Infection Prevention Guide

Discussion in 'Computer Games and General Discussion' started by Rydian, Jun 25, 2011.

Jun 25, 2011

Infection Prevention Guide by Rydian at 6:31 AM (4,147 Views / 3 Likes) 22 replies

  1. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    <div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo--><u>Infection Prevention Guide</u><!--sizec--></span><!--/sizec-->

    This guide will show you how to prevent infections in the first place.

    If you are currently infected, please visit the <a href="http://gbatemp.net/t298763-infection-removal-guide" target="_blank">Infection Removal Guide</a>.</div>

    <ol type='1'><li>Intro/T.O.C.</li><li>Program List</li><li>Future Prevention</li><li>F.A.Q.</li></ol>
    Program List

    Future Prevention

    F.A.Q.
     
    3 people like this.


  2. soulx

    Member soulx GBAtemp Legend

    Joined:
    Apr 4, 2009
    Messages:
    10,130
    Country:
    Canada
    This topic should be merged with the Infection Removal Guide and be turned into a Infection Prevention and Removal Guide.

    There are way too many stickies in this forum.

    Good guide, BTW.
     
  3. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    If a guide appears to have too many instructions people will get scared and not even attempt to follow it.

    I've been doing this shit for years, and it's a sad fact I've had to come to terms with.
     
  4. pistone

    Member pistone GBAtemp Advanced Fan

    Joined:
    Feb 18, 2010
    Messages:
    504
    Location:
    in your heart...coz secretly you love me !!!!
    Country:
    Albania
    before i always used avira.
    the updates where regular and also the ads where not to much ........and the thing i liked the most it doesnt kill all your ram
    i never downloaded p2p files and also i didnt visited "bad" sites ,i always scaned the pc 1/2 a week and still a lot of viruses
    then i passed to linux and every virus is gone
     
  5. Zekrom_cool

    Member Zekrom_cool I respect faith, but doubt is what gets you an edu

    Joined:
    Apr 17, 2011
    Messages:
    915
    Location:
    Heaven [N's Castle]
    Country:
    India
    How useful is Norton?
     
  6. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Debatable. It has a terrible reputation from the past, and while the latest versions are a lot better it's still sub-par. I would not recommend the purchase if that's what you're asking, but it is better than nothing.
     
  7. PaullyG

    Newcomer PaullyG Member

    Joined:
    Apr 23, 2011
    Messages:
    28
    Location:
    Perth, Australia
    Country:
    Australia
    As a virusbtn member since 1998 and someone who has become a bit of a specialist with viruses and malware over the last 18 years, with many many new submissions to various vendors (generally whoever was giving best value to my customers at that point in time). I will say that Symantec has always been up there with the best over the years on the detection rate, but the real time scan engine was for a very very long time a dog slow resource hog and more of a pain in the rear end to have on a system than not. It has become a lot better now and is actually a good product these days to the point where I'd be willing to say (as much as I hate the company) that they're easily one of the best in the industry currently. A lot of us old schoolers love to rubbish Symantec, they bought out Norton back a long time ago and turned their products into complete garbage, which in turn made a lot of work for us lowly IT plebs. It's been hard to trust them again, but the anti-virus software has been very good for a few years now and they've had a proven track record of almost never missing anything on the wildlist since 2000. They've got a better handle on the spyware, malware and ad-ware side of things than most of the other anti-virus companies (something the industry has struggled to catch up with for a number of years now). So if you're willing to shell out for a product it's worth the money. It's relatively quick for how comprehensive it is and has proven itself to be a superior product time and again in independent testing. Personally I'd keep away from the 360 suite though, I still have no faith in their PC Tune-up stuff as I've seen enough trashed partitions in the past from their utility products, though it may be relatively trouble free these days. Their corporate product "Endpoint" is an absolute dream to use, should be their standard product imho. Is a shame it has a 5 license minimum, worth a look if you want to deck out a heap of systems though.

    With all that being said, there is one worthy (in my opinion superior) alternative that is both competitive in price and trustworthyness and that's Kaspersky. The only other contender I'd consider at the moment is F-secure but their pricing is a rip-off for home users.

