University of Oregon

Virus Protection and Prevention Best Practices

Audience
Faculty/Staff
Researcher
Student
GTF
 

Security Resources & Information

The UO Technology Service Desk is happy to assist all affiliated members of the university with securing a computer with an antivirus program or running security scans. 

OS Patching

  • Keeping your operating system up to date is extremely important as a large amount of the updates are security related and not simply bug fixes.
  • Windows XP/Vista/7/8.1/10 should be set to automatically update. If not, go to Start > Control Panel to enable automatic updates. You can activate a manual update as well by going to Start > Windows Update.
  • Mac OSX should be set to automatically update.  If not, go to the Apple Menu > System Preferences > Software Update to configure this.  You can also activate a manual update by going to the Apple Menu -> Software Update.

Application Patching

  • Remember to update any software that uses an internet connection. Java Runtime Environment (JRE), Adobe Flash, and Adobe Reader are among the most common applications that fit into this category. Regular updating of software is just as critical as regular updating of your operating system.
  • Many software packages have their own auto-update features.  Keeping this setting enabled is the easiest way to ensure your software is always up to date.

Sufficiently secure passwords

Safe web browsing

  • Safe browsing is actually the most difficult of all of the above because there’s no definite solution--it relies more on your own intuition and experience with using the web. Assuming you have covered all of the above however, here are some basic guidelines:
    • Use pop-up blockers. Not only will they greatly reduce the amount of ads you encounter but they can help prevent many Javascript exploits and vulnerabilities from infecting your machine. IE (only 7&8), Firefox, and Chrome all have built-in pop-up blockers:
    • Also blocking content such as flash objects, java-script, and ads can help protect the user from other attacks on malicious sites. You can get plug-ins for some browsers that will support blocking some of these objects. You can then easily add sites to a white-list which will allow those sites to display and run objects such as ads, java-script, and flash.
    • Don't click web links given to you in an e-mail or Instant Message conversation by someone you don't know.
    • Be wary of any links sent via social network websites (such as Facebook, Instagram, twitter) as scams and trojans are very popular on these sites. You also need to be wary of anything sent from a friend: if their account is compromised, they may be aiding in spreading malware without even knowing it.
    • Don't EVER send your username/password to any account in any e-mail message. This is not secure. Any legitimate organization will have a much more secure solution to dealing with accounts.
      • For more information on phishing, http://www.antiphishing.org  is a great resource.
      • A useful tool to help you identify a malicious web-site is called Web Of Trust. This tool collects notes and ratings by other users and displays it as an icon that turns green, yellow, or red depending on how safe the web-site has been rated. Clicking on the icon will provide you more information such as what category the site failed at (Trustworthiness, Vendor Reliability, Privacy, and Child Safety). Because this service relies on other users to have already rated a site not all sites will have a rating attached. Also due to the ratings given by other users (even you can give sites ratings if you sign-up) in the end you will have to use your own judgment on whether or not to trust the ratings, but the majority of the time these ratings are reliable.
    • A common tactic among individuals that would like to infect your machine is called search engine optimization (SEO). SEO is the tactic of manipulating search results through search engines (such as Google) to infect the most amount of users possible. For instance, if a popular show is receiving many hits then someone looking to infect many people with malware would riddle their page with tags relating to the popular show. This would effectively trick Google (or rather Google crawlers) into believing that the infected page is relevant to the search and should be displayed near the top of results. You can avoid being infected via this method by not searching for incredibly popular topics, or if you do by being careful on the links you click.

Local Machine Firewalls:

A local firewall runs on the network interface on your computer. It is important to remember that for each interface you can have a firewall on or off, so if you use both ethernet and wireless then you want a firewall enabled for both.

  • Windows firewall can be configured through the Control Panel, Mac OS X firewall can be configured through system preferences.
  • Standford.edu has some good general information about firewalls at http://irt.stanford.edu/firewall/#about

Network firewalls

Firewalls also exist on network equipment such as wired and wireless routers, which are common both on consumer cable modem and dsl setups. Check the documentation for your router manufacturer to see how to configure its firewall. Typically, a network firewall doesn't merely substitute a local network interface firewall and shouldn't be used as such. Having both at once is the optimal solution.

Online Tools

  • F-Secure Online Scanner: http://www.f-secure.com/en_EMEA/security/tools/online-scanner/
    • F-secure offers a similar online browser-based virus scan as well, however it is a more general sweep for malware/spyware on your system.  Simply accept to the agreement and click "Run Check." It does not check for out-of-date software.
  • Hijack this: http://hijackthis.de/
    • While not entirely browser-based, hijack this is quite effective. First you'll need to download their scanner and install it.  After running the scanner it will output a text file--simply copy and paste the entire contents of this text file into the textbox on the front page of hijackthis.de and it will give you a readout of every single entry and its known threat or vulnerability.
  • Firefox Plugin Check: http://www.mozilla.com/en-US/plugincheck/
    • Firefox plugins can be very useful, but they may also introduce vulnerabilities. This web-based tool from Mozilla scans all your plugins at once to make sure they are up to date, and it works on both OS X and Windows.
  • Threat Expert: http://threatexpert.com/
    • Threat Expert has a good database of information about malware, as well as some tools.  Information such as different strains of malware, where they come from, which strains are related, and how they can affect your machine. In addition, you can scan individual files that you may suspect to be infected, and it can give you a detailed report (if its infected) that might help you identify what happened.
  • Virus Total: http://www.virustotal.com/
    • Similar to Threat Expert in that it’s geared towards scanning individual files. Also, if you go to the "Statistics" page, you can get an idea of the most common infections that have been recently scanned.

AnchorDownloadable Tools

  • Malware-Bytes Anti-Malware: http://www.malwarebytes.org/
    • Malware-Bytes is one of if not the best all-purpose malware and spyware remover tool. Click "Download Free Version" from the main page to get it. As with all anti-virus scanning software, it is only going to be truly effective if 1) the virus definitions are up to date, and 2) the computer is running in safe mode. So make sure to update before each scan, and to boot to safe mode.
      • Safe mode can be accessed by pressing F8 when the computer starts up
  • Spybot Search & Destroy: http://www.safer-networking.org/index2.html
    • Spybot is targeted towards adware and spyware specifically; things that compromise the security of internet use. It scans your system files, registry, active RAM, and browser specific things such as cookies and ActiveX objects. While not as good of a jack-of-all-trades like malware-bytes, Spybot specializes in browser infections.
  • Microsoft Autoruns:      https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    • Autoruns is a tool to view the programs, scripts, drivers, and services that will run when you login as a specific user.  This tool can be used on a live machine or against a mounted hard drive out of a potentially compromised machine.
  • Combofixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix
    • Combofix should be used after the last two scans have proved to be unsuccessful.  The only reason for this is that they advertise their software being potentially dangerous to windows system files, though in my experience of running CF over a hundred times I have never seen this to be the case.  One thing to note is that Combofix is updated every two days or so, but the automatic updater is not always reliable so it is best to just download the newest copy of the binary from their site.
    • WARNING: Do NOT download Combofix from combofix.org. Combofix.org is known to be a bogus web site.

AnchorGeneral Security Info & Resources