do you even get a virus? I must be missing something. I use AdAware for the typical junk from browsing, and have a router (hardware firewall), but that's it. I tell ya, for 19 years, I've had a computer with no AV slowdown, and it's been a joy. Vista and now 7RC FLY with no AV. Maybe we need to be smarter where we surf. I'm sure I didn't make friends with that statement, but it's the truth.

b15h09
b15h09

Just sillyness. If you follow the given suggestions, most real world machines (+3yrs old) will run like they're infected. Use Firefox with No-Script, and Thunderbird. Most importantly, use common sense.

jeff.jones
jeff.jones

#1 way to prevent malware on a Windows machine: Do not run with an Admin account. This list contains only meaningless fluff.

vall7744
vall7744

Even with a good virus checker and firewall you are going to get some kind of infection sooner or latter. I use spoofStick to help identify web sights. Have you ever heard of sandboxie, when you get a infection it is easy to remove, just delete/empty the sandbox and no more problem.

lucideer
lucideer

Without any specific recommendations this statement is null and void. AVG (Free) is a poor anti-virus app, but it's still superior to many of the paid-for so-called "professional" software that can be bought. Avast is superior to quite a few of them. I personally wouldn't put any of the free apps at the top of the pile, but stating that they are unilaterally inferior is a complete falsehood.

mattohare
mattohare

I do a weekly scan. The daily scans can really take it out of a hard disk over the years it's in use. I really wonder how much Seagate and the others are paying the anti-virus makers to push the daily scan idea?

jimbrick
jimbrick

I chose to do #11 - I switched to a Mac.

midgarddragon
midgarddragon

I love all these "free programs suck!" rules. I've had better luck with the trinity of AVG Free, Ad-Aware, and Spybot than I ever did with any "quality, professional" anti-spyware and anti-virus. If anything the pay programs are usually worse in my experience, reducing system functionality and STILL not getting the job done.

NickNielsen
NickNielsen

Because, of course, IT is so staid and static...

Neon Samurai
Neon Samurai

I suspect the classic AV apps are starting to do active browser scanning also but I know SSD specifically has a browser plugin.

Neon Samurai
Neon Samurai

The new love seems to be hitting the advertising servers that feed reputable sites with those lovely banners down the right; --> Offhand, what two AV reported the system clean?

The Scummy One
The Scummy One

I am using cable -- therefore I see the 'real' internet.

robo_dev
robo_dev

you passed v/ So maybe the article is a cunning plan to spread malware. The irony of a sponsored link in an article about malware being linked to malware.... It's like around here where some criminals broke into the police station to steal guns and drugs from the property room.

deepsand
deepsand

Purveyors of spam & malware love to target the free e-mail systems, because that's where the overwhelming majority of idiots are.

PurpleSkys
PurpleSkys

how would you know if you had a virus...no A/V?...and just using adaware? ouch! bitdefender has a good little online scanner...also you might want to give malwarebytes and superantispyware a go...i bet you have more than you think you do. ;)

robo_dev
robo_dev

it seems that there's a DLL called 'ignorance.dll', another OCX file called 'curiousity.ocx' and a third library called 'laziness.tlb'. And, to be fair, some PC users (e.g the very young and the very old) may have either not yet attained, or long ago lost, their common sense.

robo_dev
robo_dev

If you talk to many 'normal' users, lots of them do not run hardware firewalls. One issue I have with the list is that he recommends to run a 'Quality Professional' AV program...that's not very useful advice. It's like saying to have a reliable car, buy a quality car. Some obvious oversights are that instead of trying to secure programs like MS Outlook, just run Mozilla Thunderbird, or Webmail from your ISP. Another topic missing is the use of Linux Live Distros. You cannot infect or compromise a read-only file system, so if you boot a USB or CD-based Linux Distro, the chance of infecting/compromising the Windows PC it's on is somewhere around 0%.

robo_dev
robo_dev

Some of the functionality of SpoofStick is built into FF3 and IE8. An alternate site verifier is the NetCraft Toolbar. Also, a search link checker such as LinkScanner Pro or Web Of Trust are very good. Web of Trust gives each search result a Red/Yellow/Green ranking. If you never visit the malware-hosting website, you won't get the malware. The neat thing about WOT is that if you do a google search for 'AdAware', you get five or ten 'Red' results (sites hosting malware). So when trying to fight a malware infection, guess what you get...more malware!!

lucideer
lucideer

Security expert Charlie Miller on trying to hack into various browsers: "The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows. It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it. With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have. It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X."

leo8888
leo8888

Your so right about paid programs. I have worked on more PC's than I can count that were running paid and up to date versions of either Symantec or McAfee and were running extremely slow, and also had infections that were not detected. In every case doing some offline cleanup with a BartPE CD then installing and scanning with AVG and MalwareBytes made them run 100% better. I place the current Symantec and McAfee products right up there with AOL software in terms of how much they hurt performance with the many components that have to be running in the background to make them work.

