Tips for Avoiding Malware Infections

Below are some recommendations for reducing the risk of malware infections to your PC or Mac.  Many of these were discussed in the recent Staff Development Week presentation on “Immunizing Your Computer in Today’s Online World“.

General
Keep Patches Up to Date

  • Operating system –AND- applications
    e.g., Adobe Reader & Flash, QuickTime, Java, etc.
  • Use latest browsers with patches up to date
    – Currently (1/12/11):  Internet Explorer 9, Firefox 9.0.1, Safari 5.1.2
    – Don’t run Safari on Windows

Use Anti-virus  -AND-  Anti-spyware

  • Keep signatures up to date
  • Run scans regularly
  • Macs Too!!  (Sophos.com has free A/V for Macs under “Free Tools”)

Browsers
Use latest, patched version (see above)
Enable Built-In Browser Protections:

  • IE 9: SmartScreen Filter
  • FireFox: Security options warn of forged and malicious sites
  • McAfee Site Advisor  (add-in)
  • Clear Temporary data on Browser Exit
    – in IE 9, go to Tools > Internet Options > General tab, check “Delete browsing history on exit”
    – in FF, go to Tools > Options… > Privacy, check “Always clear my private data when I close Firefox”
  • Don’t save passwords in your browser
    – in IE 9, to to Tools > Internet Options > Content tab > click Settings button under AutoComplete
    – in FF, go to Tools > Options… > Security, uncheck “Remember passwords for sites”
  • Turn off ‘AutoComplete’ for Forms, user names and passwords
    – in IE 9, to to Tools > Internet Options > Content tab > click Settings button under AutoComplete
    – in FF, go to Tools > Options… > Privacy, uncheck “Remember what I enter in forms…”

Avoid TinyURL, bit.ly, Trim and Similar URL “Shortening” Links

  • These services effectively hide where your browser will be sent

Heed Google Search Result Warnings

  • Watch for “This site may harm your computer” in search results

Consider Separate Browser for “Risky” Surfing

  • Say, IE for social networking and Firefox for banking, etc.
  • Different tabs in same browser are not sufficient isolation

Avoid Nefarious -and- “Questionable” sites  (although even “reputable” sites might infect you too..)

  • You know what sites these are…

Email
Read Email in “Plain Text”

  • Fancy, HTML-formatted email makes it simple to disguise links
  • In Thunderbird, go to View > Message Body As > Plain Text

Never, ever download attachments UNLESS you are expecting them. Never.

  • Some recent malicious attachments: Hallmark cards, Facebook password applications, DHL & Western Union invoices

It’s Always Better to Retype a URL into a Browser than to Click the URL in Email

Advanced

Install/Use Adobe Reader X (version 10)

Disable JavaScript in Adobe Reader

  • May break functionality of some forms
  • In Adobe Reader, Edit > Preferences > JavaScript, uncheck ‘Enable Acrobat JavaScript’
  • Also see the blog entry here

Browser Security Add-On’s for Firefox

  • NoScript, SSLPasswdWarning, Web of Trust (WoT)
  • Require user to make “judgement call”

Alternative Browsers

  • Google Chrome, Opera
  • Until they become more popular

Consider uninstalling Java if you don’t need it (if some application stops working, you can always reinstall it)

Don’t Run as ‘Local Admin’

  • ‘Local Admin’ provides malware “ultimate” access
  • Use ‘Local Admin’ only for installing applications, updates, etc. if needed but a “regular” user account for day-to-day activity

~~~~~

Some helpful sites about on-line safety:
http://www.youtube.com/user/GoogleCyberSecurity
http://staysafeonline.org/
http://www.ic3.gov/
http://www.lookstoogoodtobetrue.com
http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html
http://gmailblog.blogspot.com/2009/10/gmail-account-security-tips.html
(for GMAIL users but much of it applies to any email system)