Spyware\Adware\Virus ("Nasties") prevention web page

Hi...

I'm trying to put together a web to help friends, family, and anybody else who visits my Virus page protect themselves from what I call the "Nasties ". Nasties to me is any program that get installed with out your permission.

Have a look at my 3rd draft and let me know what you think. If you have anything that I should add or remove please feel free to say.

All comments are welcome...good or bad.

Tinys Nasties Page

 

Everyone needs a firewall. It will often tell you if something that does get in tries to get back out.

 

Thanks Dave...good point...I'll add some firewalls to the page tomorrow. I'm to tired to do it tonight.

 

You are correct Pete...it's on my 4th draft and will be published tomorrow morning along with Dave's suggestion on Firewalls.

Thanks,

 

This will need to be updated as Wilders are not analysing logs now.

 

Hi Kent,

As MiniB noted:

http://www.wilderssecurity.com/showthread.php?t=42149

Wilders lists other analysis sites in their anouncement.

Regards - Charles

 

Well it took a litle bit longer than I liked...got paged and had to work for a couple hours.

Anyways I have updated the page with the suggestions. Thank you Dave, Pete, miniB, and Charles.

Tiny's Nasties Page

 

I agree with PeteC on the promotion. I know this bit is not vital but if you are editing the page: (sorry these just stood out to me)

Links for step 4 Read the official Quckstart guide = QuickStart

Step 6 enable or diable = disable

 

Pete...when your right your right. I'm going to make the change you suggested.

miniB...thanks for pointing out the typo's...man I need spell check...

Thanks to both of you...It's nice to get someones else's comments and views.

 

dobhar--Guess you have seen
http://www.windowsbbs.com/showthread.php?t=31695
Maybe you helped write it!! (though I do not see your name in the credits.)

 

Yes Jim...I actually read that post a couple weeks ago for the first time and though it was a good read and resource for the BBS posters.

About 4 months ago my Boss asked me to create a web page for our Intranet at work to help inform our users about all the "nasties" on the net. The reason being that even though we are corporate and behind all those appliances we have been getting a few of our users getting infected with various spyware. We also wanted to write the page to help inform our users to help protect their home PC's as some of them dial in and we want to protect the network. I have been tweaking it here and there since. I though that I would get some of the BBS'ers to critique the page and they have. I actually just added the Firewall section section on the advise of Charles. Also on the advise of Pete I going to move the AV and Firewall sections up to the top.

I also decided to add the page to my Web site that I've had for a few years as I been getting asked by friends, family, co-workers, and even some people who have visitied my Web site on how to help protect and even how to clean out their PC's. I figured that this was the next logical step.

 

dobhar--Don't forget all the IE Tools|Internet Options|Security settings!! (They are buried on Lonny Jones page).
Also, sadly, not too much reliance can be placed on CWShredder any more since Merijn is no longer updating it. Of course, you know that use of HiJackThis, without knowing what you are doing, may be dangerous.
If people insist on getting rid of baddies themselves, knowing how to use Google can be helpful. PestPatrol (which of course is trying to get you to buy their program) usually offers manual uninstallation ideas for spyware. So does http://www.kephyr.com/index.phtml .

 

Hi Jim...

I'll look into the IE settings you mentioned. Yeah to bad about merijm. I've stressed on the page not to remove anything without advice. That Kephyr has some interesting tools. Thanks for the link.

Well I made the changes that Pete suggested, updated the page to the net, and now I'm going to bed. It's been a very long day.

Tiny's Nasties Page

 

Critique

~Post 1 of 2~

Dobhar,
Your page is an excellent reference. As such, my suggestions are offered to help your page look more professional... and you did ask for all comments.

Here are some thoughts you might be able to use:

"1) Make sure you have an up to date Antivirus program installed and update it on a regular basis... "

EDIT: 1) An up-to-date antivirus (AV) program is essential. Most AV programs have the ability to auto-update. Make sure yours is set to do so.
[Grammar could be better on both of our sentence structures. Use bold to emphasize the main point of the topic.]

===============================================================​

"2) Use online Virus, Trojan, and Spyware scanners to supplement your protection. I have listed a few below... "

EDIT: 2) Use online virus, trojan and spyware scanners to supplement your PC's protection. A few online scanners are listed below:
[Only proper nouns should be capitalized]

===============================================================​

"Links for Step 1 Number 1 ", et al, is unnecessary and semi-confusing. Just list the links below the advice.

