Home of the World Famous VIRUS BUSTERS
Download Antivirus Software
What to Do If You Have a Virus
Virus Filtering
Viruses Seen at U-M
Hoaxes, Hooey, and Hogwash
Urban Legends
U-M Resources
Other Resources
Contact Us
We Ain't 'Fraid O' No Virus!

Some Computer Security Recommendations

Recommendations

  1. Use secure passwords!

  2. Install antivirus software and keep it updated.

  3. Keep yourself up-to-date with Windows Updates.

  4. Install a personal firewall.

  5. Practice safe web browsing.

  6. Never accept unsolicited e-mail attachments.

  7. Do not click links in e-mail messages, particularly when the e-mail is unsolicited.

  8. Disable any open shares on your computer.

  9. Turn off scripting.

  10. Keep your e-mail program up-to-date and patched.

  11. Keep your web browser up-to-date and patched.

  12. Visit the Microsoft Security and Privacy page often.

  13. Keep your applications up-to-date and patched.

  14. Be cautious about the software you install and use.

  1. Consider disabling Windows Messaging.

  2. Use U-M's anti-spam tools.

  3. Avoid software that poses a security risk.

  4. Make and keep backups of your important files.

  5. Practice good physical security.

  6. Practice good wireless security.

FAQ

  1. My computer was infected. If I reformat it and install the necessary patches, can I be sure the infection won't come back?

  2. What happens if the infection does come back? Do I have to reformat again?

  3. Should I install a personal firewall?

  4. Anything I can do to test how secure my computer is?

  5. How do I get rid of adware and spyware?

  6. What's most important thing to fix?
This document is aimed at U-M folks, but I hope that others may find it useful.

NOTE: With the exception of VirusScan and Virex, the University does not support any of the tools mentioned here. But we have had good results recommending them to others. If you need assistance with software other than VirusScan and Virex, check the vendor web sites for FAQs, tech support, user forums, etc.

A glossary of security terms may be found at Rob Slade's Glossary of Communications, Computer, Data, and Information Security Terms; for more information about any particular topic, one can use a search engine like Google.com.

NOTE: The more of these recommendations you implement, the more secure against attack your computer will be. But there are tradeoffs; more on that alater.

The best way to protect yourself is to apply Richards' Laws Of Computer Security (ca. 1992):

Rule 1: Don't buy a computer.
Rule 2: If you do buy a computer, don't turn it on.

I suspect most of us aren't up for that solution. ;-(

But if you implement the recommendations below, your machine will be a lot more difficult to attack.

1. Use secure passwords!

On your Windows computer...

If you use WinNT, 2000, or XP, then don't shoot yourself in the foot by choosing an insecure password. Your uniqname, your dog's name, and your birthday ARE NOT SECURE. Some suggestions for how to select a good password can be found in Choosing and Changing a Secure UMICH Password (R1162).

Be particularly careful to select a strong password for the Administrator account ... and for any other accounts that have Administrator privileges. Usually, there is no need for more than one account with Administrator privileges, so consider deleting any others. Moreover, it is a good idea to check for any accounts (users) that you don't recognize -- see Corollary 2 below.

Can't think of a good random password? You can find password generators on the 'Net; here's the URL for WinGuide.com's: Secure Password Generator page. I neither recommend nor disparage this particular tool; I just found it with a quick search on "secure password" at Google.com, and it seems to work ok.

Don't wait to choose a more secure password. Do it before you connect to the Internet again. If you're on the Internet now, disconnect from it and fix it, NOW: we've seen lots of cases where a machine gets infected immediately after connecting to the 'Net, sad to say. And by immediately, I mean "within mere minutes." The Black Hats are scanning incessantly for new, unprotected targets.

Corollary 1: If you use Windows NT, 2000, or XP, do NOT use the "Administrator" account—or accounts with administrator privileges—for normal use. Instead, create a user account that does not have administrator rights, and use that account whenever possible.

