Problems? See this thread at archive.org.
***READ THIS: The following guide should only be used as an informational resource. I am not forcing anyone to follow this guide, nor will I take responsibility for any consequences that result from its use. Please use it at your own risk and please also refrain from using the thread to debate the usefullness or necessity of anti-virus security software.***
You have been warned.
Now the good stuff. I'm compiling a list of security measures that can be used as an alternative to the major security programs such as Norton, Macafee, AVG, and others. I'm not saying those programs can't be useful, I just want to expand general security knowledge and give users other options in addition to or besides the mainstream anti-virus programs.
I tried to list the items in order of how well they can protect you, but without a scientific method of checking, it's purely guesswork. With each item I will assign a security level, such as low, medium or high security. This way you can decide what level of security you might like to use on your system. I'll take suggestions for changing the level of importance for items in the list.
I'm only adding things to this list that are free to use or that come built into Windows. There are hundreds of security programs out there that you can pay for, but why should you if there are so many useful safety measures for free? Remember that I'm not going to cover free anti-virus programs either. This is meant as an alternative or additive to any anti-virus program.
Your feedback about how particular security measures has helped protect your system would be appreciated. I haven't used all of them myself on my main system, but I've set them all up at one time or another. In two years on three different computers in my house, I've only contracted one virus using only a few of these methods. Your mileage may vary.
1. Virtualisation (Level: HIGH) This includes running your operating system as a virtual machine (VM) or using virtualised processes like sandboxIE. If you run a VM or sandboxed application, any infection you obtain will only affect the VM or sandboxed process. Think of it as a quarantine for your programs or system.
A few good options for running VM include
- Vmware: Free VMware Player: Run Windows 8, Chrome OS on a Virtual PC and if you have Windows 7 Professional or higher,
- Virtual PC or XP mode: Windows Virtual PC: Home Page
- Sandboxie - Sandbox software for application isolation and secure Web browsing
- VirtualBox
2. User Account Control (Level: MEDIUM) This is for Vista and 7 users only. UAC is the most annoying and effective measure that Microsoft has made to ensure you don't perform an action you didn't mean to. It also flags inappropriate actions by your computer, such as malware trying to run without your permission. If you click on an unsigned executable (a program) to run or install it (for example), UAC will stop you in your tracks and make sure you meant to do that. If a virus tries to run without your knowledge or permission, UAC will pop up with the usual continue or cancel message giving you one last chance to stop that particular infection. In my opinion, this annoyance is completely unecessary if you just use common sense, but some will find it useful.
UAC can be adjusted in the Control Panel under User Accounts.
3. Use Firefox, Chrome, Opera, Internet Explorer 9 or Safari (Level: MEDIUM) Internet Explorer tends to be the least secure of browsers available on the market out of the box, but properly configured and used it is close to the level of security of other browsers. You should just make sure you have the most updated version of your browser, and no matter what browser you use, make sure you are knowledgeable about the security features it comes with.
Firefox Security Features
Chrome Security Features
IE Security Features
Safari Security Features
Opera Security Features
All the major browsers have support for extensions or add ons, and the options available for each browser increase security against harmful websites or downloadable files. No matter what browser you use, it's a good idea to make sure it always asks you where to download files so no infected downloads sneak up on you. You should also consider using the private browsing feature if available as this can protect you from tracking cookies and other malware.
You can find them each here:
Firefox
Chrome
Safari
Opera
Internet Explorer 9 (Vista and 7 only)
If you love IE, you can still get away with using it by following a few tips. Make sure you have version 8 with the latest security updates or above by running Windows updates. Any version below 8 is no longer secure enough for today's sophisticated malware attacks. Even version 8 is iffy, but a necessary evil for Windows XP users. Another must is making sure InPrivate and SmartScreen filters are active.
If you are a Vista or 7 user, you also have the added benefit of running in Protected Mode, which is on by default. This mode works in conjunction with UAC to stop most threats from becoming serious system stoppers. One last piece of advice for IE users, always know what ActiveX you are installing and always know what file you are downloading. The easiest way past IE's security is through you, the user, so don't just say yes to the pop-ups because you don't feel like reading them.
