Windows has design issues…I have talked about it many many times. However it IS possible to have a malware free system. It’s really not that hard. You do need to change your behavior on how you operate your windows systems.
1. Have a security audit done if you’ve never had one done.
2. Do NOT depend on the windows firewall. If you don’t have at least a router or if you aren’t sure who have one Contact ECC for details.
4. Don’t goto porn, warez, gambling..etc etc type sites. If it’s a red-light disctrict on land it’s the same in cyber-land. If you go to these places in cyber-land none of the above or below matter..you’ll be infected either immediately or very quickly. NO anti-anything will save you either.
5. If you have access to sensitive information then not only run anti-malware but a good UTM to scan everything before it even gets to your system is a must. If you are a home user or a business with less than 10 computers the Miccrosoft Security Essentials is a good, free product with automatic updates and no upselling tactics. Contact ECC for details.
6. Never click a link in an e-mail . This can be a tricky subject. Hover your mouse(Don’t click any links) over the links and see if the address presented in the bottom bar matches the text of the link. If it doesn’t it’s a fake. Contact ECC for full details.
7. Remove admin rights from users. Self-explanatory.
8. Remove the ability for users to install ANYTHING. This can easily be done via group policy. (This and #7 are the 2 things you can do on a network to stop at least 90% of all malware infections)
9. Disable autorun. This nukes most infections from usb keys(flash drives, thumb drives..etc etc etc. Works great in conjunction with #8 and #7)
10. Ensure all systems are up to date with all security updates. Not just Windows and Office but every third party program on your systems. (This includes Acrobat, Flash, Java).
11. If something you are installing wants to install something else as well as what you asked for…STOP THE SETUP PROCESS IMMEDIATELY and contact ECC
12. If you installed it you must keep it updated
13. If you don’t use it or don’t know what it is uninstall it at once. Old software is another target for malware entry into your system.
14. If you are informed of a possible infection or you suspect an infection please remember that you CANNOT reliably clean an infected machine from inside the infected operating system. Use the offline system sweeper from Microsoft Make sure you perform these steps from another clean machine. This is a program that will download the latest a/v files and burn them to a CD or usb stick. Boot to this and run the scan..it is the only way to be sure your machine is clean. Every day you have to use this you have to re-run the program that builds the disk due to updates so ECC recommends the USB stick option. After the scan is completed boot back into windows. if it still acts weird the only reliable way to clean the machine is to boot to a rescue disk..copy your information to another drive and reformat and reload from scratch.