Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Anti-Malware Suggestions

- - - - -

  • Please log in to reply
6 replies to this topic

#1
NoelC

NoelC

    Software Engineer

  • Member
  • PipPipPipPipPipPipPip
  • 1,826 posts
  • Joined 08-April 13
  • OS:Windows 8.1 x64
  • Country: Country Flag

People sometimes ask me, "what's the best strategy for avoiding viruses and malware?"

 

Here are the layers of protection *I* feel are important:

 

1.  Smart computing involving a user philosophy that keeps malware out.  This is primarily a matter of the user learning to be conscientious and just not do irresponsible things.  Develop an awareness that the software world is a dangerous place and have a willingness to do without some glitz and without running whatever you feel like on the moment without serious consideration, involving testing and taking precautions.

 

2.  Building an environment that will help not bring malware into the system.  Strategies not typically used or known, designed to help protect against accidental deviation from the philosophy of item 1.  This includes adopting a managed hosts file and/or DNS service for blocking access to parasite web servers that are apt to provide the worst of what's out there, choosing/configuring the browser not to be promiscuous, etc.

 

3.  Active protection - i.e., an active antivirus package.  Note that this is third because it is no more than a safety netvirtually never expected to be exercised - because of the effectiveness of items 1 and 2 above.  This protection MUST be low-impact, i.e., it should not cause things you do on the computer to be noticeably slower to run, nor should it detect legitimate software and cause you problems. 

 

4.  Regular scanning with both the active protection in item 3 and also a different product to see if anything has managed to creep through layers 1 through 3 above.  Again, if all is as expected, this should never find anything.  A different product is warranted because not every anti-malware maker has the same database of malware, it's a good idea to partner with more than one.

 

5.  Do regular backups to prepare for the eventuality of loss of data, just in case.

 

In particular, my choices for the above (and assuming Windows 10 is substantially as we see it in the preview releases) will be:

 

1.  Always being vigilant and exercising common sense.  Being willing to take the time to research and vet things before adopting their usage.  I read code if choosing to use open source software, and I test things in throwaway VMware virtual machines.

 

2.  Use of the MVPS hosts file, configuring my router to use OpenDNS, and using a reconfigured Internet Explorer set to avoid running ActiveX.  IE still has the best security model of all of them if you set the features properly.

 

3.  Windows Defender, as it seems quite efficient and also doesn't detect false positives.  That items 1 and 2 are almost completely effective means that this layer can be somewhat minimized.  Windows Defender is the only anti-malware software I'd suggest for active protection on the Win 10 pre-releases.

 

4.  The default scans Windows Defender sets up automatically, plus a daily scan by the well-regarded MalwareBytes Antimalware package.  I am also considering reducing the permissiveness of the Windows Firewall (another user here, and I'm sorry I forgot specifically whom, has recently posted a configuration that does this).

 

5.  I schedule nightly wbadmin commands to take regular system image snapshots.  I can restore such a backup to bare metal, or I can access the files within using a volume shadow copy access tool such as Z-VSSCopy.  Windows 10 is even restoring the Previous Versions feature (yay!) to help with this.

 

I have been following the above philosophy for decades, with some differences in the specifics, and I have yet to get even a single infection.  Going all the way back I have only ever had to install Windows once on each of my systems, have had virtually zero infections blocked by the safety net, and have never had a scan turn up anything (except for false positives, which was a problem when I used Avast antivirus).  I have used each setup for years without degradation.  In short, this works.

 

-Noel


Edited by NoelC, 21 March 2015 - 11:52 AM.



How to remove advertisement from MSFN

#2
KenJackson

KenJackson
  • Member
  • 3 posts
  • Joined 22-March 08

These all seem like good suggestions, especially smart computing and not doing irresponsible things.

 

But you didn't mention the best suggestion of all--use an operating system that doesn't beg to be infected.  That is, don't use Windows.

 

There are lots of enjoyable "distros" of Linux, many of which have been very friendly to novices for years.  You can compare and check them out at DistroWatch.

 

And of course Linux isn't alone.  There's  FreeBSD and it's distros, MacOS and maybe even Solaris.



#3
NoelC

NoelC

    Software Engineer

  • Member
  • PipPipPipPipPipPipPip
  • 1,826 posts
  • Joined 08-April 13
  • OS:Windows 8.1 x64
  • Country: Country Flag

Thanks, Ken.  Unfortunately the decision isn't just an easy arbitrary "okay, I'll do that instead" for a large chunk of Windows users.

 

There's nothing inherently more secure about Linux/Unix.  It's just that it's a relatively low-popularity OS that not many malware writers have chosen to target.  Thing is, Microsoft may be driving a lot of users to Linux in the very near future.  With increased popularity will come increased targeting and risk.

