PC Magazine Windows Vista Security Solutions

As with viruses, the best ways to protect your system again the risks of malware is to stop these pests from finding their way onto your Windows Vista system in the first place. Many users mistakenly rely on malware removal tools to keep their system protected, effectively allowing the bad guys in before periodically getting them out. Some of the key methods that you can use to protect your Windows Vista system from infection by malware include:

• Installing anti-spyware software (or using the Windows Vista anti-spyware tool, Windows Defender)

• Updating spyware definition files regularly

• Configuring real-time protection and advanced anti-spyware settings

• Scanning for malware regularly

• Thinking before you click

Each of these methods is explored in more detail in the following sections.

Installing Anti-Spyware Software

It doesn't take much for malware objects to find their way onto your PC, even if you're being very careful about how you use your Windows Vista system and the Internet. For this reason, it's imperative that you have anti-spyware software installed to ensure that your system remains properly protected, and preferably with an anti-spyware program that offers real-time protection. Windows Vista includes its own anti-spyware software in the form of Windows Defender, but a number of very capable third-party anti-spyware tools also exist.

Some of the most popular third-party anti-spyware software packages available for Windows Vista include:

• Spybot Search & Destroy (available from security.kolla.de)

• McAfee AntiSpyware (available from http://www.mcafee.com)

• Webroot Spy Sweeper (available from http://www.webroot.com)

• Ad-Aware (available from http://www.lavasoftusa.com)

• Trend Micro Anti-Spyware (available from http://www.trendmicro.com)

• eTrust PestPatrol Anti-Spyware (available from http://www.pestpatrol.com)

• Norton AntiVirus (which includes anti-spyware capabilities, available from http://www.symantec.com)

When researching different anti-spyware packages to find the one that works best for you, keep in mind that most of the free tools made available by different companies are reactive in nature and generally do not provide real-time protection against malware threats. In most cases, the free versions of anti-spyware programs provide malware detection and removal capabilities, whereas the paid or full versions add real-time protection and other advanced features.

Windows Defender, the native anti-spyware tool included with Windows Vista, does an excellent job of detecting and removing spyware infections, as well as proactively preventing them in the first place. Follow these steps to check the status of Windows Defender on your Windows Vista system:

1. Select Start → Control Panel → Security Center.

2. In the Windows Security Center window (see Figure 10-2), review the status of the Malware Protection section. The Malware Protection section shows that Windows Defender is actively protecting the computer.

   Figure 10-2: Reviewing the status of Malware protection in Windows Security Center.

Updating Spyware Definition Files and Scanning for Malware

In much the same way that your anti-virus software is only truly useful if you've updated it to include the latest virus definition files, the same is true of anti-spyware programs. For these programs to effectively detect, remove, and protect against the latest malware threats, you need to update their definition files regularly. Some anti-spyware vendors offer updated definition files every day, whereas others make updates available anywhere from a few times to once a week.

Although the real-time protection features of tools like Windows Defender help to ensure that your Windows Vista system remains protected against new malware threats, it's still important to perform a Full scan for spyware at least once per week. By default, Windows Defender scans for malware once per day, but this interval will be different depending on the anti-spyware program you decide to use. Along with the Quick scan that Windows Defender performs automatically each day, you can also initiate more comprehensive scans manually.

Follow these steps to perform a full spyware scan with Windows Defender:

1. Select Start → All Programs → Windows Defender.

2. If the Windows Defender definition files are out-of-date (as shown in Figure 10-3), click the Check Now button.

   Figure 10-3: Windows Defender with outdated definition files.

3. Click the arrow next to the Scan menu. Windows Defender supports three types of scans: Quick, Full, and Custom. Quick scan is the fastest, whereas Full scan is the most comprehensive. The Custom scan enables you to select the specific system areas that should be scanned for malware, as shown in Figure 10-4.

   Figure 10-4: Configuring custom scanning options in Windows Defender.

4. Select the Full scan option from the Scan drop-down menu. When the scan is completed, Windows Defender displays its results, as shown in Figure 10-5.

   Figure 10-5: The results of a Windows Defender scan.

5. If spyware objects are found on your computer, click the Review Items Detected By Scanning link. This opens the Scan Results screen, shown in Figure 10-6. Use the Action drop-down list to select an appropriate action for each object:

   • Ignore. Leaves the malware object intact, but will discover it again during subsequent scans.

   • Quarantine. Effectively paralyzes the malware object, placing it in a special quarantined storage so that it cannot harm your system. You can restore quarantined items later, if necessary.

   • Remove. Completely removes the malware object from your system.

   • Always allow. Tells Windows Defender that you trust the object and want to exclude it from future scans. You can reverse this action in the future, if necessary.

   Figure 10-6: Selecting actions for objects uncovered by a Windows Defender spyware scan.

