Mass-market malware is a numbers game, played mostly with familiar off-the-shelf exploit kits (EKs). Most of the victims are people who don’t install updates to plug security holes not just in Windows but also in Oracle’s Java, Adobe Flash, Adobe Reader, and other widely-used programs. They’re people who either don’t run anti-virus software and firewalls, or don’t keep virus signatures up to date. They’re people who install pirated software or fall for social engineering tricks: they install viruses hidden in email attachments, or fake Flash updates, or downloaded via links posted to Twitter, Facebook etc.
I ran into one yesterday when the Labour party press team unintentionally (“we were hacked“) tweeted a link to an owl video that wanted me to install a “Flash update” that contained viruses. The first moral: only download updates from reliable, official sources, which in this case means the Adobe website. The second moral: no anti-virus program will catch everything. In this case, I expected to find viruses in the file, so I uploaded it to VirusTotal to check. Only five of the 54 anti-virus programs found malware, including Malwarebytes and AntiVir. That means AVG, Avast, Kaspersky, Microsoft and many others missed it.
Just doing the right things is usually enough to keep more than 98% of Windows PCs malware free, barring accidents. (Microsoft says that the in the fourth quarter of 2013, its software removed malware from 1.78% of PCs worldwide, with Tunisia having the worst infection rate at 4.95%.) However, accidents can happen to anyone….
Keep up to date
The vast majority of malware infections exploit security holes that have already been fixed, so the most important part of PC hygiene is to keep all your software up to date. Microsoft releases patches on the second Tuesday of each month, so either let your PC install them automatically, or install them promptly. Once a patch is released, malware programmers can reverse-engineer the fix to find the security hole and exploit it.
Some other programs – including the Firefox and Google Chrome browsers – will also install patches automatically. This is almost always a good idea for home users.
Further, I strongly recommend installing Secunia’s Personal Software Inspector. This checks all the software on your PC, tells you which programs need updating, and gives you a score. It can install updates for you, and will tell you if a program needs to be updated manually. It will also tell you if any parts of Windows need to be updated, which sometimes happens when Microsoft’s attempt to install an update fails.
When you install PSI, use Windows’ customise option to show its icon in the System Tray notification area on the right hand side of the task bar. Holding the mouse pointer over the icon will tell you what you need to know. Otherwise, try to get into a routine of checking PSI once a week.
This year, I’ve been recommending and installing the free Avast 2014 anti-virus program, which includes anti-spyware and anti-rootkit protection. As with many free programs, it may come with unwanted “foistware” (eg Google Chrome), so always use the custom installation option. Alternatives include an old favourite, AVG Free, and Bitdefender Antivirus Free Edition. I note from a quick survey at PC Pro magazine that Avast is currently the most popular option (19.8%) ahead of Microsoft’s offerings (16.6%) and Kaspersky (16.2%), with AVG (8.8%) and Bitdefender (5%) trailing.
If you keep all your software up to date and don’t visit the net’s less salubrious areas then Microsoft Security Essentials and, in Windows 8, Windows Defender are probably good enough. They are certainly easy to install and update, and they’re light and unobtrusive. However, Avast 2014 has better detection rates and my non-expert test users haven’t had any problems with it.
While a lot of basic anti-virus software is free, the suppliers try to sell upgrades to more comprehensive security suites. For example, Avast’s Premier edition includes a SafeZone to protect banking operations, a firewall, email checking to detect spam and phishing attacks, an automatic software updater, a data shredder, and so on. Suites are convenient and useful, but not essential.
For business users and home users who are willing to pay for a security suite, then I recommend Kaspersky Pure 3.0 Total Security, which is currently on sale at £34.99 for one PC for one year. Like the basic Kaspersky Anti-Virus 2014, this will attempt to roll back any malware activity. As well as a firewall, file shredder, safe money and anti-spam/phishing features, Total Security includes keyboard protection, banner ad blocking, a password manager, encryption, backups and parental controls.
Alternatives include such well known suites as Norton and McAfee. The latter seems to be pre-installed on a lot of new PCs.
As noted elsewhere, I’m also running Malwarebytes Anti-Exploit software, which is intended to stop unknown exploits before they install any malware. It’s too soon to know how useful it is, but it’s free and doesn’t seem to have any negative effects.
Cross-checks and rescues
No anti-malware software catches everything, so it’s important to run a quick double-check from time to time. The two programs I use are Malwarebytes Anti-Malware (MBAM) and Kaspersky’s Security Scan. A third option is SurfRight’s HitmanPro, which you can easily install on a USB thumbdrive. It’s a bad idea to run two anti-virus programs at the same time, but these three are “on demand” scanners that you can run if you suspect your main AV program might have missed something.
The reason for putting HitmanPro with Kickstart on a USB memory stick is so that you can use it to start your PC if it does become infected: it aims to load before the virus. It’s therefore an alternative Kaspersky’s Rescue Disk 10. However, if your PC has an optical drive, you can start it from a Kaspersky Rescue Disk created by downloading and burning an iso file. If you only have one PC, it’s a good idea to make a rescue disk/USB drive in advance. You won’t be able to do it if you get locked out of your PC.