Malware can be loosely interpreted to mean any bad program, including the many varieties of viruses, key loggers, worms, trojans, spambots, and other programs that have undesirable
effects on computers. Malware most commonly enters computers from infected emails, documents, websites and instant messaging services. Computer virus is the most popular,
if not completely accurate term in use.
All proper computer security is dependent on keeping intruders out. No single prevention is 100% effective so it is immportant to apply an entire family of prevention.
A good external firewall such as a router or firewall server is essential.
Your first line of defense should be to not let any malware past the entry gate. Don't click on any popups, especially those that say your computer is infected or
offer to scan your computer. Most of these exist solely to infect your computer or at best sell you products of marginal quality. Don't open any suspicious emails, and
especially don't click on links in emails
unless you are absolutely certain they are safe.
After the internet and email, the most common method of malware entry is via. an autorun file on a CD, DVD or USB device such as
a thumb drive, memory card or digital picture frame. This is how the infamous Stuxnet worm spread while seeking its target. Autorun
is a great convenience. Just plug in a device or insert a CD and the computer knows what to do and does it. The only problem is it may have instructions that are counter
to your computer's welfare. If it is a new virus, you just became infected and your antivirus knows nothing about it. Go into windows and shut off all forms of autorun. It
adds a little inconvenience when you insert a CD or USB device, but saves a big inconvenience or worse by helping keep malware out.
A good antivirus program is your second line of defense. Antivirus programs compare files to a library of known viruses to determine what is safe and what isn't. This is
a serious limitation. First, new viruses are not detected or protected against until enough computers have been infected for their signature to appear in the virus
library. Secondly, some forms of malware use legitimate appearing system functions and thus are not flagged as viruses. The first symptoms can be slow response or
constant disk activity. Of course both of these symptoms can be for innocent reasons too. Updating the virus library regularly is essential.
Just because malware might be able to get past your anti-virus program, doesn’t mean you have to let it have its way. Just as a hand grenade on the floor won’t explode until
the pin is pulled, malware can’t do much damage until it installs and runs. There are two methods to prevent it from installing and running.
The first technique is to create a limited user account and use this account for all your web surfing. Ideally, you would use an administrator account for all computer
maintenance and the limited user account for email and web surfing. If you must use instant messaging, use it only from the limited account, disable it in the administrator
account, have a secure password for the administrator account, and call it something other than administrator. When my children were in middle school, their computer was
constantly becoming infected despite the best firewall and antivirus available. This one technique stopped all the problems.
An excellent complement to the limited user account and critical for the accounts with administrator privileges is a program called Startup Monitor. It is freeware with
donations requested. The author’s home page is www.mlin.net. This program will prevent any new software installation without the computer user’s permission. The
drawback is
that you, the user has to decide which programs to allow and which programs to block. If you are in the middle of installing software or an update from a known trustworthy
source, it is probably OK. If the monitor window pops up while downloading a web page or opening a document, tell it “NO”. You just dodged some malware.
A software firewall is handy, but mostly as a last line of defense. Assuming you already have an external firewall, malware can be delivered to your computer by tagging along
with legitimate communication. If the malware manages to get installed, a software firewall can prevent it from communicating with it’s home server. This is kind of late
in the game and the result can cause the computer to hang. The good news is that it kept your personal data from leaving your computer.
If you need to have malware or viruses removed, please contact info@cleardata-forensics.com,
or call us at (206) 799-4592. Additional contact information is listed
on our Contact Us page.