TonyKlein
2005-11-08, 18:37
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)
2.) Go to IE > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed.
If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.
3.) Open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.
So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
4.) Install Javacool's SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.
5.) Let's also not forget that Spybot Search & Destroy (http://www.safer-networking.org/) has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.
*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*
6.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones that are freeware to boot are Comodo (http://www.personalfirewall.comodo.com/download_cis.html) and Online Armor (http://www.tallemu.com/free-firewall-protection-software.html).
Edit: The Comodo Firewall download is now available only as part of a suite, which includes Comodo Firewall Pro and also Comodo Antivirus.
During the install you will be offered options:
Comodo Internet Security comes with a collection of vital security needs for your PC. Please select products you wish to install or unselect products you wish to uninstall in order to continue.
First you will see:
Install Comodo AntiVirus.
Install Comodo Firewall.
You may wish to uncheck during installation, "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage".
Edit: This study on firewall leaktests (http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings) may be of interest before making a decision. Also the Firewall Challenge. (http://www.matousec.com/projects/firewall-challenge/results.php)
If Windows Vista is your Operating System, check carefully to make sure the firewall you choose is compatible.
7.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are Avast (http://www.avast.com/i_kat_207.php?lang=ENG), AntiVir (http://www.free-av.com/) and AVG (http://free.grisoft.com/doc/2/lng/us/tpl/v). It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
8.) Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests (http://www.jasons-toolbox.com/BrowserSecurity/)
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
Happy safe computing!!
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)
2.) Go to IE > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed.
If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.
3.) Open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.
So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
4.) Install Javacool's SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.
5.) Let's also not forget that Spybot Search & Destroy (http://www.safer-networking.org/) has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.
*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*
6.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones that are freeware to boot are Comodo (http://www.personalfirewall.comodo.com/download_cis.html) and Online Armor (http://www.tallemu.com/free-firewall-protection-software.html).
Edit: The Comodo Firewall download is now available only as part of a suite, which includes Comodo Firewall Pro and also Comodo Antivirus.
During the install you will be offered options:
Comodo Internet Security comes with a collection of vital security needs for your PC. Please select products you wish to install or unselect products you wish to uninstall in order to continue.
First you will see:
Install Comodo AntiVirus.
Install Comodo Firewall.
You may wish to uncheck during installation, "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage".
Edit: This study on firewall leaktests (http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings) may be of interest before making a decision. Also the Firewall Challenge. (http://www.matousec.com/projects/firewall-challenge/results.php)
If Windows Vista is your Operating System, check carefully to make sure the firewall you choose is compatible.
7.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are Avast (http://www.avast.com/i_kat_207.php?lang=ENG), AntiVir (http://www.free-av.com/) and AVG (http://free.grisoft.com/doc/2/lng/us/tpl/v). It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
8.) Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests (http://www.jasons-toolbox.com/BrowserSecurity/)
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
Happy safe computing!!