Review Index:
Feedback

Greater than 20 Percent of Malware Articles Miss the Point

Manufacturer: PC Perspective
Tagged: Malware

Somewhere between the reservice and the cadets...

Antimalware programs are not your first line of defense -- more like your fourth.

Antivirus programs manage a database of known malware and freak out when something matching their database comes across your computing device. More aggressive antivirus applications attempts to make guesses in case malware is too new to be included in their database of known malware.

In other words, antimalware software looks over your shoulder to make sure you do not have a lapse of judgment.

View Full Size

Notice the subtle emphasis...

The assistance which antimalware software provides is useful but you cannot lose sight of the point of security. You must acknowledge that those situations could still occur; you must limit the damage possible in those situations to what is reasonable; and you must limit the possibility that those situations could occur at all to what is reasonable.

Antivirus applications are an assistant, not a permission to become complacent.

No antivirus package has perpetually caught every attack even in laboratory tests let alone the real world. That said: if you have done everything correct but an attack still does succeed on you but is stopped by an antimalware suite -- you still win.

To formalize -- these are the four lines of defense for your computer:

  1. Keep your machine and all applications on it up to date (ironically, even antivirus software).
  2. Limit the inbound access to your machine through firewalls or routers.
  3. Think before you launch an application or load untrusted data and give it the smell test.
  4. Enable antimalware applications and security features of your operating system to block attacks which make it to your machine.

Lastly, never trust an antimalware application to remove an infection. They will try really hard but there is never a guarantee that you are in a secure state unless you revert to that state from a known clean source.

In other words: back up your data, erase everything on the machine, and restore your operating system from a source that could not possibly have been altered in the attack. That usually means your Windows install disk.

View Full Size

The Microsoft malicious software removal tool...

It is possible for the attack to have modified your data to reinfect your PC later on. To do so, however, they would need to know an exploit for the application and version you will use to reopen the data on the new computer. The amount of resources that would be required to attack you again through those methods would be better spent elsewhere unless you are being singled out by a team of attackers. Unless you are the Dalai Lama you are probably not important enough.

In other words -- I would not worry about backing up photos or videos from an infected computer unless you are important enough draw the attention of a team of full-time hackers dedicated to you. Just do not back up programs.

Remember: you are likely being attacked for financial gains. People will attack big targets which are cheap to acquire. Attackers only get innovative if they absolutely must. It is a good thing to see an attacker get inventive in how they exploit you -- it means their usual methods just do not pull a profit anymore. If they must hire a call center to call you at home, pretend to be Microsoft, and try to convince you to give them remote desktop access -- it means they have given up whatever they used to do. Sort of like that proverb, "The candle burns brightest before it goes out."

Read on to see just what is dangerous about complacency and conclude this discussion.

May 13, 2012 | 06:10 AM - Posted by Moogle Stiltzkin

the best computer security i think is this .....

anti virus: nod32

anti pop up: admuncher

sandbox: sandboxie

other things to do ...

1. regularly update windows 7 64bit

2. update the other software mentioned

Essentially the sandboxing will be the biggest help in ensuring even if a virus does get onto your pc, it wouldn't be able to do anything and can be easily cleaned.

i tried sandboxie browser setting. when your browse under sandbox, now and then you would download something and want to move the file out of sandbox to your hard drive proper. you can easily do that in sandboxie to authorize the downloaded file like a video etc to move out of the sandbox.

PS: forgot to mention a hardware router with firewall and portforwarding is a must these days. i don't recommend upnp, instead do the port forwarding manually :X

May 13, 2012 | 06:26 AM - Posted by Goofus Maximus (not verified)

We're all human, and that means that we will all be tricked at some point or other, no matter how paranoid we get, short of living in a concrete cell with no communications at all.

I just live my life normally, with nothing more than my usual habitual paranoia (such as turning off/blocking all services that I don't need or want like remote access or NetBIOS, and running NoScript in my browser). For the rest, I just keep an eye on things like my credit reports, or reports of e-mails from "me" that I never sent, that will tip me off if things are wrong.

May 13, 2012 | 06:30 AM - Posted by Goofus Maximus (not verified)

Shimata! I forgot to mention one very helpful security utility for Windows, that I always use and recommend! EMET 2.1 from Microsoft, which lets you turn on/manage all those windows security enhancements, both globally, and for individual programs, even if those programs don't support said features.

May 14, 2012 | 02:23 AM - Posted by aussiebear (not verified)

Since I use both Windows and Linux...

For Windows
* Windows XP or 7 (Professional versions)
* Password the default Administrator Account.
* Set up Limited or Standard User Account. (SUA or LUA)
* Apply Software Restriction Policy. (Default Deny)
* MS Enhanced Mitigation Experience Toolkit. (Applied on browsers, Flash, Java Runtime, etc.)
* Stay updated. (Use "WSUS Offline Update" if multiple machines.)
* Practices adopted from Linux...
=> Only use Administrator account to install/upgrade/update. Daily computing use is only done with SUA/LUA.
=> Disable or remove anything I don't use.
=> Only install applications from trusted/known reputable sources.
* Firefox with NoScript.

End result? No malware encountered for the last 5+ years.

For Linux (Desktop)
* Stay updated.
* Standard User for daily computing use.
* Disable or remove anything I don't use.
* Only install applications from trusted/known reputable sources.
* Firefox with NoScript.
* Use SELinux or AppArmor (Depending on Linux distro) for refined access control of applications or vulnerable areas.

End result? Never encountered malware since using Linux from 2005 onwards. (Spent 1 year learning and breaking old, bad habits: "Transition Period". Started using Linux full-time in 2006).

For home network firewall/gateway, I use a custom build, low-power PC with Linux-based solution called ClearOS. Has anti-malware, intrusion prevention, URL filter, Protocol filter, Spam filter, Multi-WAN, etc.

I never use remote access. I take the perspective that I must be physically present to use the system.

March 11, 2014 | 07:25 AM - Posted by Nafis (not verified)

HI Scott!
I am grateful for this post, it was informative. But my lap restarts these days after showing a blue screen. i tried this Spyhunter anti spyware tool. the issue is now solved after i scanned with it, but now some error notifications appear.
any solution?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.