I'd like to go into some explaining as to what this is, in my mind.
The first thing you need to know, is what you need protection from. Without having this information, its nearly impossible to figure out what you need to stay secure.
The biggest threats out on the Web are:
- Identity theft
Lets look at these briefly and breakdown some of the things you should do to avoid being caught off guard by them.
With the recent discovery by Sunbelt of a massive identity theft ring, and with no shortage of coverage on any given week, its something that should be on everyone's mind.
Now these are the things which this site is all about. They are the most prevalent around the Web currently. And odds are you know someone who has been directly affected by any of the three.
We can breakdown the general definitions for each:
Adware: Typically installed with many free third party applications, intended to try and keep said application, free. Most cases, this is known upfront and is not terribly offensive to users. Several apps come to mind: Opera, Weatherbug, KaZaa, most P2P apps, and others. (The first two, relatively light in the way of adware, KaZaa and any P2P, notorious for massive bundles including all types of trojans, worms, key loggers and a plethora of other types of 'extras')
Spyware: This is where we begin to get into a territory that may have begun as adware, but got a bit too aggressive, in many cases leaving tracking cookies or data miners, which will track a users surfing habits, all in the name of 'targeted advertising'. Also in a vast majority of cases, installed via a browser exploit, and without users permission.
Malware: With this definition, the 2 above are added, and combined to in effect, do a number of things, all of which will make your life online, and using you PC a nightmare. These apps can change your homepage, reset your security settings, deliver adult oriented pop ups, make additions into your programs, via Add\Remove, add favorites, and icons to your machine as well. Removing some of these can be an ardourous task for even some people who consider themselves 'advanced' users.
Worms-Trojans-Viruses: With these nasties, usually the idea of the infection is to try and take over your machine and use it as a zombie or spambot. They will install a bit trickier than the above mentioned adware\spyware\malware too. The idea being to quietly sit on your machine, and run in the background.
Now that we have identified the threats, lets look at some of the things we can do to prevent them from happening to you.
In order to prevent getting scammed into giving away your secure information, you need to follow a few simple rules, and perhaps, install some software to help you out.
The very best thing to get you started off right, is to be sure your OS has all the recommended security patches, as prescribed by MS. This is very important. Even a properly patched XP SP2 box, with virtually no other protection, save a firewall and anti-virus, is better protected than one with no patches and security installed.
NEVER open email from anyone you don't know.
NEVER give out personal info to an inquiry via email. Call the company\institution in question or go to the company site you have bookmarked to verify they have indeed contacted you to validate.
NEVER click the link embedded into an email from any company to avoid phishing tactics.
Possible consequences of ignoring above advice
These two apps, which you can add to your browser will reduce the likelihood of you getting scammed in the first place.
Also, the next version of IE, to be offered in Windows Vista, is supposed to have anti-phishing technology installed, which should offer a default setting to aid users in preventing this from happening.
Now, I cannot attest to the effectiveness or not, of either of the above apps, except to say they have all been well received in many security forums.
In this area, we need to try and limit the install of something which you did not intend on downloading in the first place. One way to do this, is to have an anti-spyware app which as a registry monitor. This type of app will notify you whenever changes are made to your registry, which often happens with all the above categories mentions. Some good apps, which are either strictly monitoring, or combine with scanning for removal are:
- Spybot Search & Destroy v 1.5 (TeaTimer)
- Ad-Aware 2007 (requires upgrade to Pro or Plus version)(Adwatch)
- Malwarebytes Anti-Malware (RealTime protection requires purchase)
All these listed are well known and work very well within the parameters they are designed. Users should also be sure and check the list of Rogues. These are apps which purport to be legit, but are far from that.
Another excellent way to prevent known malicious sites from downloading anything onto your machine is to stop them before they can even load up in your browser at all. You can do this by installing either or(recommended) both of the following apps:
For the most part, all you need to do to avoid many of these is to have both a firewall, and anti-virus applications installed.
Firewalls come in software type and hardware type, tho, for most users a software type will suffice.
You need a good bi-directional firewall to prevent most of the run of the mill trojans\worms\viruses from transmitting out over the Net. The firewall built into XP SP2 is of virtual no use, as far as I'm concerned, as it only monitors incoming traffic and not outgoing, so you could still be used as a zombie should anything sneak in.
Fortunately, the next OS coming from MS, Vista, will have a bi-directional firewall when it is shipped next year.
And a good firewall will also cut down on some of the ads you see strewn about many websites, tho, not as good as a hosts file does.
Most anti virus apps these days, scan incoming emails, so this is an important thing to have. If there are two areas I suggest spending money, its with these two security tools. By spending the extra bucks, you usually get some nice features to keep you even more secure.
And you should never be without either at any time.
There are a number of good quality, tested and well known apps in both of these areas, located on my main site: AV-Firewall Protection
Now that I have touched on prevention, lets address removal\repair, if you get infected somehow.
Well, you have gone and somehow gotten yourself infected, shame on you! You must not have been following all my above bits of advice.
First thing you need to not do, is do not turn off system restore.
The main reason for this is that with some of the more difficult, multi-step removal processes required for some malwares, the potential for a misstep is greater. By having system restore still enabled, you can always revert back to a system that is operational, if still an infected system.
Depending on what it is you have picked up, there are any number of tools to help remove the infector. Several of the apps mentioned above do an excellent job in finding and removing just about anything out there. Most are free, some are pay for apps, but, they work well regardless. There will be instances tho, and this happens often, that a specific tool will not remove a specific infection. This is when we turn to the experts. Well, in this instance, you would turn to me, not an expert by any stretch, but I can figure most anything for removal. Thankfully there are several other extremely knowledgeable HJT analysts who have crafted a number of tools to remove some nasty infections. Some of these infections require special registry merges and registry searching tools, very powerful stuff, don't ever just use one without proper instructions.
So, even if you do get infected, at least you know you can remove just about anything with some help from the friendly people here at TIC.
In closing, I'd like to point you to a couple of links which you may find interesting, with regards to security testing and a link to a page on the main site, which is hidden, and only available, if you happen to click on one of my siggy links in the forums where I post.
I'd also point out that this is not by any stretch all there is to know about security as it relates to keeping things off your PC, but its a beginning, one which I hope was put forth in a fairly simple easy to read manner.
Ultimate Countermeasures Info Page
TeMerc Security Testing