Ward off at­tacks from mal­ware, ran­somware and other nas­ties with th­ese se­cu­rity tips and tricks

Windows Help & Advice - - NEWS - by Nick Peers

Once upon a time, the process of pro­tect­ing your PC against viruses was sim­ply to in­stall an anti-virus pro­gram, and be care­ful about which floppy disks and CD-ROMs you in­tro­duced to it. Then we all got In­ter­net ac­cess, and you needed to make sure you didn’t down­load any­thing dodgy, while adding a fire­wall to your PC to dis­suade hack­ers. And for a while, that seemed suf­fi­cient.

How times have changed – and with ever-in­creas­ing ra­pid­ity, too. Th­ese days, the threats keep com­ing, find­ing ever more in­ven­tive ways of get­ting through de­fences, us­ing trick­ery as much as any­thing else. But how­ever hard the hack­ers fight, the se­cu­rity folk fight back, help­ing to de­velop new forms of pro­tec­tion, re­moval and re­pair to thwart the cy­ber­crim­i­nals.

As it has been since the be­gin­ning, pre­ven­tion is al­ways bet­ter than cure. Far bet­ter to tighten the se­cu­rity on your PC than have to go through the trauma of re­mov­ing un­wanted soft­ware, or bat­tling a de­mand for money from a ran­somware at­tack. But where do you be­gin? What soft­ware do you need? And how can you change your be­hav­iour to min­imise your ex­po­sure in the first place? In this fea­ture, we’ll help you on all of th­ese counts.

We’ll re­veal the core pro­tec­tion you need, run through the var­i­ous ways in which your on­line ac­tiv­i­ties put you at risk, and ex­plain how to pro­tect your­self ac­cord­ingly. You’ll dis­cover how to en­crypt your email, prop­erly screen down­loads for viruses and po­ten­tially un­wanted pro­grams, keep malver­tis­ing at arm’s length, and en­sure none of your on­line ac­counts are eas­ily – if at all – hacked. We’ll help se­cure your home net­work, too, so peo­ple can’t pig­gy­back onto your Wi-Fi, or gain ac­cess to your home de­vices through your router.

But what hap­pens if you do get in­fected? Don’t worry – we’ll run through some ways in which you can get con­trol of your PC back from the mal­ware. And we’ll point you in the di­rec­tion of some use­ful tools that can help you re­cover from a ran­somware at­tack, even to the point of po­ten­tially de­crypt­ing your pre­cious data. Without fur­ther ado, let’s get this (anti-mal­ware) party started!

Whether you like it or not, you need anti-mal­ware soft­ware. Win­dows 10 comes with Win­dows De­fender for ba­sic pro­tec­tion, but it’s out­classed by most other anti-mal­ware tools. The best free anti-virus tools in­clude BitDe­fender AV Free (www.bitde­­lu­tions/ free.html) and Panda Free An­tiVirus (www.pan­dase­cu­ How­ever, if you’re look­ing for more com­pre­hen­sive se­cu­rity (in­clud­ing a third-party fire­wall), ESE T Smart Se­cu­rity ( is renowned, along with Kasper­sky (www.kasper­, while we’ve re­lied on Norton Se­cu­rity ( for the past ten years.

In the past, you could only run one anti-virus app on your PC at once. Th­ese days, there ex­ist anti-mal­ware apps de­signed to work in tan­dem with other se­cu­rity soft­ware. The most vis­i­ble of th­ese is Mal­ware­bytes Anti-Mal­ware (www.mal­ware­

The free ver­sion pro­vides scan and re­move tools, but for con­tin­u­ous real-time pro­tec­tion, and the abil­ity to block ma­li­cious web­sites – vi­tal when it comes to keep­ing out malver­tis­ing and po­ten­tially un­wanted pro­grams (PUPs) – the Pro­fes­sional Edi­tion is avail­able for a rea­son­able an­nual fee. Speak­ing of PUPs, it’s worth your while in­stalling a tiny, free pro­gram called Unchecky ( to stop un­wanted add-ons be­ing in­stalled on your PC.