Please take a look at this link as it will explain some of the best security add-ons for your browser: In-browser security
One more way to increase IE9 security is through Tracking Protection Lists. You can download them from the link below. These third party lists act just like a "do not call" list, keeping your private data safe from the websites in the TPL.
Internet Explorer 9 Tracking Protection Lists
4. OpenDNS (Level: MEDIUM) Third party DNS servers block malicious sites on the web and can perceptibly speed up your internet experience. When you type a URL into your browser's address bar or click a link on a website your "request" (request to load a new page) is redirected through Domain Name Servers. Think of it as a way for your browser to find a page, just like postal workers find your house by its address. This is not a forum for discussing the finer points of DNS.
What OpenDNS does is redirects your requests through a third party server which is managed and updated to optimize speed and security. Using the OpenDNS server can keep you from visiting known malicious sites or keep malicious scripts from running. This is especially useful for multi-user environments because you can create an account and manage in more detail what sites your computers are allowed to visit (parental controls).
This link takes you to their site which includes instructions for setting it up. OpenDNS | Internet Navigation And Security
5. Safe Interenet Practices/Common Sense (Level: MEDIUM) Almost nothing is as important as common sense when avoiding viruses. Sadly, common sense is difficult to teach, and I won't be able to sum up how to browse, download, chat, email, etc. safely in this already wordy guide. Do a personal online common sense test by asking yourself a question: "when my anti-virus software catches a virus, do I know where it came from?" If the answer is no, you need to actively be more careful and follow this guide closely.
This guide is just a fraction of the knowledge and resources available, so it's a start, but don't stop here. Let me list a few good practices to follow when using the internet:
- If it's questionable in real life, it's probably the same online. Downloading illegal torrents, visiting shady sites, and looking for bomb-making information is an easy way to ask for a virus infection.
- Know what you're clicking on. This sounds very easy, but I have seen Ph.D-smart people get viruses because they said yes to a pop-up box. You have the time to read every pop-up, I promise.
- Maintain your computer. When you don't change the oil in your car, the engine dies. When you don't run regular maintainance on your computer, it becomes slow and vulnerable.
- Monitor all activity on your computer. If you're not the only user on your computer, make sure the other users are practicing safe internet habits too.
- Reach out and ask questions. It's ok not to know if a certain website is safe or if an email is a scam. Ask more knowledgable people or research the subject to find out if it is or not.
6. Firewall (Level: LOW-MEDIUM) Windows has a built in firewall that should be activated at all times. This safety measure is a good method for blocking communication on rarely used or unassigned ports, and usually notifies you when a program is trying to access the internet.
If you prefer using third party firewalls, ZoneAlarm is tough to beat, but the free version is limited: ZoneAlarm Free Firewall - Free software downloads and software reviews - CNET Download.com
7. Peerblocker (Level: LOW-MEDIUM) This is a program that has the same idea as using a hosts file. You might find Peerblocker to be more user configurable than a hosts file if you're not used to editing text documents and playing around with IP addresses. It functions like a firewall, except it uses IP address checking instead of port checking. You can find it here: User Guide ? Peerblock Site
8. Limited User Account (Level: LOW) A limited user account (LUA) removes Administrative priviledges from your user account. Much of why you hear that Mac users don't have virus troubles is due to Apple's OS restricting user account actions right out of the box. In Windows, you can accomplish the same thing by setting up a limited or standard user account, which would require an administrator password to install programs and drivers, and perform other administrative actions.
Viruses that depend on a user to install them will be thwarted by this security measure, but only if the user realizes that they didn't intend to install the virus in disguise. If you prefer having the ability to act as your own administrator and install programs without interruption, you may not want to use this measure. If you are unsure of what programs are good to install and what programs are bad, you may want to use LUA and give a more tech savvy person the administrator password. Accountability goes a long way in preventing mistakes.
You need two separate user accounts to use LUA, one with administrative priviledges, and another with limited priviledges.
