Best Practices for Safe Computing - Prevention of Malware Infection
Common sense, good security habits, safe surfing, understanding security and safe computing are essential to protecting yourself from malware infection. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice these principles and stay informed. Knowledge and the ability to use it is the best defensive tool anyone could have. This includes educating yourself as to the most common ways malware is contracted and spread as well as prevention.
- Simple and easy ways to keep your computer safe and secure on the Internet
- Tips to help protect from infection
Security is all about layers and not depending on any one solution, technology or approach to protect yourself from cyber-criminals. The most important layer is you...the first and last line of defense.
- Importance of Layered Security in Cyber Defense
- The Importance Of Layered Network Security
- Seven Layers of IT security
- The 7 Layers Of Cybersecurity
- What are the 7 Layers of Security? Understanding the Fundamentals
Important Fact: It has been proven time and again that the user is a more substantial factor (weakest link in the security chain) than the architecture of the operating system or installed protection software.
- Are Humans the Weakest Link in Cyber Security?
- Humans and Cybersecurity— The Weakest Link or the Best Defense
- Why Are Humans The Weakest Link In Cybersecurity?
- Studies prove once again that users are the weakest link in the security chain
- Humans are the weakest link in any cyber security strategy
Therefore, security begins with personal responsibility.
Tips to protect yourself against malware infection:
Keep Windows updated with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. Keep your Web Browser updated as well. Regardless of which browser you use, vendor's routinely release updates which include fixes for exploits and vulnerabilities. Internet Explorer will no longer be supported after June 15th, 2022...it is being retired in favor of Microsoft Edge. Going forward, folks should avoid using Internet Explorer if it is still on your operating system...consider it a security risk.
Avoid keygens, cracked software, warez and any pirated software. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, ransomware, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.
Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk (unsafe practice) which can make your computer susceptible to malware infections. File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. Malicious worms, backdoor Trojans, IRCBots, Botnets, and rootkits spread across P2P file sharing networks, gaming, and underground sites. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. If you must use file sharing, scan your downloads with anti-virus software before opening them and ensure Windows is configured to show file known extensions.
Avoid Bundled software. Many toolbars, add-ons/plug-ins, browser extensions, screensavers and useless or junk programs like registry cleaners, optimizers, download managers, etc, come bundled with other software (often without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, pop-up ads browser hijacking which may change your home page/search engine, and cause user profile corruption. Thus, bundled software may be detected and removed by security scanners as a Potentially Unwanted Program (PUP), a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Since the downloading of bundled software sometimes occurs without your knowledge, folks are often left scratching their heads and asking "how did this get on my computer." Even if advised of a toolbar or Add-on, many folks do not know that it is optional and not necessary to install in order to operate the program. If you install bundled software too fast, you most likely will miss the "opt out" option and end up with software you do not want or need. The best practice is to take your time during installation of any program and read everything before clicking that "Install" or "Next" button. Even then, in some cases, this opting out does not always seem to work as intended.
Beware of Rogue Security software and crypto ransomware as they are some of the most common sources of malware infection. They spread malware via a variety of attack vectors...through social engineering (trickery) and user interaction, opening a malicious or spam email attachment, executing a malicious file, exploits, exploit kits, web exploits, malspam, malvertising campaigns, cryptojacking malware campaigns, fileless malware, non-malware attack, posing as a folder on removable drives, drive-by downloads, downloading software cracks, pirated software, fake Microsoft Teams updates, fake/illegal activators for Windows & Office, targeting managed service providers (MSPs) and RDP bruteforce attacks, a common attack vector for servers particularly by those involved with the development and spread of ransomware since if enabled, it allows connections from the outside as explained here.
- Anatomy of a ransomware attack
- Anatomy of a Linux Ransomware Attack
- Spotlight on Ransomware: Common infection methods
- Spotlight on Ransomware: How ransomware works
- The realities of ransomware: Five signs you’re about to be attacked
For the most effective strategy to protect yourself from malware and ransomware (crypto malware) infection, see my comments in Post #14...it includes a list of prevention tips.
Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.
* Microsoft Security Advisory (967940): Update for Windows Autorun
* Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows
Note: If using Windows 7 and above, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.
Always update vulnerable software like browsers, Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these and several other popular programs have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Time to Update Your Adobe Reader
- Adobe Security bulletins and advisories
- Microsoft: Unprecedented Wave of Java Exploitation
- eight out of every 10 Web browsers are vulnerable to attack by exploits
Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.
Tools of the Trade: Exploit Kits
To help prevent this, you may want to install and use a Software Updater to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.
Note: The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 1709 (build 16299) or later and Windows 11 computers. Windows Package Manager winget command-line tool is available on Windows 11 and modern versions of Windows 10 as a part of the App Installer. To perform cyclic "update all applications" on your computer, use the following command:
winget upgrade --all --include-unknown --accept-source-agreements
Use strong passwords and change them anytime you encounter a malware infection, especially if the computer was used for online banking, paying bills, has credit card information or other sensitive data on it. This would include any used for taxes, email, eBay, paypal and other online activities. You should consider them to be compromised and change all passwords immediately as a precaution in case an attacker was able to steal your information when the computer was infected. Many of the newer types of malware are designed to steal your private information to include passwords and logins to forums, banks, credit cards and similar sensitive web sites. Always use a different password for each web site you log in to. Never use the same password on different sites. Ransomware disguises .exe files as fake PDF files with a PDF icon inside a .zip file attached to the email. Since Microsoft does not show extensions by default, they look like normal PDF files and people routinely open them. A common tactic of malware writers is to disguise malicious files by hiding the file extension or by adding double file extensions and/or extra space(s) to the existing extension so be sure you look closely at the full file name.
