Jul 11, 2009

Windows Tips: How Be Safe From Viruses / Kako ostati varen pred virusi

English version | Slovene version

Here's a non-developing blog entry... So, how to be safe from viruses?

I get asked this question a lot lately (wish I knew why, is there a new dark age coming or something?), especially which Anti-Virus software should one use, to be 100% safe from viruses.

Well, I'm not a big fan of Anti-Virus programs (I do use one, for "just in case"), nor do I want to advertise such software and above all, I don't think that any program can ensure full security.

Here's why (sorry for the lecture):
Viruses exist for any Operating System (Windows, Linux, ...). They're not called the same on different operating systems, but they act the same. They have simmilar methods of reproduction, and so on. Making a virus is very easy, even if you are a beginner at programming, making a good virus is a bit harder, but not much. A virus is a program, like any other, but it does stuff it's not supposed to, and that's why it's flagged as being a virus (malicious). And because it's a program, detecting it may be difficult sometimes, because it's functions don't look as fishy as they actually are - the program does things any normal program would do, let's say connects to a server and communicates with it. A lot of programs do that. Your browser does that. Your browser could be a "virus" if it would let someone else have access to things they're not supposed to.

Okay, enough of that, let's get to the good part.

Here's a short list of 4 simple tips you should follow, and if you'll follow all of them, you'll quickly find out that you don't have any use of your Anti-Virus program anymore.
They mostly apply on Windows Operating systems, but the idea is general.
  1. Disable Auto-Run
    Disable it. Disable it for everything. For CDs, USB keys, everything. It's useless and it's a major security problem. It's also a VERY popular way of virus reproduction.
    If you don't know what Auto-Run is, read about it on the wiki, but in a nutshell, AutoRun is a Windows service that enables a computer to run a program automatically when you plug in your USB key or a CD/DVD. Running a program whitout knowing what it is is like jumping from a bridge. It's dangerous and it's very likely that you'll get hurt.

    I'll be short on How-Tos, but here are some links:
    Basically, you navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom in your Registry, and set the AutoRun DWORD value to 0. You might also disable autoplay in your gpedit.msc - Local computer Policy\Computer configuration\Administrative Templates\System, select the item "Turn off Autoplay" and click the "Enabled" radio button.

    Also, if you don't know how to disable AutoRun, there is an alternative:
    If you hold the
    Shift key when you plug in a USB key/CD, you temporarily disable AutoRun.

  2. Use a firewall
    Firewalls come in many forms - there are physical firewalls, such as routers (but firewalling is not the router's primary function), and there are software firewalls.
    Firewalls block certain types of internet communication. They filter open ports which is also a very common way for virus reproduction:
    An infected machine connects through the internet to another vulnerable machine which has a vulnerable service running. But note that:
    • A computer is only vulnerable if it has a vulnerable service running
    • If the computer has no open ports (no services running) it cannot be infected/hacked via the internet.

    Which brings us to...
  3. Updates!
    A lot of people disable automatic updating (Control panel\System Properties\Automatic updates), because either they're afraid they might get that annoying little Windows Genuine Advantage tool or that they'll get viruses from it. Viruses from Microsoft updates?!?! Come on...
    Updates are in most cases a very good thing to do - if you don't care about security, you should at least care about the cool new features you get with the new version of any program. Programmers don't always get it right in the first try, that's why updates come in handy.

  4. Use your brain
    You heard me. Don't be stupid. Don't click on everything shiny, don't click on anything before reading what it is and understanding what it does. Don't open every email attachment. When you're browsing on the web, don't click on every link. Look at where it's pointing (in the status bar). If it's an .EXE file (a program) be extra careful, don't run it if you don't know what it is. KeyGens are NEVER what they say they are on the internet. Don't click on every "OK" or "I Agree" button. Some people think that when they suddenly have an unknown toolbar in their favourite browser, they have a virus. That's not true. They got that toolbar when they clicked on "I Agree" sometime in the near past without reading what it does.


Well that's all folks, I hope this article widens your horizon on computer security. Because I'm in an extra helping mood today, I'll translate the article for all of my Slovene friends.
Top
___________________________________________________________________________________

Zdaj pa en ne-programerski članek. Kako ostati varen pred virusi?

Zadnje čase dobivam to vprašanje zelo pogosto (ko bi le vedel zakaj, prihaja kakšna temna doba ali kaj podobnega?), še posebej: kateri Anti-Virus program naj bi uporabili, da bi bili 100% varni pred virusi.

Nisem ravno navdušen nad AntiVirus programi (sicer uporabljam enega "za vsak primer"), nimam niti želje oglaševati teh programov in povrh vsega, ne verjamem, da lahko program zagotovi popolno varnost.

