15 practical ways to protect your computer against malware.png

Hackers (of the criminal variety) are a scary bunch—whether working as part of an organised unit or alone idealist with a political agenda, they’ve got the knowledge and the power to access your most precious data. If hackers want to target a company, for example, they can find vast amounts of information on that company just by searching the heaps of information on the web. They can then use that information to exploit weaknesses in the company’s security, which in turn puts the data you’ve entrusted to that company in complete jeopardy.

Imagine your home computer as a company. What can you do to protect it against cybercriminals? Instead of sitting back and waiting to get infected, why not merely arm yourself and fight back.

Here are fifteen ways you can arm yourself against these evolving threats.

1: Install quality antivirus from a renowned vendor
In the world of the proliferation of anti-virus software, many computer users believe free antivirus software, such as those included with computer manufacturer’s bundled product offers, are sufficient to protect a computer from virus or spyware infection. However, such free anti-malware programs typically don’t provide adequate protection from the ever-growing list of sophisticated threats, which often can elude this free anti-virus software.

To counter this sophistication, we have often seen in new viruses and malware; users of Windows should install professional, business-grade antivirus software. Professional-grade antivirus programs update more frequently throughout the day (thereby providing timely protection against fast-emerging vulnerabilities), protect against a broader range of threats (such as notorious rootkits), and enable additional protective features (such as custom periodic scans).

2: Install real-time anti-spyware protection
website-security.jpeg

Many computer users incorrectly believe that a single antivirus program with integrated spyware protection provides sufficient defences from adware and spyware. Others think free anti-spyware applications, combined with an antivirus utility, deliver capable protection from the ever-increasing number of spyware threats.

Unfortunately, that’s not the case. It’s more of a myth than reality. Most free anti-spyware programs do not provide real-time, or active, protection from adware, Trojan, and other spyware infections. While many free programs can detect spyware threats once they’ve infected a system, typically professional (or fully paid and licensed), anti-spyware programs are required to prevent infections and entirely remove those infections already present on a computer.

3: Keep anti-malware software up to date
Scam Virus Spyware Malware Antivirus Concept
Antivirus and anti-spyware programs require regular signature and database updates. Without these critical updates, anti-malware programs are unable to protect PCs from the latest security threats.

In early 2009, antivirus provider AVG released statistics revealing that a lot of severe computer threats are secretive and fast-moving. Many of these infections are short-lived, but they’re estimated to infect as many as 100,000 to 300,000 new Web sites a day. Fast forward to today, and the picture is entirely different. According to Symantec Internet Security Threat Report, 2018, More than 1 Billion web requests analysed each day, with 1 in 13 web requests leading to malware incident. There was also an increase of 80% increase in new malware on Macs. The report also highlighted the following staggering email percentage spam rate, 2015 (53%), 2016 (53%), 2017 (55%). In 2017, there was a 600% increase in attacks against IoT (Internet of Things) devices.

Computer users must regularly ensure their antivirus and anti-spyware software are kept up to date. All Windows users must take precautionary measures to prevent software license expiration, thereby providing that their anti-malware programs stay current and continue protecting against the most recent threats. These threats now spread at an alarming speed, thanks to the popularity of such social media sites as Twitter, Facebook, LinkedIn and My Space.

4: Update your operating system frequently
Regularly updating your operating system keeps hackers away from accessing your computer through vulnerabilities in outdated programs (which can be exploited by malware). For additional protection, enable Microsoft product updates so that the Office Suite will be updated at the same time. Consider removing particularly vulnerable software such as Java or Flash, especially as many sites and services continue to move away from them.

5: Update your antivirus and anti-malware software regularly
To fight against these threats, always check and download up to date security programs, including anti-malware from the vendor’s websites.  (You’ll want to check if your OS has both firewall and antivirus built in and enabled by default, and whether those programs are compatible with additional cybersecurity software.)

6: Perform daily complete system scans
Occasionally, virus and spyware threats escape a system’s active protective engines and infect a system. The total number and volume of potential and new threats make it inevitable that particularly inventive infections will outsmart your security software. In other cases, users may unintentionally instruct the anti-malware software to allow a virus or spyware program to run.

Regardless of the infection source, enabling complete, day by day sweeps of a system’s whole hard drive adds another layer of protection. These consistent scans can be necessary for identifying, disconnecting, and removing infections that at first eludes security software’s defences.

7: Disable program autorun
Numerous infections work by attaching themselves to a drive and automatically launching themselves on some other media connected to the system. Subsequently, connecting any system drives, external hard drives, or even flash drives to a network can result in the automatic engendering of such threats.

PC users can disable the Windows autorun feature by following Microsoft’s recommendations, which differ by operating system. Microsoft Knowledge Base articles 967715 and 967940 are often referenced for this reason.

8: Password protect your Wi-Fi router
It makes it too simple for threat actors to take your connection and download illicit documents. Secure your Wi-Fi with a scrambled secret phrase and consider replacing your equipment at regular intervals. A few routers have vulnerabilities that are never patched the vendors. However, newer routers allow you to provide guests with segregated wireless access. Next generation routers, make frequent password changes easier.

9: Be email smart and don’t click on email links or attachments

Phishing concept. Stealing credit card with fishing hook. 3D rendered illustration.

It’s a mantra most Windows users have heard repeatedly: Don’t click on email links or attachments. Computer users regularly neglect the advice.

Whether distracted, trustful of companions or associates they know or just tricked by a tricky email message, numerous users neglect to be careful about links and attachments included inside email messages, paying little heed to the source. Just clicking on an email link or attachment can, within minutes, corrupt Windows, infect other machines, and destroy critical data therein.

