1. USB/Pen-Drive:The biggest reason to get infected is using extensively using USB/Pen drives to share data across multiple machines. This is the most exploited method use by viruses to spread and autorun on machines when inserted.
This is not restraned only to USB/Pen-drive, but all devices that exposes USB interface to connect to computer. E.g Camera which provides USB to copy photos/videos to your computer, or your mobile phones to copy music/files, Kindle to copy books and external hard-disk that host huge data.
Any USB/Pen-drive when connected to computer auto-runs set of files and viruses gets the entry point into computer. Viruses hooks on to auto-run applications and launches themselves to run automatically to then infect the machine. Alternatively a machine which is infected monitors any new USB/Pen-drive connected to machine and copies itself to USB to spread itself.
With USB port becoming standard for mobiles/ camera/ kindle/ mouse/ speaker/ keyboard, viruses can hook on to any of those and spread themselves easily.
- Disable Windows Auto-run to start programs automatically. This will prevent any virus to start as you insert the infected Pen drive. Here is a short video https://www.youtube.com/watch?v=U6ubWhGVF2U
- Always run a Anti-Virus scan when you insert the pen-drive before you start using it. If you have good Anti-virus, most likely it will start as soon as it detects new Pen Drive and prompt you to start scan
- Avoid extensive use of pen drive to transfer data between 2-3 computers. If you wish to share file within home, use network storage or web(Google drive, dropbox etc.). Ensure you scan files once you download them from any sources
- Avoid connecting your Pen drive to any public computer for data exchange
- If you find a Pen Drive in public places then there are high chances that its left behind for infecting machines. Avoid falling into traps with free Pen Drives lying on the road
2. Downloading applications from any sources:Windows comes with predefined apps and that's enough for most of the time, however if you are extensive user of your computer, you need good editor, or image editor or video editor, movie player, good browsers, and lots of free goodies available online. There is no one good trusted location that is available and thus most of us has to download apps from various sources. With Windows store and app store, its getting better now that people only visit couple of places to download and install apps.
However with Windows OS there are huge set of apps that are not available on store for users to download freely and use securely. Many apps still needs to be downloaded from web and then manually installed. This will continue for good long duration and not going to change in a year or so. Result is viruses getting downloaded and installed by you.
Of course there are rich set of applications which are open-source and free and are maintained by developers around the world which ensures no malicious code gets into products and provide secure applications. Problem here is source from where you download - if its available from well known open-source websites then that should be good enough as the site ensures first level of safely. However if you download same application from a totally different location, then its not guaranteed that its equally good. Trusted source matters most from where you download. Open-source apps can be modified by hackers and re-compiled to be hosted on their sites; which you may download.
- Scan for all downloads with Anti-Virus
- Never download apps from un-trusted sites
- Most of websites provide download verification method (signature) which you can use to ensure the file you downloaded is same as provided by manufacturer and not modified on its way
- Check for online apps instead of locally downloaded version. If you wish to edit images or videos, there are websites that provide you free online editing with rich set of tools online. You don't need to download and install image editor at all to risk your data and computer
- While downloading files, ensure your browser is not flagging red alert for website
- Clean up your download folder regularly. Your downloads may be legitimate, however an infected Pen-Drive may write to programs downloaded and when you execute those app, viruses gets loaded. This is about avoiding good applications (downloaded) getting injected with bad code and giving an opportunity for viruses to hide.
3. Email attachments:
- Never open email attachments from unknown person/banks/institutes
- Download and scan with Anti-Virus if its must for you to open up attachments
- Avoid forwarding emails with attachments
4. OS and application updates:Hackers around the world target OS loopholes to get into your machine or Apps that are installed on your computer to get into as backdoor entry. These are security holes that are unintentional and not found by OS developer (e.g. Microsoft) or application developers (e.g. Adobe). Hackers target these security issues and create viruses that exploit them. As more and more security issues are found in wild, they do get patched up and you get a software update based on those. Major reason for software updates are performance issues, security issues and new enhancements.
With more and more apps you download and install on your machine, there is high likely that some or the other app/OS will have a security issues and there will be patch available from vendor to address those. If you disable auto-updates then you are keeping these security holes open for viruses to get into your computer and do their job.
- Always update your OS and apps that you use.
- Keep the OS with minimal set of third-party apps that are must for your usage.
- Do notice newer update alert and ensure you download and install them if required
5. Browser plugins / add-ons :Browser plugins/Add-ons and toolbars that hook onto your browser has access to all that you do online. Every email, every password you type can be captured by addons/toolbars. The most preferred way you get these addon installed is by installing third-party products that does one thing, but installs toolbars for their partners. These unwanted/unused toolbars sit in your browser and can do all sorts of things behind the scene. You need to be extra causious with any toolbar/add-on that gets in to your browser. The most nasty viruses hooks onto browsers and hide underneath; they may not have any UI elements or icons and stil do all malicious their job behind the browser.