Corollary 2: If your machine gets hacked, the Black Hats can set up new accounts so that they can sneak back in later, gaining administrator privileges without using the "Administrator" account. Therefore, if you find an account on your computer that you do not expect to be there, consider deleting it or at least changing its password. Also, disable accounts like Guest, etc., and make sure that they remain disabled after installing or updating software.

For information on changing passwords, creating users and setting privileges, click on a blank spot on your Desktop, and press <F1> to enter Windows Help.

On your Macintosh computer...

Choose a good password for your user account, especially if you have administrator privileges for your computer.

When using U-M services...

Select a good UMICH Kerberos password to use with your uniqname when logging into U-M computing services and online resources—and never tell your password to anyone else. See Choosing and Changing a Secure UMICH Password (R1162) for details.

And on the Internet...

Whenever you are asked to create a password for a site on the web, choose it with care and keep it secret.

2. Install antivirus software and keep it updated.

Have antivirus software installed and updated automatically (as U-M's release of VirusScan is). In fact, consider installing before you connect to the Internet, and then as the *first* thing you do after connecting, update your antivirus software.

Details for U-M Windows users:

Before you even install antivirus software, make sure that your computer is free of some particularly nasty viruses by using NAI's free Stinger tool (for Windows only). Stinger handles only about 40 of the 91,000+ viruses out there, and it only can detect and remove, not protect. But using it first can make installing regular antivirus software (which CAN protect) a whole lot easier—in fact, it can make it possible to install such software, while not using it would make installation very difficult, if not actually impossible.

Although the Stinger page doesn't mention this, I recommend that you run Stinger after booting in Safe Mode. If you don't know how to boot in Safe Mode, again you can use a search engine like Google.com to get information (the procedure varies based on the version of Windows in use). Also, if you use WinME or WinXP, be sure to disable System Restore before running Stinger; directions are on the Stinger page.

Install VirusScan without connecting to the Internet by downloading VirusScan from <http://virusbusters.itcs.umich.edu/vsdl.html>, using a computer known to be virus-free—obviously, this is unlikely to be your computer. Since VirusScan is too large to fit on a diskette, you'll have to put it on removable media of some sort—a zipdisk or a keychain hard drive, say.

  • Download VirusScan 8.

  • After downloading, take VirusScan to your computer and launch the installer.

  • In an emergency, you can get VirusScan from the Blue Disc CD (browse the disc and look in the Antivirus folder). In general, though, it is best to download VirusScan so you get the latest version.

Then, after installing VirusScan 8, connect to the Internet, IMMEDIATELY right-click on the VirusScan icon in the System Tray and select <Update Now>.

Details for U-M Macintosh users:

There are currently only a couple of viruses that target Macintosh OS X computers. Nonetheless, the University provides Sophos Anti-Virus for Macintosh computers, and we recommend that you install it as a precaution. [There are a bunch of Word and Excel viruses that still work under OS X, of course.]

3. Keep yourself up-to-date with Windows Updates.

Use the Windows Update item on the Start menu and wait for Internet Explorer to connect to Microsoft's Windows Update site, or connect directly to the site at this URL: http://windowsupdate.microsoft.com/. Follow the instructions there.

Check for new updates frequently, or, better yet, set your computer to check automatically (see Microsoft's Updating your computer: Frequently asked questions page for details).

NOTE: Some U-M units have their own update servers and security processes; always follow the recommendations of your local IT staff.

4. Install a personal firewall.

For Windows

You might, for example, install Zonelab's free ZoneAlarm personal firewall—or some other personal firewall—and choose wise rules for it—and perhaps subscribe to a "security alert" mailing list that the firewall vendor might have to keep yourself apprised of any updates (for security flaws that might have been discovered, in particular).

[Note: Firewalls can be tricky to configure correctly, particularly if you're not a firewall guru. You MUST choose rules carefully: you must block threats, not allow them through ... or something may bite you. The problem is, though, how do you know what can be a threat, and what is not? Not an easy question to answer. So if in doubt, contact the firewall vendor's tech support, and ASK.]

Unless a firewall is configured to block threats, it is useless. One really has to do some work here, to make certain it is configured wisely.

