1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Practicing Safe Computing

Discussion in 'Technical Discussions' started by Digerati, May 10, 2011.

  1. Digerati

    Digerati Super Moderator Techie7 Moderator

    Malware Removal Notice: The purpose of this document is help you build your own security suite, set up your security defenses, and develop your own safe computing practices so you never need the services of a Malware Removal expert. This is not a malware removal guide. If you came to this post because you suspect your system is infected and has already been compromised, I recommend you follow these instructions and one of our certified Malware Removal experts will assist. When done, use this guide to prevent recurrence.

    Practicing Safe Computing

    Do not misunderstand! There are people on the Internet right now, trying to hurt you, and your family! The worst of the scum seek to terrorize, abduct, torture, sell into slave labor and sex rings, and kill our children! They exploit the elderly, weak, scared, and innocent. Predators don't care who you are.

    The hackers, thieves, spammers, software pirates, illegal software users, juvenile misfits, and cyber-terrorists don't care either. Many are very clever. Do not think otherwise. Do not let your guard down. Learn, then teach your children. Right now, badguys are trying to determine our email addresses, bank account numbers, credit card numbers, phone numbers, Social Security numbers, driver's license numbers, home addresses, birthdays, mothers' maiden names. They want to steal our money, open new accounts under our names, run up our bills. They want to tap into our wireless networks, steal our data and use our Internet access for nefarious deeds.

    It is a sad fact that we, as users, must be the linchpins for security protecting our computers, our personal information, and our families from predators, identity thieves, organized crime, terrorist, and all the wannabe followers - the badguys of cyberspace.

    The best defense will surely fail if the "human factor" fails. Losing concentration and compromising safe computing practices very quickly turns the user into the weakest link, resulting in exposed vulnerabilities and potentially compromised security and safety.

    How did we get in this security mess? Let's make sure we put the blame where it belongs; on the badguys! Badguys put us in this position. Not the software giants. Not the hardware industry. But bad people - and not just the usual suspects mentioned either, but bad guys in corrupt governments, ISPs, and law enforcement, and others who profit (tax free, I'm sure) from that malicious activity.

    They have forced the rest of us to become Information Technology (IT) security experts just so we and our families can safely use our computers in our own homes.

    Beyond that, failure to keep our systems free from malware and intrusions is not being a responsible Internet user. These vulnerable systems are primary targets (easy pickings) for badguys and may (most likely will) end up compromised. The compromised computer, under the control of the bad guy, then becomes a threat to the rest of us as it used by the badguy to send spam, launch DDoS attacks, and distribute more malicious code across our networks. Not good.

    What can we, as computer/Internet users do about it? Three things:
    1. Practice Safe Computing! Keep our systems patched, updated, scanned and blocked, and use a disciplined approach to operating the computer and using the Internet.
      • Patch operating systems and applications to the latest security patches, including Windows 8.1, Windows 7 SP1, Vista SP2, and our browsers, including Internet Explorer even if using an alternative browser as your default.
      • Update anti-malware signature/definition files promptly and apply operating system critical updates in a timely manner (see "Windows Update" under "Prevent Re-Infestation" below)
      • Scan using "real-time" anti-malware scanners for viruses, worms, Trojans, and spyware
      • Block unauthorized access attempts, spam and pop-ups using a good client-based (software) firewall, spam blocker, and pop-up blocker.
      • Self Discipline, the most crucial! Self discipline includes:
        • NEVER click on "To stop getting these spam messages, click here" links
        • NEVER click on any links in unsolicited pop-ups or email
        • NEVER open attachments or downloads without first scanning for malware - regardless the source
        • NEVER visit sites bad guys are known to wallow in including illegal porn and gambling sites
        • Never participate in illegal filesharing of copyrighted materials like music files, movies, and other published documents and on Peer to Peer (P2P) sites or via torrents

          and finally...

        • NEVER skip any of the above.

    2. Limit Access. It is good practice for all users to use limited access, or "Standard" user accounts for normal day to day computer use instead of an "Administrator" account. Downloads are restricted with standard accounts making it less likely a badguy will be able to download and install malicious code on your computer, should a malicious site be visited by the user, or through a malicious redirection. Children should have standard accounts, always separate from the parents' accounts. You create or modify user accounts via the Control Panel, User Accounts applet .

