Windows has design issues…I have talked about it many many times. However it IS possible to have a malware free system. It’s really not that hard. You do need to change your behavior on how you operate your windows systems.
1. Have a security audit done if you’ve never had one done.
2. Don’t use IE. Unless you are technically savy just don’t. It’s the number one attack vector(via Activex).
3. Run Firefox or Google Chrome.
4. Don’t goto porn, warez, gambling..etc etc type sites. If it’s a red-light disctrict on land it’s the same in cyber-land. If you go to these places in cyber-land none of the above or below matter..you’ll be infected either immediately or very quickly. NO anti-anything will save you either.
5. Don’t buy into the anti-whatever $$$ trap. I haven’t run a/v on my systems in nearly a decade. We’ve had ONE system infection and it was my wife’s fault(by her own admission). If you are REQUIRED to run anti stuff get the cheapest you can find.
6. Never click a link in an e-mail until you check it. This can be a tricky subject. Hover your mouse(Don’t click any links) over the links and see if the address presented in the bottom bar matches the text of the link. If it doesn’t it’s a fake. Contact ECC for full details.
7. Remove admin rights from users. Self-explanatory.
8. Remove the ability for users to install ANYTHING. This can easily be done via group policy. (This and #7 are the 2 things you can do on a network to stop at least 90% of all malware infections)
9. Disable autorun. This nukes most infections from usb keys(flash drives, thumb drives..etc etc etc. Works great in conjunction with #8 and #7)
10. Ensure all systems are up to date with all security updates. Not just Windows and Office but every third party program on your systems. (This includes Acrobat, Flash, Java).