If you use Windows XP and you are the administrator of your own machine, you may want to consider the firewall that comes with XP. But the firewall that is part of XP's SP2 (Service Pack 2) is a lot better choice. So if you have an old version of XP and you have not yet installed SP2, do so now!

Of course, if you have a firewall that does NOT come from Microsoft, you may want to stick with that ... but if you have no firewall at all, the SP2 version has some serious improvements over the built-in firewall already available in XP. And in conjunction with VirusScan 8.x, the SP2 firewall seems "good enough" most of time, for most people.

For Macintosh

Mac OS X includes firewall software you can use to block unwanted network communication with your computer. For details, search the Macintosh Help on your computer for "firewall."

5. Practice safe web browsing.

Try to browse to only to reputable web sites—unfortunately, this is not always easy to know in advance. A few tips, though:

  • Never click on links in unsolicited email, even if the email appears to be from someone you know and trust.

  • If you know and trust the apparent sender, then contact the sender and ask where the link points. It is ok to ask by email, but ALSO ask by some non-computer method (in person; by phone).

  • If you feel you MUST click on such a link, then try to wait one to two business days. That way, if the link points to something nasty, you have a better chance that updated antivirus software will protect you.

  • URLs can be forged -- that is, what you see as the link on-screen may actually point elsewhere. So even if you trust the link that you see, it is prudent not to click on the link. Instead, type that URL into your browser by hand. If you are very careful, you could try copying and pasting ... but if you click on the link by accident, and it's aforged link, BAM! They've got you.

  • U-M URLs ought to be safe—but should one turn out to be otherwise, at least you have some recourse: if intentional, via the IT User Advocate (abuse@umich.edu); if inadvertent, then by notifying the victim and the victim's sysadmins.

  • Browse to hacker sites, porn sites, URLs recommended in spam messages, and so on only at your peril.

  • On the other hand, sites like the New York Times, Google and Microsoft are likely to be safe. But remember that Amazon got hacked a while back, so "reputability" and "safety" are not necessarily correlated.

  • If the URL has an @ symbol in it, be very careful about browsing to it; the stuff before the @ has nothing to do with the URL you would visit were you to open that link. [This is known as an "obfuscated URL."] Same goes for URLs containing %40. You can find more info on this at pc-help.org's How to Obscure Any URL site.

  • Similarly, if the URL has non-text stuff—in particular, a % symbol followed by digits 0-9 or the letters A-F—proceed with caution. For example, believe it or not, 
    http://www.obfuscated_url.com@2379452608/
%7e%76%69%72%75%73%2D%62%75%73%74e%72%73

    resolves to the U-M Virus Busters home page, not to the fictitious "obfuscated_url.com" domain. [Copy it and paste it into your browser if you want to see for yourself.]

6. Never accept unsolicited e-mail attachments.

NEVER ACCEPT UNSOLICITED ATTACHMENTS, even from those you know and trust—or, perhaps, *appearing* to be from them.

Instead, e-mail back, asking, "Hey, what exactly was that e-mail you sent me?" No virus will be able to intercept that and generate an answer sufficiently detailed to fool you. Either you get a reply that you feel you can trust and you then open the attachment, or you know it was a hostile action on the part of some malware or unknown hacker and you delete the attachment.

Better yet, phone or speak directly to the apparent sender; then you will know for certain that a virus is not replying to your query!

And if you don't recognize the sender, consider just deleting the message and attachment.

Corollary 1: Discourage sending e-mail attachments, and don't send them yourself unless absolutely necessary. It's a lot safer to copy-and-paste text into e-mail than to use attachments. Yes, sometimes text-only is inappropriate (for example, with a formatted resume), but even then you can avoid sending it as an attachment. Instead, put it on the web and send the URL to the document instead, or put it on your LAN, or send it via CD-ROM. In all of these cases, the recipient should be expecting the document, not getting it unsolicited.

And if you MUST send it as an attachment, try to use the RTF (Rich Text Format) document format. It's not completely safe, but it is a lot better than Word's .DOC or Excel's .XLS formats.

