Unplugged

Why Everyone Needs Protection Against Malware

Malware, viruses, and other internet nasties are a fact of Internet computing today. They are unavoidable on almost any platform and protection is a must.

Malware, viruses, and other internet nasties are a fact of Internet computing today. They are unavoidable on almost any platform, which is why we’re such huge proponents of a solid backup solution. Stefan explained a few weeks ago why he doesn’t use an antivirus. While it’s all good advice, it fails to recognize the unavoidable newest threats.

Avoid Malware: Stay off The Internet

Although I can’t entirely agree with Stefan, I have a computer in my home with no antivirus. I agree it can slow down a computer and cause compatibility programs. This computer does one thing: Quickbooks. I don’t use a browser. In fact, to prevent any browser from launching, I disabled DNS on it.

no-internet-connection-chromebook-featured

Although XP has long since been vulnerable to unpatched security problems, you can still prevent malware from getting on it. Stay off the Internet. It’s not that hard. All you need to do is disable the Network Adapter and never connect it anywhere.

Malware Doesn’t Indicate Unsafe Activities

Many users think they get viruses and other malware from hanging out in the “after-hours” areas of the internet. Pornography, gambling, and other questionable activities are assumed to cause malware. That’s less about technology and more about judgment. If you are doing something questionable, malware should be your punishment, right? Not necessarily.

Assumptions like this lead to a false sense of security. “As long as I keep to safe areas, I’ll be fine.” It also creates conflict when people do get malware. I’ve seen employees unfairly fired because a computer got a virus. That’s not fair.

Ad Injection Problems

Legitimate sites like the New York Times and Yahoo get infected due to the convoluted way ads appear on websites. When you see an ad, it’s usually through an ad network. A website owner works with a company that takes care of advertising on the site. That network then contacts advertisers or other networks to find ads and then pays the website owner. The problem is that somewhere in that network, scammers place ads. For example, they might put an ad that your plugins are out of date, or you need to upgrade your browsers.

These ads might only show for a few minutes or hours until the network shuts them down. That’s all it takes, though, to get infected.

Poisoned Ads and Search Results

One of the most dangerous websites on the Internet isn’t some pornography or free software company, but Google. Let’s say you’re having a problem with Gmail. Wouldn’t it be easy to call someone at Google?

When you search for “Gmail tech support” (Please don’t), every phone number you find isn’t for Google. Those companies are trying to offer you paid tech support. They’ll offer to download software to fix your problem or remote control your computer and fix the problem. Once you do that, your security is compromised.

It’s not just Google; it’s any search engine. When you try downloading the latest version of iTunes, many third-party sites have installers riddled with adware or PUPS (Potentially Unwanted Programs). Google does a decent job of filtering those fake companies out–the only legitimate source of iTunes is Apple. If you look at these Yahoo results, the first one is an ad for another program that includes extra things besides iTunes (possibly malware, I’m not going to download it).

yahoo itunes search

A search for iTunes on Yahoo gives you an ad for a nefarious place to download it. When downloading software, go to the source if possible!

The latest variation of this threat is fake browsers. They completely replace your browser and make you think they are an official version of Chrome instead of just being another piece of sophisticated malware.

Dangerous Emails

Even with super-safe and secure internet browsing, emails can lead you astray. The adage was “never open emails from people you don’t know.” That was true in the dial-up days (anyone watches Halt and Catch Fire?), but not today. Email passwords get compromised, and fake emails get sent out. I think everyone has gotten the email about a friend being stranded in a foreign country and needing money.

Just this week, I received an email from a “friend” telling me to click on the latest vacation pics. She did recently go on a trip, so I clicked it. Oops. It took me to a fake website, and a program started downloading. I called her to tell her the email was comprised. She used a hotel computer that was infected, and it stole her password.

