Administrator, Security Analyst
- Feb 22, 2012
- Upstate, NY
"So How Did I Get Infected In the First Place?"
(Updated from the original article by Tony Klein. See Note*)
(Updated from the original article by Tony Klein. See Note*)
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
Safe Computing Practices
1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Either enable Automatic Updates or get into the habit of checking for Windows updates regularly.
- Windows XP: Go to Start > Windows Update
- Windows Vista: Go to Start > Control Panel > Security > Windows Update
- Windows 7: Go to Start > All Control Panel Items > Security > Windows Update
- Windows 8: Open the Search charm, enter "Turn automatic updating on or off", and tap or click Settings to find it.
- Windows RT: Automatic updating is always on.
Service packs are the means by which product updates are distributed and may contain updates for system reliability, program compatibility, security, and more. Unless you suspect your computer is infected with malware, the latest service packs can be downloaded from Microsoft Support. Once you are sure you have a clean system, it is highly recommended to install the latest service pack to help prevent against future infections.
2. Update 3rd Party Software Programs
Third Party software programs have become targets for malware creators. To check if your system is missing security updates or has insecure applications installed, install the Secunia Personal Software Inspector (PSI) or visit the Secunia Online Software Inspector page (requires Oracle Java).
3. Use a Standard/Limited User Account
Although the Administrator account is needed when setting up the computer, day-to-day usage should be with a Standard User Account which has limited permissions. An Administrator account provides the highest level of access to your computer whereas using a Standard User Account makes it more difficult for the computer to be infected.
Using a Standard User Account for every day activities applies even if you are the sole user of the computer. For additional information, see. Using a Standard/Limited User Account.
4. Watch what you download!
- Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
- Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others are among the most notorious. P2P programs allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner.
- Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!
Pre-scan downloaded files for viruses and malware at one of these multi-engine single file scan sites. Both use a dozen or more well-known anti-malware scanners in a quick, easy scan with a report of results from all.
-- Virus Total (10mb limit): https://www.virustotal.com/en/
-- Jotti's Malware Scan (15mb limit): Jotti's malware scan
- Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.
- Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.
- In addition, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!
- For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.
*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other.
- An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible.
The following antivirus software programs are free for personal use.
-- avast! 5 Home Edition
-- Avira AntiVir PersonalEdition Classic
-- Microsoft Security Essentials (Windows Defender on Windows 8)
- Please run only one antivirus resident at a time!
- It is recommended to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.
Many malware infections install themselves by exploiting security holes in the Internet browser that you use.
Internet Explorer -- Windows 8.1 includes Internet Explorer 11. If your operating system is Windows 7, update to Internet Explorer 10. Windows Vista systems should be updated to Internet Explorer 9. For Windows XP, your system will be more secure if you update to Internet Explorer 8. (Note: If you do not want to change your search engine/start page, uncheck "I would also like Bing and MSN defaults".)
- It is critical that you use a firewall to protect your computer from hackers. The built-in Windows Vista, Windows 7 and Windows 8 firewall blocks both incoming and outbound, but is still written to the registry.
Since most malware accesses the registry and can disable the Windows firewall, you may prefer to install a third party firewall. Following are a couple of the available firewall programs that are free for personal use.
-- Online Armor Free
- Please only use one firewall at a time!
Other Cleaning / Protection Software
Of the below-listed programs, passive protection like that provided by SpywareBlaster, WinPatrol and Hosts file programs, can be used with active resident protection programs effectively. For example, the free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used.
Only scan with one program at a time should be run with a shutdown/restart between scans.
9. Consider installing SpywareBlaster by Javacool
- This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
- Don't forget to check SpywareBlaster for updates every week or so.
- See this helpful tutorial by Lawrence Abrams, Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.
- MVPS HOSTS -- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002.
- hpHosts -- hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites. The inclusion policy can be found at hpHosts Online - Simple, Searchable & FREE!
- See special instructions for Windows 8 by WinHelp2002 in Updating the HOSTS file in Windows 8.
- MalwareBytes' Anti-Malware
- Windows Defender (Not to be confused with Windows Defender on Windows 8. For additional information, see Understanding Microsoft Anti-Malware Software 2012.)
- Spybot Search & Destroy
-- Has the Immunize feature which works roughly the same way as SpywareBlaster.
-- Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.
- The Host-based Intrusion Prevention System(HIPS) of WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
- WinPatrol will allow you to lock your HOSTS file and will monitor changes.
- Win Patrol is a powerful system monitor. Some of the features are described here (unofficial support site at WinPatrol Help & Information).
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*Note: The original version of this article was written in 2005 by Tony Klein and has been reproduced or linked to in thousands of locations. Tony is well known in the security community for his many contributions, including the CLSID List and A Collection of Autostart Locations.
This document is an update of the original "So how did I get infected in the first place?" ©Tony Klein. With permission from Tony, I and others in the security community have continued updating this information to include current operating systems and software program information. It has come to my attention that updated copies of the article are no longer being maintained at many sites.
Revised: TonyKlein,Oct 30 2005, 05:00 AM
Reproduced and edited with permission of the author.
(Updated 16JUL2013 to Add User Account Information)