MAKE YOURSELF HACKPROOF MAKE YOUR PC MORE RESILIENT TO HACKERS AND MALWARE
Make your PC more resilient to hackers and malware.
ONCE UPON A time, the process of protecting your PC against viruses was simply to install an antivirus program, and be careful about which floppy disks and CD-ROMs you introduced to it. Then we all got internet access, and you needed to make sure you didn’t download anything dodgy, while adding a firewall to your PC to dissuade hackers. And for a while, that seemed sufficient.
How times have changed — and with everincreasing rapidity, too. These days, the threats keep coming, finding ever more inventive ways of getting through defences, using trickery as much as anything else. But however hard the hackers fight, the security folk fight back, helping to develop new forms of protection, removal and repair to thwart the cybercriminals.
As it has been since the beginning, prevention is always better than cure. Far better to tighten the security on your PC than have to go through the trauma of removing unwanted software, or battling a demand for money from a ransomware attack. But where do you begin? What software do you need? And how can you change your behaviour to minimise your exposure in the first place? In this feature, we’ll help you on all of these counts.
We’ll reveal the core protection you need, run through the various ways in which your online activities put you at risk, and explain how to protect yourself accordingly. You’ll discover how to encrypt your email, properly screen downloads for viruses and potentially unwanted programs, keep malvertising at arm’s length, and ensure none of your online accounts are easily — if at all — hacked. We’ll help secure your home network, too, so people can’t piggyback onto your Wi-Fi, or gain access to your home devices through your router.
But what happens if you do get infected? Don’t worry — we’ll run through some ways in which you can get control of your PC back from the malware. And we’ll point you in the direction of some useful tools that can help you recover from a ransomware attack, even to the point of potentially decrypting your precious data. Without further ado, let’s get this (anti-malware) party started!
Whether you like it or not, you need antimalware software. Windows 10 comes with Windows Defender for basic protection, but it’s outclassed by most other anti-malware tools. The best free anti-virus tool in our humble opinion is Avira Free Security Suite ( www.avira.com). However, if you’re looking for security with the lot, the paid-for suite Bitdefender Total Security 2018, which covers you for five devices ( www.bitdefender.com.
au), can’t be beat on value. For families, we recommend Norton Security Premium for Three Devices ( au.norton.com), which will help you keep track of your ankle-biters when they’re online. For more on why these three have taken the trophies, head over to page 60.
In the past, you could only run one antivirus app on your PC at once. These days, there exist anti-malware apps designed to work in tandem with other security software. The most visible of these is Malwarebytes Anti-Malware ( www.malwarebytes.org). The free version provides scan and remove tools, but for continuous real-time protection, and the ability to block malicious websites — vital when it comes to keeping out malvertising and potentially unwanted programs (PUPs) — the Professional Edition is available for a reasonable annual fee. Speaking of PUPs, it’s worth your while installing a tiny, free program called Unchecky ( www.unchecky.com) to stop unwanted add-ons being installed on your PC.
TIGHTEN UP YOUR ROUTER
One of the most effective ways of making your PC as hacker-proof as possible is to review the way you use your PC. Let’s begin by securing your PC’s connection to your network and the internet. First, your network — if you connect through Wi-Fi, make sure you have WPA2 encryption enabled in your router’s settings, and choose a strong, randomly generated password that can’t easily be remembered, if at all.
Worried about drive-by hackings, where people get within range of your wireless network, then attempt to gain access to it? Reduce your network’s visibility by disabling SSID Broadcast, then changing the SSID of your network to a name that’s not easy to guess. If you wish, enable wireless MAC filtering (use the ‘ipconfig /all’ command in a Command Prompt window to find out your PC’s MAC address, in order to whitelist it first), change your network’s IP address from the usual 192.168.0.x to 192.168.y.x (where ‘y’ is between 1 and 255), and disable DHCP.
With this in place, a hacker would need four things to gain access: your network SSID and its password, yes, but also a whitelisted MAC address to spoof, and what IP address to assign to their device (as well as the IP address of your router), just to get on your network.