===============================================================​

"NOTE: If you using WinXP SP1 as your OS you already have a firewall (comes with XP) installed but it may not be turned on. Microsoft has instructions on how to enable or disable the Internet Connection Firewall (ICF). Unfortunately (if your running SP1) the ICF blocks only incoming traffic not outgoing. When SP2 comes out (in August) the ICF will become Windows Firewall (WF) and will be turned on by default. WF will now block incoming and outgoing traffic.
I've added some links below to some Software Firewalls and some links to some Hardware Firewalls (Routers)... "

EDIT: NOTE: If you using Windows XP SP1 as your operating system, you already have a firewall installed. However, the Internet Connection Firewall (ICF) may not be turned on. Microsoft offers instructions on how to enable or disable the Internet Connection Firewall (ICF). Unfortunately, the ICF for WinXP SP1 blocks incoming traffic only. When SP2 is released, the firewall will be turned on by default. Windows Firewall (renamed for SP2) will block incoming and outgoing traffic.
Listed below are some software firewalls (aka programs), along with a few hardware firewalls (aka routers):

===============================================================​

Put small headers on each subset: Software Firewalls [then list of programs below] Hardware Firewalls [then list of routers below]

===============================================================​

"Step 3
Downloading and installing software...
- Only download "trusted" software from "trusted" sites. How do you know if it is a trusted site you ask yourself? Well, as a rule of thumb I usually will not download software unless I have checked it out on the web via a search engine such as Google. For example...if you wanted to find out about Kazaa all you would have to do is go to Google’s page then enter Kazaa in the search window then press enter. You can find many a review on the pages that are displayed.
- Join a Forum (note: You will have to register) such as WindowsBBS or HelpontheNet and post a question on the software you want to install.
- Read the fine print (EULA License agreement) as it may tell you that other software may be installed during the installation of this software "

EDIT: Downloading from the Internet:
- Download only "trusted" software from "trusted" sites. How do you know which sites should be "trusted "? As a rule of thumb, I do not download software unless I have checked it out via a web search engine (Google, Hotbot, etc). For example: If you wanted to find out about the program Kazaa, you should go to Google’s search page, then type "Kazaa" in the search window. Hit enter and Google will display the results of your query. You can find many reviews of Kazaa (or any other query) on the pages that are displayed via this sort of search.
- Join an Internet forum [Note: You will need to fill out free registration forms to join most forums.] WindowsBBS and HelpontheNet are two excellent sources of information & assistance. Post your question regarding the software you want to install. Someone will reply to assist you with making a decision on whether or not the software can be trusted.
- Before installing, READ the fine print of the EULA (End User License Agreement) as it may tell you that other software will included during the installation of the application you're considering. Sometimes the additional software is what we know as "spyware" or "malware ". If you're not sure about the installation of additional software, do not install the primary program.

[ADDITIONAL SUGGESTION]
- Never join peer-to-peer networking sites (Kazaa, Gnutella, BearShare, Morpheus, etc). P2P networks share movies, music or programs via the Internet. Statistics show that upwards of 50% of the shared files include some sort of malware, virus or other "nasty ". Although the temptation to get "free stuff" may be great, the consequences could be irrepairable.

===============================================================​

"1) Be vigilant to "nasty" software on your PC. Spyware/Adware can install some of those nasties that will do funny things to your PC without you touching it.
- For example when you open your Internet Explorer and your "Home" page is a page you have never seen before or when you click on Internet Explorer’s Search button it takes you to a page you have never seen before - Your opening a web page and now you are starting to get "Pop-Ups" ads. You close one then another pops up...AAAAAAAAHHHHHHH!!!!! - Your noticing that your PC is quite slow these days. You’ve done a Scandisk and Defrag but that didn’t help. Well, quite a few (OK lots of) freeware programs and Peer to Peer (P2P) programs like Kazaa come bundled with Spyware/Adware. These nasties will use up system resources and slow down your PC. They can also interfere with some of your other software and can cause your PC to get those "Blue Screens Of Deathâ€, commonly know as BSOD.
2) If your PC has any or all the symptoms described above you could be infected with Spyware/Adware what can you do to verify and clean up your PC? There are free Spyware/Adware scanners that you can download, install, and scan your PC for those "nasties ". The software I use and reccommend are listed below... "

EDIT: 1) Be vigilant -- Always be aware the effects "nasties" can have on your PC. Spyware/Adware or "malware" can install nasties that will cause odd things to occur on your PC -- without you even touching it.
- Browser "hijacking ". When you open Internet Explorer, your "Home" page is a site you have never seen before. Another example occurs when you click on Internet Explorer’s Search button, you are taken to a page you have never seen before. Yet another example is constant "pop-up" ads when you're browsing the Net. If these things happen, your browser has most likely been hijacked.
- Sluggish PC performance. You notice your PC is not performing as quickly as it was a month ago. Programs load slowly. Screen refreshes take a long time to complete. Your PC freezes while you're writing a letter. Scandisk and Defrag don’t help. "Nasties" use up system resources and slow down your PC. They can also interfere with other software -- including AV programs. They can also cause the dreaded "Blue Screens Of Deathâ€, commonly know as BSOD.
2) If your PC has any or all of the symptoms described above, it could be "infected" with spyware/adware/malware. Don't worry! There are steps you can take to verify the existence of malware -- and clean your PC. Listed below are several free spyware/adware scanners that you can download, install, and use to scan your PC for "nasties ". All of the following are highly recommended:

===============================================================​

"- IE-SPYAD - Adds a list of sites and domains associated with advertisers, marketers, and crapware pushers to the Restricted Sites zone of IE. "

You might want to note that the install does not work with WinXP. Users can simply right-click the registry files and then click Merge to add the sites list to their IE Restricted Zone.