      Use strong passwords, preferably 8 characters or more, consisting of upper and lower case letters, numbers, and special characters (! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~). Do not use family names, pet names, birthdays, anniversaries, addresses or other easy to guess passwords. Do not write your passwords down on a notepad or a sticky note, or unencrypted spreadsheet. Use a password manager to store your passwords. Recommended include LastPass, Password Safe, KeePass Password Safe, or RoboForm. For PDA users, I highly recommend SplashID which includes SplashID Desktop, an excellent Windows password manager that "hotsyncs" your encrypted passwords with your PDA.

      "Physical Security" is just as important for your passwords as it is for your computer (especially notebooks) and your identity. If a thief breaks into your home and steals your computer, he's going to quickly, but pretty thoroughly, hunt around within arm's length from your computer chair for a "secret" list of passwords. If found, he has the keys to your life. With a good password safe, you only have to remember one password - the one to get into the safe.

      I do not recommend allowing Windows or your browser save your passwords because that method provides no "physical security" should your computer be stolen.

    3. Vote! Demand your elected officials fund for enforcement of existing laws, and create new laws with teeth against all aspects of cyber-crime. Demand funding so the authorities have the resources needed to fight the badguys. Elect or demand appointment of judges that levy harsh punishments. Demand the United Nations enforce the existing laws on software counterfeiting, and the exploitation of children in servitude, forced labor and pornography, all of which use the Internet.

    Supplemental/Manual Scanning for Malware

    It is important to manually run through your security scans on a regular basis, even when you have a full, real-time security system in place. This is necessary to ensure nothing got by (or was "allowed" by) your defenses by you, or another person using that computer. Once a week is not unreasonable.

    "Malware" is the catchall word for malicious software to include viruses, Trojans, worms, spam, and spyware. As the security industry consolidates products and migrates towards "suites", anti-virus and anti-spyware products are evolving and merging into "anti-malware" products.

    Use the information below to assemble your own arsenal of tools to keep your systems free of malware, and your family safe. I personally have used these tools on the various computers on my network and frequently recommend them to friends, family, and clients. There are certainly many competing products that are just as effective and by all means, if you are more comfortable with another product, and it is not a "rogue" product, then use it. The main point is, keep it updated and use it!

    Important Note - Use Custom Install. For all programs you download and install, select the custom install option. Do not simply allow the defaults as this often will install ("foist") extra, unwanted, and unneeded software on your system to include toolbars, download managers, auto-updaters, or usage tracking software.

    Important Note - Update First. For all of the following suggested programs, and before every scan, use each application's "update" feature to ensure you have installed the latest signature/definition files. This is necessary even if you just downloaded the most recent version of the application.

    Important Note - Avoid Conflicts. To avoid conflicts, ensure only one firewall and one "real-time" (also known as "in resident", "in memory", "auto-protect" or "active scanning") scanner program of the same type is running at any given time. For example, only one firewall and one real-time anti-malware scanner should be running at a time. This is to avoid "two dogs guarding the same bone" issues, which at the very least, is probably a waste of system resources.

    Important Note - Back up. Performing major system scans and cleaning is never risk free. Although every program listed here has a long history of reliable performance, things can go wrong, especially with a problem system. Hardware can fail and power grid anomalies can wreck havoc. Use a good uninterpretable power supply (UPS) with AVR (automatic voltage regulation)! Look for "pure sinewave" or "approximation sinewave" outputs. Back up your important files regularly. And I recommend you create a System Restore “point” before running through the cleaning procedures. System Restore allows you to “roll back” system files, Registry keys, installed programs and drivers, etc. to a previous state.
    1. Quit all running applications,
    2. Go to Start > All Programs > Accessories > System Tools > System Restore (or type System Restore in Windows 8.1 search box).
    3. At the System Restore Welcome Screen, click the Create a restore point radio, button, then click Next,
    4. Name the Restore point (Example: Before system clean),
    5. Click Create.
    Important Note - Check EULAs. Be aware that most free software is free for home and non-commercial use only. Be sure to read the end-user licensing agreements (EULAs) before using.