In reality, though, this will make network setup long-winded, so you may want to strike a balance (perhaps leave DHCP enabled, for example).
Next, tighten your router’s other settings. Verify its firewall is switched on, and review any ports you’re forwarding — these are channels from the internet to your networked devices, so make a note of what they are, remove any not in use, and disable those you don’t need permanent access to. Also, review your UPnP settings — these ports are allocated to apps running on your network. Disable suspicious ones, and search for the originating apps to remove them.
It’s also important to protect access to the router settings: change the default password to a stronger one (change the username if allowed, too). Now look for a Remote Management or Remote Access option. This enables you — and anyone else — to access your router from outside your home network, using your public IP address (or dynamic hostname). So disable this option.
LOCK DOWN YOUR CONNECTION
Virtual private networks (VPNs) offer a number of security and privacy features — not only can you make you and your location anonymous when connected through one, but they also encrypt all your internet traffic, which makes them an essential add-on for your laptop or tablet whenever surfing using a public, unencrypted Wi-Fi hotspot.
There are many free services, such as TunnelBear ( www.tunnelbear.com), with a free tier offering 500MB per month. Plans starting from around US$5 a month lift this limit. If you’d like to run your entire home network through a VPN, you need to use a second router that supports the DD-WRT firmware.
BEHAVIOURAL CHANGES
Unfortunately, the days are gone when the only way malware got onto your system was through opening files or programs. These days, many threats are triggered by your own inadvertent behaviour, through misdirection.
So how can you protect yourself from, uh... yourself? Let’s start with email, where most initial phishing threats originate from. First, treat all email with suspicion. If it’s peddling an offer too good to refuse, or making dire threats while exhorting you to click a link to verify your account or respond to some kind of dispute or offer, just take a deep breath. Re-read the message, spot the spelling mistakes or the fact the address you’ve been emailed isn’t the one you’ve linked to your bank account. Who’s the sender? In the majority of cases, these checks will reveal the email is a fraud.
Get into the habit of never clicking links in emails. Instead, open your browser, and visit the site specified by typing its address. But that’s not all you need to do against emails. Some contain malicious code hidden in the mail’s HTML, so configure your email client to read mail in plain text by default. Also, consider installing a mail-checking tool, like POP Peeper ( www.esumsoft.com) or Mailwasher ( www.mailwasher.net), which can screen mail for junk and scams, and let you preview email without downloading it. Connect using SSL or TLS (see the ‘Encrypt Your Email’ box, right).
SAFER WEB SURFING
In the past, surfing the web was a blind process — you typed in a web address and it loaded, no matter what was lurking at the other end. These days, most browsers can detect known malicious websites, and block them by default, but there are still many dodgy sites that aren’t considered direct security risks. This is where web filtering solutions come in, such as Web of Trust ( www.mywot.com). WOT operates a traffic-light safety system, providing an icon next to web addresses (and search results)
that’s green (safe), amber (use with caution), red (dangerous) or grey (untested, so be cautious). The ratings are community-based, so aren’t always 100% accurate, but they do help flag up potentially dangerous sites, and block access to red-rated sites by default. Add-ons are available for all major browsers. Norton offers a similar feature with Safe Search — a search engine extension that helps protect you from phishing and other dodgy sites.
Even with this extra line of defence, protecting yourself on the web requires extra effort. First, adopt the same level of scepticism to everything you see on the web as you do with email. Phishing occurs across all platforms, from pop-up pages masquerading as Windows dialog boxes, claiming you’ve been infected or need to update now, to scams in Facebook Messenger, trying on the same type of scam as found in email. You should even be suspicious of text messages exhorting you to share your two-factor authentication code ‘for security purposes’.
First, don’t react immediately. Neither should you try to close the window, unless you’re confident that what you’re clicking is the close window dialog box and not a spoofed one. Instead, use Task Manager to close the process. Under no circumstances give out any personal data, ever, regardless of who it is that seems to be asking for it.
