7 replies to this topic

[bartman2589]

I use a few tried and mostly true methods to help prevent my pc from becoming infected with viruses/malware.

1. I use Firefox as my main web browser.
1a. I use the AdBlock extension for Firefox
1b. I use the TACO (Targeted Advertising Cookie Optout) extension for Firefox.
1c. I use the FlashBlock extension to help give me some control over what Flash ads are displayed on sites I visit frequently. Especially since recently there was a nasty one making the rounds on MySpace (a fake antivirus program that was in fact a virus/malware combination).

2. In both Firefox and Internet Explorer I limit the action of cookies by overriding the default cookie handling method and setting it to allow session cookies and to block third party cookies (doesn't work well with some sites unfortunately).

3. I use Spybot Search & Destroy to 'Immunize' my system, this adds several sites to the restricted sites list as well as blocking several sites by listing them in the Hosts file but forcing them to link back to my pc so they never get to connect to the internet if any pages I visit try to call them.

4. I use Spyware Blaster, it does some of the same things as Spybot but does not provide for any form of 'live' monitoring in the way that Spybot does, it merely helps block sites by adding settings for blocking cookies for certain sites and adding sites to the restricted sites list and Hosts file like Spybot does

5. I use Avast Free edition for my virus scanner, I don't mind having to re-enter the password once a year as opposed to the nag screens that Avira pestered me with.

6. I change my default action for .vbs and other types of windows script files to 'Edit' (open with notepad) instead of 'Open' (run with associated scripting engine), this is a trick I picked up from the days when I used Norton Antivirus with their script blocking features (back before Norton software became Bloatware).

7. If I have any doubt about what a file is I examine it closely with a Hex Editor before I try to execute it (I look for references to common windows dll's).

8. And first and foremost if I see an unrecognized item in my windows task manager process list I research it using the internet to help verify if it's a legitimate process or if it may be a virus. I compare the location of the file that the process was launched with against the known legitimate locations for that process.

9. I periodically check my 'Fonts' folder for the presence of any executables (they have no business being there unless it's a virus usually).

10. I periodically check my User profile folder for any executables as well, typically if they're legit they'll be in a subfolder of my user profile folder (usually in the 'Application Data' folder), not in the main folder for my user profile.

11. Additionally I periodically inspect the Windows folder for what appear to be randomly named hidden files (these are usually virus/malware related files).

12. And of course I also periodically check the root of each of my drives for any unrecognized files (again researching them on the internet and using a Hex Editor to view the contents of any such files).

13. And last of all I set my system to display extensions for known file types, I'd rather see that a file is in fact a .vbs file by seeing the extension before I run it, instead of discovering later on that by running it I infected my pc with a virus or something. I actually had a friend get 3500 files infected with a vbs based virus because he didn't see the extension that was appended to his mp3 files and when ever he clicked on them to run them it instead ran the .vbs script which in turn infected more files. It was a bit of a pain to cleanup I ended up writing a batch file to find the .vbs files and then delete them, and I set his system to always display the filename extensions of course.

[nevel]

I'm using many of the abovementioned methods.
Also, when running a Windows machine:

Hardware
* Router with firewall functionality (Linksys WRT54 GL, upgraded to DD-WRT)

Software:
* FireWall (PC Tools Firewall Pro)
* Frequent scheduling of spyware scans (Hitman Pro)
* Slightly less frequent scheduling of antivirus scans (Clamwin)

[breaker]

Well, I got sick of malware, so I browse the web, do word processing, photo editing, CD ripping, CD/DVD burning, audio file encoding, etc, etc from my Linux Mint 7 XFCE desktop. Flash came pre-installed in Firefox. I still load Ad Block Plus and NoScript extensions because of certain annoying web sites. For gaming, I boot to Windows XP or 7. I have a shared FAT32 data partition, but I can also mount NTFS from Linux. Also, if I need a non-gaming Windows app, I run WINE or my Windows XP inside of Virtual Box. I build my BartPE stuff inside of my Virtual Box XP install, in fact.

But, if I help someone with their computer, I run Spyware Blaster, Spybot Search & Destroy, Free AVG, and Comodo (just the firewall). Also Firefox with Noscript and AdBlockPlus.

However, I feel the most important thing to do on a Windows box, is to run as a regular user not under an Administrator account!!! To install software, log into an admin account or right-click and "run-as" admin. Same goes for certain apps, right-click and run-as admin (I usually call my backup Administrator admin).

I multi-boot, so I can scan my Windows install from Linux using ClamAV, or another Windows install, but I really never have to because Linux rocks! I don't really have to spend any time fiddling with security or defragging anymore.

I also like having more than one workspace and if I feel goofy, I'll turn on Compiz and rotate with Desktop Cube to each one.


P.S. I second the hardware firewall advice, that or a custom low-power OpenBSD PF firewall you build.

[nevel]

Hi breaker,

Just out of curiosity: Is there any particular reason for you not to use FlahBlock in FF?
I really love the AdBlockPlus/FlashBlock combination .

[john3voltas]

P.S. I second the hardware firewall advice, that or a custom low-power OpenBSD PF firewall you build.

And if you go there, I'd say the best option would be pfSense running from a Alix (PCEngines) or alternatively from a Soekris low power SBC.

[breaker]

Hi breaker,

Just out of curiosity: Is there any particular reason for you not to use FlahBlock in FF?
I really love the AdBlockPlus/FlashBlock combination .

Yes, noscript blocks Flash, JavaScript, and Java, and has a very regular update schedule. Also, there is good anit-XSS support.

http://noscript.net/

[me4833]

Another way to keep Virus and other Malware OUT is to run programs like browsers in
SandboxIE. I set up different sandboxes for each program and anything that would
normally be written to my hadr drive is written to the same directory in the sandbox.

This way you can see what the program WOULD HAVE WRITTEN to your HD.

I have been a registered user of SandboxIE for a long time.

HAve Fun...

[breaker]

So, I can no longer recommend FreeAVG to people. There have been some things I do not like about the new versions. One being the suppression of directory listings while using ftp with absolutely no way to turn off the blocking other than completely disabling AVG. It's free so, I don't expect a lot, disappointing nonetheless. I am currently testing Avira Free and Microsoft Security Essentials. There is also a new ClamAV for Windows out, but I only like the cloud-based free part of the app, not the full release. Also, I dislike the newest version of Comodo Firewall, it is way too involved (even more than before) for most users, and buggy. I have read recently the commercial software Symantec is getting more lightweight and has excellent heuristics, and that other competitors are good such as Kaspersky and NOD32. I like Spybot, but I also recommend Malwarebytes.

Any new thoughts on these programs?

I feel an AV should be:

1) Effective (most important)
1.5) definitions updated often
2) lightweight (relative to the hardware) - how can you enjoy your computer if it is too slow?
3) Configurable
4) Fast (although I would prefer effective scans over fast scans)
5) Well Documented

What would you recommend for finding and preventing rootkits?

What would you recommend for Windows 7 x64?


EDIT: spelling

Edited by breaker, 13 November 2010 - 08:26 PM.