"So how did I get infected in the first place?"


Updated from the original article by Tony Klein. (See Note*)

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

"So how did I get infected in the first place?"


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:


Safe Computing Practices

1.  Keep your Windows updated! 

It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.  Either enable Automatic Updates or get into the habit of checking for Windows updates regularly.

Operating Systems

Only Windows 8.x and Windows 10 are still officially being supported. Windows XP reached end of support April 8, 2014, Windows Vista reached end of support April 17, 2017, and Windows 7 reached end of support January 20, 2020. Windows 8.x extended support ends January 10, 2023.  For Windows 10 Versions, see the Windows lifecycle fact sheet.  

To update Windows 8.x and Windows 10 do the following::
  • Windows 8.x:  Open the Search charm, enter "Turn automatic updating on or off", and tap or click Settings to find it.
  • Windows 10:  Go to Start > Settings > Update & Security.

Updates (even some old updates for Windows XP, Windows Vista and Windows 7) can be downloaded from the Microsoft Update Catalog.  To see what updates have been released see Windows Update History:  

Servicing Stack Updates (SSU)\


The Servicing Stack is what actually installs Windows Updates.  However, it also contains the "component-based servicing stack" (CBS).  The CBS is key to DISM, SFC, as well as changing Windows features or roles, and repairing components.

When there is a Servicing Stack Update released with security or cumulative updates, the updates are automatically installed with Windows Update (you won't see the SSU offered in the list of updates available).  Because each Servicing Stack Update replaces the complete "stack" they do not require a restart.

If you are unsure whether you have the latest Servicing Stack Updates installed, the list of SSU's is at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001.  Locate the update for your operating system.  Clicking the KB number will take you to the update, which includes the date of the last update.  You can now find the date of the last update on your device in the link to "View installed updates" located in Programs and Features of the Control Panel.


2.  Update 3rd Party Software Programs

The importance of updating third-party software is evidenced by the report by AV-TEST in which it is stated, "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware." (Complete article at Adobe & Java Make Windows Insecure.)

Third Party software programs have long been targets for malware creators.  To check if your system is missing security updates or has insecure applications installed, consider one of the tools in this article by Ciprian Rusen, The Best Tools to Check for Software Updates.

Of course, there are some third-party programs you may find you no longer need.  Consider, for example, uninstalling Oracle Java and Adobe Shockwave Player as neither are frequently needed today. 

3.  Use a Standard/Limited User Account

Although the Administrator account is needed when setting up the computer, day-to-day usage should be with a Standard User Account which has limited permissions. An Administrator account provides the highest level of access to your computer whereas using a Standard User Account makes it more difficult for the computer to be infected.

Using a Standard User Account for every day activities applies even if you are the sole user of the computer. For additional information, see Using a Standard/Limited User Account


4.  Watch what you download!

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.  Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.

Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others are among the most notorious. P2P programs allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner

Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are! 

Pre-scan downloaded files for viruses and malware at one of these multi-engine single file scan sites.  Both use a dozen or more well-known anti-malware scanners in a quick, easy scan with a report of results from all.

 -- Virus Total (10mb limit):  https://www.virustotal.com/gui/home/upload
 -- Jotti's Malware Scan (15mb limit):  http://virusscan.jotti.org/en 

5.  Avoid questionable web sites!

Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.

Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable

In addition, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!

For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.

Must-Have Software

*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other.

6.  Antivirus

An Anti-Virus product is a necessity. There are many excellent programs that you can purchase as well as antivirus software programs free for personal use. In addition, Windows Defender comes pre-installed on both Windows 8.x and Windows 10.

The following are antivirus software programs that are free for personal use: 
 -- Avast
 -- Avira
 -- Kaspersky Cloud
 -- Sophos

Please run only one antivirus resident at a time!

It is recommended to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.

7.  Internet Browser

Internet Explorer was pre-installed on Windows 8 versions with the current version being Internet Explorer 11. However, the latest Windows browser is Microsoft Edge, a chromium-based browser.

Many malware infections install themselves by exploiting security holes in the Internet browser that you use. As a result, if you elect to use a third-party browser, it is extremely important to keep it updated.  Although not a complete list, third-party browsers include Brave, Firefox, Google Chrome, Opera, Pale Moon, and Vivaldi. 


8.  Firewall

It is critical that you use a firewall to protect your computer from hackers.  The built-in Windows firewall blocks both incoming and outbound and has made numerous improvements over the years, although it can be disabled in the registry by malware.

If you prefer to install a third party firewall, locate the vendor site rather than a third-party hosting site. Pros and cons of free firewalls can be found here.  Please only use one firewall at a time!

Other Cleaning / Protection Software

Of the below-listed programs, passive protection like that provided by SpywareBlaster, WinPatrol and Hosts file programs, can be used with active resident protection programs effectively.  For example, the free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used.

Only scan with one program at a time should be run with a shutdown/restart between scans.


9.  Consider installing SpywareBlaster by Javacool

This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.

Don't forget to check SpywareBlaster for updates every week or so.

See this helpful tutorial by Lawrence Abrams, Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.

10.  HOSTS File Programs

MVPS HOSTS -- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.  For information on how to download and install, please read this tutorial by WinHelp2002.

hpHosts -- hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites.  The inclusion policy can be found at https://hosts-file.net/?s=policy



11.  Anti-Malware and Anti-Spyware Programs (Select one or two)

MalwareBytes' Anti-Malware
SUPERAntiSpyware Free Edition



Happy safe computing!!

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

*Note:  The original version of this article was written in 2005 by Tony Klein and has been reproduced or linked to in thousands of locations. Tony is well known in the security community for his many contributions, including the CLSID List and A Collection of Autostart Locations.

With permission from Tony, others in the security community as well as myself have continued updating it to include current operating systems and software program information.  It has come to my attention that updated copies of the article are no longer being maintained at many sites.

The above represents annother update of the original "So how did I get infected in the first place?" ©Tony Klein.

Revised: TonyKlein,Oct 30 2005, 05:00 AM
Reproduced and edited with permission of the author.

(Updated 21March2020)
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


7 comments:

Unknown said...

Hi Corrine,

This page is very complete and interesting... henceforth I'll have a realy better protection.

When I see the rose, I'm in confidence!

Thank you for all...

Corrine said...

Thank you, Claude. I'm glad you found it helpful.

malis2007 said...

Awesome Article!
Very helpful!, Bookmarked for sure.

Corrine said...

Thank you, malis2007. Although I've added my own touches and updates, the credit goes to TonyKlein.

Unknown said...

very valuable information for those of who us are not up to date with online security
many thanks ,and it would be generous of you to give us an update for 2016 :)

Unknown said...

I agree, this is very useful information. Unfortunately it is becoming outdated. A 2017 update would be great. Thank you.

The Pianist said...

Thank you! Really updated!