Check us out on GitLab Email us
admin@kaisev.net

Protection From Viruses and Malware

Contrary to the marketing schemes, there is no software that can give you total protection from infections. The best way to keep your PC safe is to change your habits. The best part of that, is that there is no subscription fee for good habits. Reading this article will help you build safe browsing habits, and learn how to protect yourself and your computer

When to trust someone

You receive a phone call saying that your computer has a virus, and you need to fix it. The caller says he works for Microsoft, and that he will help you for free. Can you trust him?

Trust is an important factor in security, especially when you are seeking help. In these cases, I find it best to compare computer work to having work done on a car, consider the below example:

You receive a phone call saying that your car has problem, and you need to fix it. The caller says he works for Dodge, and that he will help you for free.

Immediately in the above scenario you have to wonder several things:

  1. How do I know this person is from Dodge?
  2. How would this person know what's wrong with my car?
  3. Does Dodge even fix cars? Wouldn't that be done by a mechanic or dealership?

These same questions apply to the call about your computer.

  1. You have no way of knowing who called you
  2. They have no way of knowing what's going on with your computer
  3. it's not Microsoft's job to fix your computer, that would be done by a computer shop.

A good rule of thumb then, is never trust anyone who contacts you. If you are having computer issues, people will not approach you about it. Unless you contact someone for help, no one will know or care about it.

This same approach doesn't just apply to phone calls. This applies to emails, pop-ups, and any other form of communication.

Below are some red flags to watch out for:

  1. Someone contacts you
    • As opposed to you contacting them
  2. Someone tries to scare or threaten you
    • Example: "your data will be lost" or "your account will be deleted"
  3. Someone tries to pressure you and say that this is time-sensitive, often including a threat
    • Example: "This has to be done by tomorrow" or "Urgent"
  4. Someone is pushy or insistent, even if they are polite while doing so
    • Example: "You have to do this", or they immediately start giving your orders
  5. Someone has poor spelling/grammar
    • Professional companies tend to communicate professionally, and blatant mistakes don't usually get sent out

How do you handle a possible scammer?

If something or someone contacts you, the best thing to do is contact someone you trust. If you get a popup that says you have viruses: close it and open your antivirus program through the start menu (a method you trust for opening your antivirus software and checking for viruses yourself). If a company sends you an email saying your account will be deleted: Go online, find their real phone number (obviously you can't trust the one in the email!), and ask them about it

  1. Don't Panic
    • It is the goal of these people to make you panic. They just want to influence your decisions
    • Even if you think something might be wrong, just turn off your computer until you can get trusted help
    • Malware will not damage your computer while it is off
  2. Don't give them information
    • You never want to give information to someone you don't trust. Even if it's something that seems harmless, like your name, your children's names, what kind of computer you have, or what city you're in. That information can be used to attack you later
  3. Challenge the caller
    • Ask them the name of the company they work for, where they're located, what their full name is, etc.
    • This can put a scammer on the defensive, and their story can quickly fall apart
  4. Contact someone you trust
    • If a caller claims to be from a company you trust, call that company's support directly by getting their phone number of their website
    • If an email has a link, don't click on it. Instead go to the website in your browser
    • Ask a forum, a friend, or someone else you trust if they think this is safe

Web Addresses

A web address or URL is the address of something on the Internet. This is the address at the top of your webpage, and it tells you some important information about where on the Internet you are, and how you're connected. For example, let's look at the address for Google: https://www.google.ca/

We are learning how to tell what site we're connected to, and if we're connected securely, to avoid phishing attempts or fake versions of websites that steal our information.

Tip: Links on webpages are just addresses. If you move your mouse over the link you will see an indicator in the bottom corner telling you what address the link leads to. Some links will lead to bit.ly or goo.gl, these are shortened urls, and will redirect you to other pages. You can bookmark https://www.checkshorturl.com and use that site to see where these types of links lead

Where are we?

