2

Most "how tos" regarding malware list this:

  1. Install Antivirus software.
  2. Install latest antivirus software.
  3. Run antivirus software regularly.
  4. Install latest operating system.
  5. Install any patches to software.
  6. Don't download random stuff and run it as an application (like .exe files).

I would like to know in a little more detail what all those first steps mean, and what else could be included in this list. For example, LittleSnitch blocks all outgoing and incoming traffic and lets you inspect it first. That would be a good thing to do. Then there is potentially being alerted whenever a script tries to be invoked that you didn't write yourself, or isn't installed from a trusted vendor. I'd like to know what other kinds of things you should do beyond this list to have an ideal security environment in regards to avoiding malware.

forest
  • 65,613
  • 20
  • 208
  • 262
user10869858
  • 123
  • 3

1 Answers1

3

All of the steps you listed can be boiled down into two simple rules:

  1. Keep all software, including AV, up to date.

  2. Do not download and run anything you don't fully trust.

Now, in more detail:

Install Antivirus software.

You should install antivirus software to detect and block the low hanging fruit. I would recommend using Windows Defender, which is built in to any modern Windows system. This antivirus used to be a lot worse and has gotten a bad reputation, but nowadays it is fairly solid and is fine even on its own. Do be aware that antivirus is easy for malware authors to bypass. It is only particularly effective against malware that is not new and which has already been around for some time.

Install latest antivirus software.

Using an outdated version of antivirus or antivirus database reduces its ability to detect new malware. When malware is discovered in the wild, antivirus vendors add its signature to a database. This database must be kept up to date along with the rest of the antivirus. AV software often does this by itself.

Run antivirus software regularly.

While AV can sometimes detect malware when it executes, it's often better to proactively scan your drive for potentially malicious executables. Most AV software can be configured to run periodic scheduled scans. If your AV vendor does not do this, you can configure it to do so.

Install latest operating system.

Generally, the latest operating system is the most secure. At the time of this post, that would be Windows 10. Although there are legitimate privacy concerns with running Windows 10, it is unarguably the most secure version of Windows to date. Even without antivirus, it contains sophisticated security mechanisms that make it more difficult for malware to get hold of the system through vulnerabilities.

Install any patches to software.

All software has bugs. Sometimes these bugs can be exploited to infect your system. This is even true for web browsers, where a security bug could allow a web page to infect your computer, even if you do not intentionally download and run any program. When these bugs are discovered, they are "patched", or fixed. In order for this fix to be applied, you need to keep your software up to date. Configure your operating system and all other software (including your browser) to automatically update itself.

Don't download random stuff and run it as an application (like .exe files).

If software you run doesn't have easily exploitable vulnerabilities, you can still get infected by malware if you are tricked into running a malicious program. Be aware that not only .exe files can have viruses. There are many dozens of formats which can be executed. As such, you should only ever download files from sources you absolutely trust, otherwise you are opening yourself up for infection.

I'd like to know what other kinds of things you should do beyond this list to have an ideal security environment in regards to avoiding malware.

There are a few other things you can do to keep your system secure, beyond simply keeping your operating system and associated software up to date and not running software you don't trust:

  • Do not use an administrative account as your main account.

  • Set UAC (User Account Control) to maximum security.

  • Do not install more programs than you need, especially if you don't trust them.

  • Never run programs as administrator unless you are absolutely sure you can trust them.

I wrote a bit about additional security measures you can take in another answer, where I give specific methods that can be done in the case that you do not use antivirus. That does not mean you cannot use the techniques alongside AV software, of course, just that AV does not obsolete them.

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
forest
  • 65,613
  • 20
  • 208
  • 262