Which antivirus to use and how to prevent infections

Post tutorials and script examples in this forum.
Forum rules
We have no special rules for UVK forums. Just try to be polite and clear in your posts.
Please don't post spam in this forum. Spammers will be banned by IP, e-mail and username.
We reserve the right to delete all posts and ban all users we consider not having respected these rules without warning.
Post Reply
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Which antivirus to use and how to prevent infections

Post by Fred »

Which is the best AntiVirus software?

I've been often asked which is the best anti-virus software, so I decided to make a topic explaining, in my humble opinion, which AV users should use, and how to prevent get infected, even having a good protection.

Well, the question doesn't really have a straight answer, it depends on several factors, such as the computer's performance, and its intended use. Usually the AV's that offer the best protection are also heavier on resource usage, and when used in very low performing machines may render them unusable.

Also if a user only uses the computer to perform simple tasks such as create documents, play media, visit well known sites, and never downloads or runs potentially dangerous programs, then maybe a free antivirus program such as Avast! Free edition, MS Security essentials, AVG Antivirus or Avira Antivir will be perfect.

On the other hand, if a user needs a very high protection because he may visit untrusted websites, receive infected email attachments, download or run possibly infected files, then he should use a well known full internet protection suite such as Kaspersky PURE 3.0 Total Security, ESET Smart Security, avast! Internet Security or AVG Internet security.

Ok, now you may say: That still doesn't answer the question. With all those options, which one should I choose?

Well, if you're gonna opt for the free ones, why don't you pick one up, try it for a while, if it doesn't satisfy you, then uninstall it and try a different one? At this moment I would recommend starting with MS Security essentials.

If you're opting for the paying ones, they all offer a free 30 day trial, why don't you test one of them for that period, and if you're not satisfied, move to a different one. I would recommend starting with Kaspersky PURE 3.0 Total Security if you have a powerful machine, or ESET Smart Security if you have a less performing machine.

Very important! Never, ever, use more than one antivirus program simultaneously! They may conflict with each other, and they will eat all the resources of your PC. If you're moving from an AV program to a different one, follow the steps bellow:
  • Download the new AV's installer from the publisher's web page (if you don't already have it in your hard drive or portable media device).
    Disconnect your computer from the internet.
    Uninstall the AV program currently installed, and reboot the computer if it needed.
    Install the new AV from the previously downloaded installer, and reconnect to the internet.
However, you may use one or more on-demand scanners like Mawarebytes, Super AntiSpyware, etc, and perform regular scans to ensure your machine is malware free, and still have your AV program up and running.

And, of course, I recommend using the UVK immunization to ensure your PC is protected against new malware that may not be detected by your antivirus program yet. More info in the next message.

Now it may come the question: Why do users that have the programs mentioned above installed still get infected often?

Another interesting question. In many cases that happens when the AV displayed a warning saying a file or web page is dangerous, and the user ignored the warning and still opened the file or web page.

In other cases, it happens because the malware is very recent and the AV didn't detected it yet. Antivirus programs use virus signatures databases to detect infected items. If a file is very recent, its signature may not be present in the database, and the AV may allow its execution, leading to the infection.

All this said, we may conclude that the best AV is yourself, or more exactly your good sense. If you follow a scrict security strategy, you will hardly get infected, even if you're not using a very good AV program.

Of course, most users don't know which strategy this is, so I will try to explain in detail, based in my experience, in the next messages.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

How to prevent getting infected

Post by Fred »

Browse safely.

Many infections come when browsing the internet. Long gone are the days when the internet was a safe place. Because now we can do most everything online, including payments and bank transfers, many hackers try to take advantage of that to get your login info and still your money. Here are some advice to help you prevent getting hacked/infected online.

Use a safe browser like Chrome, Firefox, Internet explorer or Opera.

Respect the browser's security warnings. If your browser tells you a page is dangerous, don't ignore it. That page has been reported several times to the browser's development team as malware/phishing, and they have personally confirmed it. Ignoring the warning and opening the page may give you bad results.

Ensure your browser is configured to NOT execute the Java plugin without asking your permission. You can check that in the browser's security options, which are different for each browser. Check the browser's help file for more info.

If the browser tells you a page needs the java plugin to run, don't allow it, unless you are sure the webpage is safe. Usually, to view the contents of a page, you don't need to run Java, it's only needed for interactive content like online java games.

If a webpage starts a download automatically, and you weren't expecting it, close the download immediately. For instance, some pages are supposed to start a download automatically, like when you click a download link that takes you to another page which starts the download. Some websites use this method to count the downloads, and take advantage to display some advertising adds. That's a normal procedure. I'm talking of going to a webpage that was supposed to only display some content, and it starts a download in an unexpected way. You're probably downloading an infected file.

