Windows has design issues…I have talked about it many many times. However it IS possible to have a malware free system. It’s really not that hard. You do need to change your behavior on how you operate your windows systems.
1. Have a security audit done if you’ve never had one done.
2. Do NOT depend on the windows firewall. If you don’t have at least a router or if you aren’t sure who have one Contact ECC for details.
3. Don’t use IE. Unless you are technically savy just don’t. It’s the number one attack vector(via Activex).
4. Run Firefox or Google Chrome. If you are not sure which one to use contact ECC.
5. Don’t goto porn, warez, gambling..etc etc type sites. If it’s a red-light disctrict on land it’s the same in cyber-land. If you go to these places in cyber-land none of the above or below matter..you’ll be infected either immediately or very quickly. NO anti-anything will save you either.
6. Don’t buy into the anti-whatever $$$ trap. I haven’t run a/v on my systems in nearly a decade. We’ve had ONE system infection and it was my wife’s fault(by her own admission). If you are REQUIRED to run anti stuff get the cheapest you can find. If you have access to sensitive information then not only run anti-malware but a good UTM to scan everything before it even gets to your system is a must. Contact ECC for details.
7. Never click a link in an e-mail . This can be a tricky subject. Hover your mouse(Don’t click any links) over the links and see if the address presented in the bottom bar matches the text of the link. If it doesn’t it’s a fake. Contact ECC for full details.
8. Remove admin rights from users. Self-explanatory.
9. Remove the ability for users to install ANYTHING. This can easily be done via group policy. (This and #7 are the 2 things you can do on a network to stop at least 90% of all malware infections)
10. Disable autorun. This nukes most infections from usb keys(flash drives, thumb drives..etc etc etc. Works great in conjunction with #8 and #7)
11. Ensure all systems are up to date with all security updates. Not just Windows and Office but every third party program on your systems. (This includes Acrobat, Flash, Java).
12. Remove old versions of Java. When you install a new version of Java the old one is NOT removed. This means the old security problems are still able to be used by malicious sites.
13. if you are informed of a possible infection or you suspect an infection please remember that you CANNOT reliably clean an infected macine from inside the infected operating system. Use the offline system sweeper from microsoft. Make sure you perform these steps from another clean machine. This is a program tht will download the latest a/v files and burn them to a CD or usb stick. Boot to this and run the scan..it is the only way to be sure your machine is clean. Every day you have to use this you have to re-run the program that builds the disk due to updates so ECC recommends the USB stick option.
4 Trackbacks / Pingbacks for this entry:
[...] The Basics on NOT Getting Infected [...]
[...] The Basics on NOT Getting Infected [...]
[...] scanning works until it breaks stuff the correctly sees the man in the middle the proxy does. using the basics of not getting infected I've reduced my infections(and my clients who follow ALL of these suggestions) to zero(astaro is [...]
[...] no fan of a'v on servers….ever. Also if you follow my basics on not getting infected you can reduce or eliminate the need for desktop a/v as well. YMMV however. Since ms security [...]