Phishing efforts still exist, yet cybercriminals have turned out to be substantially more brilliant than that Nigerian prince who needs your cash. It would help if you hovered over links to see their real URLs (instead of merely observing words in hyperlink content). Additionally, verify whether the email is genuinely from the individual or organisation professing to have sent it. In case you don’t know, focus on ungainly sentence development and ordering. If something still appears to be suspicious, complete a quick search on the Internet for the email subject line. Others may have been misled and posted about it on the web.

10: Surf wisely, and be clever
Numerous business-class hostile malware applications incorporate browser extension/plugins that help against drive-by infections, phishing attacks (in which pages indicate to serve one capacity when in certainty they endeavour to take personal, financial, or sensitive information), and similar exploits. In any case, others give “link protection,” in which Web links are checked against databases of known-terrible sites.

At whatever point conceivable, these preventive features ought to be dispatched and enabled. Except if the plugins meddle with normal Web browsing, users should leave them turned on. The same is true for automatic pop-up up blockers, for examples, such as are incorporated into Internet Explorer 8 and above, Google’s toolbar, and other popular browser toolbars.

In any case, users ought to never enter user account, personal, monetary, or other delicate data on any Web site which they haven’t physically arrived. They ought to instead open a Web browser, enter the address of the page they need to reach, and enter their information that way, rather than clicking on a hyperlink and expecting the link has guided them to the proper URL. Hyperlinks contained inside an email message regularly divert users to deceitful, counterfeit, or unapproved Web sites. By entering Web addresses manually, users can help guarantee that they land at the official page they plan to.

But even manual web address entry isn’t fooled proof. Hence the justification for step 12: Deploy DNS protection. More on that in a moment.

11: Use a firewall
There is a common misconception amongst computer users, thinking that because they have an antivirus running means they have a firewall. Both PCs and Macs come with built-in firewall software. Be sure to check that it’s enabled.

Having a good quality firewall installed on your computer is crucial, as it defends computers from a vast myriad of exploits, nasty network traffic, viruses, worms, and other weaknesses. Regrettably, by itself, the software-based firewall included with Windows isn’t sufficient to protect systems from the myriad of automated attacks affecting all Internet-connected systems. For this reason, all PCs connected to the Internet should be secured behind a capable hardware-based firewall if possible.

12: Deploy DNS protection
Accessing the internet introduces a myriad of security threats. The most disturbing of these threats may be drive-by infections, in which users only need to visit compromised websites to infect their computers, and potentially affecting those of friends, customers and colleagues.

Another concern is Web sites that distribute infected programs, applications, and Trojan files. Another threat exists in the form of DNS poisoning attacks, where a compromised DNS server re-directs you to an unauthorised web server. These compromised DNS servers are typically your service provider’s internet-connected systems, which usually translate friendly URLs such as google.com to numeric IP addresses like 8.8.8.8, which is Google’s public DNS server.

Users can protect themselves from all these DNS poisonings altering the way their computers process DNS services. While a computer professional may be required to implement enterprise DNS service, OpenDNS offers free DNS services to protect users against common phishing, spyware, and other Web-related risks. OpenDNS is powerful, and if you would like some help with configuring it for your system, please enrol for my OpenDNS course coming soon.

13: Backup up your computer regularly
data
Do you regularly back up the information on your computer? If you don’t – and 29 per cent of computer users fall into that category – you have no protection from calamities ranging from hard drive failure to your house burning down.

You have three basic backup options: an external hard drive, online backup service, or cloud storage. Use a service like Google Drive, and your files will be continually backed up to the cloud. And the price is right: free for up to 5 GB of data. For more, see Online Storage Wars: Which Virtual Storage Is Best?

14: Use complex passwords for all web and local accounts
According to SplashData.com, the password security company has reported that the three most common passwords used by computer users are a password with, 123456, and 12345678. The company recommends avoiding using the same username/password combination for multiple online logins.

Creating complex passwords is easy, use a minimum of 8 characters or more and, make them easy for you to remember, and try using short phrases separated by spaces or underscores – such as “club_st0r@g3_Whee1?”

Good recommendation: Use a free password generator service like LastPass to create and manage your account passwords. You only have to remember one password, your LastPass password and once you have opened your LastPass vault, it will automatically log you into every site you visit that requires a password. This is a useful tool to have in your toolkit – please check it out here.

15: Use pop-up blocker
Web browsers can stop pop-up windows and allow you to set the security for accepting pop-ups. The US Federal Government OnGuardOnline site recommends never clicking on links within pop-up screens.

Notably, the most cautious of computer users still run the risk of malware infections from unconsciously clicking on links. If you experience any of the following symptoms: computer slows down, computer crashes or repeats error messages, then there is a high chance that your computer has is by malware.

Other clues include the computer failing to shut down or restart promptly, new toolbars you didn’t install popping up, a changed home page, or a laptop battery draining faster than it should.

Whenever you suspect your computer has been infected, make sure your security software is renewed, then scan the computer. If that doesn’t solve the problem, try searching your favourite search engine to uncover forums where others might describe dealing with and winning similar battles against these infections.

Bottom line? These days are protecting yourself from viruses, and lost data is much easier than it used to be and doesn’t have to cost you a penny or dime. Take a few minutes today to make sure you’re protected against the threats. You’ll be glad you did.

Posted by Dan K Jatau Sr. MSc, PhD, MBCS, MInstLM

Dan K Jatau is a Nottingham, UK-based Information security and technology infrastructure expert and researcher who likes to write about technology subjects from both a business and technical perspective. His current interests are business-driven security architectures, identity and access, the Cloud, virtualization security and all aspects of security. He currently works in security program development and architecture and develops enterprise security programs for SMEs.