Page 1 of 1

How-to protect yourself against viruses and malware

Posted: Mon Apr 16, 2012 8:10 am
by Braden
Several users have come forward and asked about wierd behavior they were experiencing while browsing the forums. After analyzing the symptoms, we discovred they were infected with one or more viruses and malware.
"But, I don't do stupid things or go to sites where I could get infected!"
Perhaps; however, a virus/malware can hide in something as innoculous as an image file. In today's day and age you can get a virus from anywhere.



Here are some common sense steps that you can do to protect yourself from viruses with a very minimal effect on system performance:

1. Install an anti-virus software such as Microsoft Security Essentials (MSE) (http://windows.microsoft.com/en-US/wind ... essentials). MSE is a free light-weight virus scanner that does a pretty good job and does not hog system resources. If you would prefer additional protection, you could use ESET's NOD32, McAfee Antivirus, Kaspersky, or Norton Antivirus. I personally recommend combining MSE with NOD32. Derrick recommends Avast (also free) stating in the 5 years he has used it he has not gotten a virus.

2. Enable Data Execution Prevention (DEP), which is built into modern versions of Windows. DEP prevents programs from being loaded first into memory and then being executed. It is very rare that a program would need to execute from RAM, and if it does its usually up to no good. Many viruses execute from memory to avoid detection. DEP prevents this. Your system may or may not support DEP; however, you can enable software DEP.

To enable DEP, do the following:
Windows Globe -> Control Panel -> System -> Advanced System Settings -> Performance -> Settings -> Turn on DEP for all programs except for those I select (the SECOND radio button).

3. Enable Windows Firewall. There is really no reason to disable Windows Firewall.

To check your Windows Firewall settings:
Windows Globe -> Control Panel -> Windows Firewall

If there is an option for "Use Recommended Settings", click it. If you want to allow a program through, you can find a link on the left that allows you to add exceptions.

Alternatively, you might want to use a full security suite. Unless you really know what you are doing, I would not recommend this; however, ESET Smart Security is a pretty decent package.

4. Enable User Access Control (UAC). UAC is essential in protecting your computer from programs that wish to modify system settings. UAC works by prompting you for whenever the system needs Administrative access (even as an Administrator). Do NOT blindly click "Allow" whenever the system asks you if it can make a change. Make sure that you always check what it is wanting to do!

To verify your UAC settings:
Windows Globe -> Control Panel -> User Accounts -> Change User Access Control Settings -> Notify my only when programs try to make changes to my computer (second notch down)

5. Make sure that Internet Explorer is configured correct even if you do not use it. The Internet Explorer settings affect other software than just IE, so make sure it is set correctly.

To verify IE settings:
Windows Globe -> Control Panel -> Internet Options -> Security -> Internet -> Default -> Local-Intranet -> Default -> Trusted Sites -> Default -> (delete all sites in the list) -> Restricted Sites -> Default -> Privacy -> Default



If; however, you think that you have already been infected by a virus, you might wish to do the following to clean your computer:

1. Run a FULL scan using MSE or whichever virus scanning software you have installed. Make sure that the definitions are up-to-date. If they are not, a scan will be pointless.

2. Install Malwarebytes (http://www.malwarebytes.org/mbam-download.php) and do a full system scan. Malwarebytes is good at finding some viruses and a lot of malware. Make sure that you do NOT install the real-time scanner or the set it and forget it functionality. You just want the on-demand scanner.

3. Install Spybot Search and Destroy (http://www.safer-networking.org/en/mirrors/index.html) and do a scan. Spybot S&D is good at finding rootkits. Make sure that you do NOT install the real-time scanner or the set it and forget it functionality. You just want the on-demand scanner.