Tighten up your router

One of the most ef­fec­tive ways of mak­ing your PC as hacker-proof as pos­si­ble is to re­view the way you use your PC. Let’s be­gin by se­cur­ing your PC’s con­nec­tion to your net­work and theIn­ter­net. First, your net­work – if you con­nect through Wi-Fi, make sure you have WPA2 en­cryp­tion en­abled in your router’s set­tings, and choose a strong, ran­domly gen­er­ated pass­word that can’t eas­ily be re­mem­bered, if at all.

Wor­ried about drive-by hack­ings, where peo­ple get within range of your wire­less net­work, then at­tempt to gain ac­cess to it? Re­duce your net­work’s vis­i­bil­ity by dis­abling SSID Broad­cast, then chang­ing the SSID of your net­work to a name that’s not easy to guess. If you wish, en­able wire­less MAC fil­ter­ing (use the ‘ip­con­fig /all’ com­mand in a Com­mand Prompt win­dow to find out your PC’s MAC ad­dress, in or­der to whitelist it first), change your net­work’s IP ad­dress from the usual 192.168.0.x to 192.168.y.x (where ‘y’ is be­tween 1 and 255), and dis­able DHCP.

With this in place, a hacker would need four things to gain ac­cess: your net­work SSID and its pass­word, yes, but

also a whitelisted MAC ad­dress to spoof, and what IP ad­dress to as­sign to their de­vice (as well as the IP ad­dress of your router), just to get on your net­work. In re­al­ity, though, this will make net­work setup long-winded, so you may want to strike a bal­ance (per­haps leave DHCP en­abled, for ex­am­ple).

Next, tighten your router’s other set­tings. Ver­ify its fire­wall is switched on, and re­view any ports you’re for­ward­ing – th­ese are chan­nels from the In­ter­net to your net­worked de­vices, so make a note of what they are, re­move any not in use, and dis­able those you don’t need per­ma­nent ac­cess to. Also, re­view your UPnP set­tings – th­ese ports are al­lo­cated to apps run­ning on your net­work. Dis­able sus­pi­cious ones, and search for the orig­i­nat­ing apps to re­move them.

It’s also im­por­tant to pro­tect ac­cess to the router set­tings: change the de­fault pass­word to a stronger one (change the user­name if al­lowed, too). Now look for a Re­mote Man­age­ment or Re­mote Ac­cess op­tion. This en­ables you – and any­one else – to ac­cess your router from out­side your home net­work, us­ing your pub­lic IP ad­dress (or dy­namic host­name, if you have one). So dis­able this op­tion.

Lock down your con­nec­tion

Vir­tual pri­vate net­works (VPNs) of­fer a num­ber of se­cu­rity and pri­vacy fea­tures – not only can you make you and your lo­ca­tion anony­mous when con­nected through one, but they also en­crypt all your in­ter­net traf­fic, which makes them an es­sen­tial add-on for your lap­top or tablet when­ever surf­ing us­ing a pub­lic, un­en­crypted Wi-Fi hotspot.

There are many free ser­vices, such as Cy­berGhost (­ Paid-for plans, start­ing from around £5 a month, lift this limit, and there’s no wait be­fore you con­nect. If you’d like to run your en­tire home net­work through a VPN, you need to use a sec­ond router that sup­ports the DD-WRT firmware.

Be­havioural changes

Un­for­tu­nately, the days are gone when the only way mal­ware got onto your sys­tem was through open­ing files or pro­grams. Th­ese days, many threats are trig­gered by your own in­ad­ver­tent be­hav­iour, through mis­di­rec­tion.