- Review installation of any application. Installation wizard generally provides a hint to what its going to install on your browser. Turn the check-box off to avoid installation
- Review all installed toolbars/add-ons/plugins/extension on your favourite browser and keep only the one keep the one you use
- Use Google Chrome for that matter to enable/disable add-ons.
- Use Private browsing to disables unwanted add-ons during your secret work
6. Visiting malicious websites:You may visit a website to download a cool screensaver or wallpaper, or may just visit to read an interesting articles, or view all kinds of photos. And we all that we navigate using search results that google/bing and other search engine gives us. Not all websites are safe to browse. There can be array of attacks that can just happen by visiting a website. E.g a download may start automatically, or your Facebook may start showing posts that you never posted, or more similar activities. With newer web technologies (HTML 5), browsers and websites can do more behind the scene which you may not notice and leave your laptop infected.
- Use browser add-on that provides you website rating in the form of red/green/yellow status. You can safely visit websites with green status and avoid navigating to red. Checkout WOT and McAfee Siteadvisor add-on
- Don't be click master on your IM links, email links, website links if you are not sure if they are safe. It may just take one click for bad to happen on your laptop
- Install adblock plus browser add-on. It not only blocks all ads, but also filters out any websites that can perform task behind the scene
- Configure OpenDNS for free and prevent against fraudulant websites. TBD
7. Pirating software / movies / music:
We all love movies, music and games. Many of us download it for free using torrent. In addition to piracy of copyright content you are promoting hackers and viruses to spread if you do download using torrent. Torrent as technology is great, and there is nothing wrong with torrent in itself. It is the content you download/share which matters most.
Many of the movies and music needs special codecs and applications to be installed first before you can play on your laptop. These codecs are by and large bad. You download and install a codec and then you find the movie is not playing and was waste of time and resources; behind the scene your laptop is already infected and working against your.
Latest or best movies are often promoted by hackers/virus writers for you to fall in trap and make it easy for them. Its a carrot!
- Review what you are downloading using torrent
- Review the file format and scan it with anti-virus before you take any action
- Do not download any extra audio/video codec to make the movie play
- Prefer Youtube/Netflix and other popular methods to watch movies online safely
8. Fake anti-virus that pops up and tell your machine is infected:As you browse internet, you landup in popup saying you computer is running slow or is infected with red big icons. These are just websites that render webpages and show up fake alerts. If you click and download then your laptop is the prey. Fake Anti-Virus looks exactly like McAfee/Norton/Kaspersky/Other and scare you with fake virus alerts or promise you to improve your computer performance. All that is just to get you download and install their product which does totally different thing. Here is a good article to read about -
- Use ad-block browser add-on to avoid any popups and ads.
- Never download any app from these fake popups
- If you need to install Anti-Virus, then go to popular Anti-Virus vendors like McAfee / Norton / Kaspersky / Trend micro / or the one recommended by your technical guidance. If you don’t buy medicines on your own and do consult doctor then why not do same for your laptop/network before you install an Anti-Virus? Do search on internet and read before you download and install legitimate Anti-Virus/Firewall. Below are some good references for you to compare and help you select right AV for you
9. No Anti-Virus(AV) and firewall or NO up-to-date virus signature :As you read above, in all of the instances you need a good Anti-Virus/Firewall installed and enabled. You also need to keep it up-to-date as most of the Anti-Virus products download latest virus signatures to detect newer viruses that are found.
Windows 7 and Windows 8, comes with Microsoft Windows Defender & Firewall by default. I would recommend a non-Microsoft solution here as they are the experts in security industry and huge amount of research go in to make better security products. If you look av-comparatives.org (an independent AV testing organization) and their reports they don’t mention Microsoft AV/Firewall anywhere.
http://www.av-test.org/ is another independent AV testing and its one of the most important certification/rating that Anti-Virus companies look for. You now should be able to review yourself which AV is good enough and where to download from.
10. Using Windows XP:Yes using Windows XP is known to be worst for security and can get your machine infected easily. Its an old OS and not designed for security in mind. Microsoft has stopped supporting Windows XP this year and will not patch for any security issues reported. You need to upgrade to newer Windows OS.
Switch to Ubuntu Linux or Windows8 for better security. If your computer is old enough then likely Win8 will not be supported due to minimal hardware requirement. Do install Ubuntu or any other Linux distribution as detailed here.