All changes discussed in this document are reversible. If you don’t like the results change back to the original setting.
Make sure you have and use an up-to-date antivirus program and that it scans your email as well as memory
and your files. Apply all updates immediately.
Install a firewall. Make sure that it does not allow any program to access the Internet without your permission.
Install three anti-spyware programs.
Use strong passwords – a combination of upper and lower case letters, numbers, symbols, and punctuation
marks at least 6 characters long – the longer, the better. Do not use names or any information associated with you
or your family.
Switch your browser to Firefox but do not remove MS Internet Explorer. If you want to use MSIE use only
version 6.x and install all updates.
Disable dangerous Windows programs Unless you are on a LAN or WAN that absolutely requires file and print
sharing, make sure you disable them. Go to the Control Panel. Click on Networks. In the “Configuration” Tab,
click on “File and Print Sharing” On the next screen, make sure that both boxes are blank. Depending on
your OS, the method may be different. Use Help “File and Print Sharing”
Disable running Visual Basic Scripts (.VBS) automatically .
Bring up Explorer. Click on VIEW (or Tools) in the Windows header. Click on the Folder Options. Click on the
“File Types” Tab. Move down to and select “VB Scripts”. If the “Opens With” line at the bottom of the window
says NOTEPAD you’re OK. If it says WSCRIPT or anything but NOTEPAD, click on the “Edit” button. Select
Edit and click the Set Default button. Make sure that the action is “Edit” and it is in bold type. Close and
check for “Opens With NOTEPAD” again. Click APPLY and OK.
If you want to run a VBS, save it to a file, right click the file name and click on “Open”
Disable Active-X files in MS Internet Explorer Your web pages may look plainer but you wont be a target for
Active-X scripts. In MSIE select Tools, Internet Options, the Security tab, Internet and Custom Level button.
Scroll and disable Active X except “Script Active X controls marked safe for scripting.
Enable showing the full file name and extensions of all files including hidden files. Go to Folder Option. Click
on the “View” Tab. Under “Files and Folders- Hidden Files” Click on “Show all files”, then clear the box “Hide
file extensions for known file types”. Click Apply and Close.
In addition, never open an email attachment with the extension “.pif” “.scr” “js” “exe” or any file with more
than one extension i.e. filename.txt.pif. Be careful of .jpg files as email attachments if you do not expect a
Never. Never, Never
Never go to a website that asks for personal information by clicking on a link in an email message.
Phishing looks like a legitimate request from a well known company or service provider to “clear up a billing
problem” or “confirm your billing information”. Spoofing a web site URL is simple. What you see is not what you
get. If you want to go to such a site, type the URL in the address bar.
What You Can Do About It., There is no way you can get absolute protection. The marketers, data gatherers, and
malicious hackers are smart and constantly devise new ways to invade and steal personal information or get
control of your computer. Currently, no single program will remove all spyware. It will take a combination of the
Malware.doc 1 Norm Erdos
three recommended programs to do even a reasonable job. The best approach is to try to avoid the malware
Install and use an antivirus program, a firewall and the programs listed below (or choose your own). Run checks
often Recommended programs are marked with an asterisk.
Try This Get a free, throwaway email account and use it for everything but personal or business.
communications.In forms, use spaces instead of info if possible. Make a graphic of you email address and paste it
in. Contests and surveys may be fun but they have only one purpose – to get information about you – so be
Note: Many spyware programs have counterparts – other programs that are as good or better - that are not
spyware. Try www.nonags.com for thousands of free programs that are checked for viruses and worms and do
not have advertising or nag screens. However, there is no absolute safety so stay alert for unusual disk activity or
attempts by programs to access the internet.
ZoneAlarm*: a highly recommended free firewall that prevents scans and probes and will not allow programs
to access the internet without your permission: Run it with security set to at least Medium for both local and
internet operation. Your computer will not be visible (STEALTH mode) to anyone trying to access your
computer. Download from www.zonelabs.com, zdnet, or from many other software sites.
AdAware*: a free program that scans your computer for DoubleClick, Auriate, Conducent, and many other
spyware companies’ programs. You decide to keep it or not.. Download from http://www.lavasoftusa.com/ or
other software sites
Spybot - Search and Destroy*: another free program that blocks malware and scans your computer for
potentially destructive programs. Updates are free. http://www.safer-networking.org/en/index.html
Microsoft Anti-spyware Program (beta): Almost daily automatic updates. Free at least to 12/31/05.
Are You Vulnerable? You can check your firewall, your vulnerability to probes and scans and see if any of your
ports are open. An open port is a doorway to your computer. If a worm program finds an open port, you are
infected. Go to http://grc.com and run the “shields up “and probe tests. Steve Gibson, who runs this site has
been fighting for privacy and security rights for years. Don’t be put off by the ad-like first page for “SpinRight”. Free
security programs are also available. Also check http://www.privacy.net/analyze.
Another site for checking various aspects of your computer and its vulnerability is www.dslreports.com Although
this site is primarily about DLS internet access, many of the tests will work just fine if you use cable or a modem.
Above all, keep yourself aware of what’s going on in the world of spyware and malicious programs. There are
many articles readily available. Every once in a while do a search on “spyware”, “computer virus”, “computer
worms”. If what you’ll read doesn’t make you eager to protect your computer and your privacy – nothing will.
List of sites worth visiting.
http://www.grc.com – check vulnerability, excellent security info
http://www.pchell.com – spyware removal. Tips. Excellent removal info. Weird but useful site
http://www.privacy.net – go to “analyze”. Shows info your browser “gives away”
http://www.symantec.com – AV updates, spyware removal, info. Also McAfee etc.
http://www.virusall.com – info, hoax or real threat?
http://www,microsoft.com - download excellent anti-spyware program – free for now
http://http://www.dslreports.com/ – excellent tools and info
http://www.trendmicro.com/vinfo/ - av updates, info
http://free.grisoft.com/freeweb.php/doc/2/ - Free av and spyware remover. Auto updates.
Malware.doc 2 Norm Erdos