Malware Prevention and Security
1. Stay informed
The best prevention is not a piece of software, but your own knowledge.
(In fact, relying on an antivirus might not be the best idea, as I'll show below.)
It is important to know how malware infections happen,
so that you can be proactive about them. Some call this "common sense", though
it's probably not that common.
Malware attacks also evolve and change, so you should try to stay up to date
with what's going on. There are many sites dedicated to security news and discussions,
like Secunia,
/r/netsec,
PC Mag,
Help Net Security,
Wilders Security Forums,
CVE,
NetworkWorld,
SecurityFocus
and others.
2. Install security updates
The operating system and the programs you use should be updated regularly. This is especially important for software that is used to go online, like browsers, mail clients, messengers etc. Software vulnerabilities happen all the time and updates fix a lot of them.
3. Scan files and the system with an antivirus
Make it a habit to scan every file you can before running it,
especially if it's of suspicious origin and/or doesn't have a valid signature
(check the file properties).
There are some online scanners which will scan your file with several antiviruses at once, like
VirusTotal, Jotti's malware scan,
Metascan Online and VirScan.
For bigger files, there are some unobtrusive on-demand scanning programs like
Malwarebytes,
MS Safety Scanner or
ClamWin.
Scanning with several AVs is always better than relying on one AV only.
Mostly (but not always!) malware comes as an .exe file and sometimes the file extension might be "disguised" (like picture.jpg.exe).
Go to Folder options and uncheck "Hide extensions for known file types"
to always see the file extension.
I recommend scanning the entire system partition and all programs at least occasionally.
The best way to do this is from "outside" of the operating system by using bootable AV scanners,
since that way malware in the system can’t affect the AV scanner. There’s more on that in
Malware Removal.
4. Use SRP or AppLocker
Software Restriction Policies (SRP) can be used
to only allow specific software to run, which is also
known as the whitelist approach.
Some Windows editions support AppLocker, which is similar to SRP, and you can also use
third party whitelisting software.
SRP is not super easy to setup (article coming soon), but it's usually worth it.
5. Use the browsers and other programs safely
Some malware can be triggered even without your active interaction. Such malware is
usually called a "drive-by attack" and in some cases it can be easily prevented by
simply disabling certain features. Here are just some examples.
It can exploit the vulnerabilities of a web browser or of some of its components, like browser plugins.
For example, the Java plugin is the most often exploited one and I recommended not to install Java
or any other browser plugins, unless you absolutely need them. If you do install them, at least try to keep them
disabled when possible. Another thing you can do is disable elements like JavaScript when visiting untrusted websites or use
browser extensions that do that automatically.
JavaScript can be disabled in most PDF viewers as well. And you generally should do it, because most
of the PDFs don't need it anyway and it's often used for malware.
Macros in Microsoft Office can also be exploited, so don't install that feature ('Visual Basic for Applications') if you don't need it.
Tools like EMET can also help, but do
some reading and compatibility checking before using them.
6. Disable AutoPlay/AutoRun
If the system has AutoRun enabled it can execute some code at the insertion of removable media. This was more of a problem with older Windows versions, where AutoRun was poorly implemented. But I still recommend to disable AutoPlay and just browse to the removable drive manually when you need to access its content.
7. Run as Standard user, use UAC
By default after installing Windows you’ll be using it with an Administrator account,
which means you’re free to do whatever you want. This freedom can be bad for system security,
since you could compromise the essential system parts.
Using the system with a limited (Standard) user account can prevent that.
You can also have several separate user accounts for different tasks.
If you’re using an Administrator account, I recommend having User Account Control (UAC) enabled.
There have been cases where malware was only blocked with
UAC at the highest level, so I recommend setting it to that (which is not the default).
8. Use virtual machines and sandboxes
A virtual machine is a program, which itself can host and run an entire operating system (a virtual OS).
So you could have another completely separate Windows installation
inside a virtual machine. A popular free one is VirtualBox and there are some other options, like those from VMware.
The benefit of this is that the virtual OS is separated from the main OS and even if you run
malware inside the virtual OS, it won’t affect your main OS—except through a vulnerability
in the virtual machine itself, which is possible, but not very likely. A virtual OS is easy to
manage, scan with AVs or reinstall. So if you have something risky to do, trying it in a
virtual OS first can be useful.
A "sandbox" can be used to contain all the file and system changes a program makes when running, so that
nothing is written outside of that sandbox. The most popular example is
Sandboxie.
9. Use software that is less targeted by malware
The most commonly targeted programs (or operating systems) are usually the most popular ones. So, for example,
Adobe PDF Reader will try to be exploited more often than a less known PDF reader.
However, this does not mean that less known software is always safer,
you should still evaluate every program individually and learn about its features and security aspects.
A popular program could very well have better security, because of the additional development resources or experience.
So take this suggestion with some common sense.
But, all things being equal, lower popularity is an advantage when it comes to software exploits,
since malware makers tend to target the biggest chunk of users.
10. Use a real-time antivirus and a firewall
Installed 'real-time' scanning antiviruses (as opposed to virus scanning on demand) can be
a double-edged sword
and I'm not always eager to recommend them. Yes, an AV can be an additional defense, but it's also something that is
deeply entrenched with the system. This means that it can impact system performance, require maintainance, nag you
with false positives or make the system malfunction. Some examples of the latter from the last couple of years:
McAffee,
AVG,
Avira,
AVG again,
Kaspersky,
Malwarebytes
and Symantec.
And you can even find several reports of the antivirus itself being a
security vulnerability (one,
two,
three,
four,
five,
six,
seven,
eight,
nine,
ten,
eleven).
The bottom line is that there isn't one solution that fits all with antivirus software. You should evaluate your specific needs, priorities and defense strategies.
Firewalls are usually less problematic for real-time performance, at least those that don't come with additional (not just firewall-related) features. The built in Windows Firewall is decent and unobtrusive. It's just not very easy to set up for blocking outgoing connections. For that task, you might couple it with something like Windows7FirewallControl, which is a lightweight application for using the built in Windows Firewall engine in a simpler way and can be used in addition to the Windows Firewall.