How-to protect yourself against viruses and malware

Post Reply
User avatar
Braden
UOSA Policy Enforcer
UOSA Policy Enforcer
Posts: 822
Joined: Mon Oct 19, 2009 10:12 am
Location: Trammel

How-to protect yourself against viruses and malware

Post by Braden »

Several users have come forward and asked about wierd behavior they were experiencing while browsing the forums. After analyzing the symptoms, we discovred they were infected with one or more viruses and malware.
"But, I don't do stupid things or go to sites where I could get infected!"
Perhaps; however, a virus/malware can hide in something as innoculous as an image file. In today's day and age you can get a virus from anywhere.



Here are some common sense steps that you can do to protect yourself from viruses with a very minimal effect on system performance:

1. Install an anti-virus software such as Microsoft Security Essentials (MSE) (http://windows.microsoft.com/en-US/wind ... essentials). MSE is a free light-weight virus scanner that does a pretty good job and does not hog system resources. If you would prefer additional protection, you could use ESET's NOD32, McAfee Antivirus, Kaspersky, or Norton Antivirus. I personally recommend combining MSE with NOD32. Derrick recommends Avast (also free) stating in the 5 years he has used it he has not gotten a virus.

2. Enable Data Execution Prevention (DEP), which is built into modern versions of Windows. DEP prevents programs from being loaded first into memory and then being executed. It is very rare that a program would need to execute from RAM, and if it does its usually up to no good. Many viruses execute from memory to avoid detection. DEP prevents this. Your system may or may not support DEP; however, you can enable software DEP.

To enable DEP, do the following:
Windows Globe -> Control Panel -> System -> Advanced System Settings -> Performance -> Settings -> Turn on DEP for all programs except for those I select (the SECOND radio button).

3. Enable Windows Firewall. There is really no reason to disable Windows Firewall.

To check your Windows Firewall settings:
Windows Globe -> Control Panel -> Windows Firewall

If there is an option for "Use Recommended Settings", click it. If you want to allow a program through, you can find a link on the left that allows you to add exceptions.

Alternatively, you might want to use a full security suite. Unless you really know what you are doing, I would not recommend this; however, ESET Smart Security is a pretty decent package.

4. Enable User Access Control (UAC). UAC is essential in protecting your computer from programs that wish to modify system settings. UAC works by prompting you for whenever the system needs Administrative access (even as an Administrator). Do NOT blindly click "Allow" whenever the system asks you if it can make a change. Make sure that you always check what it is wanting to do!

To verify your UAC settings:
Windows Globe -> Control Panel -> User Accounts -> Change User Access Control Settings -> Notify my only when programs try to make changes to my computer (second notch down)

5. Make sure that Internet Explorer is configured correct even if you do not use it. The Internet Explorer settings affect other software than just IE, so make sure it is set correctly.

To verify IE settings:
Windows Globe -> Control Panel -> Internet Options -> Security -> Internet -> Default -> Local-Intranet -> Default -> Trusted Sites -> Default -> (delete all sites in the list) -> Restricted Sites -> Default -> Privacy -> Default



If; however, you think that you have already been infected by a virus, you might wish to do the following to clean your computer:

1. Run a FULL scan using MSE or whichever virus scanning software you have installed. Make sure that the definitions are up-to-date. If they are not, a scan will be pointless.

2. Install Malwarebytes (http://www.malwarebytes.org/mbam-download.php) and do a full system scan. Malwarebytes is good at finding some viruses and a lot of malware. Make sure that you do NOT install the real-time scanner or the set it and forget it functionality. You just want the on-demand scanner.

3. Install Spybot Search and Destroy (http://www.safer-networking.org/en/mirrors/index.html) and do a scan. Spybot S&D is good at finding rootkits. Make sure that you do NOT install the real-time scanner or the set it and forget it functionality. You just want the on-demand scanner.

4. Repeat steps 1, 2 (scanning), and 3 (scanning) again.

5. Do a Windows system file integrity check using the Windows built-in integrity checking tool:

Windows Globe -> All Programs -> Accessories -> Right-click on Command Prompt and select "Run as Administrator" -> type: sfc /scannow

Following these steps, you can help ensure that your system is better protected against viruses and malware; however, there is no substitute for vigilance. If you are not careful with what you do on the internet, no amount of protection from scanners or Windows' settings will protect you.
<Layt> note to self (and others)
<Layt> do not magic arrow braden
<Zebulone> He has inf reflect
<Layt> more like reflect and amplify
<Layt> it was a death sequence unlike any other i had ever seen

User avatar
Derrick
Posts: 9004
Joined: Thu Dec 13, 2007 7:49 pm
Location: Cove
Contact:

Re: How-to protect yourself against viruses and malware

Post by Derrick »

Thanks Braden, nice post.

