Malware Protection Beyond Applications

By

This article was published by ComputorEdge, issue #2839, 2010-09-24, as the cover article, in both their PDF edition (on pages 6-9) and their website.

Most computer users nowadays are far more cognizant of the various types of online threats than they were years ago when first venturing out onto the Internet. Partly in response to the publicity of these threats, more people than ever before are trying to protect their computers using various applications that are designed to detect and eradicate all forms of malware, including spyware (which sends data back to the villains) and viruses (which spread through replication, and oftentimes contain a nasty "payload").

As a result of the proliferation and dangers of malware, a number of computer software vendors responded to the problem by developing and distributing a range of security products, including programs that focus on battling one particular type of malware, as well as programs that attempt to be all-encompassing. The effectiveness of these products, as one would expect, has not been consistently stellar. In fact, when people search online for anti-spyware products, for instance, a large portion of the programs that appear in the search engine results, are actually spyware in disguise!

Yet there is more to keeping your PC free of malware than choosing and installing a decent computer security application — regardless of the claims by its vendor. Unbeknownst to most computer users, there are some simple but quite effective countermeasures that they can use to better protect their PCs against malware and the attackers who create and spread that kind of code.

Raise the Drawbridge!

For anyone new to computers and especially computer security, the term "firewall" may be confusing, because traditionally it has referred to a fireproof wall — in a structure such as a building or a ship — designed to slow down or even prevent the spread of the fire. But in the world of the Internet, a firewall is any form of technology that is intended to prevent unauthorized people or programs from accessing a computer network — including the ultimate network, the Internet.

Firewalls work by monitoring each of the individual components of Internet traffic — known as "packets" — and blocking any incoming traffic that is questionable or positively identified as dangerous, based upon the IP address of the originating computer on the Internet. In addition, a properly configured firewall will prevent access to your computer through entryways other than your browser. In layman's terms, if an attacker knocks on the front door of your computer (known as a "ping"), your firewall will know not to allow the attacker access to your computer through any virtual doors or windows (known as "ports").

But firewalls can additionally be used for policing any outgoing traffic. Consequently, if some spyware manages to infect your computer, and then tries to contact "the mothership" (any server controlled by the spyware miscreants), your firewall can be set to prompt you to ask if you should allow that program to access the given server name, at which time you can prevent that particular connection, and optionally any future connection attempts to that server. Of course, if you do not understand why that particular application is trying to call out to the Internet, be sure to scan it for spyware.

Firewalls are generally of two types: hardware and software. The former type is usually purchased by consumers as components of routers, which are hardware devices that make it possible for multiple computers to access the Web using a single broadband connection (such as DSL or cable service). Moreover, a router forms a network among those computers, allowing each one to access shared resources on the network, such as a printer. Firewalls can also be found in the better DSL modems, but require a bit of configuration to work properly. If you have a broadband modem, be sure to check with your ISP (or whomever provided the modem) to see if it can be configured to act as a firewall.

Software firewalls are of course computer programs that can be downloaded from their vendors' websites. Most of the offerings are commercial, but should be well worth the price, which is usually quite reasonable. But if you want to avoid paying any money for a firewall, consider searching for some of the free alternatives, such as those listed on popular shareware sites.

All versions of Microsoft Windows since XP have built-in firewalls, but are generally considered inadequate by security experts. For instance, the firewall in Windows XP SP2 (Service Pack 2) only paid attention to inbound connections, and thus was useless for outbound connections, such as those generated by spyware. In Windows Vista and 7, the firewall supposedly monitors both inbound and outbound connections, but security researchers quickly discovered that it only blocks outbound connections that match existing rules, and by default, there are no rules! In other words, the outbound monitoring is enabled, but it just doesn't happen to be doing anything.

Note that hardware and software firewalls are not mutually exclusive, and can be used in conjunction with one another. In such a scenario, the hardware firewall can serve as the first line of defense, and the software firewall can serve as backup protection from intruders — a lifesaver in case, for whatever reason, the hardware firewall has been accidentally disabled or misses an inbound connection that should have been blocked. Furthermore, the software firewall can also block any malicious outbound traffic. Some folks might contend that the combining of a hardware and a software firewall is overdoing it, but when you weigh the dangers of malware accessing your computer, then it can be argued that it is better to be overly cautious than insufficiently so.

Practice Safe Browsing

Possibly the most common way that a computer becomes infected with malware, is when the user lands on an infected Web page, whose underlying code causes the Web browser to download and install malware onto the computer. This is often preceded by an innocuous-looking button or pop-up message that requests the user's permission to install supposedly safe software in order to give the user access to something enticing. Some attack sites have the gall to ask your permission to scan your computer to check for any malware, and then if you make the mistake of agreeing to the offer, it begins installing malware and possibly causing other damage.

The vulnerability of the browser to such an attack partially depends upon what brand of browser is being utilized. Although its market share is (thankfully) declining, Microsoft Internet Explorer's many versions combined still dominate the browser market. Sadly, many versions of this browser are vulnerable to many different types of attacks — depending on the security settings that you have specified, or if you are using the default values without reconfiguring them, which far too many Internet users do.

Your best bet is to abandon Internet Explorer and upgrade to a better browser, such as Apple's Safari, Google's Chrome, Opera, or Mozilla's Firefox — in other words, anything but "Internet Exploder"! All of these browsers will run fine on Windows and Mac OS X.

But if for some reason you are forced to stay with Internet Explorer, then you should make it much more secure by blocking ActiveX controls that are not signed with a certificate, and make IE prompt you before launching ActiveX controls. To do so, the sequence of menu choices is Tools > Internet Options > Security > Internet zone > Default Level (or similar choices, depending upon your version of IE); then set the Security level to Medium or higher.

In addition, you can download and install IE-SPYAD for ZonedOut, which makes it easy to place thousands of known malicious domains into the Internet Explorer Restricted Zone.

So as you formulate and refine a strategy for protecting your computer from malware, do not restrict yourself to the standard security applications or even the security suites that promise to be fully protective. There is more that can and should be done, and it is well worth the effort, if only for the peace of mind knowing that your computer is well secured.

Copyright © 2010 Michael J. Ross. All rights reserved.