    Clean Out the Clutter

    • Delete Temporary Files before scanning to rid system of thousands of temporary files. This action often significantly reduces scanning times and may clear out files that are corrupt or are infected with malware. Deleting cookies as well ensures all "tracking cookies" are removed too. Note that deleting cookies will force the manual entry of user names and passwords for sites requiring them on your next visit, so make sure you know them.
      • Windows (Windows Vista, 7, and 8/8.1, XP) Disk Cleanup. One distinct advantage Windows Disk Cleanup has over most other cleaners is that it has the option to delete all but the most recent Restore Point. This is significant because malicious code can hide there too. To delete temporary and no longer needed files (including old System Restore points) with Windows Disk Cleanup:
        • In My Computer, right click on drive, then select Properties > Disk Cleanup,
        • When Disk Cleanup calculation is complete, check the desired Files to delete boxes - uncheck Compress old files unless you are very low on disk space (Note: Highlighting each entry will reveal a description of items being deleted),
        • Optional - Remove all System Restore points, except the most recent
          • Click the More Options Tab,
          • Under System Restore, click Clean up... to remove all but the most recent restore points, then follow prompts to complete action,
        • Click OK and follow prompts to complete and exit Disk Cleanup.
      • Temp File Cleaner (TFC) by OldTimer - a very thorough temporary cleaner.
      • CCleaner - a popular alternative cleaner for more advanced users. During installation, uncheck the option to install the Yahoo toolbar, or download CCleaner - Slim for the version without the toolbar. Before first use, check Options > Settings and ensure Only delete files in Windows Temp folders older than 24 hours is unchecked. You can also configure CCleaner to leave cookies from the trusted sites you visit often. For advanced users, CCleaner has an excellent Registry tool that checks for "issues", cleaning unused "orphaned" entries missing shortcuts. It is very conservative and as such, is much safer than more aggressive cleaners. It always prompts the user to backup the Registry before making changes. Like any Registry cleaner, it is best when used to maintain a Registry in good order, rather than to fix a long neglected, and broken registry.

      : Some files cannot be deleted while Windows is running. They will be marked for deletion at next boot. Expect the computer to take longer to boot up the first time after cleaning with one of the above utilities.

      Also note that the cleaning process may clear out Windows "fetch" settings that allow Windows and your applications to load faster. These fetch settings will automatically be reconfigured (unless disabled by the user) for the user, based on the user's computer use, after a few computing sessions.

      Tip: Delete all Temporary Internet Files and Cookies before defragmenting your hard drives. It is counterproductive to defrag with 1000s of tiny temporary files on the drives. For this reason, I don't recommend defrag programs that run in the background and defrag automatically, unless you have lots of free disk space.
    Manual Scanning for Malware - No single anti-malware program gets them all. Therefore, it is necessary to use an arsenal of tools and periodically, perform manual scans. Past controversy over some makers' decisions to delist known spyware emphasizes the need to attack on multiple fronts. I recommend you download, install, and use the latest versions of one or more of the following:
    A special note about MBAM Pro. Unlike most other "real-time" anti-malware solutions, MBAM Pro plays well with other real-time scanners. Plus it has a low "one-time" initial cost - NO recurring renewal fees. I have no problems recommending MBAM Pro be used along with another real-time anti-malware solution.

    Real-time Scanning for Malware - If you don't have a current real-time anti-malware scanner, get one NOW!. There are several excellent anti-malware programs to choose from, some free, some not.

    Be sure to use the "custom" install option when installing, and uncheck any options for extra programs, toolbars, or add-ons that you do not want.

    I personally use and recommend Microsoft Security Essentials (MSE) in Windows 7, along with MBAM Free. Windows 8 includes an enhanced MSE, renamed to Windows Defender. I use Windows Defender, along with MBAM Pro on my primary Windows 8.1 system. Other favorites include avast! and Avira AntiVir. I recommend keeping one anti-malware program running in "auto-protect" (real-time) mode at all times, and have another on hand for "on-demand" scanning. Remember to disable the running scanner before scanning with the "on-demand" scanner (unless using MBAM Pro).

    Scan with one, two or all three (in turn) of these free on-line virus scanners as a double or even triple check. Some very malicious malware have been known to disable PC based ant-virus (AV) scanners. These on-line scanners help compensate for that. Temporarily disable your real-time AV scanner first.