4. Repeat steps 1, 2 (scanning), and 3 (scanning) again.

5. Do a Windows system file integrity check using the Windows built-in integrity checking tool:

Windows Globe -> All Programs -> Accessories -> Right-click on Command Prompt and select "Run as Administrator" -> type: sfc /scannow

Following these steps, you can help ensure that your system is better protected against viruses and malware; however, there is no substitute for vigilance. If you are not careful with what you do on the internet, no amount of protection from scanners or Windows' settings will protect you.

Re: How-to protect yourself against viruses and malware

Posted: Mon Apr 16, 2012 10:11 am
by Derrick
Thanks Braden, nice post.

I've talked with two players this week in IRC that were unable to access our websites due to confirmed DNS hijacks.

Another good program to add to the list is Avast. Since I've been running Avast (about 5 years) I haven't had an single issue of infection. I run MSE on a few machines too.

Re: How-to protect yourself against viruses and malware

Posted: Thu Apr 19, 2012 4:25 am
by rwuser
Might I add the obvious irony of the new page layout downloading the image of the day instead of just viewing it in the browser?

Good place to start.

Re: How-to protect yourself against viruses and malware

Posted: Thu Apr 19, 2012 9:16 am
by Derrick
rwuser wrote:Might I add the obvious irony of the new page layout downloading the image of the day instead of just viewing it in the browser?
Good place to start.
Not sure what you mean about any risk of downloading it, if it's displaying it on your PC in any form, your PC has has downloaded it. However the image should be displaying in the page when you click on it; it would only offer for you to save it if your browser is extremely old, or has Javascript disabled.

Re: How-to protect yourself against viruses and malware

Posted: Thu Apr 19, 2012 10:07 am
by rwuser
I figure these newer browsers dont just download to temp, with all the security issues of doing that in the past I figure they would use some sort of sandbox system for stuff that is commonly venerable. Its just a guess though, no idea!

Using Chrome btw, possibly latest version.

Re: How-to protect yourself against viruses and malware

Posted: Thu Apr 19, 2012 10:28 am
by Derrick
Getting way off topic here, as I don't belive there's any way to get a trojan from a .jpg, .png file from our server as they are validated when uploaded; If it's even still possible to exploit a image file like this.

Thanks bringing the pic of day/image gallery problem to my attention though, I've had a bit of trouble with the way Chrome bubbles up onClick events, and wasn't aware that the image viewer wasn't working properly in Chrome.
This is how it should work:
Capture.JPG
Fixing now.

Re: How-to protect yourself against viruses and malware

Posted: Thu Apr 19, 2012 11:03 am
by Venom
i use firefox and had a look earlier, it made me open the files with a programme on my pc, but it had to download to do it.

Re: How-to protect yourself against viruses and malware

Posted: Mon Apr 23, 2012 4:14 pm
by GleepGlop
I would add Combofix (http://www.combofix.org/) to the list (if you have been infected section) with a "use at own expense" warning. So far I haven't had any problems arise from using it, but I haven't found any other programs that are as effective at removing rootkits and DNS redirections that programs like Spybot, MSE or other tools cannot fix.

Re: How-to protect yourself against viruses and malware

Posted: Fri Apr 27, 2012 11:01 pm
by Hicha
Malware is also easily spread through 3rd-party web advertisements as well, even through reputable advertising companies/host (mostly by accident.)

A huge thing I always recommend is to run the add-on AdBlock (Chrome, Safari, Firefox.) I know there's a way to run it with IE, but then if you're still using IE, good luck to you. No 3rd-party advertisements, one less thing to worry about.

Re: How-to protect yourself against viruses and malware

Posted: Sun Jun 10, 2012 7:25 am
by Kublai Khan
Hicha wrote:Malware is also easily spread through 3rd-party web advertisements as well, even through reputable advertising companies/host (mostly by accident.)

A huge thing I always recommend is to run the add-on AdBlock (Chrome, Safari, Firefox.) I know there's a way to run it with IE, but then if you're still using IE, good luck to you. No 3rd-party advertisements, one less thing to worry about.
I agree this is a major deal with social networking this is a must.