Don’t get viruses (or spy-ware)

Posted on March 3rd, 2007 by Jason Caminiti

This seems almost too over simplified.  But the truth is, most of the techies I know don’t get spy ware or viruses.  Why?  Not because we are immune, but because we don’t go to the types of sites that will get you infected.  It’s quite comical to see the faces, or hear the voices of someone after having this discussion with them:

“You’re a tech guy, what anti-virus software do you run?” 

“None…”

While it’s true I always have run anti-virus on my public servers, I don’t always run it on my home PC.  I have started running it on my home PC just to be safe now that I have the dual core.  But the truth is if you are careful you don’t need virus software.  In fact the entire anti-virus industry is quite pessimistic if you think about it.  The technologies don’t really stop the viruses from getting in, so much as kill them once they have.  Most technologies now run a real time check to catch viruses.  But if they did a good job you wouldn’t need a scanner would you?  For this reason you will notice that I put running anti-virus software far down on my list.  It really should be your last resort.

So how do I keep safe? 

Here are a few things you should run to keep them out.  This is not an exhaustive list, but it is a start.

Prerequisite

You should at least be on XP Service Pack 2.  I consider this the desktop baseline right now.  If you don’t have XP you might consider buying Vista.  But the jury is still out on whether Vista is more secure than XP.  If you are not running Service Pack 2 you should be.  To get it go to Windows Update.  To find out if you are running it:

1.  Click Start, click Run, winver, then click OK

If you are running XP SP2 it will say so here.  If it says Service Pack 1 or no Service Pack is mentioned.  Upgrade!  SP2 has a lot of features to help protect your PC.

Get a hardware firewall / NAT router 

Most of us have some form of hardware firewall already.  If you have a Cable/DSL router (LinkSys, Net Gear, Belkin…) you likely already have a good NAT router.  This can help stop a lot of inbound attacks.  A NAT router only allows traffic that you asked for to get through to your computer.  It is a good idea to pick up one of these if you don’t have one.  Even if you aren’t sharing your connection within your house you will benefit from the security. 

Another thing to note is that if you aren’t using WiFi, turn the feature off.  If you do need WiFi, invest some time into setting it up properly.  You should at the very least restrict access to it with one of the available methods.  If you have a choice, use WPA security for WiFi.  WEP is the older standard, and is almost trivial to crack.

Set Internet Explorer’s Security Level to Medium or higher

1. Open explorer

2. Click Tools

3. Click Internet Options

4. Choose Security Tab

5. Choose Internet Zone

6. Set to Medium or Higher.  I use Medium-High.

Turn on the built in Pop-Up Blocker

You could also get a 3rd party like the Google Toolbar.

Enable DEP. 

    Data Execution Prevention is what the computer world has been waiting for since they first hooked up a network interface.  It’s the answer to the Buffer Overrun.  Most computer exploits from Robert Morris Jr.’s Internet Worm, to the most recent XP worms use this exploit.  Data Execution Prevention is the technology that disallows them to us buffer overrun vulnerabilities at all. 

    Buffer overruns work because they allow an attacker to inject their code into part of the memory, and execute it.  Robert Morris Jr. took advantage of a well known bug in the finger protocol to inject his worm.  Aside from this being considered the first real Internet worm, it is also interesting because it took down the entire Internet at the time.  (Of course this is much like saying Rome controlled the world, the known world anyway…)

   Software DEP is good, but hardware DEP is much more desirable.  Basically what this does is add another bit to the memory locations that marks it as non-executable.  Unless the memory location is explicitly allowed to execute, it will not execute the code.  This is huge.  This explicitly disallows the #1 cause of software vulnerabilities. You should really turn this on. 

WARNING:  One word of caution before you continue.  You should know that there are some cases where this will cause your computer to not execute where you would otherwise like it to.  This is because some programs are not written to be aware of this, and it is possible they might be wrongly stopped.  If you experience problems you might want to try turning this off for that program and seeing if it will work.

How to turn on DEP:

Borrowed from Microsoft

1. Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, under Performance, click Settings.
3. On the Data Execution Prevention tab, use one of the following procedures:

• Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
• Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.
4. Click OK two times.

 This screen is also where you will add exceptions later if you are having problems.

Turn on Automatic Updates

Microsoft tries very hard to keep on top of software vulnerabilities.  They also work very hard to release only good patches that will not hurt your system.  While I have seen a few issues on the server side, I’ve never seen a user have problem with patching.  If you do run into trouble it is likely that you are not the only one, and going to the website of the software or hardware you are having problems with will help sort it out (providing of course it’s not in ie!).  Having automatic updates turned on is one of the best things you can do to protect yourself.  It certainly is better to have the most recent patch, than to have no patches at all. 

