Ars Technica made a bit of a splash this week with this provocative headline. This is real.
The article gives the usual advice, like not opening e-mail from strangers, not clicking attachments from strangers, and not visiting dodgy websites. That’s all good advice, as is staying off torrent and other file sharing sites, but even all that is not enough.
Here’s what I add to that list. Don’t open unexpected e-mail attachments, even from people you know. Those can be infected as well. Don’t count on antivirus software to catch infected attachments. It’s possible to evade antivirus software. I know ways to do it. So do the bad guys.
Don’t open mail forwards. Just don’t do it. Maybe that “Elf Bowling” attachment is cute. I don’t care. I’m sure I miss a lot of jokes. I don’t care. It’s easy to become the joke. Do you seriously want pictures of yourself picking your nose to show up on some forum?
Giggling at Elf Bowling isn’t worth it.
I actually have my Gmail account configured to filter out FW: and Fwd: so I don’t even see those messages anymore. Do I miss some jokes? I’m sure I do. Do some people think I’m a killjoy? I’m sure they do. They can get over it. When their computers–yes, even their Macintoshes–get infected, I can clean their computers for $100 and I can have some fun taking my family out to dinner. How’s that sound?
I will repeat. This stuff is real. I’m going to tell you a sad story.
I cleaned a computer for someone a couple of years ago. A houseguest had clicked on “Elf Bowling” or some other cutesy attachment, and infected his computer. The computer stopped functioning, except for a popup demanding a large sum of money.
His wife handled all of the finances, and had all of their finances in Quicken. Then something even more terrible happened. She died.
Now this gentleman had a big mess to clean up. He had to make funeral arrangements, deal emotionally with what had happened, and, oh, by the way, the bills were due in a couple of days and he was locked out of all of his bank accounts.
I got him cleaned up and got his bank account working again, and he paid his bills on time that month. But this kind of stuff happens, and the bad guys DO NOT HAVE SOULS AND DO NOT CARE. Actually, some of them find it humorous. Got that?
If I sound over the top and overly emotional, that’s deliberate. I wish I could be even more over the top. I wish I could reach through my monitor and wave my hands at you for effect. Be glad I didn’t break out the blink tag. Trust me, I thought about it.
Now, let’s talk about adding extra layers of defense, because people do make mistakes.
The way to protect yourself is through defense in depth. Install good antivirus software. It doesn’t have to cost any money. Then install a second one. Avast 8 no longer makes it easy to install as a secondary scanner, but you can get Bitdefender 60-second scanner instead. Do it. This way, malware has to get past two antivirus engines. Set both engines to scan your system once a day, at different times.
The combination of Microsoft Security Essentials and Avast is adequate; I think the combination of Avast and Bit Defender would be better, as long as you remember to re-register Avast every year. The nice thing about Security Essentials is that it never expires, so you don’t have to remember to re-register it. That’s important enough that I’m still inclined to recommend it as the first level of defense, even with better products available. It doesn’t matter how good your front-line antivirus is if it goes dormant.
Get Malwarebytes and install it. Schedule it to scan every day too. (Google for instructions.)
Yes, there’s quite a bit of overhead with all of this security, but computers are powerful these days. A clean computer has plenty of power to run the protection tools, and the protection tools cause less overhead than an infection.
Now, what do you do if you get a suspicious popup?
If you get a suspicious popup, don’t click on it. Disconnect from the Internet immediately. Shut down your web browser following this procedure. Firefox will recover what you were working on. Bring up task manager by hitting Shift-Ctrl-Esc, click on the Firefox process, then click End Process. If you see more than one instance of Firefox, repeat. If you see other web browsers like iexplore.exe and chrome.exe, close those too. If the popup still doesn’t go away, shut down the computer completely. If it’s a legitimate message, it’ll come back. (If it’s an illegitimate message, it may come back too–in which case, call for help.)
When you get rebooted, scan the machine with your antivirus software and with Malwarebytes. Stay disconnected from the Internet for now. If they complain about outdated definitions, make them scan anyway, then connect to the Internet, download updates, and scan again. If you have a clean bill of health, then and only then fire up your web browser and continue with what you were doing, but be cautious.
Scan and rescan every day for a week, and watch yourself, just to be on the safe side.