I've used computers for about 25 years, and I'm fairly competent. I have anti-virus installed. I don't use Internet Explorer. I don't download attachments from senders I don't know. Actually, I've never gotten a virus off the internet. It's always trojans from sources that shouldn't be giving them. The real problem is Micro$oft making so many ways for my computer to be attacked. I'd happily dump them and go with Linux if it weren't for the proprietary software central to my work.
The two/three attacks I've suffered from have taught me a few security tips besides the usual ones everyone should know about like running an antivirus and firewall, using SpyBot and not using IE and Outlook. If you've implemented all of those, consider the following (all for Windows XP):
- Run on a limited account, not as an administrator. This is the biggest step you can take to becoming secure. It won't keep you from getting viruses and malware, but it will keep them from messing up your registry and system files. In limited mode, up-to-date anti-virus and anti-spyware scan should clean up everything. If you're in administrator mode, clean-up can become a day-long cat and mouse game of tracking down super-hidden files and deleting registry entries.
Unfortunately, administrator mode is necessary for running lots of old programs. Those of us who can't afford to run out and buy every year's new version are forced to run in administrator mode. - Disable autorun on removable drives (like flash drives) and cd-roms. This is how I got stung this time. The virus came from printing a file off of a colleague's flash drive. I always scan others' flash drives with my anti-virus, but it didn't catch it. As soon as I stuck it in the USB port, the contaminated autorun file invisibly infected my system and then all flash drives I later used on it. I was in administrator mode, of course; if I had switched to the limited account I have set up but don't use, I wouldn't have gotten infected.
- Disable single-click opening of files. The Windows interface gives the option of double-clicking or single-clicking to open and run files. I like the latter because it's just like links on web pages, but I don't use it anymore. It's too easy to accidentally click on a questionable executable and get infected. I did this once last year when I had a really nasty trojan. I had gotten the computer all cleaned up. I found one last copy of the malicious program file. I meant to select and delete it; I accidentally clicked and ran it and had to do the whole cleaning process all over again.
- View folder contents in "detailed" mode. The trojan mentioned in #3 got me because I clicked on a program that looked like a folder (its icon was that of a folder). If I had viewed the directory in detailed mode, I might have been warned that it was an application/program file and not a folder. (By the way, this came off of a photo CD, something one wouldn't normally think of as a malware/virus source.)
- Keep your anti-virus up to date but don't trust it completely. This last infection might have been prevented if my anti-virus had been up to date. (The computer in question does not have access to the internet, and the signature file was a couple weeks old.) On the other hand, it might not have made a difference. The nasty infection I got last year wasn't recognized by most programs, free or pay. I only found one site that said anything about it at all, Trend Micro. Trend Micro supplies very thorough instructions for removing different malware.
- If you find a malicious file (trojan horse), make a note of the name, size, and date. After you have stopped the running process of the malware, do a search of all drives and directories for files modified on the same date as the original malware file. If any hits come up of files of the same size and date/time but different names, these are in all likelihood additional copies of the malware and should be deleted. This is necessary to do because often the files mutate and the anti-virus won't necessarily find them all. Note that this will work only if you have "super hidden" files disabled. (Google this for more info.)
- (Advanced only:) Get in the habit of periodically scanning root and system directories for suspicious hidden files. Go to a command prompt (not "my computer" or explorer), go to c:\ and type dir /a:h, then dir /a:s. Investigate anything that doesn't look like to should be there.
As a precaution for when things really go bad: - Keep all valuable data on a separate partition from the Windows system. I have long made it a habit to split my drive into 2-4 partitions. C: only holds Windows and program files; all data goes on other partitions. This is a sound practice for many reasons. If forced to reformat, you can get by with only wiping c: and reinstalling your software. No data will be lost. It makes it easier to perform backups. I have never seen a drive other than c: become infected. And, I once had a hard drive start to go bad. C: wouldn't boot up and became unreadable, but the other partitions were fine. I was able to put the drive in another system and get all the data off before the drive totally crashed.
- Make a Linux or faux-DOS boot disk. Either will do. If the infection is too bad and you have reformat, you can first boot into a different operating system and pull off all your valuable data.
If I think of more later, I'll add them in the comments box. Feel free to share any tips you have found.
0 comments:
Post a Comment