So, how can you pro­tect your­self from, erm, your­self? Let’s start with email, where most ini­tial phish­ing threats orig­i­nate from. First, treat all email with sus­pi­cion. If it’s ped­dling an of­fer too good to refuse, or mak­ing dire threats while ex­hort­ing you to click a link to ver­ify your ac­count or re­spond to some kind of dis­pute or of­fer, just take a deep breath. Re-read the mes­sage, spot the spell­ing mis­takes, or the fact the ad­dress you’ve been emailed isn’t the one you’ve linked to your bank ac­count. Who’s the sender? In the ma­jor­ity of cases, th­ese checks will re­veal the email is a fraud.

Get into the habit of never click­ing links in emails. In­stead, open your browser, and visit the site spec­i­fied by typ­ing its ad­dress. But that’s not all you need to do against emails. Some con­tain ma­li­cious code hid­den in the mail’s HTML, so configure your email client to read mail in plain text by de­fault. Also, con­sider in­stalling a mail-check­ing tool, like POP Peeper (­um­ or Mail­washer (www.mail­, which can screen mail for junk and scams, and let you pre­view email without down­load­ing it. Con­nect us­ing SS L or TLS (see the ‘En­crypt Your Email’ box).

Safer web surf­ing

In the past, surf­ing the web was a blind process – you typed in a web ad­dress and it loaded, no mat­ter what was

lurk­ing at the other end. Th­ese days, most browsers can de­tect known ma­li­cious web­sites, and block them by de­fault, but there are still many dodgy sites that aren’t con­sid­ered di­rect se­cu­rity risks. This is where web fil­ter­ing so­lu­tions come in, such as Web of Trust (­ WOT op­er­ates a traf­fic-light safety sys­tem, pro­vid­ing an icon next to web ad­dresses (and search re­sults) that’s green (safe), am­ber (use with cau­tion), red (dan­ger­ous), or grey (untested, so be cau­tious). The rat­ings are com­mu­nity-based, so aren’t al­ways 100 per­cent ac­cu­rate, but they do help flag up po­ten­tially dan­ger­ous sites, and block ac­cess to red-rated sites by de­fault. Add-ons are avail­able for all ma­jor browsers. Norton of­fers a sim­i­lar fea­ture with Safe Search – a search en­gine ex­ten­sion that helps pro­tect you from phish­ing and other dodgy sites.

Even with this ex­tra line of de­fence, pro­tect­ing your­self on the web re­quires ex­tra ef­fort. First, adopt the same level of scep­ti­cism to ev­ery­thing you see on the web as you do with email. Phish­ing oc­curs across all plat­forms, from pop-up pages mas­querad­ing as Win­dows di­a­log boxes, claim­ing you’ve been in­fected or need to up­date now, to scams in Face­book Mes­sen­ger, try­ing on the same type of scam as found in email. You should even be sus­pi­cious of text mes­sages ex­hort­ing you to share your two-fac­tor au­then­ti­ca­tion code ‘for se­cu­rity pur­poses.’

First, don’t re­act im­me­di­ately. Nei­ther should you try to close the win­dow, un­less you’re con­fi­dent that what you’re click­ing is the close win­dow di­a­log box and not a spoofed one. In­stead, use Task Man­ager to close the process. Un­der no cir­cum­stances give out any per­sonal data, ever, re­gard­less of who it is that seems to be ask­ing for it.

An­other way to tighten web surf­ing is to use a se­cure web con­nec­tion (https://) when­ever you can. Some sites au­to­mat­i­cally use se­cure con­nec­tions,

but oth­ers don’t – even though they sup­port them. Force all com­pli­ant sites to en­crypt your con­nec­tion by in­stalling the HTTPS Ev­ery­where add-on for the Chrome, Firefox, and Opera browsers (from­ery­where).