Corollary 2: If your job requires that you open unsolicited attachments—say, if you must accept job resumes—then wait at least 24 business hours after receiving an unsolicited attachment before you open it; this gives antivirus software a chance to "catch up." Note that you should still contact (by means other than e-mail alone) the sender to make sure s/he sent the message and attachment, but Corollary 2 will give you additional protection.

Also, if possible, don't open a suspect document with its native application. Instead, open Word documents with WordPad or Microsoft's free Word Viewer; similarly, open Excel and PowerPoint docs with Excel Viewer and PowerPoint Viewer programs.

7. Do not click links in e-mail messages, particularly when the e-mail is unsolicited.

Here are the main issues:

Phishing and E-Mail Links

Phishing scammers will try to steal your money and identity. This usually starts when they send e-mail to the intended victims saying that account information is needed for some financial institution—eBay, PayPal, Citibank, etc. You are then directed to visit URLs that appear to be legitimate, containing forms for entry of password, account information, social security or credit card numbers, etc. But when the victim clicks the Submit button, the phisher's web site hijacks the data instead of sending it to the financial institution. This is a Very Bad Thing.

To defend against these scams, always visit the financial institution's web site directly, by opening a browser window and contacting their web site by typing their URL in the addressbar, or search for their address via Google. While there, check out their fraud information. With any luck, you'll find information about how to report this phishing attempt, so that others are not injured.

Also, you will find ways to contact the financial institution's customer service department; please do so if you think the e-mail might be genuine. Bet you it isn't!

If you still think, after reading about fraud and calling customer service, that this e-mail you received is valid, and you feel that you absolutely must check out the link, do not click on the link! Instead, copy and paste it into your browser. Probably the page will not even exist which, I hope, finally will convince you that the whole thing is fraudulent.

Reporting phishing. If you want to do something about phishing, you can report the e-mail to the proper authorities:

  • First, that includes the financial institution upon whose customers the phishing attempt is aimed; see above for how to determine who should be notified.

  • If you want to be more thorough, you may attempt to notify both the ISP of the victim whose computer is sending the phishing email, and the ISP of the victim whose computer is hosting the phishing URL.

  • Details about this are beyond the scope of this document, but at the very least you'll need to know how to view and send full e-mail headers.

  • You'll also need to know how to understand these headers; see, for example, STOPSPAM.ORG's Reading Email Headers page.

  • You may also find useful information at the links immediately following:

For more information on phishing, see, for example, U-M's IT User Advocate's Phishing page, the FTC's How Not to Get Hooked by a 'Phishing' Scam page, and the Anti-Phishing Working Group's site.

To test your knowledge of how not to be scammed by phishing, see The SonicWALL Phishing IQ Test.

Browser Vulnerabilities and E-Mail Links

Some viruses take advantage of security holes in Internet Explorer (or, much more rarely, in other browsers) to do something nasty. See, for example, News.com's New MyDoom draws on IE flaw to spread article.

To protect against these flaws, make sure to install security patches for your browser as soon as they are available. If you use Internet Explorer, see the Windows Update section of this document; if you use other browsers, check regularly with those vendors.

Keeping your antivirus software current is mandatory—it will help to protect you from these flaws, and from yourself.

If you feel you must click a dangerous link, then

  • As with unsolicited e-mail attachments, waiting at least 24 business hours before you do so will give you an extra margin of safety.

  • Also, using a "safe browser" will help. Many people find Firefox safer to use than Internet Explorer. One safe option is to use a text-only browser. The most well known of these is the free Lynx browser. (See Browsing the World Wide Web With Lynx (S4176).) No graphics, but also no dangerous active content. And at least some sort of web-like interface.

  • Finally, if you're a computer geek—in which case you probably already know this -- and you have no other way to access a URL, you can use telnet. For example, to see the text of this page, you could do this from the command prompt:
    telnet virusbusters.itcs.umich.edu 80 <Enter>
    GET/security_recommendations.html <Enter>

    Note that using telnet this way has no web-like interface. Just plain old text, the raw source of the URL. But then again, since you're geek, you already knew that. And you also know better than to be fooled by scams in unsolicited e-mails....

But, in general, don't click those links!

