An Epidemic of Malware and Ways to Protect Yourself

by Basil Irwin

12/19/2008

The Malware Problem

Malware infections (viruses, Trojans, etc.) are drastically on the rise right now and are having devastating impacts on Windows PCs, generally rendering them unusable until the infections are removed. Such removal can sometimes be quite difficult, and often the OS is left damaged and/or deliberately vulnerable to subsequent infection, even when the malware is successfully removed.

Unfortunately, current malware infections have become almost impossible to prevent, as they are designed to trick you into installing them and then hide themselves in such a way that most protection software can not see them or remove them.

Unfortunately, anytime you click a link on a web page or in an email, malware could be surreptitiously installed.  Fortunately, this is not a problem to worry about on corporate web sites like ebay.com, amazon.com, craigslist.org, yahoo.com, microsoft.com, msn.com, hotmail.com, aol.com, cnet.com, download.com, apple.com, and millions of other main stream web sites.

The malware problem mainly arises from fake web sites and from social networking web sites in which people can post their own content, such as facebook.com, myspace.com, and many others. Many of the fake web sites are porn sites. Legitimate porn sites just want to make money and have no interest in infecting your computer. However, fake porn web sites are like all other fake web sites, they just want to wreak havoc on your computer. Unfortunately, most porn sites are fake.

Another common means of infection is via user-initiated software downloads, particularly antivirus programs, most of which are fake. With only a handful of exceptions, free antivirus and free "cleaner" programs are themselves malware. Further, most software download sites are fakes. A few of the legitimate software download sites are download.com, majorgeeks.com, tucows.com, pcmag.com, pcworld.com, brothersoft.com and snapfiles.com, as well as thousands of vendor-specific web sites. My advice is to avoid downloading software from sites other than the listed ones or vendor-specific sites, unless you know with 100% certainty that the site is legitimate and the software you are downloading is legitimate.

During routine web surfing, however,  infection usually occurs via trickery, using popup windows that look legitimate and which scare you into clicking on a button that does something entirely different than what the web pages says the button does, namely installing malware instead of the indicated operation. These popup ploys are too numerous to describe, but typically indicate that a codec or flash viewer or some other piece of software must be installed to continue, or they indicate that a malware infection has occurred (it hasn't) and that you must take the indicated action to protect yourself (if you do, you'll actually be installing the malware).

Unfortunately, a tiny few of these installation requests are legitimate, but the best course of action if you are not 100% sure of what to do when such a popup occurs, is to gracefully shut down your system and restart it by pressing Ctrl + Alt + Del at the same time so as to activate the Windows Task Manager. When the Task Manager appears, you can restart the system by clicking the “Shut Down” tab and selecting “Restart” as shown below:

By the way, if you have accepted my recommendation for having Avira Antivir installed, the only legitimate malware warning message that you will receive looks like the following popup that occurs when Antivir Guard has detected malware:

(By the way, one should always select “Move to quarantine” as the action to take if the AntiVir Guard screen appears.)

A Good Way to Fix the Malware Problem

However, even with all of these precautions, malware can still slip in. For example, a legitimate web site can be unknowingly compromised and subsequently distribute malware until its operator detects the compromise and repairs it.

So, I've finally concluded that the only way of really being safe from infection is to work from a user login id that is set up as being a "limited account" login id, which is explained in the following paragraph.

Windows provides two levels of  privilege for login ids:  1.) "administrator" privilege, in which the user and the user's programs are allowed to perform all possible system modification or configuration operations (even dangerous or malicious ones), and 2.) "limited account" privilege, in which no system modification or configuration operations are allowed, though performing most ordinary operations are  allowed, including surfing the web, reading email, using Microsoft Office and almost all other applications. But because "Limited account" login ids are inherently unable to install any software at all, malware installation is prevented as well.

For several years, I've established limited account login ids for clients with children or teens because they are extremely vulnerable to being tricked into installing malware, and these limited accounts have worked quite well. In fact, in some cases, their parents have also requested a limited account login id as a safety precaution. The adults use the limited account for ordinary work but can temporarily login to an administrative account if they need to install a new program, etc. This strategy has worked very well also.

So, I’ve recently concluded that the best strategy for many people is to have an administrative login id that is used only for administrative work, and also to have a limited account login id used for all ordinary, everyday activity. In particular, if you tend to surf web sites outside of the main stream or are very uncertain about which action-requesting popups are legitimate, or you just want to be super safe, you might want to consider the dual login id strategy.

For brand new systems, it's fairly easy to establish both limited and administrative login ids. For older systems, conversion can be a little more involved, as usually the best thing to do is to add a new administrative account and change the existing login id to a limited account. However, the main complication for the conversion method is that many system files continue to be "owned" by the converted login id, and ownership of all of these files must be changed to fully secure the system.

Some Parting Advice

 
It is always essential that Automatic Updates be "On", and that a good antivirus program such as Avira Antivir be active and automatically maintain its signature database. An antispyware program is also a good idea. I recommend Windows Defender. Antivir and Windows Defender are both free, lightweight, unobtrusive, and update for free.

Furthermore, I recommend Firefox version 2.0.0.18 instead of Internet Explorer 7 as your default browser, since Firefox is less prone to the numerous security breaches that continue to plague IE7. However, I don't currently recommend Firefox 3.0 as I don't think it is stable yet. Also, a bit of tuning along with a handful of "add-ons" can make Firefox browsing even better than it is right out of the box, paticularly add-ons that stop advertising and stop automatic  playing of  flash clips.

And lastly, never click on a web link in any email unless you are 100% certain that the link is safe. If you must visit the link, copy the link into the clipboard and then paste the link into the address bar of your browser, at which point you can look at where the link is really going, and decide whether the destination looks legitimate.

                    Basil Irwin

                    www.reliancepc.com

                    303-774-1526