9. Windows Update (Level: LOW) Windows, as all software, was not created perfectly. Over time hackers and virus programmers discover holes in Windows code that can be exploited. Microsoft often issues critical updates to patch the holes and protect your system. Needless to say, if you're still running XP SP2 because it's your favorite, good luck. XP users can visit the Windows Update website to find the latest updates, and Vista and 7 users can see the updates from within Windows.
You should never feel that it is too dangerous to run Windows Updates because you have heard stories of people losing all their files and not being able to boot after updating. Yes, this can happen, but if it does there is usually an easy way to fix it and get Windows running again without risking the loss of your files. Besides, the odds of Windows being corrupted when running updates correctly without interruption are very low.
10. Ccleaner (Level: LOW) This is a tool for securely deleting temporary files created by the operating system and web browsers. I find this free and lightweight tool very handy for keeping the operating system well maintained and virus free. As you use various programs in Windows and during your web browsing, Windows saves temporary files to your hard drive.
For example, when you visit a website in your favorite browser, images, stylesheets, cookies and other various files can be downloaded into a temporary folder on your hard drive. The purpose of downloading them is to speed up future visits to that same website or other pages on the same website.
Malware is like any other software in existence, so it needs a physical location to reside in, like the temporary files on your hard drive. Once the malware is saved to the temp folder, it has a chance to begin attacking your system files or program files, depending on the malware's behavior. Using Ccleaner to frequently and securely remove temporary files increases your chances of deleting malware before it can attack your system.
To download Ccleaner, visit their website: Piriform - Download CCleaner, Defraggler, Recuva, Speccy - Millions of users worldwide!
11. Adblock (Level: LOW) Using an ad blocking service such as Adblock for Firefox or Chrome can eliminate any malware from attacking your system that comes from online advertising. This method isn't foolproof, as not all ads are blocked, and sometimes it may block necessary elements on the page you're viewing. Still, it's better than browsing the internet with all ads displayed. At any time if you wish to view a page's ads you can simply disable Adblock for that page or for all pages.
Adblock Plus — for annoyance-free web surfing
12. MVPS Hosts File (Level: LOW) Flipfire clued me in to this, so credit where it's due. If you use the hosts file found at mvps.org, known bad sites will be blocked because Windows checks the hosts file before it redirects to the IP address. In other words, it's a behind the scenes malicious site blocker. More information can be found on their website: Blocking Unwanted Parasites with a Hosts File
13. NoScript for Firefox (Level: LOW) Javascript is pervasive on the internet, and probably every site you visit has some form of it. Unfortunately, malware can be executed through Javascript, so if you don't mind losing a little functionality this extension can help protect you online. It only applies to web browsing, so make sure it's not the only security measure you use. Visit the site here: NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction
14. Data Encryption (Level: MEDIUM) Encrypting the files on your hard drive or using a flash drive as an encryption key has the potential to slow down or stop hackers and keyloggers in their tracks. As long as you use a strong enough password, you can prevent someone from accessing files on your computer or plugging in a flash drive and transferring a nasty virus into your system.
If you're one of those people who is paranoid about someone stealing your laptop or accessing your computer without permission, this would be a good idea for you to look into. Two programs get mentioned in this guide, although they are not the only options available. TrueCrypt is an open source project that has powerful tools for encrypting your hard drive, certain files, or even external drives. Use this program carefully, though. Forgetting the password or losing the drive you have your password saved to could lock you out of your own computer for good. TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux
Encrypt Stick Free is a similar program. Meant to be used as a portable program only, it runs from a flash drive, locking your computer against someone who doesn't have the flash drive key. It's worth noting that neither of these programs are 100% tamper proof, but the time it would take even for an experienced hacker to gain access limits the likelihood that you will be targeted.
Encrypt Stick Free | Encryption Download | PCWorld
15. Use Cloud Storage (Level: High)
If you use cloud storage, your files are stored on a location other than the hard drive of your computer. This is about as close to being virus proof as your files can be, aside from burning them to a removable media and hiding them in a safe. Cloud storage has its pros and cons, but as long as you can deal with needing internet to access your files and you don't mind a third party holding your files on their server, it should all be gravy.
