I would like to create this thread to put in one place, information on how users can protect their computers from malware infestation. It will include general security tips, and anyone should feel free to contribute, including case examples.
Tip 1: keep your system patched and up to date. If you are using Microsoft Windows, enable windows update and restart your computer weekly to insure updates have successfully been installed. Most MS security patches are released on the second tuesday of each month, US time. I would suggest insuring that you restart your computer Tuesday night... before Exploit Wensday... Also make sure you keep your programs patched and up to date.
Software suggestions: Windows Update and Secunia PSI
Tip 2: Create a layered defense. Dont rely on one security product (or suite) to defend you against everything! Professionals suggest using software from different vendors, in case an exploit is found in one vendor's software, you may still protected! While I originally used Security suites such as McAfee Total Protection, I now use seperate products. I will include an example below of the needed categories of protection, and example products. NOTE: These lists are for regular users, power users and enterprise users may have differnt needs.
Firewall: Windows Firewall, Zone Alarm (for andvanced users)
Anti Virus: McAfee Anti-Virus, PC Tools Threatfire, or Avast Anti-virus
Anti-Malware: Malwarebytes Ant-Malware, Ad Aware Free
Anti-Rootkit PC Tools Threatfire
Browser Security: see next section.
Tip 3: practice safe browsing. This is a big one. One of the most common ways to infect your personal pc is through user deception. Don't click on links in email! No one in Nigeria wants to give you money! Your bank will not send you an email containing a link to verify, or update info. Check a website's reputation using google, and do the same for downloads from sites. if you download a file, upload it at VirusTotal, to have it scanned by multiple scanners. BLOCK ADS!
Firefox with Adblock Plus (add in)
link and website security: McAfee SiteAdvisor , Web of Trust
View tips at: http://www.dhs.gov/files/programs/gc_1202746448575.shtm
Tip 4: Create a normal user account on your computer and perform daily activities on this account.. In the event malware infects your system, it will generally run with the privilidges of the user account that was comprimised. Therefore, you should create a Standard User account in Windows, and perform daily activities in this account. If you need to install a program, (and have scanned the files with the above mentioned programs) some files will ask for administrator permission which you can choose to allow or disallow.
Any questions or feedback?
Message was edited by: sephstorm on 3/3/11 12:37:11 AM CST