vissha Posted August 27, 2016 Share Posted August 27, 2016 10 Easy Ways To Prevent Malware Infection We told you how to tell if you’re infected with malware. We told you how to clean up the infection if you get it. How about how to stop the infection from happening in the first place? Yes, it’s possible to clean up an infected computer and fully remove malware from your system. But the damage from some forms of malware, like ransomware, cannot be undone. If they’ve encrypted your files and you haven’t backed them up, the jig is up. So your best defense is to beat the bad guys at their own game. While no single method is ever 100 percent fool-proof, there are some tried and true cybersecurity techniques for keeping malware infections at bay that, if put into practice, will shield you from most of the garbage of the Internet. Without further ado: Protect vulnerabilities One of the top delivery methods for malware today is by exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that’s an unprotected operating system, a software program that hasn’t been updated in months, or a browser whose security protocols aren’t up to snuff (we’re looking at you, Internet Explorer). Here are some ways you can protect against exploits and shield your vulnerabilities: 1. Update your operating system, browsers, and plugins. If there’s an update to your computer waiting in queue, don’t let it linger. Updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered. So while you leave those programs alone, cybercriminals can find their way in through the vulnerabilities. Bonus mobile phone tip: To protect against security flaws in mobile phones, be sure your mobile phone software is updated regularly. Don’t ignore those “New software update” pop-ups, even if your storage is full or your battery is low. 2. Enable click-to-play plugins. One of the more devious ways that exploit kits (EKs) are delivered to your computer is through malvertising, or malicious ads. You needn’t even click on the ad to become infected, and these malicious ads can live on prestigious, well-known sites. Besides keeping your software patched so that exploit kits can’t do their dirty work, you can help to block the exploit from ever being delivered by enabling click-to-play plugins. Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). The bulk of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will help keep the EKs at bay. 3. Remove software you don’t use (especially legacy programs). So, you’re still running Windows XP? Microsoft discontinued releasing software patches for this program in 2015. That means you’re wide open to exploit attack. Take a look at other legacy apps on your computer, such as Adobe Reader or older versions of media players. If you’re not using them, best to remove. Watch out for social engineering Another top method for infection is to scam users through social engineering. Whether that’s an email that looks like it’s coming from your bank, a tech support scam, or a fishy social media campaign, cybercriminals have gotten rather deft at tricking even tech-savvy surfers. By being aware of the following top tactics, you can fend off uninvited malware guests: 4. Read emails with an eagle eye. Check the sender’s address. Is it from the actual company he or she claims? Hover over links provided in the body of the email. Is the URL legit? Read the language of the email carefully. Are there weird line breaks? Awkwardly constructed sentences that sound foreign? And finally, know the typical methods of communication for important organizations. For example, the IRS will never contact you via email. When in doubt, call your healthcare, bank, or other potentially-spoofed organization directly. Bonus mobile phone tip: Cybercriminals love spoofing banks via SMS/text message or fake bank apps. Do not confirm personal data via text, especially social security numbers. Again, when in doubt, contact your bank directly. 5. Do not call fake tech support numbers. Ahhh, tech support scams. The bane of our existence. These often involve pop-ups from fake companies offering to help you with a malware infection. How do you know if they’re fake? A real security company would never market to you via pop-up saying they believe your computer is infected. They would especially not serve up a (bogus) 1-800 number and charge money to fix it. If you have security software that detects malware, it will show such a detection in your scan, and it will not encourage you to call and shell out money to remove the infection. That’s a scam trying to infect you. Don’t take the bait. 6. Do not believe the cold callers. On the flip side, there are those who may pick up the phone and try to bamboozle you the good old-fashioned way. Tech support scammers love to call up and pretend to be from Microsoft. They’ve detected an infection, they say. Don’t believe it. Others may claim to have found credit card fraud or a loan overdue. Ask questions if something feels sketchy. Does the person have info on you that seems outdated, such as old addresses or maiden names? Don’t confirm or update the info provided by these callers. Ask about where that person is calling from, if you can