robo_dev
robo_dev

Any signature-based AV is a crap-shoot, as it's a cat-and-mouse game with the malware authors versus the AV signature. Consider your AV software as a bullet-proof vest. It's a last-ditch effort to protect your PC, but it should not be the only method in place. You should: - use the most secure browser - patch the OS and use the most secure OS,if possible - use the most secure mail client - disable scripting (noscript) - inspect search links (linkscanner, WOT) - DO NOT run as admin. So the recommendation to use a 'quality professional' AV is really meaningless. It's like saying to use a 'quality' bullet-proof vest. Even the top #1 professional AV program is going to miss 1% of all viruses/malware that is out there. So if you're exposed to some virus variant that is in that elite 1% group, you could be running a ten year old copy of VirusBuster and it would not make any difference. Not to get into any 'mine's better' argument, but I've used many different AV/Spyware apps, suites, and tools over the years. My current choice is Sunbelt Vipre. I've been using it on ten machines at home for around six months or so. Vipre has a very good detection rate and very little impact on system performance. Some people at home frequent lots of social networking and song-lyric / music sites, which would infect a PC protected by both Trend Micro and PC Tools Spyware doctor about three or four times a year with things like Vundo, FakeAV, or TrojanDownloader. Knock on wood, but so far Vipre is doing the job for me. All PCs use Firefox with NoScript, but I have no control over whether some users select 'allow all this page' too often.

deepsand
deepsand

individual components all of which are "best of breed." As for myself, I've stopped using AdAware, as it now tries to do things that are, quite frankly, outside of its particular specialty, things that result in too many false positives, things that are better handled by SS&D. Even AVG is reaching too far; I've disabled several of the new features that were added in versions 7 & 8. And, I don't allow their toolbar to be installed.

Tony Hopkinson
Tony Hopkinson

but I'm using avast so I agree with you. As stand alone avs they easily stand up to the so called professional versions. I remember a thread on this site comparing the professional suites a/v/. mail scan ad ware etc. The most effective overall was 22%, well worth the money that, not....

GSG
GSG

AVG 8.5 is the one that I've always preferred. Until 8.5 the free version caught everything. It's since been uninstalled. The other was Norton. Even Spybot missed a whole bunch of spyware. The Beta that I'm using is Microsoft Essentials. I'm pleasantly surprised. I thought it would miss a bunch of stuff, be cumbersome to install, and suck resources, but so far so good. I like the various options for scanning like quick scan, full scan, or I can customize what I scan. I found that most of my infections were located in one general area, and I scan that manually every time I boot up since that's a 5 minute scan, then I'm doing a quick scan every few days and a full scan once a week. The full scan takes an hour. We'll see how it goes. I'm trying to identify the site where I got the infection by going to 5 sites, scanning, then moving on. So far no luck except for identifying cnn.com as the main source for my spyware.

deepsand
deepsand

"[i]I believe, I do, I believe it's true, I believe exactly what they tell me to.[/i]" - Tom Paxton

robo_dev
robo_dev

I recognized that domain from memory. It is a malware-hosting sound-alike domain for Adaware. I use WOT (Web of Trust) in FF3, and it gives that link a big red circle, meaning that it is bad, very bad.

deepsand
deepsand

OS X was derived from Microware's OS-9, which was used primarily in embedded systems, where, owing to the OS being in firmware, the opportunities for subverting it were much less than for general purpose machines where the OS resides in/on re-writable media.

kkopp
kkopp

If I let everyone install a toolbar that asks for it like my dad does, I wouldn't have any room for my browser. I always say no to that option.

GSG
GSG

I've identified one site that's giving me the Trojan. This time, MS security essentials got it before it infected me. I say hanging is too good for the people that write this stuff. Plus, the web admins need to take some responsibility for policing their sites and making sure they're clean.

Neon Samurai
Neon Samurai

Fsecure and Avira are doing pretty good. I should toss the Avira personal on at home and see how it holds up. I've seen Norton miss a few things that Avira liveCD found.

deepsand
deepsand

Bear in mind the the URL displayed is the Anchor Tag, not the target URL actually contained with the href.

deepsand
deepsand

However, having spent far too much time rehabilitating machines that were bombed by NAV, I'll now take the "let Mikey try it" approach to their products.

Neon Samurai
Neon Samurai

You installed your OS, you installed Norton Utilities and then you installed other stuff. That utility graphs warf bar was a staple component of a well built system. What confuses me so much is how Symantec fkcus the dog so hard on the Norton brand yet does so well in other areas like running the Security Focus website. I believe they are the key company behind that anyhow.

deepsand
deepsand

I might consider changing my name. So very sad. I recall the day when Norton Utilities were the gold standard by which others were measured.

Neon Samurai
Neon Samurai

then took it out to the local mall, whipped and peed on it then tied it to the wall so that passers by could point and geer at the shriveled dangley bits. It's just sad what's happened to the name behind the Pink Book.

deepsand
deepsand

There have been many discussions, both here at [i]TR[/i] and elsewhere, re. the crap that's been coming out of Symantec over the past several years. I've had too many clients' boxes turned into costly doorstops owing to their being trashed by failed installs and/or uninstalls to ever trust their products again.

mattohare
mattohare

They just shoved it down my browser's throat. Symantec/Norton used to be the best fo the best. Lately they've become the worst of the best. I think I'll take a year or two off from them and go AVG. They were very nice when their product 'accidentally' deactivated itself, but it still took me five hours to get it sorted out with the handholding they were doing.

deepsand
deepsand

at you. Adobe updates are becoming nearly as equally pushy, too. What really burns me up is that the option box for installing the toolbars are checked by default.

Editor's Picks