Free 7GB - Microsoft Cloud
Free 5GB - Amazon Cloud
Free 2GB - Dropbox
Free 5GB - Box.com
I would love to hear what you think and how any of these security measures has helped you keep your system virus free. Thanks for reading and participating.
-
-
Not looking to put down your work or anything so don't think that... I just want to ask, why is this all so much more appealing than just using an av program? This all seems so much more complicated, time consuming (and potentially expensive) than it needs to be. Do all these things use less comp resources, cost less and are more secure than a top rated AV program? Also, should you get an infection, you will still need an AV program or removal tool to disinfect.
A program like Avira Premium ($25/comp, 1 year) or Avast Pro ($35) use less than 30,000K of memory. Avast has shut itself down to ~2,500K right now on the XP running Vaio I'm currently using, can't beat that. VMware looks geared towards businesses rather than individuals. I don't see prices on their website (didn't go through each link though) so chances are, it's not cheap. Avast does support sandboxing.
I tend to think UAC is a sort of prank from Microsoft for anyone who is above the truly oblivious user. That's fine & all but I keep mine OFF, lest I go insane. I know I'm not alone here. If someone downloads an infected torrent, they go to run that app or play that song and UAC says 'are you sure?' User says yes, they still get infected. If they say no, then no Hannah Montana today. Well, what then did the user download the torrent for? UAC doesn't detect anything or give you reasons for its behavior (malware detection, outgoing connection, unauthorized execution, etc.), it just second guesses your every move. I have found no way to configure UAC other than on/off.
I do use and love Peerblock which likes about 40,000k in RAM for itself but with 8 gigs and Peerblock's functionality, I'm fine with that.
I also love Comodo 5. It has gotten much less docile with its popups and security checks since version 3 and has an added sandbox. It will also allow you to use Comodo's DNS service. I haven't tried this yet. The firewall and DNS listing is free.
DNS I've never gotten reliable improvements with though. I've tried Google DNS, Open DNS and a one or two others I've seen in threads on NBR. Leaving my computer to automatically select these seems to work best for me.
I use CCleaner too but it doesn't always pick out everything that Windows Disk Cleanup does...and vice versa. PerfectDisk also has a clean utility and lately I've been weighing that against the other two. I also set my browsers (Opera and Firefox) to not store a disk cache, just use memory which of course is cleared on exit.
I've never used a host file service but seems like something a web scanner in many AV programs will do as well. Check the site you want to access against a database to see if it's safe. Peerblock can filter HTTP sites too but can be very broad with its lists.
I'm giving the no AV program a shot and just sticking with Comodo free and my full subscription to Malwarebytes. I keep Clamwin and Superantispyware on a flash drive for emergency or when someone I know has problems.
I do agree that common sense is the most important safeguard here but a good browser like you suggest and a good firewall...IMHO...are all that is needed otherwise. There are still many who would argue even that is overkill. IMHO DNS, Virtualization & encryption...with all this, I might as well just use Avira and surrender a mere 20,000k of RAM and $25 for Avira. The real time scanning is what I like most (and why I still use MBAM). I also don't keep super sensitive material on my computer.
Different uses for different users but I'm just surprised when some say that they don't need an an AV cause they've built a mote around their house and wear HAZMAT suits when on the internet. Ok, slight exaggeration but I'm sure you see my point....
Again, not looking to dispute, just understand your reason for the extras but if that's what works for you, then great. You've obviously put a lot of work into your setup.
-
99% of the ppl who think they don't need antivirus or firewall or don't even know about them don't reach minimum IQ in computer usage and should never ever touch one
So from that point making this tutorial useless.
Do not make ppl-s life harder who fix these computer noobs pc-s
Never use windows without antivirus and firewall if connected to the internet. -
-
-
-
Good stuff in guide - general knowledge that many can benefit from.
And yes - most users should still use AV. It usually protects them from themselves.
-
-
(Guide) How to safely use Windows without Anti-virus security
Discussion in 'Security and Anti-Virus Software' started by micman, Oct 10, 2010.