call back, and then hang up and check in with credit agencies, loan companies, and banks directly to be sure there isn’t a problem. Practice safe browsing There’s such a thing as good Internet hygiene. These are the things you should be doing to protect against external and internal threats, whether that’s losing your device, walking away from your computer, using public wifi, or shopping online. “While many of the threats you hear about on the news make it seem like there is no way to protect yourself online these days, the reality is that by following some basic tips and maintaining good habits while online, you will evade infection from over 95 percent of the attacks targeting you,” says Adam Kujawa, Head of Intelligence for Malwarebytes. “For that last 5 percent, read articles, keep up with what the actual security people are saying, and follow their advice to protect yourself.” So here are some of the basics to follow: 7. Use strong passwords and/or password managers. A strong password is long, is not written down anywhere, is changed often, and isn’t tied to easily found personal information, like a birthday. It’s also not repeated for different logins. Admittedly, that’s a tough cookie to swallow. If you don’t want to worry about remembering 5,462 different rotating passwords, you may want to look into a password manager, which collects, remembers, and encrypts passwords for your computer. 8. Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL. If it’s there, then that means the information passed between a website’s server and your browser remains private. In addition, the URL should read “https” and not just “http.” 9. Log out of websites after you’re done. Did you log into your healthcare provider’s site using your super-strong password? You could still be leaving yourself vulnerable if you don’t log out, especially if you’re using a public computer. It’s not enough to just close the browser tab or window. A person with enough technical prowess could access login information from session cookies and sign into a site as you. Layer your security Sometimes all the safe browsing and careful vigilance in the world can’t protect you from all threats. Sometimes you need a professional to catch all the poo that cybermonkeys are flinging. So to keep your machine clean, invest in security software and layer it up with the following: 10. Use firewall, antivirus, anti-malware, and anti-exploit technology. Your firewall and antivirus programs will detect and block the known bad guys. Meanwhile, your anti-malware and anti-exploit software can fend off sophisticated attacks from unknown agents, stopping malware infection in real time and shielding vulnerable programs from exploit attack. Security professionals agree a multi-layer approach—using not only multiple layers of security technology but also user awareness—helps keep you protected from the bad guys and your own mistakes. Now go forth and fight malware! Source Link to comment Share on other sites More sharing options...
straycat19 Posted August 27, 2016 Share Posted August 27, 2016 I find it truly amazing that in all the articles that have been published on how to avoid malware they always list multiple things you can do that in the end really don't protect you from any malware. I know people who have practiced these things but still managed to get some type of malware on their system despite their attempts at protecting their system. And in reality you can do ONE thing that will stop 99.9% (nothing is absolute) of all malware. That is to stop anything from running from the appdata folder using group policy. Below are a few Path Rules that are suggested you use to not only block the infections from running, but also to block attachments from being executed when opened in an e-mail client. Block executable in %AppData% Path: %AppData%\*.exe Security Level: Disallowed Description: Don't allow executables to run from %AppData%. Block executable in %LocalAppData% Path: %LocalAppData%\*.exe Security Level: Disallowed Description: Don't allow executables to run from %AppData%. Block executable in %AppData% Path: %AppData%\*\*.exe Security Level: Disallowed Description: Don't allow executables to run from immediate subfolders of %AppData%. Block executable in %LocalAppData% Path: %LocalAppData%\*\*.exe Security Level: Disallowed Description: Don't allow executables to run from immediate subfolders of %AppData%. Block executables run from archive attachments opened with WinRAR: Path: %LocalAppData%\Temp\Rar*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with WinRAR. Block executables run from archive attachments opened with 7zip: Path: %LocalAppData%\Temp\7z*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with 7zip. Block executables run from archive attachments opened with WinZip: Path: %LocalAppData%\Temp\wz*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with WinZip. Block executables run from archive attachments opened using Windows built-in Zip support: Path: %LocalAppData%\Temp\*.zip\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened using Windows built-in Zip support. Link to comment Share on other sites More sharing options...
