Rank: ? (261)
Member #: 5295

Working at a computer repair business, every customer we have is infected with some form of Malware (Spyware, Adware, Trojans) I've seen as many as 9200 or so files, regkeys, links and fake URLs that infect customers with spyware. Some can be just as damaging as a virus. Programs like Weather Bug, Kazza, Wild Tangent, and many others just blast a user with Spyware and adware. We actually developed our own software that works better than ad-aware and Spybot, yet I really think few realise how easy it is to get malware. Though many may have heard of the Exploit built into M$ and a dialler (yes two L's) that never seems to go away, I think we need to take this Malware very seriously. Malware, I've found, comes a lot from those online games many love to play, and from file shareing networks. Even if people have NAV, Firewalls, Ad-Aware, Spybot and others (and there are some so called anti spyware that IS spyware itself), they can still be infected. The moment you allow a download, connect to a server, connect to an online network, bam, they got you. All it takes is one trojan or spyware to start the tracking and adware will flow. What steps do you guys take to avoid getting malware?

Rank: ? (595)
Member #: 4753

Well, it depends on the OS you use, the amount of computers, and who can use them.

- If you are on Macs, you probably don't have no problems whatsoever.

- If you are on Linux/*nix, your life is also much easier, but you need to keep up-to-date and need to develop some decent computer knowledge.

- If you have to use Windoze, you better be prepared...

Windoze OSs is unfortunately what most (have to) use, so, I'll give you my setup:

1: Hardware router.

I use a hardware router (Belkin with wireless), which already does a lot of blocking of unwanted traffic into the network as it has a decent firewall built in.

2: Software firewall.

Very important, each client has a software firewall, the next level of protection. Everything that gets tru the router, will be checked by the second firewall. You can then set rules of conduct for the programs that access the internet.

Any good software firewalls will allow you to do extensive filtering too. If the firewall isn't capable of that, you can get a extra software.

Filtering:

- On the ground level I filter on IP ranges, which means no traffic allowed from and to those addresses (the blacklists I get from B.I.S.S., I use their excellent Blocklist Manager for that).
- Then I filter on keywords, ads etcet. The lists I get from Eric Howes' site
- Everything that then still gets thru is given rules on what is allowed per site or domain. For http (browser) this would mean rules on ActiveX, JavaScript, cookies etcet.

I use Agnitum Outpost as my software firewall, the paid version that is. But it's excellent, and highly recommended.

As an extra, I run eDexter to take care of my hosts-file (a dedicated block-file)

3: Anti-virus software.

I use a resident anti virus software that monitors in real time (AntiVir PE), and then I do checks with two other anti virus softwares every week or so (ClamWin and F-Prot for DOS).

4: Anti foistware software.

Two resident softwares running (SpyBot Search & Destroy Resident = TeaTimer and SpywareGuard), and regular scanning/inoculation with standalone programs (SpyBot Search & Destroy and Spywareblaster, HijackThis for investigation)

5: Avoid using Internet Exploder.

I use Opera as my browser, and Internet Exploiter only if I have to. A good other alternative is Firefox. Beware that not all browsers really are 'other' browsers, many use the Internet Exploder engine and simply add a nice new interface.

6: Be very careful with the Windoze built-in scripting and automation software.

VBScript, WSH (Windows Scripting Host), JavaScript and macros are THE sources that exploits try to abuse. Guard them well, turn them off, or if they need to be running, restrict them. Use AnalogX Script Defender or Script Sentry to defend yourself from malicious scripts (AntiVir PE still reports Script Sentry's registry changes as 'suspicious', even though I raised this issue many times).

7: Avoid 'dangerous' sources on the internet.

The most obvious sources of malware are P2P networks, pr0n-sites and advertising. Just stay away from them (especially if you have no clue as to how to protect yourself).

Don't download 'unknown' software, get your freewares from a trusted source, a source that tests and discloses any malware attached. Freeware/OpenSource software is not bad, as some might think, but get it from good sources like SourceForge or SnapFiles. Just because you pay for software, that doesn't automaticly make it better than free stuff.

Don't open attachments from e-mails who's sender you do not know, and even if you do, first scan them.

Set your e-mail client to view the e-mails as text-only, not as html.

8: Clear your tracks.

Clear your cache and cookies often. I clear everything when surfing almost every 5 mins (I use IE Privacy Keeper for Internet Exploder, for Opera I don't need no extra software).

Clear other tracks too. Mru-lists (most recently used) and other tracks you leave behind, can be read by other software (MRU-Blaster is a good proggy to clean those mrus)

9: Stay informed, and do your updates.

Try to stay informed, and regularly do your Windows Update.

10: Backup and reinstall

Backup, backup, backup... Yes do.... It's for your own good. If you can do something like ghosting (system-wide snapshots), use it. If not, burn to cd or tape or if need be floppy for God's sake, you'll regret it if you don't, I can assure you that.

Reinstall everything every now and then. Yes, this is a pain, I know, but Windoze OSs suck, and if you don't do a complete reinstall, your system will get slower and get more corrupted over time, even if you try to repair as much as possible. It is inherent to the way Micro$oft builds it's OSs, that they will self-destruct eventually...

---

And if you are getting sick and tired of it all, well, go Mac?

PS: All softwares and sources mentioned, apart from the Agnitum Outpost Firewall paid version, are free for personal use.

---

More info to come...

Rank: ? (1533)
Member #: 15283

Wow. Tight system daonlyfreez.

*huge grin* Cheers Mate. _B_

Edit = BTW, I've saved that entire last post of Yours to refer to later, -the next time I reconfigure my system.

Rank: ? (614)
Member #: 9832

I feel kind of bad to advertise another site here but just check

security-forums

for this. They have very up to date and detailed information.
Of course, simple solution is to avoid using IE, avoid Windows if possible (install linux as dual boot for surfing if you don't wan't it for anything else) and run adaware, spybot search&destroy and hijackThis on daily basis. And don't forget updates.
And just pay attention. If clicking a link creates unusual amount of hard drive work, disconnect and scan. If software install feel weird and has too many pop-ups, stop it and scan... and so on. I don't want to be windows basher, but most crud-creators create their shit for windows so...