Best Antivirus & Malware Prevention Policy

[tray0011]

Hi Guys,

What is a good mix of proactive antispyware/virus software (freeware or paid) to put in place - so that a generally responsible home & business user can prevent spyware and viruses from coming in without putting a strain on computer resources and browsing?

My goal is to have a good solution for most users without confusing them too much with very complicated software.

Please let me know what you have been successful with!

Thanks,
Nat

 

[wahnula]

My recommendation: education. You simply cannot protect against every threat out there with applications. Maybe the most crippling viruses can be spotted with a good AV (I like ESET's NOD32 or Sophos) but they won't catch everything, I doubt there's one app that can.

If users:

Never opened attachments in emails without vetting them first;
Never clicked a link in a spam;
Learned that .exe, .scr, etc. are doorways for viruses;
Practiced basic good Net hygiene;

...these threats would not be a worry. Personally, on my small (12 users) network I have Firefox as the default browser, (no ActiveX) that alone saved us from the Spyware Plague of a few years ago. We are behind a SonicWALL appliance that offers gateway A/V and there is a spyware/spam plugin for it, but we haven't needed it.

We still run A/Vs on the individual machines, and some things still get through, but education has proven to be the real Best Practice.

Tony

Users helping Users...

 

[BadBigBen]

I agree with Tony there... Education is the best antimalware... I would say, as the exact numbers elude me, that close to 80% of Virii and Trojans are user introduced, due to clicking the wrong email attachment, downloading software from dubious sites, and other stuff...

but I'd like to add, a good software firewall, e.g. COMODO, prevents a lot of sh*t hitting the PC in the first place, so that a good AntiViral solution (ones mentioned by Tony and one that I prefer, AntiVir Free (paid version is better but the free will do it's job nicely)) has less to do...

and one thing that most users forget about, are the updates... a PC which is updated regularly offers less chances to get infected...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

 

[linney]

Excuse me for just pasting the first half of this post rather than editing it, however the information is rather apt.


Why were you infected, there could be several reasons?

Basically your security, both programs and user behavior, has fallen down and allowed an infection to pass through your defenses.

How many users are on your computer besides you? Do you know their surfing habits? Are your users using an Administrative account rather than, the less damaging in case of problems caused by malware, Limited User account?
With Administrative privileges anything which gets into your machine can do whatever it likes, but if you are only a Limited User then any damage is limited too.

Programs like virus scanners only mainly concentrate on viruses (and some more common worms and Trojans), but that still leaves many worms and Trojans as a danger. Which is why many people have what is loosely termed a "layered approach", where you have specific programs for specific threat attacks. You can spend lots of money preventing the chances of infection but the biggest danger is from sloppy user control.

Another thing to watch out for is portable media such as DVD's, CD's or USB, shared and inserted by friends from other less controlled machines.

No matter how good your virus scanner is, unless it knows about an infection threat (updated definitions) it will not detect it, although many have heuristic detection to advice of a possible infection or suspicious file, which produces as many false positives as it does positives.

To help your virus scanner manufacturer/programmer you could send them a copy of the infected file, via a zipped file and E-mail so that they may better handle it in the future.




Basic security on any computer should in my opinion include Ad-Aware and Spybot Search and Destroy as well as a good Anti Virus program.


Spybot - Search & Destroy

http://www.safer-networking.org/en/spybotsd/index.html

Ad-Aware 2008 7.1.0.8

http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html?hhTest

Removing adware & spyware
faq608-4650


Windows Defender

http://www.microsoft.com/athome/security/spyware/software/default.mspx

HijackThis Tutorial and download

http://www.pchell.com/support/hijackthistutorial.shtml

I see lots of recommendations here for programs like -

SuperAntispyware

http://superantispyware.com/

Malwarebytes' Anti-Malware

http://www.malwarebytes.org/mbam.php

And finally, here is something that is a bit scary.

Don't be a victim of Sinowal, the super-Trojan

http://windowssecrets.com/comp/081120/

 

[tray0011]

Thanks alot guys for your suggestions!

Education and updateing windows and antivirus programs are probably the most important. I would say as wahnula mentioned also to use firefox (do you all agree?).

The type of users that I'm focusing on are those that don't go to sites that they know they shouldn't be going to but on the other hand they sometimes need to do research and go to sites which aren't your regular run of the mill sites during the course of their research - and they probably wouldn't even know they hit a bad site until your computer starts slowing down and experiencing errors.

Is there perhaps some sort of browser sand box solution (sort of like vmware within your windows install) that isn't cumbersome?

Please keep the info coming - I really want to put together a solid solution from all your input and report back in a few months with my results!

Thanks,
Nat

 

[wahnula]

Since Firefox has become more accepted IE has offerings to NOT automatically let ActiveX controls run by default, but most people are so used to seeing all content, including ActiveX, that the process to allow the controls to run is programmed into the user, just as with Vista's UAC.

By default, I have my Firefox deployment setup with AdBlockPlus and Filterset.G add-ons, that takes care of most ads. There is a deeper add-on called NoScript which is the safest way to browse, but this blocks ALL scripts, including Flash and Java.

Honestly I don't know how much stuff comes in via ActiveX controls anymore, but it used to be just about ALL spyware. I would run Adaware after a few weeks of surfing by a client PC (with IE) and find hundreds of entries; the same time period with Firefox had just a few. Switching all our office PCs to use Firefox as the default browser and hiding IE (deleting all the shortcuts, but still having it accessible through Program Files) changed my Adaware/Spybot/Spyware Blaster scans from weekly (then) to never (now).

Like I said, I still have a few problems...one was my "crazy-clicker" user, managed to install XPAntivirus, cleaned it out easily, the second was (ahem) ME when a user forwarded a suspicious (to them) email (to me) regarding a UPS shipment (in .zip file) which I promptly opened and developed an infection of Antivirus2009. Although it's highly repairable with MBAM, I was due for a clean install of XP anyway...

Tony

Users helping Users...

 

[linney]

I think you need IE on hand if you want to manually visit the Windows Update site and manually check for updates.

I haven't bothered with Firefox but lots of people like it.

 

[BadBigBen]

I use FF for quite a while now and can only say that it is my main browser...

in regard to linney's post, there is an add-on for FF called IE TAB, which opens IE in a TAB under FF, which will allow you to use Windows Update...

in regard to Tony's post about NoScript, it is probably the best since sliced cheese, in default it will block ALL, but it can be configured as a per site/domain in how it will behave... e.g. once you tell NoScript that a certain site is safe to allow JavaScripts or Flash, then all succinct visits to that site are hassle free...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."