 

-Noel



#4
ptd163

ptd163

    Junior

  • Member
  • Pip
  • 52 posts
  • Joined 17-May 13
  • OS:Windows 7 x64
  • Country: Country Flag

Aside from the obvious tinfoil hat reponses, why use OpenDNS over Google Public DNS?


Edited by ptd163, 27 March 2015 - 01:30 PM.


#5
NoelC

NoelC

    Software Engineer

  • Member
  • PipPipPipPipPipPipPip
  • 1,826 posts
  • Joined 08-April 13
  • OS:Windows 8.1 x64
  • Country: Country Flag

There are bad (e.g., phishing) sites blacklisted from the OpenDNS lists, as I understand it.

 

You can read more at:  https://www.opendns.com

 

I don't know what you mean or are implying by "obvious tinfoil hat responses".

 

-Noel


Edited by NoelC, 27 March 2015 - 07:26 PM.


#6
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,206 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

I don't know what you mean or are implying by "obvious tinfoil hat responses".

I would guess something *like*:

http://www.infoworld...o-avoid-it.html

Free, at least, in the sense that they don't charge you for using their servers; but if you're not paying for the service, you are the product, of course.

 

 

jaclaz



#7
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,452 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag

People sometimes ask me, "what's the best strategy for avoiding viruses and malware?"

 

Here are the layers of protection *I* feel are important:

 

1.  Smart computing involving a user philosophy that keeps malware out.  This is primarily a matter of the user learning to be conscientious and just not do irresponsible things.  Develop an awareness that the software world is a dangerous place and have a willingness to do without some glitz and without running whatever you feel like on the moment without serious consideration, involving testing and taking precautions.

 

2.  Building an environment that will help not bring malware into the system.  Strategies not typically used or known, designed to help protect against accidental deviation from the philosophy of item 1.  This includes adopting a managed hosts file and/or DNS service for blocking access to parasite web servers that are apt to provide the worst of what's out there, choosing/configuring the browser not to be promiscuous, etc.

 

3.  Active protection - i.e., an active antivirus package.  Note that this is third because it is no more than a safety netvirtually never expected to be exercised - because of the effectiveness of items 1 and 2 above.  This protection MUST be low-impact, i.e., it should not cause things you do on the computer to be noticeably slower to run, nor should it detect legitimate software and cause you problems. 

 

4.  Regular scanning with both the active protection in item 3 and also a different product to see if anything has managed to creep through layers 1 through 3 above.  Again, if all is as expected, this should never find anything.  A different product is warranted because not every anti-malware maker has the same database of malware, it's a good idea to partner with more than one.

 

5.  Do regular backups to prepare for the eventuality of loss of data, just in case.

 

In particular, my choices for the above (and assuming Windows 10 is substantially as we see it in the preview releases) will be:

 

1.  Always being vigilant and exercising common sense.  Being willing to take the time to research and vet things before adopting their usage.  I read code if choosing to use open source software, and I test things in throwaway VMware virtual machines.

 

2.  Use of the MVPS hosts file, configuring my router to use OpenDNS, and using a reconfigured Internet Explorer set to avoid running ActiveX.  IE still has the best security model of all of them if you set the features properly.

 

3.  Windows Defender, as it seems quite efficient and also doesn't detect false positives.  That items 1 and 2 are almost completely effective means that this layer can be somewhat minimized.  Windows Defender is the only anti-malware software I'd suggest for active protection on the Win 10 pre-releases.

 

4.  The default scans Windows Defender sets up automatically, plus a daily scan by the well-regarded MalwareBytes Antimalware package.  I am also considering reducing the permissiveness of the Windows Firewall (another user here, and I'm sorry I forgot specifically whom, has recently posted a configuration that does this).

 

5.  I schedule nightly wbadmin commands to take regular system image snapshots.  I can restore such a backup to bare metal, or I can access the files within using a volume shadow copy access tool such as Z-VSSCopy.  Windows 10 is even restoring the Previous Versions feature (yay!) to help with this.

 

I have been following the above philosophy for decades, with some differences in the specifics, and I have yet to get even a single infection.  Going all the way back I have only ever had to install Windows once on each of my systems, have had virtually zero infections blocked by the safety net, and have never had a scan turn up anything (except for false positives, which was a problem when I used Avast antivirus).  I have used each setup for years without degradation.  In short, this works.

 

-Noel

 

Very sensible advice!

 

However, I would stress the importance of #3 over 1 and part of 2. IMX it's not really the case anymore that you can be safe from malware by avoiding or blacklisting specific dubious websites. Just a couple of nights ago I was at (of all things) a classical-music site when Norton advised me that it had blocked a Trojan attack. :o  I'm not sure that a hosts file would help in that case (I use the one put out by the Spybot folks.)

 

But setting yourself up to be protected from phishing sites (the other part of #2) is definitely a plus.

 

IIRC, using ad blockers might also protect the user from drive-by downloads on otherwise innocuous websites.

 

--JorgeA






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users