Ma­li­cious add-ons

Browser add-ons such as WOT and HTTPS Ev­ery­where help tighten browser se­cu­rity, but it isn’t sur­pris­ing that not all add-ons are what they seem, with many able to track your move­ments and steal per­sonal data. Ma­li­cious add-ons have been in­jected into the Chrome Web Store in the past, while some cy­ber­crim­i­nals buy up le­git­i­mate add-ons only to in­tro­duce nas­ties through up­dates, which are then au­to­mat­i­cally in­stalled. Even those add-ons that ap­pear to be rep­utable can be poorly coded in such a way as to make them vul­ner­a­ble to ex­ploits.

So, first, ex­er­cise ex­treme cau­tion be­fore in­stalling any add-on – do all the usual checks, such as check­ing who the pub­lisher is and read­ing re­views (and pay­ing par­tic­u­lar at­ten­tion to any that say the add-on is spy­ware or spam). Google the name and words such as ‘mal­ware’ or ‘ex­ploit’, to see if they’re linked in any way. Check the per­mis­sions (par­tic­u­larly dur­ing an up­date, where an add-on may ask for ad­di­tional per­mis­sions it didn’t pre­vi­ously need), and ask your­self why it wants them. Also, reg­u­larly check your browser ex­ten­sions, re­mov­ing any you no longer need or don’t recog­nise.

Con­sider us­ing book­marklets, too, in­stead of add-ons – book­marklets con­tain tiny bits of code that do sim­ple things, such as tweet­ing the cur­rent page, but they can’t au­to­mat­i­cally up­date, and only run when you click the book­marklet. Again, be sure to ob­tain th­ese from rep­utable sources, and be as scep­ti­cal as you would with an add-on.

Down­load pro­tec­tion

Down­loads are a com­mon source of mal­ware, so make sure the in­staller is scanned by your anti-mal­ware tools be­fore you launch it – right-click the file to find the rel­e­vant op­tion, such as ‘Scan with Mal­ware­bytes Anti-Mal­ware’, if it’s not done au­to­mat­i­cally (Norton pops up a mes­sage in Taskbar No­ti­fi­ca­tions to tell you it’s scan­ning the file, for ex­am­ple).

An in­creas­ing num­ber of de­vel­op­ers pro­vide check­sums for the soft­ware you’ve just down­loaded. Th­ese check­sums, also known as sig­na­tures or hashes, are typ­i­cally used to ver­ify that a down­load isn’t cor­rupt, but can also be used to cal­cu­late its au­then­tic­ity too. You need a third-party tool to gen­er­ate the ‘hash’ of the file you’ve down­loaded, and then you com­pare this with the check­sum given on­line – it’s not de­fin­i­tive proof, but it’s a use­ful step.

A num­ber of dif­fer­ent hashes are used: MD5 and SHA are the most com­mon, and the MD5 & SHA Check­sum Util­ity (https://raylin.word­ makes it easy to ver­ify ei­ther type. Just se­lect your down­loaded file, then paste in the hash from the web­page, and click Ver­ify – the pro­gram should then con­firm for you that the two match.

There’s one ma­jor de­vel­op­ment to look out for when­ever down­load­ing soft­ware. An in­creas­ing amount is shipped as ‘bundle­ware’, which means it in­cludes other pro­gram in­stall­ers, of­fered to you dur­ing in­stal­la­tion. Rep­utable in­stall­ers make th­ese of­fers crys­tal clear, and make it ob­vi­ous how to opt out of them, but an in­creas­ing num­ber don’t, mak­ing it all too easy to ac­ci­den­tally in­stall un­wanted ex­tras, not all of which are de­sir­able.

It’s not just in­di­vid­ual pro­grams, ei­ther – ma­jor down­load sites (we’re look­ing at you, Down­ have also started bundling ex­tra un­wanted soft­ware with down­loads, and some of this is lit­tle more than ‘crap­ware’, or even bor­der­line mal­ware. In the case of Down­, ex­am­ine the green ‘Down­load now’ but­ton care­fully for a greyed-out ‘In­staller En­abled’ sign; if it’s there, it means the app is in­stalled us­ing Down­’s own in­staller, which con­tains bundle­ware. MD5 & SHA Check­sum Util­ity is down­loaded through Down­, and thank­fully there’s no bundle­ware in­cluded.

