Windows security tips
  • keep Windows up to date
    • Every second tuesday of the month, Microsoft releases security patches. It is important to either manually install them (via the control panel/windows update) or allow Windows to automatically update your system.
  • don't use an admin account for general computing
    • Use an account with limited rights (standard user account) instead of an administrator account. If you've just installed Windows and need to make a lot of changes to the system settings, or install a lot of software it's very usefull to have admin rights. However after you are done configuring your system you should change your account to a standard user account. That way if you visit a site that has malicious content the malware won't be able to be installed due to you not having the correct rights. However, before you make a standard account make sure you have an account with admin rights, for those times that you need to install software or making changes to the Windows settings. Windows comes with a standard Administrator account, after a recent install of Windows 7 (sp1) I noticed that that account had no password. It's important to set a password and if you do make sure it's a secure password (see below in General security practices).
  • use EMET
    • This is a tool from Microsoft which enables DEP, SEHOP and a number of other security features. It also helps protect against zero day vulnerabilities. Install the program search for the exe of the programs you want to protect and add them. Programs you want to protect are your browser, java, your pdf reader, flashplayer.
      download EMET
  • enable UAC (user account control)
    • Most people find UAC annoying as when they try to install software they get a nagging screen asking them if they want to install the software. Still it's an important security feature so best to turn it on!
  • disable auto-run for USB drives
    • One way of catching malware is by getting infected after plugging a USB drive into your computer. The autorun is supposed to present you with options on what you want to do when an USB stick is inserted. For instance the option to browse the content of the folder. Some malware however abuses this function to install malware on your pc.
  • disable "hide extensions for known file types"
    • This is a feature that should be off by default but isn't. You can change this by going to windows explorer/select organize/folder and search options, go to the view tab and uncheck the box (windows 7). The reason why you want to see the file extension is that (mostly) older malware came in the mail with attachments like "nude_celebrity". If you don't have the show file extension on you won't see that in reality, instead of an image or video file, the file is something like "nude_celebrity.jpg.exe" and get infected. This isn't that common anymore, a more popular tactic now is to send infected .pdf files which claim to be from services like UPS, Fedex etc.

While these measures are for Windows, keeping your system up to date and not using an admin (or root) account for general computing also applies to linux and OSX

General security tips
  • use anti-virus (anti-malware/spyware)/ firewall
    • Yes even when using Linux or OSX, they do have virusses/malware as well. They have a lot less malware since they are not as popular as Windows so the amount of people to infect is smaller and thus less profitable. But the recent mac flashback malware shows malware does exist.
  • keep your programs up to date
    • Aside from keeping your operating up to date, lately it has been becoming really important to keep other programs up to date as well. A lot of malware uses flaws in third party software in order to bypass your security measures and install. The most important programs to keep up to date are: your browser (and your browser plugins/add-ons), java (which you really should only install if really necessary), adobe flash, adobe reader, itunes, quicktime.
      These are the most important ones, but generally it's good practice to keep all your progams up to date. An easy way to do that is by using the free utility secunia PSI which will check if you have the latest updates and allow you to download the latest version. You can either check from time to time manually or allow the program to automatically check and update your programs. Aside from keeping them up to date there are also alternatives, for example instead of the bloated adobe reader, you can use foxit pdf reader
  • choose a secure password
    • minimum 8 characters
    • mix of lower and uppercase
    • contains at least one number
    • contains a special character for example: ,!@|() etc., not all sites accept this so if they don't choose a longer password
    • does not contain: your full name, full names of children/family/girl/boyfriend/pet, ideally does not contain a word that is in the dictionary
    • use a passphrase to remember your password instead of writing it down. For example: I am Michiel, I am 26 years old!, becomes the following password: IaM,Ia26yo!
    • you can check your password strenght here
  • be carefull when clicking on QR-codes or tinyurl (or similar) links
    • while the advantage of these services is that it's easier to surf to a website, the danger in them is that you do not see where these qr-code or links take you.
  • keep your CMS up to date
    • If you have your own website it's possible that you are using a CMS. CMS's are very popular among hackers so it's also important to use the latest version of it. If you can't update it yourself check with your host and make sure they do it on a regular basis. If not there's a chance that malware will be inserted in your site's code and it can infect your visitors.
Malware removal tools

It is important to have a recent copy (atleast download the latest update of the tools once a month) of this software on a cd/dvd or write protected usb stick. If you are infected with malware, the more advanced malware will prevent you from surfing to the websites of these tools and download them.

  • Malwarebytes
    • An easy to use program that will clean most malware.
  • Superantispyware
    • This one does a good job at cleaning an infected pc.
  • rkill
    • If you suspect that you have malware but are unable to run your virusscanner or other malware removal tools, you may use this. RKill is a program that was developed at bleepingcomputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. After running this you should scan your pc with anti malware/virus software. It does not remove malware in itself.
  • TDSSKiller
    • TDSS is one of the most advanced and difficult to remove rootkits. This tool should help you get rid from an infection.
  • Combofix
    • This is quite a powerful tool so best to use it with care. Still it manages to remove malware that other tools can't.
  • RogueKiller
    • RogueKiller has the ability to remove infections such as ZeroAccess, TDSS, rogue anti-spyware programs, and Ransomwares. RogueKiller also contains individual fixes that include repairing missing shortcuts due to the FakeHDD program, fixing your HOSTS file, and fixing Proxy server hijackers.
  • Microsoft Safety Scanner
    • If you suspect a virus/malware/spyware you can check your pc with this tool. The tool only works for 10 days, after that you need to download the latest version.
General malware fixes

These tools help you fix some of the damage done by malware.

  • Unhide
    • Some fake av malware hides your files, leading you to believe they are lost and are only recovarable by buying the fake anti-virus software. This tool does exactly what it name says, it unhides the hidden files.
  • FixExec
    • Some malware changes the .exe file assosication in Windows so that when you attempt to run a normal program, malware is started instead. It's also possible that after cleaning malware you are unable to run .exe files this tool also fixes that. code\exefix.reg
  • Exe fix
    • It's possible that the above program won't run because malware prevents .exe files to be run. In that case download the following registry file, which restores the exe file association.
Links

Malware keeps getting more advanced so it's important to keep up to date about the latest threaths and the solutions.

  • bleepingcomputer
    • As you've probably noticed, a lot of the tools mentioned above originate from there. Along with the tools, the site also offers removal guides for the latest malware.
  • Eset threat blog
    • I personally use Eset Smart Security and I'm quite happy about the program. They have a blog discussing the latest malware and ways to prevent catching it.
  • Microsoft Malware Protection Center
    • if you are interested in the analysis of recent malware behaviour, you can find it here
  • http://www.av-comparatives.org/
    • compares the most used anti-virus solutions
  • http://www.av-test.org
    • another anti-virus comparison site
  • http://www.virustotal.com/
    • You can use this site to scan files which your anti-virus says is ok, but you're still not sure off. The site uses a lot of didfferent scanners.
  • http://www.security.nl
    • The site is in Dutch, but it's great to remain up to date about the latest malware and other security threats.