Looking at any web address, there are a series of words and letters seperated by periods

www.google.ca

What we care about here is the google.ca part. mail.google.ca, maps.google.ca, and www.google.ca, are all sites on google.ca. We know this because the last blocks of the address before the forward slash (/) are google and ca. google.ca and google.com are not the same webpage; in this case they are both owned by Google, and do the same thing. But for example reddit.com is owned by Reddit inc, and reddit.ca isn't owned by anyone, and could be purchased by anyone. This means someone could purchase reddit.ca and build a page that looks like a login page for reddit.com to try and steal usernames and passwords

After the name of the site is a forward slash followed by other information, such as www.example.com/news/example.html After the first forward slash is information about where we are on the sites. In the above example, we are seeing /news/example.html on the site www.example.com.

Learn the addresses for the sites you visit often, this makes it easy to tell when you're on the wrong site. Beware that some fake websites will use ambiguous characters, such as a lower case L instead of an I, to trick you

HTTP VS HTTPS

You will notice that some addresses have HTTP or HTTPS in front of them, and some addresses have nothing in front of them. This is the protocol we are using to connect to a page. The difference is simple, HTTPS is just HTTP Secure, a secure version of HTTP.

Seeing that HTTPS or the green lock in the address bar means two things:

  1. This is the website that it says it is in the address bar, and your browser has verified this
  2. Your connection is secure, no one can read what you send to the site or what it sends to you

HTTPS does not mean the site you are on is safe. It just means that you are on the site the address bar says you're on, and that your connection to that site is secure. HTTPS is completely useless if you don't know how to recognize the web address you're on

Note: In a work environment, your administrator can always see what you are doing, regardless of https

If you don't see HTTPS or the little green lock, then neither of the above is true. When you're at http://google.ca, you have no way of knowing that you are actually seeing Google, or if it's an imposter. In addition to that, anyone can see what data you send to that page. Always make sure you see HTTPS or that green padlock and verify you're on the right page before you enter login or payment information

Learn Your File Extensions

In Windows, the file extension is the last three or four letters of a file name after the period. The file extension indicate to Windows what type of file it's dealing with. For example you will see filename.docx for word documents, and filename.exe for Windows executable files. Look at Fileinfo's list of common file types for a list of common file extensions.

The last letters following a period indicate the file extension. A file named program.pdf.exe is not a PDF document; it is an EXE file. This means it is an program that will run (or 'execute') when opened. Of course any file that tries to trick you with it's name like above is not to be trusted. If you do not recognize a file extension, look it up or ask someone knowledegable if it is safe.

Below are some common executable file-types and their associated extensions, make sure that these files are from a trusted source before you run them.

Executable File Extensions

File-type Extension
Windows Executable File .exe
Java Archive File .jar
DOS Batch File .bat
Visual Basic Script File .vbs

Showing File Extensions

You will notice in Windows that, by default, you can't actually see your file extensions. This is because many people consider the file extensions ugly, and don't know what they do anyweay. From a security perspective, this is horrible; if you can't see the file extension, you are relying on the icon to indicate the filetype. Windows Executables can use any icon they want, so that file that looks like a PDF, could actually be an EXE.

It is important then to change this setting so you can see the file extensions of all of your files. In Windows 10 this is as easy as opening File Explorer, clicking on View, then checking File Name Extensions.

Watch Where You Click

Most users that get into trouble do so by clicking on things without understanding what they are doing. Often we receive complaints that a program "just appeared" or "installed itself" when we know they had gone through the entire installation process, and just clicked on everything that said "yes", without considering what they were doing. It is important to take your time and understand what you are doing, and what you are agreeing to. If you don't understand click "No" or ask someone

Many people seem to think that choosing "no" will stop something important from running, or that there are some horrible consequences to saying "no" to something. If you are unsure about something, always feel free to press "no"

E-mails and Spam

E-mails are a major source of more serious infections. Beware of emails that try to send you to links, or are claiming to be from payment or shopping websites. These are often attempting to do something that will harm you, usually phishing (stealing information). For more information on phishing, please read the following Microsoft Article. If an email is in your spam folder, do not open it unless you know the sender, have communicated directly with them and know it can be trusted. More importantly are attachments. Never, ever, open an executable attachment (see above for common executable file-types), it is also recommended to do an anti-malware scan on all attachments that you do download.