Še razlog zakaj (oprostite za pridigo):

Virusi obstajajo za vsak Operacijski Sistem (Windows, Linux, ...). Ne kličejo se povsod enako, vendar obnašajo se isto. Imajo podobne načine razmnoževajna in tako naprej. Narediti virus je zelo lahko, tudi za začetnika programiranja. Narediti dober virus je malo težje, vendar ne veliko.
Virus je program, kot vsak drugi, le da počne stvari, ki jih nebi smel in zato je označen kot "virus". In ker je program kot vsak program je včasih zelo težko ga odkriti. Včasih so funkcije virusa zelo podobne običajnim programom, recimo, program se poveže na strežnik in z njim komunicira. Veliko programov to počne. Vaš brskalnik to počne. Vaš brskalnik bi lahko bil virus, če bi dovolil nekomu dostop do reči, do katerih nebi smel.

No, dovolj tega, preidimo do bistva.

Tukaj je kratek seznam štirih preprostih namigov, katerim lahko sledite, če pa upoštevate vse, lahko hitro ugotovite, da nimate več potrebe po uporabi antivirusnega programa.
Namigi so večinoma za Windows operacijske sisteme, vendar velja za vse.
  1. Izklopite Auto-Run
    Izklopite ga. Izklopite ga za vse. Za CD-je, USB ključke, vse. Neuporaben je in jezelo velik problem kar se tiče varnosti. Poleg tega je to zelo popularen način za samodejno razmnoževanje virusov.
    Če ne veste kaj je AutoRun, preberite o tem na Wikiju, v bistvu je pa to orodje operacijskega sistema Windows, ki omogoča samodejno zaganjanje programov, ko priklopite USB ključ ali CD/DVD v računalnik. Zaganjanje programov, brez vedeti kaj počno je kot skakanje čez most. Je nevarno in zelo verjetno je, da se boste poškodovali.

    Bom kratek pri navodilih kako to izklopiti, tukaj je pa nekaj povezav o tem: V registru pridete do mape HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom in nastavite AutoRun DWORD vrednost na 0. Dobro je tudi izklopiti autoplay v gpedit.msc - Local computer Policy\Computer configuration\Administrative Templates\System, izberite "Turn off Autoplay" in kliknite na "Enabled".

    Če ne znate izklopiti AutoRun, obstaja alternativa:
    Če držite tipko
    Shift, ko priklopite USB ključ ali CD s tem začasno izklopite AutoRun.

  2. Uporabljajte požarni zid
    Požarni zidovi obstajajo v različnih oblikah - obstajajo fizični požarni zidovi kot so usmerjevalniki (vendar požarni zid ni glavna funkcija usmerjevalnika), obstajajo pa tudi programski požarni zidovi. Požarni zid blokira določene vrste komunikacije prek iterneta. Filtrirajo odprta vrata kar je tudi zelo razširjen način razmnoževanja virusov:
    Okužen računalnik se poveže na ranljivega prek interneta, na katerem teče ranljiv program. Vendar pomnite:
    • Računalnik je ranljiv samo, če na njim teče ranljiv program
    • Če na računalniku ni odprtih vrat, potem ta računalnik ne more biti okužen preko interneta / vanj se ne da vdreti preko interneta.

    Kar nas privede do...
  3. Posodabljanje!
    Veliko ljudi izklopi avtomatično posodabljanje (Nadzorna plošča\Sistem\Avtomatične posodobitve). Ali se bojijo, da bodo s tem dobili tisto nadležno Windows Genuine Advantage orodje, ali pa da bodo s tem dobili viruse. Virusi pri posodabljanju Microsoft?!?! Dajte no...
    Posodabljanje je v zelo veliki večini primerov zelo dobra stvar - če vas ne zanima varnost na računalniku, vas bi lahko vsaj zanimale vse nove in kul funkcije, ki jih dobite z novo verzijo programa. Programerji ne zadenejo vse v prvo, zato pridejo posodobitve zelo prav.

  4. Uporabljajte možgane
    Prav ste me slišali. Ne bodite neumni. Ne klikajte na vse kar se sveti, ne klikajte na karkoli, predno preberete kaj piše in razumete kaj bo stvar storila. Ne odpirajte vsake priponke v spletni pošti. Če brskate po spletu, ne klikajte na vsako povezavo, poglejte kam kaže (na dnu programa piše). Če je povezava .EXE datoteka (program) bodite še posebej previdni, ne zaganjajte ga, če ne veste kaj bo storil. KeyGeni niso NIKOLI kar pravijo da so na internetu. Ne klikajte na vsak "V redu" ali "Strinjam se" gumb. Nekateri mislijo, da ko se na njihovem priljubljenem brskalniku nenadoma pokaže nova orodna vrstica, da je to virus. To ni res. To orodno vrstico so dobili, ker so v nedavni preteklosti kliknili na gumb "Strinjam se", brez da bi prebrali kaj piše.

No, to je to, upam da vam ta članek razširi obzorje računalniške varnosti.
Vrh

No comments: