Print
Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.
Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.
We can’t make this stuff up.
So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.
What’s that? The first step doesn't involve files to download or utilities to blast malware from your system? Exactly. The most important thing you have to realize in order to fight the great malware war is that you, and you alone, are the first line of defense. You have only yourself to blame if your computer is completely overridden with problem-causing, yet preventable, programs.
The astute among you will notice that this isn't a proper security scan: It's malware, and it just made life very difficult for this system's user.
Much of the more annoying malware that you can accidentally befriend requires your cooperation in order to get on your system in the first place. You have to download and run an unknown file or agree to have a toolbar placed on your system as part of a software installation routine. You have to accept certain kinds of JavaScript or be fooled by scam websites that claim to be running a virus scan on your system (to name one such harrowing tale).
In short, you have to let your guard down.
Ignore this warning image (or any variant) when you're browsing the Internet, and you could be in for a world of digital hurt.
So how do you protect yourself against your own habits? Keep in mind this rule of thumb: If it’s too good to be true, if it looks strange, or if it’s completely unknown to you, don’t run it. Don’t install it. Don’t accept it, don’t hit “yes” to it, and don’t let it get anywhere near your system. Google, Bing, and Yahoo are your friends. Use them to find more information about a given program before you agree to let it do anything on your system. Don’t surf the Internet blindly, assuming that everything on a website is safe for your system to digest.
We mentioned that a bunch of malware can come through your browser—‘tis a shame, we know. Vulnerabilities in browsers and plugins (and user error) can bring your system to its digital knees faster than you can spell the word “crap” in “crapware.” So let’s start with the simplest step: Stop using an outdated, insecure browser. Make sure you’re at least sporting the latest version of one of the Big Three: Internet Explorer, Firefox, or Chrome.
Google Chrome uses a sandbox to better protect you from web attacks. And based on the limited number of successful hacks over the years, it's worked!
But which? Various research reports have dubbed each of these three browsers as the “best in class” against malware and other social-driven attacks. Our personal preference when it comes to safety is Google’s Chrome browser for three reasons: First, it’s the only browser to use sandboxing as its primary defense mechanism. This method combines a JavaScript virtual machine with an OS-level sandbox to prevent successful attacks against the browser’s rendering engine from affecting a user’s file system. Second, Chrome has been, hands down, the hardiest survivor of each year’s Pwn2Own hacking contest at the CanSecWest security conference: Talk about a real-world verification of its security capabilities, eh? Third, Google updates the Adobe Flash and Acrobat Reader modules itself. So if you’re running the latest version of Chrome, you’re running the latest, most secure versions of Flash and Acrobat Reader available (click the wrench icon and About Google Chrome to verify that you’re running the latest updates).
But we’re just getting started. JavaScript vulnerabilities—including blatant attacks that rely on a user’s cooperation to work—can just as easily affect your browser. If you’re rocking Firefox, grab an extension called NoScript, which will allow you to disable a page’s plugin elements (including JavaScript and Flash!) by default, unless you trust the site enough to give ‘em a go. Chrome doesn’t have an add-on for the same feature, but you can disable JavaScript by default in the browser’s Under the Hood settings section. And if you want to specifically allow a site’s JavaScript to function, just click the associated X icon in the browser’s address bar to set up site-specific trust. Or, if you don’t mind using a slight variant, you can do your best to mimic NoScript-like control using the NotScripts add-on.
Other extensions and add-ons worth wielding to fight the malware fight include Web of Trust, KB SSL Enforcer, Adblock, and HTTPS Everywhere.
Comments are closed on this article
jwhough
January 18, 2012 at 1:40pm
The PDF plugin in Chrome is actually based on Foxit's PDF Reader, not Adobe's: http://googlesystem.blogspot.com/2010/08/google-chromes-pdf-plugin-uses-foxit.html
franko989
November 22, 2011 at 2:01pm
I had to use Sys Restore (win 7) to get rid of a nasty bug (random audio commercials...). Is that a valid way to clean up after yourself?
Ras Thavas
November 15, 2011 at 5:58am
I have had good success with removing the infected hard drive and putting it in a usb dock or enclosure and then cleaning that drive from another non infected machine.
Victek
November 01, 2011 at 12:45pm
This article is fairly elementary. Removing malware after it has installed itself can be extremely difficult, maybe impossible in some cases. Some security vendors offer the option to create a bootable CD to use in conjunction with their security suite, such as Norton Internet Security. This is often necessary as it's not uncommon for malware to remain active in SAFE mode, preventing anti-malware apps from running. You have to know how to create the CD though and more often then not people don't.
This can be a real nightmare for less experienced users. The typical scenario is the user has not been making system images, they've never backed up their data and have years of family pictures, etc, that can't be replaced. They didn't burn the System Recovery discs when they first setup their computer, etc.
I think another article that goes into these issues in more depth could teach people how to create a disaster recovery plan, but this one only scratches the surface.
acidic
November 01, 2011 at 8:12am
new trojan for macs. i thought they "just worked" ?
http://www.dailytech.com/Devil+Robber+Trojan+Infects+Macs+Leeches+Their+GPUs+for+Bitcoin+Profit/article23161.htm
bpstone
November 01, 2011 at 5:48am
The likelihood is low that you'll get any malware when you follow the proper precautions. It is still not impossible. I think for most this article is common sense 101. Thank you for posting it nonetheless since a lot of people don't know how to protect themselves on the web. Visit the US-CERT Cyber Security Tips (.GOV) page for additional tips protecting yourself online.
rawrnomnom
October 31, 2011 at 3:57pm
also, it isnt uncommon for some viruses to block rkill from running. a simple name change on the file solves this 99% of the time. i like hellokitty.exe.... who would block that???
nadako
October 31, 2011 at 3:48pm
A gide that will show you how to make a bootable iso disk that will run all of these anti malware programs at once? Just like the MRI disk that geek squad uses.