Vulnerable Software

If you never browse the Internet or check your email but have it connected to the Internet, that’s enough to cause you problems. When you buy a new computer out of the box, it comes with software that needs updates. If you are security conscious, you do the updates to protect your system. That’s a problem. Along with those updates come automatically bundled crapware programs. For example, Java updates include the intrusive and annoying Ask Toolbar. Or, when updating Adobe Flash, it tries to sneak in a trial for something you don’t want. If you read the terms of service for the update, you can disable it. But, as the meme says, ain’t nobody got time for that.

I’ll briefly mention the risks of Flash and the benefits of avoiding it: it’s a risk.

Lenovo recently got caught installing software on new computers that comprised of owners’ security. That was a blatant and clear violation of user trust, but any bundled program can cause you problems.

What’s the Solution?

As Stefan pointed out, antiviruses suck. They create a layer between you and your computer. That’s intrusive but also necessary. Windows 8 and Windows 10 include Windows Defender. That’s a good baseline defense and stays unintrusive. In addition, Windows 7 users can download the equivalent version of Microsoft Security Essentials (check the licensing requirements).

Programs like Malwarebytes for Mac and PC do an excellent job of removing threats but don’t always prevent them. However, Apple is great about coming up with security updates for the latest threats.

Let’s assume you decide protection isn’t for you, and you want to browse the Internet. Then, there are a few ways you can avoid malware without running antivirus software all the time.

Unchecky

Those potentially unwanted programs are everywhere and install themselves by default. If you want to avoid remembering to read and uncheck options, Unchecky has you covered. It runs in the background and watches to make sure installers do what they say. As a result, they avoid too many extras.

Ninite

Another excellent site that lets you install free software in bulk and unchecks all the crapware and malware in the installers automatically is Ninite. We’ve covered Ninite in the past and have had years of success using it, especially when setting up a new PC.

Web Of Trust

Web of Trust is a browser extension that uses the classic green, yellow, and red lights to warn you of unsafe content. It installs in your browser of choice and tells you when a search result is a known hazardous site. If you stick to the green, you’ll be in the clean.

PatchMyPC

When you need a new version of a program or an update, searching for it might produce unsafe results. PatchMyPC scans your computer for traditional programs that are out of date. It then does the updates directly. If you want to add a program to your computer, check the name of the list. The program installs in batches and without intervention.

Enhanced Mitigation Experience Toolkit

EMET from Microsoft prevents a myriad of attacks. It won’t actively seek out problems like antiviruses or antimalware. However, it does prevent software programs from modifying your system using standard attack vectors.

Open DNS

OpenDNS replaces your ISP’s DNS server and creates a more protected surfing environment. It includes customized family security protection but also prevents you from going to sites known to cause problems.

While I agree with Stefan that we don’t need protection against malware in an ideal world, the reality is a little bit different. It’s dangerous to go alone on the Internet; take this guide with a few tips.

What’s your take? How do you protect your system against malware? Leave a comment below and tell us about it.

11 Comments

11 Comments

  1. Alexander

    October 24, 2015 at 5:53 pm

    Awesome Dave. I agreed with 70% of Stefans article and I think you do a nice job of presenting another perspective.

    Personally, my mom is 70 and I tell her to only use her IPad for these very reasons. Every time I went to her house for “dinner”…. I spent the first 2 hours cleaning all the crapware from it. I finally said – screw it! You are banned from a pc on the net. iPad only!

    Overall, it’s been a perfect solution to PC and Mac internet issues.

    Now, what are your thoughts? Is there something I should do n addition now that she’s online with an iPad only?

    • Dave Greenbaum

      October 24, 2015 at 7:20 pm

      That is a very good question. I might do an article about it. The problem is not direct malware. It’s very rare in iOS (but not 100% impossible). It’s the false sense of security against phishing along with other scams like tech support scams.

    • Brian Burgess

      October 24, 2015 at 8:40 pm

      After having my mom on Windows for years. I too said “screw it” and got her a Chromebook.