Jordan Posted August 28, 2016 Share Posted August 28, 2016 6 hours ago, straycat19 said: .....That is to stop anything from running from the appdata folder using group policy. Below are a few Path Rules that are suggested you use to not only block the infections from running, but also to block attachments from being executed when opened in an e-mail client. Very interesting. A step-by-step would be great! For my part, i know how to do it, but there are users who can't confidently deal with the group policy Please create a detailed tutorial in the Guides & Tutorials Forum if possible Link to comment Share on other sites More sharing options...
davmil Posted August 28, 2016 Share Posted August 28, 2016 13 hours ago, jordan4x said: Very interesting. A step-by-step would be great! For my part, i know how to do it, but there are users who can't confidently deal with the group policy Please create a detailed tutorial in the Guides & Tutorials Forum if possible Suggestion seconded! :Yes please create when you get the time. Thank you in advance. Link to comment Share on other sites More sharing options...
stylemessiah Posted August 28, 2016 Share Posted August 28, 2016 20 hours ago, straycat19 said: I find it truly amazing that in all the articles that have been published on how to avoid malware they always list multiple things you can do that in the end really don't protect you from any malware. I know people who have practiced these things but still managed to get some type of malware on their system despite their attempts at protecting their system. And in reality you can do ONE thing that will stop 99.9% (nothing is absolute) of all malware. That is to stop anything from running from the appdata folder using group policy. Below are a few Path Rules that are suggested you use to not only block the infections from running, but also to block attachments from being executed when opened in an e-mail client. Block executable in %AppData% Path: %AppData%\*.exe Security Level: Disallowed Description: Don't allow executables to run from %AppData%. Block executable in %LocalAppData% Path: %LocalAppData%\*.exe Security Level: Disallowed Description: Don't allow executables to run from %AppData%. Block executable in %AppData% Path: %AppData%\*\*.exe Security Level: Disallowed Description: Don't allow executables to run from immediate subfolders of %AppData%. Block executable in %LocalAppData% Path: %LocalAppData%\*\*.exe Security Level: Disallowed Description: Don't allow executables to run from immediate subfolders of %AppData%. Block executables run from archive attachments opened with WinRAR: Path: %LocalAppData%\Temp\Rar*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with WinRAR. Block executables run from archive attachments opened with 7zip: Path: %LocalAppData%\Temp\7z*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with 7zip. Block executables run from archive attachments opened with WinZip: Path: %LocalAppData%\Temp\wz*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with WinZip. Block executables run from archive attachments opened using Windows built-in Zip support: Path: %LocalAppData%\Temp\*.zip\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened using Windows built-in Zip support. Just a little bit more to it than that, ive been using it for years, ive also posted on here about it in the past, including links to the original articles and downloads...lol, usually ive posted in response to the CryptoPrevent or VoodShield half ass software psuedo and paid solution threads Link to comment Share on other sites More sharing options...
Holmes Posted August 29, 2016 Share Posted August 29, 2016 The users that took this advice and got infected shouldnt be using a computer this advice is common sense. Link to comment Share on other sites More sharing options...
