Once upon a time, a good anti-virus was about all you needed to stay safe online (and perhaps a bit of knowledge about pop-ups and email links; ie. not clicking them!). Nowadays, however, this is not so clear-cut. With the prevalence and diversity of clever malware threats, traditional anti-virus programs fail to detect and deter online nasties. It’s important to take a few safety steps and provide yourself with a little foundation education, as outlined in this article.
1) Protecting your computer
The first steps include securing your actual device. These are shown below. Then we’ll move on to actual browsing habits and how you can help protect yourself with your actions online.
- Ensure you have a functioning and up-to-date anti-virus (AV) program. This is your main baseline. Although we said above that an AV isn’t the be-all-and-end-all, you do need this basic protection in place. A good free anti-virus we recommend currently is Avast. This has the added benefit of being able to remove ‘potentially unwanted products’ (PUPs), which some AV’s are starting to introduce, but not all. PUPs are typically unnecessary programs which tend to serve not useful purpose and cause other problems.
- Install and frequently run an anti-malware/anti-spyware program. A good recommendation is Malwarebytes’ anti-malware. This comes free in it’s basic form, which is good enough for most users to manually run every so often (perhaps every few days or a week depending on your internet usage). The limitation of free anti-malware programs is that they don’t run continuously (ie. no ‘real-time shield’, which is what AV’s use), therefore you don’t have protection against the threats coming in initially; instead, you’re dealing with scanning for, and removing them, afterwards.
- Ensure Windows updates are up to date. Ensure automatic updates are ‘on’ (usually are by default). Note, if you’re using Windows XP, the support has now ended, and for security reasons you should seriously consider upgrading to at least Windows 7. It’s also worthwhile ensuring any other common programs and plugins are up-to-date too, such as Flash Player, Adobe Reader, Oracle Java and web browsers (all commonly exploited by online threats)
- A firewall, despite some common understanding, does NOT protect against malicious software threats. It won’t stop them coming in. A firewall is for a completely different purpose, that of network protection, and so, although it does protect against the risk of hacker attacks for example, it serves no purpose in malware-sense, so I won’t go into too much detail here. Also, withe internet routers being commonplace in the home/office now, a software firewall is less-important as hardware firewalls and filtering rules are built-in to these devices. Windows firewall is actually a good free option, and it should be on by default in the absence of any third-party solutions.
- Consider an anti-exploit program, which runs in real-time and complements the above programs. A good example is Malwarebytes’ Anti-Exploit, but serves to plug vulnerabilities in commonly exploited programs (such as those we mentioned under software updates). It’s easy to install and keeps itself up-to-date, so it’s a worthwhile extra.
- Backup, backup, backup! – Keep regular, comprehensive backups. There’s a plethora of ways to backup and software to use nowadays, and it’s beyond the scope of this advice page. But the bottom line is, if you’re not already backing up your data, look into it today. You’ll be glad you did because, at some stage, every computer user will experience some sort of fault leading to data loss or corruption, later if not sooner. If you are backing up, verify that you can actually get access to your files and restore them if the need arises. Many people either think they’re backing up but aren’t, or are backing up using some system they don’t know how to operate themselves.
2) Savvy internet usage
These steps describe how to surf sensibly and limit your exposure to threats and scams.
- Emails – do not click on links or attachments you’re not sure of. If it’s not sent from someone you know, if it looks odd somehow (naming, filetype, layout) or it sounds too good to be true, delete it or spam it.
- Pop-ups – these come in many forms, such as pop-up boxes, banners and scrollbars etc. Don’t be tempted to click them at anytime. If you’ve seen an item or site you like the look of, directly navigate to it by typing the site address in the top browser bar, or do a web search for it to find the official site link. Clicking adverts at very least takes you through other third-party systems and sets cookies on your system before sending you to the site, and at worst case they may not send you to the real site at all and plague you with more popups, downloads and malicious links.
- Software installs – particularly with free software or those programs pertaining to games, films, dating (ie. ‘attractive’ ‘catching’ topics, be mindful of what you’re actually downloading and installing. Ensure the site is a genuine, official site of the program you download, as otherwise you may find it’s not the program you were after at all, or it may be bundled with other nasties. Also, during install, even with legitimate software packages, you can inadvertantly click to install other unwanted extras (PUPs); carefully click through each page of the install and read thoroughly and untick any extras that aren’t required (usually none are).
- Searching – when searching the web, even on a reputable search engine such as Google, be mindful of what are known as ‘sponsored links’. These appear towards the very top of the search listings and are typically in bold or highlighted font. Don’t use these links as they will take you to either an alternative page to what you requested, or lead you through other sites beforehand, which is not best practice. Look a few links down to the ‘normal’ web links and find the site you want. This in itself can stop of lot of malicious content being delivered to your computer.
3) Get a regular check-up
Seek periodic advice from a reputable IT company or expert, who will be able to properly advise on this topic, and perhaps run more in-depth scans and removal processess should the need arise. Of course, we offer such services and a hefty percentage of our day-to-day work involves issues relating to malware, security or the internet. It’s better to be secure, or have the peace-of-mind knowing you are secure, rather than continuing along hoping and praying – too much of our lives are spent online to take this risk, especially tasks such as banking, online shopping and storage of important data.