8. Disable any open shares on your computer.

If you must share, set the sharing up with a username and password, and restrict access only to the folders you want to share, not your whole hard drive. Give read access *only,* unless you actually WANT to allow others to be able to CHANGE data on your computer in that shared folder.

9. Turn off scripting.

In particular, disable Windows Scripting Host. See, for example, Sophos's How to disable Windows Scripting Host page.

10. Keep your e-mail program up-to-date and patched.

Whatever e-mail program you use, be sure to install any patches released by the vendor (e.g., updates to Outlook and Outlook Express from Microsoft). In general, it is best to use the most recent version of your e-mail program, because it is most likely to have the most up-to-date security features. If you must Outlook or Outlook Express, make sure that the <Preview> and <AutoPreview> options are disabled. [This is directly under the View menu in Outlook; in Outlook Express, it's under View/Layout.] Also, Outlook (and other e-mailers) are a lot safer if you disable HTML. This has its drawbacks, of course—you have to decide whether you want to have color and italics, or safety.

You might want to consider alternatives to Outlook and Outlook Express. Not only has time proven again and again that they are insecure, but the Black Hats target them because they are so common (since they come with Windows and Office).

And if you're not going to use Outlook or Outlook Express (or Internet Explorer), you may well want to uninstall them: if something is not even there, then it can't be used to compromised your machine. But note that if you uninstall Outlook Express, you'll probably disable Outlook as well. So be sure that you don't want to use both before you disable either.

11. Keep your web browser up-to-date and patched.

Whatever web browser you use (Internet Explorer, Firefox, Safari, or something else), keep it up-to-date and patched. It is generally best to use the most current version of your web browser so that you have the latest security features.

12. If you use windows, visit the Microsoft Security and Privacy page often.

Visit the Microsoft Security and Privacy home page.

Mac users: Mac OS X users are automatically notified by Software Update when updates are available for their Macintosh software. We recommend that you install all updates.

13. Keep your applications up-to-date and patched.

If you use Microsoft Office products, visit Microsoft's Office Product Updates page. Many software products today are set to automatically check for updates from time to time and to alert you when those updates are available. We recommend that install these updates to keep your software up-to-date with the latest security features.

14. Be cautious about the software you install and use.

Be cautious in what software you use. For example, there are security vulnerabilities in many products, and some products have functionality that can be used by hackers (for example, mIRC, KaZaA, and so on). In particular, if you use a particular piece of software, make sure to keep it patched so that it is secure.

Similarly, be wary of software from unknown or untrustworthy sources. If your "friend" e-mails something to you, be particularly cautious—perhaps your friend didn't mail it; it might have been sent by a virus.

Again, as I said before in Recommendation 6—but it bears repeating here in particular:

NEVER ACCEPT UNSOLICITED ATTACHMENTS, not even when they appear to be from someone you know and trust. Instead, download directly from the vendor—and even if the vendor appears reputable, do some research on it first!

This goes for attachments of all sorts: applications, Office documents, *anything.* Malware can disguise itself as something apparently innocent, so don't take any chances.

How can you decide if a particular software package is secure? One technique is to search the web, for example, search at Google for "KaZaA security vulnerability" and see if you get a lot of hits. Of course, the web doesn't have peer review, so you have to exercise caution here. But you could check security pages like antivirus vendor web sites, or www.securityfocus.com and www.sans.org.

15. Consider disabling Windows Messaging.

You may want to disable Windows Messaging. This is something that you do not need, unless your machine has a system administrator. And if you think your computer is protected, and all of a sudden a strange message pops up on your screen, it can be rather a shock. [Trust me: I know this from personal experience.] No real damage, but why give the spammers an opportunity to pester you?

Information on disabling Windows Messaging is available at Hervi Schauer Consultants Minimization of network services on Windows systems page.