How to turn on Automatic Updates:  (I am using some generic settings that will work for most people, feel free to modify to fit your schedule)

1.  Click Start, click Run, type sysdm.cpl, then click OK.

2.  On the Automatic Updates tab

    Choose Automatic (recommended)

    In the first drop-down choose Every Day

    In the second drop-down choose at 3:00 AM

These settings will get the most recent critical updates.  Be aware that there are some updates that will automatically reboot your computer.  If you don’t leave your computer running at night, you should manually run windows update at:

Windows Update
http://windowsupdate.microsoft.com

If you have office you should manually run Office Update.  It is far lesser known than Windows Update, but it updates items specific to your Microsoft Office applications.  This includes, Microsoft Word, Microsoft PowerPoint, Microsoft Access, Microsoft Excel, Microsoft Outlook, and a few others.  Make sure you download the latest service pack and install it. 

Office Update
http://officeupdate.microsoft.com

Turn on Windows Firewall

Windows firewall is the solution to most of the worms we had flying around the net not even a year or so ago.  What it does is block any unwelcome visitors from attacking your open ports.  For example, Microsoft by default used to leave port 445 open.  This caused a huge issue a year or so ago, as the Zotob worm and its variants took advantage of this vulnerability.  Microsoft simply left a port open to the outside world on most computers.  Someone found a vulnerability, and the worm took off.  The Microsoft Windows Firewall for the most part solves the problem of ports being unintentionally left open by the user.

How to turn on Windows Firewall:

Borrowed from Microsoft

1. Click Start, click Run, type control.exe netconnections, and then click OK.
2. Right-click the connection on which you would like to enable ICF, and then click Properties.
3. On the Advanced tab, click the box to select the option to Protect my computer or network.
4. If you want to enable the use of some applications and services through the firewall, you must enable them. To do this, click Settings, and then click to select the programs, protocols, and services that you want to enable for the ICF configuration.

Another thing to do is be sure you have your UPnP (Universal Plug N Play) service turned off.  There is no reason to have this turned on unless you absolutely need it.

How to turn off UPnP:

1. Click Start, click Run, type services.msc, and then click OK.

2. Right-click on Universal Plug and Play Device Host service

3. Choose Properties

4. Click Stop button

5. Change Startup Type to Disabled

6. Click Apply, OK

This also should be turned off on your Cable/DSL router if you have one.

Be skeptical!

When you see something that doesn’t look right, don’t click it!  For instance, if you see an add telling you that you can win a free iPhone just by filling out your name and address.  Try checking to see if iPhones are even available on the market yet.  At the time of this writing they are not, yet you can supposedly win them by filling out your name and address on some of these sites.  They even have the pictures to prove it! 

Be VERY cautious who you give your personal information to online.  Make sure that you are doing so over a secure connection, and that the website you are sending it to is who you think it is.  The new version of Internet Explorer, 7.0, has a good feature that will show you at the top of the screen if the site is secure or not.  You should see a locked lock on your BROWSER somewhere, either in the bottom right for older browsers, or top near the address bar for newer ones.  You should not trust simply because the site has a secure lock on the page, that it is secure.  However, if you do see a Hacker Safe, or Verisign certificate, you should be able to click those and see if the site is secure.  Or at least they are who they say they are.

Don’t just give it out to anyone.  Give out your personal info on a need to know basis.  Most people don’t need to know.

Don’t open email attachments from people you don’t know.

If you went to kindergarten, you should inherently know this one.  Most email viruses can be stopped by not opening things from people you don’t know.  There are ways that email can come from people you don’t know, and also so you can’t tell if it is them or not.  A better rule might be don’t open things you aren’t expecting from people you don’t know.  Most the time if someone sends you an attachment you want to open, you know it is coming. 

This is by no means an exhaustive list of things you can do to keep yourself safe.  The number one thing you need to know is, don’t take candy from strangers!  If it looks too good to be true, it probably is.  All things you should have learned in Kindergarten.  So maybe you should take a trip down memory lane.  Tie your shoes, put the square peg into the square hole.  But don’t take being online for granted.  The Internet is NOT SAFE!

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • digg
  • Technorati
  • Reddit
  • Fark
  • del.icio.us

Filed under: Computing, General, Security

Leave a Reply

« Verizon wins case against text messaging spammers How to crash the internet. »