When downloading a program from the internet, always try to download it from the publisher's website. Any trustful software publisher has at least a simple website where he explains what his program does, and supplies a download link. In the extreme case where you need to download from an external site, ensure you download from a trustful software download website such as Softpedia or MajorGeeks.

Don't download files you suspect they are bundled with adware (browser toolbars, plugins, etc.) or that change your browser's homepage without your permission. Valid examples are when you download programs from Download.com, or from Softonic, using their so called "secure downloads". In fact, they try to make you believe the download will be more secure, just to make you install their crapware toolbars. Avoid those websites, or use only their normal downloads.

When making an online payment, or any other action that requires you to give your credit card info, always ensure the website is certified, and the connection is secure: Take a look at the browser's address bar. Secure connections with certified websites show a url starting with "https://", and if the certificate is not valid, the browser will scratch the "https" part of the url. If the "https" part of the url is scratched, don't enter any info and close the page immediately.

Don't download cracks, keygens, patches, or other types of software hacking. Even though some are not viruses, many are, and you will probably end up infected. If a program is not free, it's because its author needs to sell it to survive. Either buy it, or try to find a free similar software.

The next message will be about secure email usage.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

How to prevent getting infected

Post by Fred »

Email safely.

Many viruses are spread out by email. Hackers are constantly trying to find more email addresses to target, so don't post yours in forums or other websites.

Emails themselves are harmless. The danger resides in their contents, specially links and attachments.

Don't trust an email just because you know the sender. Many email addresses get hacked, and their users are unintentionally sending infected mails to their contacts. I've seen this happen often.

Email links are a potential danger. Don't trust a link just because its text is a blue, underlined url of a trusted website. It doesn't mean the link's target is the url displayed in the link's text. Here's an example of a fake link: https://www.google.com. As you see, the text indicates google.com, but in fact, the link is pointing to carifred.com. This method is often used by hackers to encourage the users to click their fake links.

Before clicking a link, hover the mouse pointer over it. Most email clients will then show the link's target at the bottom of the window, allowing you to verify if the target's url is the same as the one displayed in the link's text. If it's not, then clicking the link will certainly get you hacked or infected. What else would you expect from a forged link?

Email attachments are another potential risk. Ensure your email client shows the attachment's file extension. If it doesn't, check if it has an option that enables it. If not, just use a different client.

Hackers often take advantage of the fact that some email clients do not display the file extensions to trick the user into trust the attachment by naming it somevideo.wmv.exe or somedoc.pdf.exe. The email client would then strip the file extension, making it somevideo.wmv or somedoc.pdf. The user innocently clicks to open the supposed video or pdf document, and boom! It runs an executable file that will infect the computer.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

How to prevent getting infected

Post by Fred »

Use your file system safely.

In the previous messages, I've explained how to prevent getting infected when browsing the internet or receiving emails.

Now I will tell you how you can ensure not to get infected when opening or executing files.

Let's say you have downloaded a program from the internet, or your friend borrowed you a USB stick with a few programs for you to install. How can you tell if the files are safe to execute?

First of all you should make your file extensions visible. By default, Windows hides the file extensions for known file types.

This means that, for a file named image.jpg, Windows will only show image as the file name. While this can be very useful to edit the file name and is certainly more proper, it can also be a security issue. See the previous message for more details.

To enable viewing all file extensions, open UVK, go to the IT/Geek tools section, drop down Toggle enable/disable, and click View known file extensions. A message box will tell you the current state. If it says it is disabled, click Yes to enable it.

Now you'll see that executable file names are fully displayed, including their extension. You will never be fooled with an executable named image.jpg.exe, and open it convinced it is a picture. Got the picture? :)

When you open executable files that have been downloaded from the internet, the windows shell displays a dialog box asking you if you want to open the file, and tells you the publisher's name, and whether it was verified.

If this dialog box says Verified publisher, then you can trust the file. If not, you should perform a few security checks on the file before opening it.

If you have a UVK license, it's very easy to get a VirusTotal report of the file. Just right click the file, and click File information, in the context menu.

Then, in the File information dialog box, click VirusTotal report. The advantage of using this feature instead of manually uploading the file to virus total is that it will save you lots of time, if a report of the same file already exists on VirusTotal. It will only take one or two seconds to give you a VT report, while manually it would take a few minutes.

If you don't have a UVK license, you can find the same feature in the Tools section. Also, if a report of the selected file doesn't exist on VT yet, the file will be automatically uploaded to VT, and the results of the scan will be displayed in your browser.

This will allow to ensure the file is safe, by analyzing it with more than 40 anti virus programs.

Performing these steps before running a suspicious file will certainly prevent your computer from being infected.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Post Reply