16. Use U-M's anti-spam tools.

We recommend that you use U-M's anti-spam tools:

While we're on the topic of SPAM, you might want to have a look at our anti-spam page and the IT User Advocate's CAN THE spam! page

17. Avoid software that poses a security risk.

Oh, yes: Various services pose security risks. For example: servers for ftp, telnet, and the Web (for example, IIS); ICQ, instant messaging, SQL servers, RPC/DCOM, and peer-to-peer networks (for example, KaZaA, Gnutella, Morpheus) have had flaws that can be exploited. Often, these services are installed in Windows by default (IIS) or when you install other software. These are things that you probably don't need, but that are potential security risks. Consider uninstalling the parts you don't need, ideally making sure that the critical server file is not only disabled, but also deleted.

[If you NEED, say, an ftp server, fine: Install it and make sure you keep it patched, and permit it properly: see Recommendation 7 on shares. But if you only need, say, an ftp client, make sure that the ftp server component, if any, is not installed—and that the server file itself is deleted.]

REMEMBER: Each service you install that allows your computer to interact with other computers carries some degree of risk.

If you know your computer has been compromised, it's all the more important to consider carefully whether you need these services. And it may well be worth uninstalling all such services and reinstalling in this case, since the Black Hats may have compromised these—so that they can break in more easily next time they "visit."

18. Make and keep backups of your important files.

Part of good security is keeping backups of your important files. Multiple backups. This topic is a document in itself, but I'll point out that nowadays one can back up not only to diskettes, external hard drives, and tapes, but also to CD ROM and DVD.

A good place to start for learning about backups is Question D10 of the VIRUS-L FAQ.

BACKUPS ARE INEXPENSIVE. Data recovery, on the other hand, is very expensive. Make backups often, and check the backups to make sure that they are reliable!

19. Practice good physical security.

Do you know who else is using your computer? If so, do you know what they are doing with it? If your roommate puts an infected Word document on your computer, you may get infected. And of course if an attacker has actual physical access to your computer, you're in real trouble.

20. Practice good wireless security.

if you own a wireless router, you need to secure it so that it can't be hijacked—in short, others can steal your bandwidth (so your connection to the 'Net is slowed) hack into your computer and use it to spread pirated software and porn, send spam, and other nasty things. Making it totally secure is beyond the scope of this document, but you can take a few easy steps to make it a lot more secure: find some good

  • Change the Service Set Identifier (SSID).

  • Disable SSID broadcasting.

  • Disable DNS and use static IPs.

  • Enable encryption—preferably WPA, but use 128-bit WEP if you can't use WPA.

  • Use the built-in firewall capabilities of your wireless router—most have these features nowadays.

  • Change the default administrator password for your router.

  • Tell the router which MACs (Machine Access Codes) the computers on your wireless network have, and allow access only to those MACs.

You can find more detailed info on wireless security at many places: About.com has a good introduction, Que Publishing's Securing Your Wireless Network has a bit more detail, and your wireless router vendor probably has information about the capabilities of your particular router.

And if you want to be extra careful, you can do as I do and tighten up your browser: disable all active content (ActiveX, JavaScript, Java). I also disable stored cookies, set all security zones to High (I actually set them to Custom, which is even more conservative, with the choices I select), but, hey, I'm a security person, and I deal with nasty stuff every day. So the settings I choose may be more draconian than most people need.

Security FAQ

My computer was infected. If I reformat it and install the necessary patches, can I be sure "this thing" won't come back?

Well, that's a tough question.

  1. First, usually one doesn't need to reformat, particularly if "this thing" is a virus, Trojan, or other "malware." Instead, we can almost always repair the damage.

  2. If a hacker, instead of malware, is at fault, then it is more difficult to tell if your system is compromised. In that case a reformat&151;or at least a reinstall of Windows—may be prudent ... and sometimes required.

And to answer the original question:

No, it will be *possible*, but a lot more difficult. Even more difficult if you follow the other suggestions in this document.

What happens if the infection does come back? Do I have to reformat again?

That's up to your system administrator, but they might well request that. Of course, if you administer your machine, you may have to make this painful decision yourself. But again, a reformat usually isn't necessary.

Should I install a personal firewall?

If used wisely, definitely. But see Recommendation 4.

[Also: if you use a personal firewall, it helps to understand what constitutes an attack and what is just "background noise." For more details on this, see the FAQ or helpfile for the firewall you use.