    • Scan for Rootkits - Rootkit is a term originating in the UNIX world to describe a set of "stealthy" tools used to obtain and/or maintain root access. A person with "root" access can do anything. Windows rootkits gain access by exploiting known vulnerabilities on un-patched systems, then use that access to install a "back door" to maintain that access to your system. Use one of the following:
      Reminder: Don't forget to re-enable real-time scanning when manual scanning is complete.
    Prevent Re-infestation - Use the above tools to clean your system, and to help prevent future attacks from compromising your system again. In addition to those tools you also need the following:
    • Firewall - If you are not using a software based firewall, enable Windows Firewall, or get one of those suggested below NOW! Windows Firewall is a basic firewall that works well for most users. However, note the XP version can only block unauthorized incoming access attempts. This means XP's Windows Firewall will not prevent Trojans, keyloggers, and other spyware from "phoning home" with your personal information, should they manage to get past your other defenses, or were on your computer prior setting up your defenses. Vista's Windows Firewall with Advance Security is an able, two-way firewall. However, the default configuration is only set to block inbound connections. The Windows 7 and Windows 8 versions of Windows Firewall are more advanced and fully capable of meeting all firewall needs and is very easy to use. I use Windows Firewall on all my W7 and W8 systems and I have no hesitation recommending using it.

      There are several good alternatives to Windows Firewall, but in any case, do not use more than one software based firewall. In most cases, if you install a 3rd party firewall, Windows Firewall will automatically be disabled. The following alternatives are effective, but require additional user interaction to configure and use properly.
      As always, select the "custom install" option to block installing extras you don't need.

      Important Note - Routers and Firewalls: If you have a router you still need a software based firewall on each system on your network. This is true even if it is a network of just one computer. If you are not using a router, you should, especially if you are using broadband (cable or DSL high-speed Internet). Ensure your router uses NAT (Network Address Translation). NAT is a very effective security feature that provides hardware firewall type features. Note that some routers advertise firewall features that are not true firewalls. Read the fine print, or ask questions. There are several offerings for under $50.00USD. Some offer dial-up support, and some include a print server for network printing. Using a router also allows you to disable printer and Internet connection sharing on your connected computers.
    • Pop-up Blocker - There are several good pop-up blockers, including those found in the latest versions of Internet Explorer, Firefox and other popular alternatives. I recommend you enable them. Many add-in toolbars, such as Google Toolbar and Yahoo Toolbar, also have pop-up blockers. It is fine to also use one of those. However, I caution against using more than one or two pop-up blockers to avoid conflicts and confusion. The thing to remember is the "self-discipline" portion of Practice Safe Computing from above; if a pop-up gets through, just close the pop-up, do not click on any links.
    • Spam Blocker - Spam is inevitable if you have an email account. Most ISPs offer spam blocking tools or there are several client (computer) based spam blockers. However, NO spam blocker is perfect, so I caution you to remember that. Some spam messages will not be identified, and some legitimate messages will be falsely identified as spam. I recommend you select an option that tags "suspected" spam, and/or moves suspected spam to a spam/quarantine folder, rather than automatically deleting them. For example, my ISP appends (tags) the subject line with "--spam--", which is easy for me, and computer based spam filters, to spot.

      I prefer and recommend a client based spam blocker if you have multiple email accounts. There are many to choose from. I use and strongly recommend MailWasher Pro. There is a bit of a learning curve, but by far, what puts it above and beyond all other spamblockers is that you process all your mail from all your accounts on the servers! That is, BEFORE the email is downloaded on to your system. This is huge, in my opinion. Other spamblockers download the entire email (and attachments!), dumps it on to your machine, and then analyzes it for possible malicious code. To me, that's like asking a stranger to step inside your home, THEN asking him what he wants.
    • Secunia PSI - This free security tool is used to detect missing security updates for all programs installed on your computer, not just those from Microsoft. In most cases, it also provides a "Download Fix" option, taking you to the correct update download site. It also reports end-of-life (no longer supported) programs, which may indicate a program that is no longer secure. Secunia PSI is a great complement to Windows Update or Microsoft Update and can be downloaded directly from Secunia.
    • Windows Update - The vast majority of users of the nearly 1.4 billion Windows computers in the world today allow Windows Update (or Microsoft Update - for all Microsoft products) to automatically download and install updates and they never have problems. So reports that say Windows Update will mess up your system are greatly exaggerated. That said, Microsoft has not been 100% perfect in pushing out reliable updates; some have broken a few machines. And unfortunately, if Windows Update is set to automatically download and install the updates, you may not know exactly what is updated, or when. No problems if all goes well. But I suspect if reading this, your are concerned, like me, about what is happening with your computer. Therefore, I recommend the following:
      • Set Windows Update to "Download updates for me, but let me choose when to install them" or "Notify me but don't automatically download or install them"
      • Use "Custom" install option - research the updates that affect you - do not install yet
      • "Listen" for "chatter" here, and at other technical sites and forums
      • Check AskWoody.Com for any update issues that may affect you
    I know all of the above is a lot but this is what it takes to get and keep your systems clean, running at full performance, and safe for you and your family to use. Fortunately, it gets easier to manage once it is all set up and you become more familiar with the features. I recommend all scanners be scheduled to update, then scan on a regular basis - weekly at a minimum. It is an important part of Practicing Safe Computing to also set up a routine to regularly scan your system(s) manually.


