ClearData Forensics - Virus prevention tips

ClearData Forensics LLC

Home | Services | About Us | Contact Us

Types of Services
Litigation Support / Expert Witness
For Businesses
For Individuals
Data Recovery
Secure Computer Disposal
Virus Removal
Articles
The Importance of Electronic Discovery and Digital Forensics
Electronic Discovery and Social Networks
Ten Places Useful Data Could Be Hiding in a Computer
White Papers
What Really Counts in Court
What Is Computer Forensics?
Computer911
Preventing Viruses and Malware
Definitions and Glossary

Avoiding Malware and Computer Viruses

Malware can be loosely interpreted to mean any bad program, including the many varieties of viruses, key loggers, worms, trojans, spambots, and other programs that have undesirable effects on computers. Malware most commonly enters computers from infected emails, documents, websites and instant messaging services. Computer virus is the most popular, if not completely accurate term in use.

All proper computer security is dependent on keeping intruders out. No single prevention is 100% effective so it is immportant to apply an entire family of prevention. A good external firewall such as a router or firewall server is essential.

Your first line of defense should be to not let any malware past the entry gate. Don't click on any popups, especially those that say your computer is infected or offer to scan your computer. Most of these exist solely to infect your computer or at best sell you products of marginal quality. Don't open any suspicious emails, and especially don't click on links in emails unless you are absolutely certain they are safe.

After the internet and email, the most common method of malware entry is via. an autorun file on a CD, DVD or USB device such as a thumb drive, memory card or digital picture frame. This is how the infamous Stuxnet worm spread while seeking its target. Autorun is a great convenience. Just plug in a device or insert a CD and the computer knows what to do and does it. The only problem is it may have instructions that are counter to your computer's welfare. If it is a new virus, you just became infected and your antivirus knows nothing about it. Go into windows and shut off all forms of autorun. It adds a little inconvenience when you insert a CD or USB device, but saves a big inconvenience or worse by helping keep malware out.

A good antivirus program is your second line of defense. Antivirus programs compare files to a library of known viruses to determine what is safe and what isn't. This is a serious limitation. First, new viruses are not detected or protected against until enough computers have been infected for their signature to appear in the virus library. Secondly, some forms of malware use legitimate appearing system functions and thus are not flagged as viruses. The first symptoms can be slow response or constant disk activity. Of course both of these symptoms can be for innocent reasons too. Updating the virus library regularly is essential.

Just because malware might be able to get past your anti-virus program, doesn’t mean you have to let it have its way. Just as a hand grenade on the floor won’t explode until the pin is pulled, malware can’t do much damage until it installs and runs. There are two methods to prevent it from installing and running.

The first technique is to create a limited user account and use this account for all your web surfing. Ideally, you would use an administrator account for all computer maintenance and the limited user account for email and web surfing. If you must use instant messaging, use it only from the limited account, disable it in the administrator account, have a secure password for the administrator account, and call it something other than administrator. When my children were in middle school, their computer was constantly becoming infected despite the best firewall and antivirus available. This one technique stopped all the problems.

An excellent complement to the limited user account and critical for the accounts with administrator privileges is a program called Startup Monitor. It is freeware with donations requested. The author’s home page is www.mlin.net. This program will prevent any new software installation without the computer user’s permission. The drawback is that you, the user has to decide which programs to allow and which programs to block. If you are in the middle of installing software or an update from a known trustworthy source, it is probably OK. If the monitor window pops up while downloading a web page or opening a document, tell it “NO”. You just dodged some malware.

A software firewall is handy, but mostly as a last line of defense. Assuming you already have an external firewall, malware can be delivered to your computer by tagging along with legitimate communication. If the malware manages to get installed, a software firewall can prevent it from communicating with it’s home server. This is kind of late in the game and the result can cause the computer to hang. The good news is that it kept your personal data from leaving your computer.

If you need to have malware or viruses removed, please contact info@cleardata-forensics.com, or call us at (206) 799-4592. Additional contact information is listed on our Contact Us page.

Home | Top of Page | Privacy Policy | Contact Us

Copyright © 2011-2017 ClearData Forensics LLC all rights reserved. Reproduction in whole or in part in any form or medium without the expressed written permission of ClearData Forensics LLC is prohibited. CyberSecurity Institute, CyberSecurity Forensic Analyst (CSFA) and CSFA logo are trademarks of CyberSecurity Institute, used by permission.