I've talked with two players this week in IRC that were unable to access our websites due to confirmed DNS hijacks.

Another good program to add to the list is Avast. Since I've been running Avast (about 5 years) I haven't had an single issue of infection. I run MSE on a few machines too.
Image
"The text in this article or section may be incoherent or very hard to understand, and should be reworded if the intended meaning can be determined."

rwuser
Posts: 72
Joined: Tue Feb 14, 2012 4:51 pm

Re: How-to protect yourself against viruses and malware

Post by rwuser »

Might I add the obvious irony of the new page layout downloading the image of the day instead of just viewing it in the browser?

Good place to start.

User avatar
Derrick
Posts: 9004
Joined: Thu Dec 13, 2007 7:49 pm
Location: Cove
Contact:

Re: How-to protect yourself against viruses and malware

Post by Derrick »

rwuser wrote:Might I add the obvious irony of the new page layout downloading the image of the day instead of just viewing it in the browser?
Good place to start.
Not sure what you mean about any risk of downloading it, if it's displaying it on your PC in any form, your PC has has downloaded it. However the image should be displaying in the page when you click on it; it would only offer for you to save it if your browser is extremely old, or has Javascript disabled.
Image
"The text in this article or section may be incoherent or very hard to understand, and should be reworded if the intended meaning can be determined."

rwuser
Posts: 72
Joined: Tue Feb 14, 2012 4:51 pm

Re: How-to protect yourself against viruses and malware

Post by rwuser »

I figure these newer browsers dont just download to temp, with all the security issues of doing that in the past I figure they would use some sort of sandbox system for stuff that is commonly venerable. Its just a guess though, no idea!

Using Chrome btw, possibly latest version.

User avatar
Derrick
Posts: 9004
Joined: Thu Dec 13, 2007 7:49 pm
Location: Cove
Contact:

Re: How-to protect yourself against viruses and malware

Post by Derrick »

Getting way off topic here, as I don't belive there's any way to get a trojan from a .jpg, .png file from our server as they are validated when uploaded; If it's even still possible to exploit a image file like this.

Thanks bringing the pic of day/image gallery problem to my attention though, I've had a bit of trouble with the way Chrome bubbles up onClick events, and wasn't aware that the image viewer wasn't working properly in Chrome.
This is how it should work:
Capture.JPG
Fixing now.
Image
"The text in this article or section may be incoherent or very hard to understand, and should be reworded if the intended meaning can be determined."

User avatar
Venom
Posts: 55
Joined: Wed Apr 18, 2012 10:11 am
Location: Wolverhampton UK

Re: How-to protect yourself against viruses and malware

Post by Venom »

i use firefox and had a look earlier, it made me open the files with a programme on my pc, but it had to download to do it.

GleepGlop
Posts: 220
Joined: Sat Sep 18, 2010 12:01 am

Re: How-to protect yourself against viruses and malware

Post by GleepGlop »

I would add Combofix (http://www.combofix.org/) to the list (if you have been infected section) with a "use at own expense" warning. So far I haven't had any problems arise from using it, but I haven't found any other programs that are as effective at removing rootkits and DNS redirections that programs like Spybot, MSE or other tools cannot fix.

Hicha
UOSA Donor!!
UOSA Donor!!
Posts: 2264
Joined: Tue May 05, 2009 10:03 am
Location: out selling permits

Re: How-to protect yourself against viruses and malware

Post by Hicha »

Malware is also easily spread through 3rd-party web advertisements as well, even through reputable advertising companies/host (mostly by accident.)

A huge thing I always recommend is to run the add-on AdBlock (Chrome, Safari, Firefox.) I know there's a way to run it with IE, but then if you're still using IE, good luck to you. No 3rd-party advertisements, one less thing to worry about.
Image
"I consider most of you NPC's that inhabit the single player game that I am here to enjoy." - MatronDeWinter

User avatar
Kublai Khan
UOSA Subscriber!
UOSA Subscriber!
Posts: 88
Joined: Sun Apr 11, 2010 11:05 pm

Re: How-to protect yourself against viruses and malware

Post by Kublai Khan »

Hicha wrote:Malware is also easily spread through 3rd-party web advertisements as well, even through reputable advertising companies/host (mostly by accident.)

A huge thing I always recommend is to run the add-on AdBlock (Chrome, Safari, Firefox.) I know there's a way to run it with IE, but then if you're still using IE, good luck to you. No 3rd-party advertisements, one less thing to worry about.
I agree this is a major deal with social networking this is a must.

Post Reply