How Do I Prevent Infection?

There are a number of things you can do to reduce the likelihood that you will be infected as detailed below:

 

Short Description

Details

1.

Install all the patches from Microsoft for your computer (especially the security or “high priority” patches).

Configure “Automatic Updates” from Windows Security Center as follows:

Open Control Panel

Open Security Center

Scroll to the bottom and click on “Automatic Updates” under “Manage Security Settings for:”

This will give you the option to download and install patches automatically, or download them only (and install them at your convenience), or just notify you when patches are available, or do nothing.

You should at least ask to be notified when patches are available.

or

Visit the Windows Update Web Site frequently to search for and install patches.  If you choose to visit the Windows Update Web Site, you must do so from the Internet Explorer browser.

2.

Stop using Internet Explorer as your browser.

Internet Explorer is the most popular browser in use, by far, and as a result, hackers are always looking for and finding ways to exploit it.

A good alternative is FirefoxOther alternatives are Chrome, Seamonkey, and Opera.

I highly recommend Firefox.

3.

If you insist on using Internet Explorer, don’t install toolbars or other browser add-ons.

Toobars and other browser add-ons are notorious sources of adware and spyware.

4.

Don’t install AOL Instant Messenger (AIM) on your computer.

AIM is a source of adware.  So is Yahoo Messenger, MSN Messenger, and most of the other popular IM software products.  For this reason, I'd recommend against installing any of the popular IM software products.

As an alternative, use Pidgin which is compatible with all the previously mentioned IM software programs.

5.

Install and run anti-virus (AV) software on your computer.

Some popular choices are:

Norton Antivirus or Norton Internet Security

McAfee Virusscan

AVG Antivirus

AVG is free for home use though I've never used it.

Download and install updated virus signature files at least once per week.

Run a virus scan on your computer at least once per week.

6.

Install and run spyware-removal software on your computer.

There are two very good products available on the internet, both of which are free for personal use.

I recommend installing and running both since they appear to find different things:

Ad-Aware

Spybot Search & Destroy

Run scans with both products to remove spyware and adware on your computer at least once per week.

7.

Use a firewall.

The purpose of a firewall in a car is to keep a fire in the engine compartment from spreading to the passenger compartment.

The purpose of a firewall on a computer network is to keep hackers on the internet from gaining access to your home network or your home computer.

Firewalls come in two flavors:

Software firewall:

Windows XP has a built-in software firewall.  It can be configured as follows:

Open Control Panel

Open Security Center

Scroll to the bottom and click on “Windows Firewall” under “Manage Security Settings for:”

If you’re running Windows Vista or Windows 7, open the help menus to figure out how to configure the built-in software firewall.

Or you can download a software firewall, free for home use, from Zone Alarm.

Hardware firewall:

The most common kind of hardware firewall is a router.

A router sits between your cable modem or your DSL modem and all the computers on your home network (the router is the device that lets you create a network).

Assuming it’s properly configured, the router will act as a firewall and protect all the computers on your home network.

8.

Only download files from reputable companies and/or reputable web sites.

That is, don’t visit some web site you’ve never heard of and download files.

The internet is full of web sites which try to get you to download screen savers, etc.  Their real intent is to infect your computer with a virus.

Picture files (files ending in .gif, .jpg, .jpeg, .jpe, .png) are not dangerous.

Movie files (files ending in .mpg, .mpeg, .avi., .wmv) are not dangerous.

The files to beware of are “executable files” (files ending in .exe, .bin, .bat, .com).

Note that the previous list include files ending in .com.  In the early days of the PC, files with an extension of .com were “command” files.  That is, they were executable files.  The latest trick is for hackers to send you a file ending in .com and make the file look like it is a link to a web site (such as www.yougottaseethis.com).  It’s not a link to a web site.  It’s really an executable file, probably containing a virus.  Do not click on it and open it!

If you must download a file from a web site, then download it to your computer’s hard drive, but scan it for viruses before opening it.

9.

Do not open files you receive in emails, even if they come from a person you know.

A common trick today is for a virus to email itself to everyone in your email address book.  So, the sender of the email may have a virus on his or her computer and the virus may have found your email address in your friend’s address book and emailed itself to you.

If you're not sure about a file you received in an email, then save the file to your computer’s hard drive, but scan it for viruses before opening it.

10.

If you're using a wireless network, enable encryption for your wireless communication.

The two most common types of wireless encryption are WEP and WPA.  Use one of these encryption methods.  Never operate your wireless network with encryption disabled.

11.

If you're using a wireless network, change your ESSID on your router from the default value.

Routers come set with a default ESSID which is usually just the name of the router manufacturer, such as LINKSYS, NETGEAR, etc.  Change the name to a string of characters that only you know (i.e., a string of characters that no one else is likely to guess).

12.

If you're using a wireless network, configure your router so that it does not broadcast the ESSID.  Configure each wireless device to connect only to the ESSID of your router.

Most people configure their router to broadcast the ESSID.  As a result, their neighbors' wireless computers can "see" their router and try to connect to it.  By configuring the router to not broadcast its ESSID, your neighbors can not see your router and thus will not try to connect to it.  And if you configure your own computers to only connect to the ESSID of your router, then your computers will always connect to your router and never attempt to connect to any other wireless networks.

13.

Give your Windows administrator account a password.

When you install some versions of Windows (such as XP), the operating system creates a single user account and that account has administrator privileges (I call it the admin account).

The admin account has authority to install software and make changes to your computer that other accounts do not.

Make sure that the admin account is protected with a password.  To do so, go into Control Panel and select the icon that allows you to define and change user accounts.

14.

Create at least one "regular" Windows account for your day-to-day use.

From the same Control Panel icon that you used for #13 above, define an account that does not have administrator privileges (I call it a regular account; Windows calls it a limited account).

Use this account for your everyday activities.  Since this account does not have administrator privileges, it is safe to use for browsing the internet, reading email, etc.  If you happen to download a virus while using a regular account, the virus will do minimal damage to your computer.

You may want to create a regular account for each person who will use your computer or just enable the "Guest" account if a large number of people will use the computer.

This will cause some inconvenience because you'll need to switch to your admin account if you want to install software or change your configuration, but if you ever download a virus, you'll be glad you're using a regular account.

15.

Only create one administrator account on your computer.

There's just not a need to have more than one.