Suggested best practices for security

My thesis: If all your software is up to date you are 99% there!

A friend of mine recently got infected for the 1st time in his life. He never thought it could happen to him & he got complacent. Had not updated flash when prompted, nor Java.

Pretty sure that's how he got hit, but can only guess, as in the middle of trying to fix his system he dropped his laptop hard drive & that was the end of it, so no idea what was actually on it (Malware wise).

He had an older Acronis backup to work from, and had a current backup of his data, so he just had a few days of aggravation.

If my system is visible on the Internet, it still doesn't mean that anyone can just 'come in' my system & take what they want.

Now if you are running P2P software (and have it not configured properly - which happens all the time) you may be sharing more then you bargained for

But again, most trouble arises because users are not up to date with their software patches.

For the rest people should do whatever they feel comfortable with...

 

Pretty comprehensive reading: http://www.bleepingcomputer.com/forums/topic2520.html

 

Let me add couple of things.
Those would be rules you can't break no matter what.

1. "If all your software is up to date you are 99% there!" - that's the basic; if you're not there, you'll get hit sooner, or later.

Then....
...most infections comes from 3 sources, listed below not in particular order...

2. Visiting websites (WOT will give you pretty good warnings; if WOT doesn't want you to go there, do NOT; also some browsers, like Firefox will give you a warning, if the site has been compromised; I don't know about IE - not using it)

3. Downloads, especially torrents and other P2P programs.
You may know my point of view from some of my postings in malware forum - I'm not your censor, so if you "must" download, make sure you scan EVERY single file before even touching it; your AV program should warn you automatically, if the file is bad - do NOT trust that feature, scan the file again.
NOTE. I scan all downloaded files, even, if they come from trusted sources (what will happen, if that "safe" site has been just hacked and we don't know about it yet?)

4. Email
Never, ever believe, that particular mail came from your "mama ", even, if it clearly shows her email address.
Especially, if some links, or attachments are involved.
If I see a link, I always copy that link and Google it to make sure, it's safe.
Downloading an attachment is fine, but do NOT open it, unless you scan it with your AV program (again, your AV should automatically warn you, but....scan it anyway).

Too much work?
Put your computer in the storage and don't use it.
I don't like your computer being compromised, because it becomes a threat to me and other people online.

 

It used to be that getting infected required some user interaction, i.e. clicking on a link, email link, downloaded executable, etc., else one could not get infected.

That was the case until a few years ago. Until then, I'd stopped using antivirus auto-protect features or turned off antivirus completely and manually scanned downloads and attachments.

Things have changed. Most infections now come from Web sites with code that exploits browser security holes. Many such holes can be closed by updating the browser & its plugins such as flash & java. But ALL browsers today are subject to certain x-site scripting attacks unless the browser is completely sandboxed.

IMHO, besides updating software, the two best things one can do to avoid this type of infection are:

1. Do not use an account on the comp with admin privileges, i.e. use a restricted account. (software cannot be installed)

2. Learn how to read search results. For example, if search google for "apples" you will get a page with results. Put your cursor over the link and view the URL in the status bar. Compare it to the site description and look for oddities. Then compare the URL & description to the green URL beneath the description. Anything that seems odd or slightly "off" is reason enough not to click the link.

Using security software browser extensions/plugins that monitor site URLs can also be of help, but they tend to slow down browsing or cause other annoying things to happen, but these are good for the average user as a means of protection.

A custom hosts file is similar to these browser add-ons. But it too only works against known malicious sites.

As long as there are criminals, there will be methods of exploiting browsers and operating systems. Similar habits exist in the concrete world...if you don't want to get mugged, don't walk through through bad neighborhoods with dollar bills sticking out of your pockets. In other words, learn how to distinguish between good and bad Web sites.

 

I'll add:

Do not switch OFF UAC!!! Wanne shoot yourself in the foot?

If you have Windows 7, you can set UAC to Notify me only when programs try....., i.e. the second from last option.

If you select Never notify you lose a LOT of Windows 7 protection, including in IE.

Install WOT. It'll even show you on Google search (or any other for that matter) the unsafe sites:

 

No chance you can switch it off by accident.

 

Not only that, but Internet Explorer "Protected Mode" feature uses UAC to run with a 'low' integrity level (a Standard user token has an integrity level of 'medium'), effectively running in a sandbox, unable to write to most of the system (apart from the Temporary Internet Files folder) without elevating via UAC.

Since toolbars and ActiveX controls run within the Internet Explorer process, they will run with low privileges as well, and will be severely limited in what damage they can do to the system.

As soon as you set UAC to Never notify, you will lose this protection too!

Extensions that attempt to gain write access to securable objects by using an API function in one of the following binary files will receive Access Denied errors when IE runs in Protected Mode:

Code:

actxprxy.dll	ieui.dll	mswsock.dll	sensapi.dll
Advapi32.dll	iexplore.exe	NAPINSP.dll	Shdocvw.dll
bcrypt.dll	IMM32.dll	ncrypt.dll	SHLWAPI.dll
BrowseUI.dll	Inetcpl.cpl	NETAPI32.dll	SWEEPRX.dll
clbcatq.dll	IPHLPAPI.dll	NLAapi.dll	TAPI32.dll
Comctl32.dll	jscript.dll	NSI.dll		URLMon.dll
Corpol.dll	jsproxy.dll	Ntdll.dll	USERENV.dll
CREDSSP.dll	Kernel32.dll	ntmarta.dll	USP10.dll
Crypt32.dll	LPK.dll		offprof.dll	uxtheme.dll
Cryptnet.dll	mf.dll		OLEACC.dll	vbscript.dll
dciman32.dll	mlang.dll	pnrpnsp.dll	Wininet.dll
ddraw.dll	MPR.dll		PSAPI.dll	WINNSI.dll
dhcpcsvc.dll	MSASN1.dll	rasadhlp.dll	winrnr.dll
dhcpcsvc6.dll	mscms.dll	rasapi32.dll	WINSPOOL.DRV
DNSAPI.dll	MSCTF.dll	rasdlg.dll	winsta.dll
dssenh.dll	msfeeds.dll	rasman.dll	Wintrust.dll
dwmapi.dll	msfeedsbs.dll	rpcrt4.dll	ws2_32.dll
Dxtmsft.dll	Mshtml.dll	rsaenh.dll	wship6.dll
Dxtrans.dll	MSHTMLED.dll	rtutils.dll	wshtcpip.dll
gpapi.dll	msimg32.dll	samlib.dll	wsock32.dll
Ieframe.dll	msimtf.dll	Schannel.dll	wtsapi32.dll
IEPeers.dll	msls31.dll	secur32.dll	 
iertutil.dll	Mstime.dll	Secure32.dll

As I said: You'll lose that protection when switching off UAC. DON'T DO IT!