6. Click Apply Actions.

Windows Defender Tools

Windows Defender includes a range of configurable tools and options beyond its spyware scanning and removal capabilities. While the need to use these tools is minimal if your PC is spyware-free, there are times when they may come in handy. To access Windows Defender's selection of built-in tools, click the Tools button to open the Tools and Options screen, as shown in Figure 10-7.

Figure 10-7: The Windows Defender Tools screen.

The Windows Defender Settings section provides access to the following:

• Options. These settings enable you to schedule Windows Defender scans to occur automatically and configure default actions that should be taken if or when malware objects are discovered.

• Microsoft SpyNet. SpyNet is Microsoft's collaborative environment that helps all Windows Defender users share information about spyware objects and new programs as they're discovered via scans. Select this option to choose your preferred level of involvement in the SpyNet community.

The Tools section on the same screen includes the following items:

• Quarantined items. Use this tool to view any items that you've quarantined, and to remove or restore them if necessary.

• Software Explorer. Use it to manage the programs that start with Windows Vista, review currently running programs, programs with open network connections, and details about Winsock Service Providers. With it, you can modify startup program settings to terminate running programs or those with open network connections.

• Allowed items. This tool enables you to review lists of objects that you've previously configured to Always Allow. If you decide that you no longer want to grant that privilege to an allowed object, use this tool to remove it from the list.

• Windows Defender web site. This is a link to the Windows Defender home page at http://www.Microsoft.com.

Beyond Anti-Spyware Software

Installing anti-spyware software with real-time protection and keeping it properly updated is the single best way to ensure that your system remains free and clear of malware threats. However, it's also important to give some thought to how you use the Internet with an aim toward avoiding interactions with malware in the first place. Use the following best practices to help ensure that your system remains free and clear of malware threats to the greatest degree possible:

• Install anti-spyware software that includes real-time protection and ensure that it's always updated with the latest spyware definition files. Scan for malware regularly.

• Install firewall software that includes both inbound and outbound filtering capabilities. If a malware threat that attempts to phone home is installed on your computer, a firewall capable of outbound filtering will likely alert you to the connection attempt.

• Install anti-virus software and keep it properly updated. Although typically not as comprehensive as anti-spyware tools, many anti-virus programs are capable of detecting malware threats and suspicious activities.

• Be careful about the web sites that you visit because less reputable sites are common sources of malware infections. Visiting online casinos, pornography sites, and web sites offering pirated materials (AKA warez) may increase your malware exposure risk.

• Ensure that your Windows Vista system is patched and protected with the latest security updates and Service Packs.

• If Internet Explorer is your preferred web browser, ensure that you have its security settings configured appropriately (as originally outlined in Chapter 5). Switching to an alternative browser without ActiveX support can also help to reduce the risk of malware infections, so you may want to consider options beyond IE, such as Firefox, Opera, or Netscape. Regardless of the browser you choose, be sure to keep it updated with the latest security patches as they're released.

• If you're not using your modem to connect to the Internet or to send and receive faxes, disconnect it from your phone line.

• Use a Standard user account (rather than an Administrator account) to complete day-today tasks on a Windows Vista system. Many malware threats (as well as viruses) rely on the current user having Administrator privileges to do their dirty work.

It's next to impossible to know which web sites could be potential sources of malware infections via techniques like drive-by downloads. Although you certainly wouldn't expect to be infected by a major site like Google or Yahoo!, the differences between legitimate and fly-by-night sites can sometimes be hard to distinguish. It's entirely possible that you could find yourself browsing to an infectious web site by clicking the results provided by a search engine, or a link supplied on another site.

Although it may be hard for the average user to determine which sites are safe and which are not, there are people out there trying to create a roadmap of potentially dangerous sites. Specifically, some folks at the http://www.MVPs.org web site have been busy creating a HOSTS file that includes entries for potentially dangerous sites.

When your Windows Vista system tries to connect to a site like http://www.pcmag.com, it uses Domain Name System (DNS) servers to translate the name to the IP address associated with the site. However, before it queries DNS for this information, it first checks its local HOSTS file, and if an entry for the site exists, uses the IP address specified in the file instead.

The HOSTS file made available on the http://www.MVPs.org web site lists hundreds of dangerous sites, and maps them all to a special IP address-127.0.0.1. This is known as the loopback address, and when specified, contacts your local computer. So, in cases where you try to connect to a potentially dangerous site, the connection request is sent to your local computer, where the attempt is denied-leaving you safer in the process.

In addition to listing sites that include malware- and virus-related threats, the HOSTS file available from http://www.MVPs.org includes entries for online advertisers. This means that certain banner ads may be blocked if you download and use the file. If there are certain advertisements that you do want to view, however, you can always open the HOSTS file and place a # sign in front of any given entry. That tells the HOSTS file to ignore the line, allowing you to connect to the site (or see the ads).

To obtain and install the HOSTS file, visit http://www.mvps.org/winhelp2002/hosts.htm. The site includes a regularly updated file that you can download, and details on installing correctly for Windows Vista systems.