===============================================================​

"- HijackThis - A homepage hijackers detector and remover... "

EDIT: - HiJackThis - A browser hijacker detector & remover...

Personally, I would remove this link. I don't know how others here would respond, but I wouldn't offer HJT to a novice user as it can render a PC unusable with a click or two on the wrong items. OTOH, you might keep the link, but move it to the bottom of the section -- with an ADVANCED USERS ONLY disclaimer. ???

===============================================================​

~Continued in post 2 of 2~​

 

Post 2 of 2

~Post 2 of 2~

"- CWShredder - A small utility for removing CoolWebSearch... "

I would add a note stating that the program works fine, but is no longer supported. Therefore, it will likely be outdated within a few months.

===========================================​

"- SwatIT - A FREE program that scans your computer for Trojans, Worms, Bots and other Hacker programs. "

EDIT: - SwatIT - A FREE program that scans for trojans, worms, bots and other hacker programs.

===============================================================​

"- Google Toolbar - The toolbar provide a very good "POP UP" stopper and it's FREE. "

EDIT: - Google Toolbar - The FREE toolbar that provides a very good "pop up" blocker.

===============================================================​

"Step 5:
Make sure your windows software is up to date by visiting Microsoft’s Windows Update page. If you are quite busy and are running either Windows ME, 2000 Pro, or XP (Home and Pro) you can enable "Automatic Updatesâ€... "

EDIT: Make sure Windows is up-to-date by regularly visiting the Microsoft Windows Update page. A better suggestion is to use the built-in Automatic Updates feature [available in Windows ME, 2000 Pro or Windows XP (Home and Pro)].

Personally, I would move Step 5 to Step 3 -- or maybe even Step 1/2. Too many things can "worm" around AV and malware scanners *IF* the system isn't fully patched/updated. IMO, this should be priority one -- although it fits your page to have it at Step 3 (for better flow).

===============================================================​

"Step 6:
1) If your using Microsoft Internet Explorer for your Browser make sure your security setting are not set to low. There are 4 security settings g Low, Medium-Low, Medium, and High. Microsoft, right out of the box, typically sets Internet Explorer’s security setting to "Mediumâ€. The higher the setting the lower the risk. "

EDIT: 1) If you are using Microsoft Internet Explorer as your Internet browser, make sure Security is not set to Low [Tools=> Internet Options=> Security tab]. There are four Security settings: Low, Medium-Low, Medium and High. Microsoft, right out of the box, typically sets Internet Explorer’s Security setting to "Mediumâ€. The higher the setting, the lower the risk of "backdoor installations" of malware.

[ADDITIONAL SUGGESTION]
Also, make sure that Third Party cookies are always blocked [Tools=> Internet Options=> Privacy=> Advanced=> Override automatic cookie handling (checked)=> Third-party cookies (click Blocked)].

===============================================================​

"2) There are some other free web browsers out there that do not have the security issues that Internet Explorer has. I myself use a couple other browsers such as Mozilla 1.7 and Firefox 0.9.2. Both of these browsers work quite well. The only problem I have found is that some Banking Institutions require that you use Internet Explorer to do your online banking. "

EDIT: 2) There are other free web browsers available. Some do not have the security vulnerabilities that have been exploited in Internet Explorer. I, myself, use other browsers such as Mozilla 1.7 and Firefox 0.9.2. Both of these programs work quite well. The only problem I have found is that some banking institutions require use of Internet Explorer for online banking.

===============================================================​

Summary: Even with up-to-date antivirus software; a firewall; anti-malware programs and proper browser settings, your PC can become "infected " with spyware/adware. None of these programs or settings offer 100% immunity from "nasties ". However, responsible browsing habits, along with the advice offered here, significantly reduces the risk of your PC: handing our your credit card number to a stranger... becoming a spam zombie for a hacker... or being rendered a doorstop for your workshop. Be careful our there!

===============================================================​

===============================================================​

Well, that's my .02 or so worth of edits and advice on the page. I hope what I've written is useful to you Dobhar.
CharlieJ

 

Windows Firewall /w SP2 - careful here gents (both Tiny & CharlieJ). The new one is much improved over the original but is still almost totally dealing with inbound traffic. From Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2

 

CharlieJ...I can only say "WOW "...(notice the BOLD...I'm a quick learner). I will be definitely making some changes as you have suggested. You do have the gift of putting words together. Much Thanks.

Newt...Thanks for the WF info

Boy do I have some re-writing to do...back to the drawing board as they say...

 

Kent,
It's my pleasure to help. I hope the edits/ideas help. I have considered taking on a similar project to yours. Glad to see you took your own idea and made it reality. I'm happy to have contributed to the fruition of your idea, too. God bless and best wishes! Let me know if I can assist you further.