Advertisements

Advertisements are designed to get clicks. Even if you are on a site you trust, don't click the advertisements. Many sites will use a service to deliver their advertisements, and often they are not good at vetting them. Even on Bing clicking on an advertisement has taken many of my users to a page that then trys to scam them, and threaten them with virus infections.

Many choose to use an adblocker such as uBlock Origin to prevent advertisements from showing up in the first place. This can greatly improve your security online

Installers

Installers are where most adware comes from. Installing a program on Windows is easy, as you get little dialogue boxes to guide you through the process. However, a lot of software comes bundled with adware and toolbars. These are programs that inhibit your ability to use your computer, attempt to sell you things, collect and sell your information, and cause problems in general. Why do some installers attempt to install adware? Someone paid someone money to put that stuff in there. Please note that it is not the creator of the program that does it, some download sites (that you should avoid) such as Cnet and SourceForge will bundle the original installer with adware.

Always select the custom installaion option if available. At every stage of the installation you have to look over the dialogue boxes carefully, and make absolute sure that you are not agreeing to install anything besides what you are actually trying to install.

User Account Control and Other Warnings

Warning dialogues are a practically a trademark of Windows, and a lot of people are in the habit of clicking 'okay' as quickly as possible to get back to what they were doing. This is a bad habit, especially when you have multiple dialogues pop up in a row. Believe it or not, these warnings are important. Paying attention to them could save you a lot of grief, even if it does slow you down. Most of these warnings ask you if you want to download a file, conveniently telling you the name, File-type, and origin of the file. Good thing you read the previous sections on URLs and file extensions, because that's exactly the information this type of warning will give you. Another common warning asks you if you want to allow a file to run as an administrator and do whatever it wants to your computer. These warnings also give the origin of the file, and it is important to read these to make sure that you recognize the file, and to be sure that you actually do want it to run. If that warning pops up out of nowhere, you have done nothing to open a file, or you don't trust the file or it's source, just choose "no"

Installing Software Safely

Finding and installing the software you want can be risky, as it's hard to know what you can and can't trust. Chocolatey is a solution, it's like an 'appstore' for Windows. Installing it from their site requires a bit of effort. However, we have a file you can run that will do the work for you. Download and install Chocolatey by running this script: Chocolatey_Installer.vbs

Just open the Chocolatey GUI to look for and install programs. You can be confident that any programs you find in Chocolatey are trustworthy

Some Software to Pick Up the Slack

As mentioned earlier, installing security software does not make your computer secure. But there are some tools that can help improve security, and make it easier to stick to your good habits

Check out the Kaisev Security Suite

The specific recommendations below are what Kaisev considers the best solutions at the time of writing. Please check the last edited date at the bottom of the page, if its more than six months old, there's a chance these recommendations are no longer applicable

Adblockers

The best solution right now is uBlock Origin, downloadable for all major browsers here: https://github.com/gorhill/uBlock#installation

Adblockers are controversial, as many websites rely on advertisements for their revenue. It is our opinion that advertisements are not just an annoyance, but a security issue. A good percentage of advertisements online are misleading, scams, or even try to deliver viruses and malware. If you do not want to block advertisements, uBlock Origin is easy to turn off for specific sites that you trust

Anti-Virus

Windows 8 and 10 have Windows Defender built in as an antivirus program. There are a lot of people who will say that Windows Defender is no good, but the more experienced in the technical community agree that Windows Defender is just as effective as any other antivirus.

On Windows 7, there's Microsoft Security Essentials. This is free, and works just fine.

You do not need any other antivirus program.

You will often hear online the recommendation of MalwareBytes, or the MalwareBytes free trial. To be clear: MalwareBytes Free is just a scanner, not an antivirus. MalwareBytes Premium (and the free premium trial) is an active antivirus. MalwareBytes Free is a good 'second opinion scan'. It's a good thing to install and run a scan with every once in a while. We do not recommend the Free Trial or Premium versions of MalwareBytes, that's what Windows Defender (or Microsoft Security Essentials) is for

Script Blockers

Script blockers are for the more advanced users. These add-ons let you block Javascript through whitelisting and blacklisting. If you don't already know what Javascript is, then these addons will likely be too difficult to be practical for you.

There are a wide variety of options. For Firefox there's NoScript, for Chrome there's ScriptSafe.