    Comment: Security Suites. Security suites like Norton Internet Security, Bitdefender Total Security, et al are complete security packages containing a firewall, anti-malware, spam blocker, pop-up blocker, and more. They are managed through a single user interface (UI) or control panel. Some suites are free, most are not. Suites are less expensive than buying individual components from several vendors, and with only one UI to learn, are typically easier to use. That makes them attractive for many users. Most importantly, if kept properly updated, they do provide an effective defense strategy.

    However, from a strict security standpoint, having a defense strategy supplied by a single source is not the best strategy. It is like putting all your eggs in one basket. With any business, suite makers look for ways to increase efficiency, cut costs and increase production. Any programmer knows that if you can reuse code, you save time and money. Therefore it only follows these makers will reuse code as much as possible in their suites. This is efficient, but also has the potential of introducing potential single points of failure for your entire defense. The user interface, update website, scan scheduler, and files databases are 4 specific examples of possible single points of failure; a fault in one may affect several tools, or the entire suite. If the user interface breaks, for example, all your defenses may be compromised or taken down. In the case of the shared files database, the same group of people is deciding which files both the anti-virus application and the anti-spyware application will scan. Is that a problem? I don't know. But I do know from a security standpoint, an "overlapping" defense, with different sets of eyes watching over things, is much better than a single set.

    Even the best suites do not excel in all areas. One may have a superior firewall, but only a fair malware scanner. Another suite may be great at detecting viruses, but weak with spyware. If you "roll your own" suite, you can build a superior suite consisting of the best tools in every category that meet the demands for your computing habits.

    Are paid programs better than free? Not necessarily. Typically, the paid programs come with extras, many of which you don't need, use system resources (disk space, RAM, and CPU cycles) and may affect performance, though this is less of a concern with today's hardware and the latests security applications

    With that in mind, many of my colleagues have created similar guides for keeping our systems clean and safe. I encourage you to read them all. You will find as many different approaches and tools as there are experts writing about them. That's good as they may suggest a different tool you might include in your arsenal instead of, or in addition to those suggested here.

    You will also find they all focus on, directly, or implied, the one key element to computer security... You! You can have the best firewall and anti-malware tools, but if you don't maintain a strict discipline when it comes to "Practicing Safe Computing" (see Item 1 above) it's like running a red light at a busy intersection, or letting a stranger into your home and then asking what they want.


    Referrals: If you were referred to this post as part of the resolution process being worked in another thread, when done with the above scans, please post a status update in the original thread.


    DISCLAIMER: Please note this was compiled by me and should in no way be construed as policy of this site, nor is this site responsible for any outcome that may come about by following it. Although many users have successfully used this guide, I cannot guarantee success, nor can I promise any outcome. That said, I have personally used all these products on many computers to clean them of clutter and to prevent infestation without incident. I anticipate you will have no problems if you follow the stated precautions.


    Edit History
    3-6-2014 - Significant updates to address Windows 8/8.1 and other changes.
    10-18-12 - Updated link to AV-Test labs.
    1-25-12 - Updated link to Techie7
    11-17-11 - Corrected link and amended comment for TFC.
    8-22-11 - Added IE9 and Windows 7 SP1 content, minor formatting edits.
    6-22-11 - Amended Limit Access section, password content, added physical security content, minor formatting edits.
    3-10-11 - Typo fix
    1-25-11 - Typo fix
    11-12-10 - Minor edit to preface paragraph
    10-31-10 - Minor grammar edit
    10-3-10 - Minor formatting and amended CCleaner entry to mention CCleaner - Slim
    10-1-10 - Version 3 Major Rewrite to include Windows 7 (32 and 64-bit)

    Last edited: Mar 6, 2014