Pro­grams such as Unchecky and the Pre­mium ver­sion of Mal­ware­bytes will screen most of th­ese out – you still get the orig­i­nal pro­gram, but they ei­ther change the bundle­ware’s de­fault set­tings

to pre­vent the ex­tra pro­grams be­ing in­stalled by de­fault, or may block the bundle­ware por­tion of the app. Ei­ther way, you get a no­ti­fi­ca­tion that they’ve worked on your be­half.

Even if you have th­ese pro­grams in­stalled, though, they’re not fool­proof (par­tic­u­larly Unchecky). There­fore, you need to take ex­tra care dur­ing the in­stal­la­tion process – look out for li­cence agree­ments re­fer­ring to other pro­grams, and ex­am­ine any check­boxes care­fully to en­sure you’re not about to in­ad­ver­tently in­stall an un­wanted ex­tra. Some of­fers come with Ac­cept and De­cline op­tions – choose the lat­ter, and you move on to the next part of the process, or close the in­staller and source a dif­fer­ent pro­gram that doesn’t take risks with your se­cu­rity.

Are you a fan of tor­rent­ing? You need to be dou­bly cau­tious – tor­rents from of­fi­cial sources (such as Linux in­staller ISOs) are usu­ally safe, but if you’re ven­tur­ing into dodgy ter­ri­tory, look­ing for the lat­est TV episodes, say, be very wary. Check com­ments and re­views of in­di­vid­ual tor­rents to see if any­one else has spot­ted any­thing dodgy, and run the usual scans be­fore open­ing any files.

So­cial net­work­ing

One way in which we in­ad­ver­tently hand out per­sonal data is through our so­cial net­work­ing pro­files. Ask your­self if you re­ally want to share your birth­day pub­licly with ev­ery­one on Face­book, or why a par­tic­u­lar so­cial net­work­ing add-on needs to know so much per­sonal in­for­ma­tion about you. Take the time to check your pro­file’s pri­vacy set­tings on all your net­works, to re­view what data you’ve handed over to the net­work, and how much of it is pub­lic. Avoid mak­ing pub­lic posts that un­in­ten­tion­ally give out in­for­ma­tion you use as se­cu­rity ques­tions else­where (your mother’s maiden name, for ex­am­ple, or the town or city where you were born). And, as al­ways, en­sure that your ac­counts are pro­tected with strong pass­words, and use two-fac­tor au­then­ti­ca­tion or ver­i­fi­ca­tion wher­er­ever pos­si­ble.

Many web links shared over so­cial me­dia – par­tic­u­larly on Twit­ter – are of­ten short­ened to save on char­ac­ters, but how do you know the link pub­lished is gen­uine? At http://check­short­, you can in­put the short­ened link to ex­am­ine the web­page it points to, as well as check the link’s safety rat­ings on WOT, Norton, and other rep­utable sites.


One of the big­gest threats in re­cent times comes from ran­somware, which

is spe­cially formed mal­ware that locks you out of your PC or your data (typ­i­cally by en­crypt­ing it), be­fore de­mand­ing a ran­som in re­turn for re­ceiv­ing the code re­quired to un­lock it. One clever trick on the thieves’ part is to ramp up the pres­sure by hik­ing up the ran­som cost the longer you de­lay. Most anti-mal­ware tools should of­fer you some form of pro­tec­tion, but check with your ven­dor to see what it can and can’t do.

