Every day computer criminals find new ways to trick us into downloading viruses, keyloggers, adware, and other software intended to steal our personal information, spy on us, or simply irritate. But malware prevention doesn't have to be complicated. A few simple precautions can keep your PC free of infection.
Get the latest versions of whatever software you use
Computer security begins and ends with the operating system. If you use Windows, upgrade to Windows 7. The upgrade-to-the-latest-version rule is less stringent for older releases of Mac OS X, Linux, and Android, but Windows XP and Vista should be considered verboten.
Next, make sure your software updates automatically. In the past I have recommended downloading Windows updates automatically but installing them manually, after you verify that the updates themselves won't cause problems. But the risk of so-called zero-day infections--which attempt to exploit software holes before they can be patched--is too great.
The chances of a Windows update damaging your PC are far less than the potential of an infection due to the lack of an important security update. Automatic updates can be annoying when they require a restart that interrupts your workday, but these unplanned time-outs are a small price to pay for a safer system.
Verifying that Windows and your security software are up-to-date is as easy as looking at the notification area for any icons accompanied by a red check mark, which indicates a problem. For Microsoft Security Essentials, the all-clear symbol is a green fortress with a white check mark (see the bottom-right corner of the image below).
To check the security settings in Windows 7, click the pennant icon in the notification area and choose Open Action Center. Click the down arrow next to Security to view your current settings.
Last May I described three free scanners that check your system for outdated, insecure software. My favorite of the three is Secunia's Personal Software Inspector (PSI), which applies patches for your PC's software automatically and offers graphical views of your software-update history.
Be on the lookout for phishy e-mails
Don't click links or download attachments in messages unless you expected them. This applies even if the message appears to be from someone you know and trust. Phishers often gain access to people's contact lists and send messages with malware links or attachments from those compromised accounts.
This happened to a friend of mine earlier this month, as I explained in last week's "How to prevent identity theft" post. If you believe your e-mail account has been hacked, do a full system scan with an anti-malware program other than the one you use for real-time protection. I recommend Malwarebytes' free Anti-Malware program (more on this product below).
Once you're confident your machine is virus-free, change your e-mail account's password, and continue to change it on a regular basis. CNET's Rob Lightner offers a primer on improving your password strength, and back in 2008 I wrote about what I euphemistically called the Password Commandments.
Beware of stealth downloads
Anyone who uses a PC regularly knows that warnings and alerts frequently pop up unexpectedly. And even with pop-up blockers in our browsers we're inundated with unwanted windows opening as we travel from site to site. It's no wonder so many of us simply click whatever button appears to close the pop-up so we can get back to work (or play).
Malware purveyors rely on our tendency to click first and think second, if at all. Even seemingly legitimate sites may trick visitors into clicking the wrong download link. Recently Bill Pytlovany, author of the WinPatrol security program, encountered links to dangerous sites in the ads accompanying results when he searched Google and Bing for his product. Pytlovany describes the experience in his Bits from Bill blog.
The entry mentions similar malware-laden links in the ads served up with results for searches of the safe-browsing add-on "Web of Trust." In fact, Web of Trust was the program that alerted Pytlovany about the untrustworthy link in the search results for his product. Web of Trust has been recommended by me and other CNET editors many times in the past.
One way to ensure you're downloading only the software you want and need is to download from the source, or as close to the source as possible. Your security software should scan all the files you download for viruses automatically, but to be extra careful before you click to open the file or install the program, open the folder the file is in (usually your Downloads folder), right-click the file, and choose the option to scan it with your security software.
Sometimes it's safest not to click anything when a window pops up unexpectedly. To close pop-up windows without clicking, press Ctrl-F4. To play it real safe in the event of a potential malware encounter, press Alt-F4 to close your browser. If prompted, close all tabs and don't save them to prevent them from reopening when you restart the browser.
Even a program that looks like a sure winner can turn out to be a dud after you start to use it. That's why it's best not to register or provide more personal information than necessary until you're sure you'll want to keep the program.
If you're not likely to use a free application often, consider uninstalling it afterwards. You can always download the newest version when you're ready to use it again. This might be a better approach than using an unsafe, out-of-date version.
The Microsoft Safety & Security Center offers more tips for bolstering your defenses against malware.