    Download the trials, see which you get along with better (only have one installed at a time).

    Lavasoft have entered the comprehensive anti-virus market recently and their product has performed very impressively so far, but they don't have the proven track record yet, another new player which is causing quite a buzz lately is BullGuard, definitely ones to watch over the next couple years.

    If money is tight though you can get pretty comprehensive protection by using an alternative to Internet Explorer for browsing, and installing a free version of Avira or Avast (Both solid wildlist performers but lacking on the spyware/adware/malware front) in combination with Lavasoft's Ad-aware (Free version) as well as Spybot Search & Destroy (Don't forget to do a system scan with the latter two regularly).

    I'll probably get flamed if I don't mention ESET, who were once the be all and end all of anti-virus companies, with a track record nobody could touch. Sadly they've been slow to respond to the malware/ad-ware/spyware side of things and are only recently catching up, they did make far and away the best product in the industry for a very long time, but sadly they haven't been king of the hill for a while now. I do however suspect they'll be back on the throne before long as they've really started to get their act together lately.
     
  8. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    For the average user viruses are not the only issue (in fact they're a minor issue), it's various malware that's the main cause of headaches, and Norton's not very good at removing it. I thought it was just my experiences, but I recently joined with my college's IT staff as a work study and found they have the same issue, it seems to not do jack crap against fake AV malware and they've contacted Norton and just gotten excuses (because they're not technically viruses).

    Given that stance I don't think I can recommend them as a paid product until that improves.
     
  9. shadowmanwkp

    Member shadowmanwkp Your roms are on another rom site

    Joined:
    Apr 17, 2008
    Messages:
    486
    Location:
    Vleuten, The Netherlands
    Country:
    Netherlands
    Rydian, you might want to cover firewalls as well, they can provide a lot of protection for your computer. Even though windows has its own firewall, it is f'ing terrible, with a simple probe you can easily see that it provides nearly no protection, therefore it is sensible that some external firewalls like zonalarm should be included in the first post.
     
  10. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    I honestly do not believe a software firewall is any benefit for the average user with any sort of router/gateway, and they often do more annoyance than actual prevention.
     
  11. shadowmanwkp

    Member shadowmanwkp Your roms are on another rom site

    Joined:
    Apr 17, 2008
    Messages:
    486
    Location:
    Vleuten, The Netherlands
    Country:
    Netherlands
    Point taken, they can actually be a big annoyance... I can be quite a power user sometimes, so I don't always think about the average user....
     
  12. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Yeah, the original point of a firewall (closing ports) is already done by default in any situation with a router (unless a DMZ/+ was set up or you forward the ports but in either of those cases you'd need to open them on your router as well anyways), a router is not additional protection against infections since networking is non-critical while I/O is critical so if an infection is fucking with your AV it's already past your firewall, and then there's the issues software ones can cause with disabling javascript and all that crap in an attempt to raise the number of "protection features" they have.

    Hell, I've even seen one disable CSS.
     
    1 person likes this.
  13. Zetta_x

    Member Zetta_x The Insane Statistician

    Joined:
    Mar 4, 2010
    Messages:
    1,844
    Country:
    United States
    One thing we have ran into at my IT job is the rootkit.win32.TDSS.tdl4 and other such malicious coding. It attempts to poison the network so when people connect to the school's network it configures the targeting computer's DHCP server to the IP of the infected computer and configures the DNS server to an outside source.

    I am not sure if you have seen it, but I like to call it the policeman browser update. Basically, it's like a TDSS.tdl4; it infects one computer and that one computer poisons the network so when multiple staff members connect to the network, they will first notice that they get no internet. Any attempt to use any browser will load up a page (hosted by the infected computer) that says your browser is not up to date, please update *update button here*. When you click on the update button, it re-directs to a PHP script that sets up a download link saying it's from google.com. Of course, when you run this file, it spreads the infection and we have another computer poisoning the network.

    From the IT standpoint, when we see a computer that is routed to an infected computer, we open up command prompt and see what the IP address is of the infected computer. Then nbtstat -a IP ADDRESS to locate the infected killer and run a TDSS killer.