nIGHT Posted May 26, 2017 Share Posted May 26, 2017 Spoiler On 8/28/2016 at 3:21 AM, straycat19 said: I find it truly amazing that in all the articles that have been published on how to avoid malware they always list multiple things you can do that in the end really don't protect you from any malware. I know people who have practiced these things but still managed to get some type of malware on their system despite their attempts at protecting their system. And in reality you can do ONE thing that will stop 99.9% (nothing is absolute) of all malware. That is to stop anything from running from the appdata folder using group policy. Below are a few Path Rules that are suggested you use to not only block the infections from running, but also to block attachments from being executed when opened in an e-mail client. Block executable in %AppData% Path: %AppData%\*.exe Security Level: Disallowed Description: Don't allow executables to run from %AppData%. Block executable in %LocalAppData% Path: %LocalAppData%\*.exe Security Level: Disallowed Description: Don't allow executables to run from %AppData%. Block executable in %AppData% Path: %AppData%\*\*.exe Security Level: Disallowed Description: Don't allow executables to run from immediate subfolders of %AppData%. Block executable in %LocalAppData% Path: %LocalAppData%\*\*.exe Security Level: Disallowed Description: Don't allow executables to run from immediate subfolders of %AppData%. Block executables run from archive attachments opened with WinRAR: Path: %LocalAppData%\Temp\Rar*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with WinRAR. Block executables run from archive attachments opened with 7zip: Path: %LocalAppData%\Temp\7z*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with 7zip. Block executables run from archive attachments opened with WinZip: Path: %LocalAppData%\Temp\wz*\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened with WinZip. Block executables run from archive attachments opened using Windows built-in Zip support: Path: %LocalAppData%\Temp\*.zip\*.exe Security Level: Disallowed Description: Block executables run from archive attachments opened using Windows built-in Zip support. Spoiler On 8/29/2016 at 0:06 AM, stylemessiah said: Just a little bit more to it than that, ive been using it for years, ive also posted on here about it in the past, including links to the original articles and downloads...lol, usually ive posted in response to the CryptoPrevent or VoodShield half ass software psuedo and paid solution threads Spoiler On 8/26/2014 at 1:25 PM, stylemessiah said: Installed it and among the many questions ive had in the 1 minute ive been running it are: Where are the "group policies" it says it has applied? I looked where you would expect in Windows Group Policies...zero. so its using ita own arbritrary means to do this to my system...not usre i like that...why add another layer, and hide it from the user? Oh wait, so you can hopefully (going on the countless prompts ive had so far) con them into the "Premium" version... Then theres the message about disabling Windows Sidebar and Gadgets...well anyone who hadnt already disabled that when the security bulletin came down from MS 2 years ago is a fool...but what does that have to do with cryptolocker? Seems a bit of bs so far...uninstalled The best protection against viruses and malware is not an app, its a bit of fricking knowledge about how a PC and Os works, and not bone idle laziness....the "ill just install an app for that generation" is doomed. Heres how to stop programs from running from user appdata for the non-lazy, which will achieve the same as the above, without the prompts to go premium Warning: not for the lazy See here (im not into reposting others articles as mine): http://www.computerworld.com/s/article/9243537/Cryptolocker_How_to_avoid_getting_infected_and_what_to_do_if_you_are_?taxonomyId=125&pageNumber=1 The rules are on page 2, but you should read ALL 3 pages There are possible side effects with shortcuts for some programs and some common installers etc, but overall, its far safer and easier than some 3rd party program. If you do hit a side effect, and are the kind of person who wouldnt even consider looking at how to resolve it, thinking "its too much work" then this isnt for you. But shouldnt YOU really be aware of what and how installers etc run on your own PC?..... And if you take this approach, dont forget afterwards to open an elevated cmd prompt and do a gpupdate /force There, not so hard was it, that will cover almost all trojans/malware/crypto that use this location and its lax security from ever launching and causing havoc. No premium membership needed. This approach is what we used to use when i was looking after 40+ schools servers to keep things safe from kiddies tampering and downloading, and using Chrome (which used to (maybe still does, i refuse to acknowledge its existence, i hate it because its a data harvesting behemoth) run from here)...The kids thought they could install it to get around the filtering for porn and music and movies etc. Denied. Further recommend reading for adding additional rules and avoiding common installer, shortcut and other problems can be found here: http://community.spiceworks.com/topic/389016-need-help-with-gpo-to-block-exe-s-in-appdata-folder?page=1 A bit of effort and knowledge is a dangerous thing...to people who make fricking programs and want to charge you money for something you can achieve yourself if you arent lazy..... We could go into AppLocker on top of this to really lock things down, but thats for another day or you to google. Just for reference. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.