Anything I can do to test how secure my computer is?

Nothing's perfect, but here is something you can consider:

Gibson Research Corporation's free "Shields Up!" utility is a very good way to check for general security. Also, see GRC's home page.

How do I get rid of adware and spyware?

U-M began including the McAfee Anti-Spyware module with VirusScan in fall 2006. We recommend that you use this module to protect your Windows computer from adware and spyware.

If you are not a member of the U-M community (and therefore not included in our license for the Anti-Spyware module), you might want to consider the tools listed below. NOTE: We do not support any of the tools suggested below. We do recommend them, though, and we have had good reports from those who have used them. But if you have questions or need assistance with these tools, please do not ask us: we don't know the answer. Instead, use the online support forums that these tools have; links are included with each tool below..

One good tool -- and it's free -- is "Spybot - Search & Destroy" at Spybot - S&D. See also their online support, including forums.

Other anti-adware/spyware products are available; Windows Defender comes as part of Vista. You might want to look into Ad-Aware; download it from LavaSoft. [Current releases of Ad-Aware claim to be able to remove the KaZaA-installed BDE; I haven't tested, but I suspect that their assertion is true.] Ad-Aware comes in several versions; I suggest you try the free one first. See also their online support forums.

If you have a problem with Adware/Spyware, I suggest you try Spybot - Search & Destroy first, then try Ad-Aware. This "one-two" punch seems to handle most of this sort of malware.

Some other good, free tools are CWShredder and Hijack This—you may need to scroll down the page a bit to find HijackThis. See also the CWShredder support forum, and the Hijack This support forum.

Using all of them together—current versions, of course—is almost always a knockout blow against against Adware and Spyware, particularly if you run them while booted into Safe Mode. I suggest you use SpyBot S&D first, then Ad-Aware, then CWShredder, and then finally HijackThis, all in the same Safe Mode session.

Of course detection/removal is only part of the equation; as with antivirus software, *prevention* is even better. If you don't get infested with Adware or Spyware in the first place, there is no need to remove it. As as of release 1.3 of SpyBot S&D (May 2004) has a process (called "TeaTimer") that can prevent attacks from known Adware and Spyware and, of course, it is free. Ad-Aware and Pest Patrol (see below) have similar capabilities, but only in their for-fee versions.

Another anti-adware/spyware tool is Pest Patrol, which has an evaluation version (can detect, but not remove) as well as "full featured" versions that can remove whatever it finds as well. So you probably want to use the other anti-spyware and antivirus tools first, but perhaps Pest Patrol (evaluation version) might be useful for giving you a second opinion on whether your computer deserves a clean bill of health.

For more info on spyware, see, for example, Gibson Research Corporation's Internet Spyware Detection and Removal page.

What's most important thing to fix?

The SANS/FBI SANS Top-20 Internet Security Attack Targets page lists the most common security attack targets, TODAY. Tomorrow, some of those threats may be different, so it's not a bad idea to check back from time to time.

Another site that may be useful is the NSA Security Configurations Guides site.

Remember: it's a tradeoff between security and usability. If one is going to use the computer at all, one must make choices—and those choices will force one to make compromises. I'm not suggesting that you should drop everything and become a security professional—nor that you should be afraid to use your computer. But it is a jungle out there, and "survival of the fittest" is a good thing to keep in mind.

I hope this helps!

Stay malware-free.

If you'd like to pass this information along to others, I suggest that you provide a pointer to this URL (http://virusbusters.itcs.umich.edu/security_recommendations.html)

For virus or hoax info, please see our main page (http://virusbusters.itcs.umich.edu/) or go to another reputable site, like The Urban Legends Reference Pages.

 

by Bruce P. Burrell (bpb@umich.edu)
for the U-M Virus Busters (virus.busters@umich.edu)

U-M Virus Busters

virus.busters@umich.edu

ITCS | University of Michigan
Copyright © 1996-2008 The Regents of The University of Michigan

visits since this site was redesigned 5/21/04

This page last updated March 01, 2009