- Password Security 101: All the Steps You Need to Make Them Unbreakable
- How Do I Create a Strong and Unique Password?
- Four Methods to Create a Secure Password You'll Actually Remember
- How to Create a Strong Password (and Remember It)
- Choosing Secure Passwords
Know how to recognize Email scams and do not open unsolicited email attachments as they can be dangerous and result in serious malware infection. For example, Zbot/Z-bot (Zeus) is typically installed through opening disguised malicious email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers.
- Using Caution with Email Attachments
- How to Avoid Getting a Virus Through Email
- Safety tips for handling email attachments
Beware of Phony Emails, Phone Calls, Tech Support Scams, Ranscams & Extortion/Sextortion Scams (Post #13)
Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license...Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes...Do not trust unsolicited calls. Do not provide any personal information.
For more specific information about these types of scams, please read this topic.
Important !!! Allow Windows to show file extensions. Malware can disguise itself by hiding the file extension or by adding double file extensions and/or extra space(s) in the file's name to hide the real extension so be sure you look closely at the full file name as well as the extension. In some cases, you may not see the double extension because file extensions are hidden by default in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the file with extra spaces before the ".exe" extension. The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.
If you cannot see the file extension, you may need to reconfigure Windows to show known file name extensions.
- 50+ File Extensions That Are Potentially Dangerous on Windows
- How Hackers Can Disguise Malicious Programs With Fake File Extensions
- Why you should set your folder options to “show known file types”
Finally, back up your important data and files on a regular basis. Backing up data and disk imaging (redundancy) are among the most important prevention tasks users should perform on a regular basis, yet it's one of the most neglected areas. Some infections may render your computer unbootable during or before the disinfection process. Even if you're computer is not infected, backing up is part of best practices in the event of hardware or system failure related to other causes.
- The smartest way to stay unaffected by ransomware? Backup!
- Encrypted by ransomware...Prevention before the fact is the only guaranteed peace of mind on this one.
- 3-2-1 Backup Strategy
- The Backup Rule of Three
If infected with ransomware, without having backups to restore from, your data most likely is lost forever.
Backing up Data & System Imaging Resources:
- What’s the Best Way to Back Up My Computer?
- How to Protect Your Backups From Ransomware
- Backup and Restore in Windows 10/11
- How to Make System Image Backups on Windows 11
- How to Create a System Image in Windows 11 and Windows 10
- How to Create an image backup in Windows 10
It is a good practice to make a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.). Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistant to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made.
For the average home user, it is simpler to just buy an external hard drive, copy your critical data to it, disconnect the device and store it in a safe/secure location rather than try to monitor and maintain a complex backup system. Program like SoftByte Labs Comparator make doing backups easy for home users as well as professionals before creating an image.
IMPORTANT!!! When implementing a backup strategy include testing to ensure it works before an emergency arises; routinely check to verify backups are being made and stored properly; and isolate all backups (offline) to a device that is not always connected to the network or home computer so they are unreachable. If not, you risk not only malware infection but ransomware encrypting your backups and any backups of the backups when it strikes. In addition to encrypting data, many ransomware developers are now routinely searching for and destroying backups or simply deleting your backups.
- Ransomware’s Next Target: Backup Data
- Ransomware Attacks Have Entered the Realm of the Insidious and Vile
As such, some imaging/backup software (such as Macrium Image Guardian, Acronis True Image) automatically restore and/or prevent targeted backup files from being encrypted by ransomware.
.
Other topics discussed in this thread:
- Choosing an Anti-Virus Program
- Why should you use Antivirus software? - Safe Steps for Replacing your Anti-virus
- Do I need antivirus software on my smartphone - Smart Phone Best Practices
- Supplementing your Anti-Virus Program with Anti-Malware Tools
- Choosing a Firewall
- Understanding virus names and Naming Standards - Malware Naming Conventions
- Glossary of Malware Related Terms
- Why you should not use Registry Cleaners and Optimization Tools
- I have been hacked...What should I do? - How Do I Handle Identify Theft, Scams and Internet Fraud
- What is a Potentially Unwanted Program (PUP) or Potentially Unwanted Application (PUA)?
- About those Toolbars and Add-ons which change your browser settings
- There are no guarantees or shortcuts when it comes to malware removal - When should I reformat?
- Keygens, Cracks, Warez, Pirated Software, Torrents and File Sharing (P2P) are a Security Risk
- What are Cookies and are they dangerous?
- Beware of Phony Emails, Phone Calls, Tech Support Scams, Ranscams & Extortion/Sextortion Scams
Ransomware Related Topics:
- Best Defensive Strategy against ransomware (crypto malware)
- Preventing Ransomware - List of Ransomware Decryptor Tools
- Ransomware Encryption: The math, time and energy required to brute-force an encryption key
- Decryption vs Data Recovery of Ransomware
- Should you pay the ransom? - Reporting Ransomware & Scams
- Submitting Ransomware Samples
- Brief History of Ransomware - Types of Operating systems affected
- Release History of Master Keys for some major ransomwares
Updated: 06/14/24