OK the title of this post is actually misleading but for good reason. I’m not just going to talk about viruses but in fact about a range of nasties that can infect your computer. But most of us tend to call them viruses even though many of them are quite different.
A computer Virus is a self-replicating program that can travel from computer to computer. It is the self-replicating bit that makes it a virus.
There are other sorts of “malware” (malicious software) that don’t replicate themselves, don’t spread from computer to computer, but cause a lot of heartache all the same. These include but are not limited to: Trojans, Spyware and Rogueware.
A Trojan is a trojan-horse program. As the name suggests, it is a malicious program hiding inside another program. You might download a useful application and it runs fine, but hidden from you, you have now given permission for a second program to wreak havoc inside your system
Spyware is a program designed to spy on you, often sending information back to the software author. This might just be advertising type information. Or it might include your credit card details.
Rogueware usually takes the form of fake anti-virus software, but instead of helping you, the program removes functions from your computer to push you into buying their useless software or stealing your financial details. Malware can be one or all of these simultaneously. The common element is that they got onto your PC without you wanting it to happen.
So how do we prevent ourselves becoming the infected?
Well the absolute truth is that there is no 100% certain method other than pulling the network cable out of the computer. If you are online, you can get infected. No single security software package can guarantee protection. However you can severely reduce the chances by selecting good protection and browsing habits. Let’s take a look at some of the things we can do to protect ourselves:
AntiVirus programs: Most of us use AV apps but we still get infected. How is this possibe? AVs operate mostly by recognising the signatures of viruses. They cannot detect viruses which they don’t know about and many won’t detect viruses that hide themselves using various methods. Many will not detect non-viruses such as the ones already mentioned.
Antimalware specific apps: tools like Malwarebytes and Spyware Doctor have paid-for versions that scan the system as it is being used and attempt to stop malware getting into the sytem. They are to malware what AV apps are to viruses.
Firewalls: A firewalls is a piece of software or hardware that sits between you and the net and blocks certain types of “traffic” getting to your computer and possible getting from your computer to the net (depending on what you use). The good news is that if you have a broadband router then you have a hardware firewall that does a great job at stopping a lot of attacks getting past. Some computer Words scan the net for unprotected targets to infect and a firewall prevents that. Furthermore, Windows comes with a firewall built in which does the same thing. However the Windows firewall can get turned off by some malware and neither prevent outgoing traffic. This is by design as it allows useful applications like Itunes or Internet Explorer to connect to the web. However it also means if you get infected by some Spyware, the program can send your information back to base.
It is possible to upgrade your firewall to one that requires the user to give permission for applications to access the net. Online Armor or Zone Alarm are examples. The downside is that you get asked questions like “Internet Explorer is trying to access the internet. Would you like to give it permission?”. This can cause problems with inexperienced users and children who end up just saying yes to everything. However if you set them up correctly and learn how they work, they offer a another layer of protection that is useful.
HIPS: HIPS stands for Host Intrustion Protection System. Essentially it monitors your system’s files and settings and does not allow programs to make changes without your permission. Vista and Windows 7’s UAC could be said to be a form of HIPS. Some AV apps have HIPS, some firewalls have HIPS and there are specific HIPS applications. Again you get the annoying questions e.g. “XYZ application is trying to make a change to the registry, would you like to allow this?”.
Sandboxing: Sandboxing creates a safe area on the computer in which it runs applications. No changes can escape the sandbox and when you turn it off the sandbox is obliterated. Thus using a sandboxed browser you could get heavily infected and this not affect the rest of the sytem at all. An example of such an app is SandboxIE. They can be tricky to understand for many users and there are irritations with trying to save things you have downloaded from the web since they are downloaded into the sandbox and need moving out of it to be available to the system as a whole. However the protection they offer is very strong indeed.
Rights management: When log on as admin in XP, you give admin rights to applications you are using, including malware. Simply creating a Standard account and using that to browse confers some protection. You can be more sophisticated than this and use apps that drop the rights of certain programs instead. DropMyRights is one example.
Behavioural based protection: This protection operates on looking at what the malware is trying to do and how it might go about doing it, and noticing that sort of behaviour. ThreatFire is an example of this sort of application.
As you might expect, the market is full of applications and many combine many of these types of protection. They often make lots of claims and use (even more) confusing terminology. It can be hard to pick the right apps. In my line of work I see many infected computers and know that some of the biggest names in the AV business produce less than effective products. As a MobileTechie customer I will be happy to give you advice on such matters.
Your browsing behaviour.
This is arguably the most important security tool at your disposal. Nothing can protect against a wreckless user. Here are some basic tips:
Do not install software when you are not 100% sure of it’s source and it’s validity. Plenty of software sites give out infected software.
Do not immediately believe security alerts that pop up claiming to be from Microsoft. Learn what your real security app pop-ups look like. Remember that Microsoft Security Centre as in XP etc does not come up with a large pop up saying you have been infected. It merely tells you when your firewall, updates and AV are not working properly. If in doubt. Reboot and see if it is still happening. At the time of writing, these fake AV infections are very prevalent.
Use limited accounts for web-browsing. This is doubly true for children.
Do not use P2P file-sharing applications like Kazaa and emule etc.
Do not click on “you’ve won an ipod” or other pop-ups.
If you have HIPS protection think carefully about what you are saying yes or no to. If in doubt, look it up or call someone who knows.
Keep up to date with the latest Windows updates and service packs.
MobileTechie is a computer repair and support firm in Berkshire UK.