The most ef­fec­tive way to pro­tect against ran­somware is to keep your PC backed up – ei­ther a drive im­age of an en­tire drive, or file-based back­ups of your data (in­clud­ing cloud ser­vices, such as OneDrive) – as this will help en­sure you’re pro­tected. In the case of file-based back­ups, th­ese of­fer mul­ti­ple ver­sions of your files, en­abling you to roll back; drive im­ages en­able you to wipe the drive and re­store Win­dows, your apps, set­tings, and data from scratch, with all but those changes made since the im­age was taken. Use a tool such as Macrium Re­flect Free (www.macrium. com/re­flect­free.aspx), with daily im­ages to keep the file size down.

Try to keep at least one copy off-site – that is, not di­rectly con­nected to your com­puter. Oth­er­wise, it’s pos­si­ble the ran­somware could lo­cate your back­ups and en­crypt those too. Fu­ture at­tacks may tar­get cloud stor­age, for ex­am­ple.

Re­pair­ing the dam­age

It’s not al­ways pos­si­ble to keep in­fec­tions off your sys­tem, so what can you do if they get through your de­fences? If your sys­tem is work­ing, try run­ning scans with your ex­ist­ing tools – re­boot into ‘Safe mode with net­work­ing’ if nec­es­sary, via Start > Set­tings > ‘Up­date & se­cu­rity’ > Re­cov­ery > ‘Restart now’, to ac­cess the Ad­vanced start-up menu. From here, choose Trou­bleshoot > ‘Ad­vanced op­tions > Startup Set­tings, then restart, and pick op­tion 5. If this fails, you need some ad­di­tional tools. First, down­load RKill and AD­WCleaner from https:// tool­ (use an­other PC if nec­es­sary, trans­fer­ring them across on an op­ti­cal disc or USB flash drive). Run the for­mer to ter­mi­nate known ma­li­cious pro­cesses, but don’t re­boot if prompted. Next, launch Mal­ware­bytes, up­date it, then se­lect Set­tings > ‘De­tec­tion and Pro­tec­tion’ > ‘Scan for Rootk­its’, be­fore run­ning a Threat Scan.

If you need ad­di­tional clean­ing of ad­ware, browser tool­bars and hi­jack­ers, and other PUPs, then run AD­WCleaner, plus Mal­ware­bytes Junkware Re­moval Tool (www.mal­ware­ junkwar­ere­moval­tool), which may find things missed by Mal­ware­bytes it­self.

An­other tool to con­sider is the Em­sisoft Emer­gency Kit – this is a por­ta­ble dual-en­gine scan and re­move tool, which can be down­loaded di­rect to a por­ta­ble USB drive on an­other PC. Run the tool once on the sec­ond PC, and up­date it when prompted, then plug it into your ail­ing PC, and let it at­tempt to find and re­move the nas­ties.

Once your PC is clean, you may need to per­form re­pair tasks. NetA­dapter Re­pair All In One (https://source­forge. net/projects/neta-dapter/) can help with bro­ken in­ter­net con­nec­tions, for ex­am­ple, while the Win­dows Re­pair Tool (www.tweak­ can give your sys­tem the once-over, as well as re­store func­tion­al­ity – re­set­ting the Registry and per­mis­sions, re­mov­ing poli­cies set by in­fec­tions, and re­pair­ing Safe mode.

With your PC run­ning smoothly, fol­low our tips to tighten se­cu­rity, and re­store any back­ups, ready to sail into calmer, safer waters.

Norton pro­vides com­pre­hen­sive pro­tec­tion for your com­puter.

Mal­ware­bytes Pre­mium blocks threats that are of­ten missed by other tools.

Make sure you tighten your net­work’s se­cu­rity through your router.

You can block un­wanted pro­gram in­stal­la­tions with Unchecky’s help.

Free VPNs might be slow, but they are safer than reg­u­lar con­nec­tions.

Make a habit of vet­ting sus­pi­cious web­sites with the help of Web of Trust (WOT).

Be care­ful in­stalling pro­grams that may at­tempt to add un­wanted ex­tras.

You should al­ways find out where short web links ac­tu­ally di­rect you.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.