Another way to tighten web surfing is to use a secure web connection (https://) whenever you can. Some sites automatically use secure connections, but others don’t — even though they support them. Force all compliant sites to encrypt your connection by installing the ‘HTTPS Everywhere’ add-on for the Chrome, Firefox, and Opera browsers (from www.eff. org/HTTPS-everywhere).
MALICIOUS ADD-ONS
Browser add-ons such as WOT and HTTPS Everywhere help tighten browser security, but it isn’t surprising that not all add-ons are what they seem, with many able to track your movements and steal personal data. Malicious add-ons have been injected into the Chrome Web Store in the past, while some cybercriminals buy up legitimate add-ons only to introduce nasties through updates, which are then automatically installed. Even those add-ons that appear to be reputable can be
poorly coded in such a way as to make them vulnerable to exploits.
So, first, exercise extreme caution before installing any add-on — do all the usual checks, such as checking who the publisher is and reading reviews (and paying particular attention to any that say the add-on is spyware or spam). Google the name and words such as ‘malware’ or ‘exploit’, to see if they’re linked in any way. Check the permissions (particularly during an update, where an add-on may ask for additional permissions it didn’t previously need), and ask yourself why it wants them. Also, regularly check your browser extensions, removing any you no longer need or don’t recognise. Consider using bookmarklets, too, instead of add-ons — bookmarklets contain tiny bits of code that do simple things, such as tweeting the current page, but they can’t automatically update, and only run when you click the bookmarklet. Again, be sure to obtain these from reputable sources, and be as sceptical as you would with an add-on.
DOWNLOAD PROTECTION
Downloads are a common source of malware, so make sure the installer is scanned by your anti-malware tools before you launch it — right-click the file to find the relevant option, such as ‘Scan with Malwarebytes AntiMalware’, if it’s not done automatically (Norton pops up a message in Taskbar Notifications to tell you it’s scanning the file, for example).
An increasing number of developers provide checksums for the software you’ve just downloaded. These checksums, also known as signatures or hashes, are typically used to verify that a download isn’t corrupt, but can also be used to calculate its authenticity too. You need a third-party tool to generate the ‘hash’ of the file you’ve downloaded, and then you compare this with the checksum given online — it’s not definitive proof, but it’s a useful step.
A number of different hashes are used: MD5 and SHA are the most common, and the MD5 & SHA Checksum Utility ( raylin.
wordpress.com) makes it easy to verify either type. Just select your downloaded file, then paste in the hash from the webpage, and click Verify — the program should then confirm for you that the two match.
There’s one major development to look out for whenever downloading software. An increasing amount is shipped as ‘bundleware’, which means it includes other program installers, offered to you during installation. Reputable installers make these offers crystal clear, and make it obvious how to opt out of them, but an increasing number don’t, making it all too easy to accidentally install unwanted extras, not all of which are desirable.
It’s not just individual programs, either — major download sites (we’re looking at you, Download.com) have also started bundling extra unwanted software with downloads, and some of this is little more than ‘crapware’ or even borderline malware. In the case of Download.com, examine the green ‘Download now’ button carefully for a greyed-out ‘Installer Enabled’ sign; if it’s there, it means the app is installed using Download.com’s own installer, which contains bundleware. MD5 & SHA Checksum Utility is downloaded through Download.com, and thankfully there’s no bundleware included.
Programs such as Unchecky and the Premium version of Malwarebytes will screen most of these out — you still get the original program, but they either change the bundleware’s default settings to prevent the extra programs being installed by default, or may block the bundleware portion of the app. Either way, you get a notification that they’ve worked on your behalf.
Even if you have these programs installed, though, they’re not foolproof (particularly Unchecky). Therefore, you need to take extra care during the installation process — look out for licence agreements referring to other programs, and examine any checkboxes carefully to ensure you’re not about to inadvertently install an unwanted extra. Some offers come with Accept and Decline options — choose the latter, and you move on to the next part of the process, or close the installer and source a different program that doesn’t take risks with your security. Are you a fan of torrenting? You need to be doubly cautious — torrents from official sources (such as Linux installer ISOs) are usually safe, but if you’re venturing into dodgy territory, looking for the latest TV episodes, say, be very wary. Check comments and reviews of individual torrents to see if anyone else has spotted anything dodgy, and run the usual scans before opening any files.