      Of course even there you can get a phishing scam. But, I’ve done a good job educating them about that and what to look out for.

      • Dave Greenbaum

        October 24, 2015 at 8:49 pm

        You’d be amazed though. The latest I’m seeing in the field are fake ads in Safari in iOS telling the person to call a special phone number, which is a scam.

        • Steve Krause

          October 25, 2015 at 8:28 am

          Social Engineering is still one of the most dangerous and successful forms of hacking/fraud. It’s been out there since the beginning of time and our digital age has only made it easier for the criminals.

          My mother recently fell for the “Microsoft Tech” who called her and said her computer was infected and her identity had been stolen. He then had her run a command on the system to “confirm” what was infected.

          The only thing that saved her was when she was transferred to their malware specialist, she called me on her mobile phone. So yeah, in some cases the telephone can be even more dangerous than an unpatched XP box!

          To our readers — remember, Microsoft does NOT call you, nor does Apple to tell you that your Phone, Computer, Tablet has been infected. Also, if you are called, get their name and phone # so you can call them back. That’s when most will probably hang up.

  2. Giorgos

    October 25, 2015 at 9:55 am

    I agree that an antivirus is a must, specially for novice users.

    For low-end older PCs, cloud antivirus is a possible alternative.
    Panda has a free version of it’s cloud antivirus.

    A good practice, is to not installing everything cracked (eg. from torrent trackers), if you don’t exactly know what are you doing.

    And of course, for sensitive actions (eg. for ibanking), you must have a Linux installation, or at least, a Live CD.

    As the last line of defense, common sense is a necessity.

    Just my 2 cents.
    G.

  3. Dave May

    October 25, 2015 at 12:49 pm

    The article is good, but at the end, I clicked on the button for the FREE malware remover that was highly recommended. Earlier this month, I did the same thing on a Windows 10 machine with a different highly recommended software. In the first case, succumbed to the fact that after running the scan, I would have to pay to actually fix the found problems. So I sent in my $49.95 and ‘fixed’ the discovered problems. The only problem was that it presented a problem with Windows 10 in that the Start button would no longer work. After trying everything I could think of, I clicked on the support button on the software and found myself connected to a foreign “help” site. I foolishly allowed this idiot to connect to my machine and remotely run test routines that I knew had nothing to do with the problem. After repeatedly asking for a higher level tech, I was offered a complete check of my PC for only $149.00. I refused this and hung up. Now, today, I apparently fell for your highly recommended FREE malware removal software, only to run the scan and discover that I had to pay again if I really wanted to fix the discovered problems. I just closed the program. I’m very disappointed in your website offering this as a FREE fix, when it most definitely is not. Incidentally, I had to back our of Windows 10 on my one PC, and I’m removing the software from my second PC. One more thing, although the two products had different names, they looked like the same thing, and were priced identically. Hmmmm.

    • Dave Greenbaum

      October 25, 2015 at 6:32 pm

      Dave,

      It sounds like you were victim of the poisoned ads and search results. Sometimes the top search result is NOT the real program. Patch My PC prevents this problem.

  4. BadBigBen

    October 27, 2015 at 7:03 am

    The best AV, one that I’ve been using for more than 30 yrs. and hasn’t failed me once, is Brain 2.0 …

    backed up with SAS and MBAM (Super AntiSpyware and Malwarebytes AntiMalware respectively) …

    and voila no Virus since 2000 (only started using Windows at around that time, other OS’s before that)

    btw. there is no mention of the usage of adblockers, which in my opinion are a must these days when one peruses the internet…

    PS: using a third party firewall, can also be of substantial help in curbing the little nasty critters that can maltreat a machine.

  5. Giorgos

    October 27, 2015 at 8:08 am

    Is Brain antivirus still active?
    A Google search, indicates it as dead.
    If not, where is it’s home page?
    G.

Leave a Reply

Your email address will not be published.

 

To Top