    However, this happens when you connect to a network with automatic DNS and DHCP settings. You can prevent the infection from being spread by identifying whether or not you are connected to the correct DNS server. Command >> ipconfig /all. If your DNS server or DHCP server is not looking right, this is the first step to preventing anything. Of course you could manually assign the DHCP and DNS server to the correct one, but it's better to find the infected computer

    ---

    Also "Q - Why not just format when you get infected?", another good reason is because some objects like the TDSS.tdl4 attaches itself to the MBR and formatting it may not remove it.
     
  14. Rydian
    OP

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Wasn't aware TDSS affected the MBR. I knew about motherboard infections but last I checked nothing that'd survive wipes was actually in the wild.

    And the "advanced removal" section of the removal guide is all about getting as much info as possible and posting it so that people can personally help with a fix or suggestions.
     
  15. PaullyG

    Newcomer PaullyG Member

    Joined:
    Apr 23, 2011
    Messages:
    28
    Location:
    Perth, Australia
    Country:
    Australia
    Pretty much all the AV companies have been subpar on the malware front, and yes the "it's not a virus" excuse has been one I've heard back from them many times. Symantec and Kaspersky have been getting their act together bigtime lately on this front though as well as few others, as they're now specifically stating they are anti-malware as well as anti-virus. Lavasoft Total is probably the best performer out there at the moment, but I have a bit of a hard time recommending such a new player until they have a bit of proven consistency. You can check how the big players are performing on the Malware front these days at Virusbtn & Av-test. A lot of the problem is malware with updating downloads, meaning that by the time the signature hits the database it's already outdated. Unfortunately the only way to kill these is to spend the time checking load points in the registry, looking in the usual locations for suspect files etc. frequently sorting by date is helpful. Wireshark is also a very handy tool for picking them out by network traffic they generate. I've seen plenty of these that every AV and Anti-Malware specific program in the arsenal will miss when they're fresh and being maintained.
     
  16. Sir VG

    Member Sir VG GBAtemp Advanced Fan

    Joined:
    Jun 26, 2004
    Messages:
    847
    Country:
    United States
    To the question on Norton: Norton is overbloated. It will eat up WAY too many system resources and has for the last 7 or 8 years.

    About software firewalls: The all suffer from the same problem that all Windows programs have - they can crash. They take a while to start up. Get yourself a hardware firewall - typically by having a router between your internet modem and computer, even if you only have 1 computer. Hardware routers trump ALL software firewalls.

    Plus Windows firewall is a jerk. It likes to prevent common tasks from working, even stuff like sharing a printer over a network. [​IMG]
     
  17. soulx

    Member soulx GBAtemp Legend

    Joined:
    Apr 4, 2009
    Messages:
    10,130
    Country:
    Canada
    Sucks for them, then.

    If there are too many stickies, nobody will see this thread.
     
  18. person66

    Member person66 If it isn't edited, it isn't a true person66 post

    Joined:
    Jun 16, 2009
    Messages:
    1,110
    Location:
    Canada
    Country:
    Canada
    BUMP!

    So, I wanted an opinion on this, but didn't want to start a new thread. Anyway, I have Shaw as my internet provider, and because of that, I get Shaw Secure for free. Shaw Secure use to be powered by F-Secure, but I switched to avast (free version), because it was taking up far too much of my computers resources. Well now Shaw has switched to McAfee, so what I want to know is, should I just stick with avast, or would you recommend me switching to the new Shaw Secure, which is powered by McAfee. Will it be just as resource heavy as it was before, or should it not too bad?

    Basically, Avast or McAfee?
     
  19. omgpwn666

    Member omgpwn666 Guy gamer and proud!

    Joined:
    Jun 14, 2008
    Messages:
    2,535
    Location:
    Florida
    Country:
    United States
    Thanks for making this, honestly will come in handy. The most I can do is toss you a like and say thanks again.
     
  20. Zerosuit connor

    Member Zerosuit connor Baby I'm Back ♥

    Joined:
    Sep 17, 2010
    Messages:
    1,847
    Location:
    Eorzea
    Country:
    Australia
    Thankyou, great guide.
     

Share This Page