A fair number of PC users have fallen under the (mistaken) impression that if a few simple rules are followed (don’t open suspicious emails, don’t visit questionable websites, etc.) it is possible to avoid malware infections entirely. Although this is true in the vast majority of cases, because of the nature and potential destructiveness of infections, the “vast majority of cases” standard is, for most people, insufficient.
Many cautionary measures are fairly straightforward. For instance, do not (as mentioned above) open suspicious emails or visit questionable websites. But “questionable” here does not just mean websites that might be filtered by parental controls on a home computer. Many of the websites that pop up for coupons or comparison shopping (“top ten new smartphones”) also host malware. And many emails that appear to be from a trusted source (your bank or credit card company) are actually phishing.
There are no hard and fast rules for avoiding situations like this, but there are some steps you can take above and beyond the “be careful” rules. Here are a few:
- Make sure Windows Updates are up-to-date: Most Windows updates are security updates – patches for newly discovered (and possibly exploited) holes in your operating system. They should not be considered optional.
- Upgrade to Windows 7: If you haven’t already, this can make a system significantly more secure. For a more complete explanation, see our article: http://www.webvaccine.com/security-windows-7/
- Install some form of Antivirus / PC Security Software: Some versions are better than others (wink) but all are better than nothing. Even free software like Avast or Windows Essentials and Defender are a good start.
- Install the newest version of your preferred browser: Newer browsers have generally addressed the vulnerabilities of prior versions, so newer almost always means safer (although it can also mean more glitchy in some cases).
- Learn to recognize phishing: Phishing emails generally alert you to an activity on some account that you may or may not own (i.e. “Please confirm your account” or “Please confirm your purchase”) and then provide you with a link. When you click through the fake link, you are directed to a counterfeit account login page. And when you enter your login and password, it is captured in a database somewhere. Criminals will then test your entries to see how many of your accounts they can access with that particular username and password combination. Based on how many and which accounts they can gain access to, they then price and sell the information on a black market. (Email logins generally go for a few cents, bank accounts, for a few dollars. Feel cheap yet?) In cases like this, the actual crime is often committed well after you make the mistake of clicking the fake link, so if this happens, and when you try to log in you get an error, or you notice that the URL seems not quite right, immediately go to your real account through the regular website and change your password and alert the company where you hold the account of your error. We have an example of a phishing email posted here. (Notice that the URL is not that of the University that the email claims to be from, although better attackers could have done a much better job of disguising this.) If the emails you are getting are for an account that you actually hold, this is a sign that there is likely already a keylogger on your system, storing and transmitting your keystrokes to an illicit user. If it is more random, for instance “Email Subject: Trip Confirmation from Delta,” then it is more likely that your email address was simply harvested when someone else was hacked.
- In a small office network, try to make sure that all users are running as Users and not Administrators, and give everyone a unique login ID and password. Limiting the privileges of users will also limit the privileges of the malware they may accidentally download.
- Do not install toolbars or browser plugins. If you have to download and install a program, especially a free program, click the custom installation option and deselect any add-ons that try to download with the program. Ideally, you will install programs from disks that you have purchased at a software store or from a known online provider.
- Review update messages carefully. Some exploits can enter your system as a fake updates. Some programs in your system have built-in update managers. When possible, try to use them. If you get an alert for an available update through your browser, try to make sure you go to the site of the actual company that provides the software to get the update (i.e. http://www.apple.com/quicktime/).
If you have done all of these things and still, somehow, you visit a site and immediately see a pop-up warning message that reads something like “Virus Detected” or “Windows Error” that wasn’t generated by your native security software (this is actually a pop-up ad linked to a script or an executable, by the way), these are the steps you should take:
- DO NOT click “cancel” or the close window . What you’re actually probably seeing is a pop up interface for a script that wants to install something bad on your system. Even though it seems obvious to click the x, malware purveyors know that this will be your first move, so they will program the script to run when you click the . It’s the ol’ bait and switch.
- Turn off your internet. If you’re on a network, left-click your network connection icon at the bottom right of your screen, and then click on the network you’re connected to. From there you should be able to disconnect. Or, even better, if you’re on a laptop, switch your wireless internet switch to off on your actual computer – or on a desktop, unplug the data cable. This way nothing you do can be construed as a command to download more dangerous stuff, because you can’t download anything with no internet.
- Now press Ctrl, Alt, Delete simultaneously and open your task manager. Select the processes tab and then click on the first instance you see of your browser (but do not close the process labeled “Explorer” thinking it means Internet Explorer. Internet Explorer browsers will say “Internet Explorer”). Then click End Task. Do the same for any other browsers you see running.
- After all of the browsers have been closed using the task manager, open a new browser (I know we seem to be taking a step backwards here, but try to trust me). You should get an error (because your internet should be off) but you can still access your browser’s tools even though you can’t access the internet. Click on tools, and in:
- Internet Explorer, click Delete in the Browsing History section under the General tab. Make sure Temporary Internet Files is checked and then click Delete.
- Firefox: click Options and select the Advanced tab. Under the Advanced tab, select the Network tab then “Clear Now” to the right of “Offline Storage”.
- Now click the Windows icon at the bottom left of your screen and then click Control Panel. Click the “View By” button at the top right and select “Large Icons.” Scroll down and find Java and click it. Under the General tab in the Java Control Panel, in the Temporary Internet Files section, click Settings, then Delete files.
- Now if you’re running an antivirus program, this is the time to run it. Use the most comprehensive scan setting (i.e. “Deep Scan” or “Detail Scan”). If you haven’t installed a program and you’re running Windows 7, you can go back to the Control Panel (which should still be set to “view by large icons”) and click Windows Defender. Defender will also allow you to run a scan.
- Turn your internet on and open a new browser. If everything seems to be okay, you can continue to operate as normal. If something begins to act strangely, disconnect your internet and contact your antivirus provider, your local repair tech, or of course, us.
No matter what PC security software you are running, a couple of bad decisions can end up disabling your software and infecting your network. It only takes a few minutes to try to make sure everyone understands what to look for and what to do when something comes up. Training your staff (and yourself) to be smart will keep your network relatively safe while allowing some freedom to network users to browse the internet and check personal pages.