SOCIAL NETWORKING
One way in which we inadvertently hand out personal data is through our social networking profiles. Ask yourself if you really want to share your birthday publicly with everyone on Facebook, or why a particular social networking add-on needs to know so much personal information about you. Take the time to check your profile’s privacy settings on all your networks, to review what data you’ve handed over to the network, and how much of it is public. Avoid making public posts that unintentionally give out information you use as security questions elsewhere (your mother’s maiden name, for example, or the town or city where you were born). And, as always, ensure that your accounts are protected with strong passwords, and use two-factor authentication or verification whererever possible.
Many web links shared over social media — particularly on Twitter — are often shortened to save on characters, but how
do you know the link published is genuine? At checkshorturl.com, you can input the shortened link to examine the webpage it points to, as well as check the link’s safety ratings on WOT, Norton and other reputable sites.
RANSOMWARE
One of the biggest threats in recent times comes from ransomware, which is specially formed malware that locks you out of your PC or your data (typically by encrypting it), before demanding a ransom in return for receiving the code required to unlock it. One clever trick on the thieves’ part is to ramp up the pressure by hiking up the ransom cost the longer you delay. Most anti-malware tools should offer you some form of protection, but check with your vendor to see what it can and can’t do.
The most effective way to protect against ransomware is to keep your PC backed up — either a drive image of an entire drive, or file-based backups of your data (including cloud services, such as OneDrive) — as this will help ensure you’re protected. In the case of file-based backups, these offer multiple versions of your files, enabling you to roll back; drive images enable you to wipe the drive and restore Windows, your apps, settings and data from scratch, with all but those changes made since the image was taken. Use a tool such as Macrium Reflect Free ( www.macrium.com/ reflectfree.aspx), with daily images to keep the file size down.
Try to keep at least one copy off-site — that is, not directly connected to your computer. Otherwise, it’s possible the ransomware could locate your backups and encrypt those too. Future attacks may target cloud storage, for example.
REPAIRING THE DAMAGE
It’s not always possible to keep infections out, so what can you do if they get through your defences? If your system is working, try running scans with your existing tools — reboot into ‘Safe mode with networking’ if necessary, via ‘Start > Settings > Update & security > Recovery > Restart now’, to access the Advanced start-up menu. From here, choose ‘Troubleshoot > Advanced options > Startup Settings’, then restart and pick option 5. If this fails, you need some additional tools. First, download RKill and ADWCleaner from
toolslib.net (use another PC if necessary, transferring them across on an optical disc or USB flash drive). Run the former to terminate known malicious processes, but don’t reboot if prompted. Next, launch Malwarebytes, update it, then select ‘Settings > Detection and Protection > Scan for Rootkits’, before running a Threat Scan.
If you need additional cleaning of adware, browser toolbars and hijackers, and other PUPs, then run ADWCleaner, plus Malwarebytes Junkware Removal Tool ( www.malwarebytes.com/junkware removaltool), which may find things missed by Malwarebytes itself. Another tool to consider is the Emsisoft Emergency Kit — this is a portable dual-engine scan-andremove tool, which can be downloaded direct to a portable USB drive on another PC. Run the tool once on the second PC, and update it when prompted, then plug it into your ailing PC, and let it attempt to find and remove the nasties.
Once your PC is clean, you may need to perform repair tasks. NetAdapter Repair All In One ( sourceforge.net/projects/ neta-dapter) can help with broken internet connections, for example, while the Windows Repair Tool ( www.tweaking.com) can give your system the once-over, as well as restore functionality — resetting the Registry and permissions, removing policies set by infections and repairing Safe mode.
With your PC running smoothly, follow our tips to tighten security, and restore any backups, ready to sail into safer waters.