How to prevent your pc from 90% of all malware in 30 seconds
In this thread I'll clear up some urban myths about computer security then give you a step-by-step guide to improving your computer's security in less than a minute.
If you don't care about what, why and who, just skip to the spoiler for the instructions.
First off, this guide doesn't apply solely to Windows 7 with SP1 installed, but it's highly recommended. Using XP/Vista or having an outdated OS (Operating System) will get in the way of security.
1. "There are convenient software solutions that protect you."
Let's get this straight. Having a secure system is neither effortless nor achieved by a single security program. Not even if they market it as a "suite."
The 2 reasons why MacOS/Linux are supposed to be more secure than windows systems are:
a) Unlike windows, user accounts don't have admin rights by default.
b) Currently, there are far too few clients using these OSs for them to be a viable target for widely spread attacks.
For that reason, I contacted a friend and specialist at Symantec research labs and got a very informative heads up on the current technical state of malware. As a sidenote, the hacked user doesn't care if it's called a virus, trojan, malware, spyware or badware, and in reality, every attack is a combination of all of these, so we just stick to "malware". He has access to basically every kind of exploit that ever has been recorded.
I specifically asked if there was any malware that meets the following criteria:
Can spread via networks without user interaction, i.e. clicking a link or opening email attachments.
Can't be detected by current AV (Anti-Virus programs)
Has the ability to gather and identify personal and crucial data such as account names, passwords, credit card information, etc ...
Can use your network to send this data to the creator of the malware
Does not need admin-rights to be executed.
The simple answer, there are none. This statement is valid as of March 18, 2011.
However, this picture changes drastically when you alter #1 and #5 of the criteria.
The single most important factor in your system's security is still your online behavior.
If you open email attachments that you didn't ask for, or click on links to collect the million dollar cash prize you just won in a lottery you didn't enter, no one on this planet can help you.
Also, if you're running your OS with administrator-privileges, malware can mess you up even if you don't click bad links, especially if your router (aka hardware firewall) is not set up properly.
They key factor is admin-rights. Malware can't spread, gather information or send it to someone else without admin-rights. You don't need them for everyday computer work - just for installing, removing and configuring applications and system settings.
According to Secunia, the average user installs 2 new programs every year. That means that, if you don't use a user account with admin-rights, you'd have to enter your admin-password twice a year. Or whenever you're going to modify system files. I hope that wouldn't be too much of an inconvenience for you.
Spoiler:
How to set up a user account that doesn't have admin-rights when you are using the standard account you created at setup:
Symbols:
-> means user interaction, usually a left click
"" content in between is the name of the actual button you should press
-> Start -> Control Panel -> "Add or remove user accounts"
-> "Create a new account" -> choose a name and check "Administrator" -> "Create account"
You're back at the Manage accounts window. Click on your newly created admin account -> "create a password" -> enter password and password hint -> "Create password" -> "Manage another account"
You're back at the Manage accounts window. -> chose the old account you used so far -> "Change account type" -> check "Standard user" -> "Change Account Type".
Sign off or restart your computer.
You're done, that's it. A high percentage of all malware that exists now has no chance to ever compromise your system from now on.
Congratulations!
If you did everything right, your manage accounts window should look pretty similar to this:
These measures only prevent you against common attacks, but at least nearly against all of them.
Also, funkyworms' CTH security sticky is basically mandatory to further secure your system, it just misses the "remove admin rights from your everyday user account".
Quote:
Ninety percent of critical Microsoft Windows 7 vulnerabilities can be mitigated by configuring the operating system for standard user rather than administrator,
Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:
90-percent of critical Windows 7 vulnerabilities reported to date
100-percent of Microsoft Office vulnerabilities reported in 2009
94-percent of Internet Explorer and 100 percent of Internet Explorer 8 vulnerabilities reported in 2009
64-percent of all Microsoft vulnerabilities reported in 2009
Re: How to prevent your pc from 90% of all malware in 30 seconds
Also, if all of this is completely new to you and my instructions are too complicated, please let me know.
It's no problem to do screenshots or a video of it, but it's only 15 mouseclicks, so chances are this might be way easier to do than you might think after the first look.
I hope there will be a further discussion about UAC, the hidden admin account, possible problems with ownership of system files and general security statements specific to Windows7.
Ask away!
Last edited by wellju; 03-23-2011 at 12:07 PM.
Reason: Ty ToTheInternet for correcting my Eurenglish.
Re: How to prevent your pc from 90% of all malware in 30 seconds
Quote:
Originally Posted by wellju
Also, if you're running your OS with administrator-privileges, malware can mess you up even if you don't click bad links, especially if your router (aka hardware firewall) is not set up properly.
Running in admin mode is something lots of people do by default and its just a huge mistake. It's just operating in a very vulnerable state for no reason. Not that I'm a high-risk user based on my habits but when I stopped running as an admin 24/7 problems dropped dramatically.
Re: How to prevent your pc from 90% of all malware in 30 seconds
waaay too easy NOT to do. Makes a lot of sense, admin has access to everything whereas standard user will have more restrictions for system overtaking o.ov
Re: How to prevent your pc from 90% of all malware in 30 seconds
Completely agree with wellju on this. The only reason I didn't mention limited user accounts in my videos is because it's virtually impossible to run as a limited user in XP.
Re: How to prevent your pc from 90% of all malware in 30 seconds
ive dont this but now i have a problem... i can run hem from admin but not my non admin acct.... says path to "c/program filesx86/rvg software/hem/config/statranges.xml" is blocked. tried running as admin from my acct, didnt work... any ideas? thx
Re: How to prevent your pc from 90% of all malware in 30 seconds
Quote:
Originally Posted by lau808
ive dont this but now i have a problem... i can run hem from admin but not my non admin acct.... says path to "c/program filesx86/rvg software/hem/config/statranges.xml" is blocked. tried running as admin from my acct, didnt work... any ideas? thx
Two Plus Two
wellju
Linear Mode
