SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows 7

Is this a good anti-malware strategy?

(11 posts)
  • Started 3 years ago by dejola
  • Latest reply from ispalten
  • Topic Viewed 1953 times

dejola
Posts: 1

I read somewhere that it's a good idea to use a second Windows user account with only limited rights for routine surfing and to use your Administrator user account only when you want to intentionally download and install something. The theory goes that the limited user account prevents any changes from being made to your computer since only users with Administrator rights can allow or make changes.

Is this true?

Thanks

Posted 3 years ago
Top
 
vistual
Posts: 3135

seems all you said is right on point but understand that even a non-admin user can hit a bad link or try and open a bad file.

i think what your talking about protects the system itself from unwanted changes as you said but i wouldnt necessarily say its a good strategy for preventing infection from viruses & malware. i mean do you think that people that code / create these viruses build them so that only admins can be infected : P ...
you know what i mean.

Posted 3 years ago
Top
 
ispalten
Posts: 6259

If you are that paranoid, use a 'sandbox' program. That isolates the OS from I'd say everything as it doesn't allow files to be 'kept'. Any changes are lost when you close the 'sandbox'. There are a few of these types of programs.

SANDBOXIE is a good one.

Irv S.

Posted 3 years ago
Top
 
StringJunky
Posts: 2454

Hi dejola

Yes it is a good idea. This is one of the reasons Linux is so secure...you cannot be root user (Admin) by default, you HAVE to use a password to make system changes which is equivalent in Windows to running a Standard account with User Access Control turned on. If malware doesn't have Admin rights it can't do anything to the system or at least is more difficult for it.

With UAC turned on and a Standard account made you can make administrative changes after entering your password at the prompt when it comes up so most of the time you needn't use your Admin account. To avoid the many uac prompts whilst setting up the standard account make it Admin to start until you are happy with it then set it to Standard.

If you don't turn on UAC in this scenario (which some people passionately hate) you cannot access administrative rights from the standard account with a password...you have to log out and login again to the admin account.

Irv

It's not paranoia, it's a sound strategy imo. :)

Tony

Posted 3 years ago
Top
 
ispalten
Posts: 6259

Tony, a properly protected system, and I mean firewall and A/V, will stop almost all incoming infections. Yeah, you can 'catch' some stuff, admittedly, but it should be rare.

Now if one is going to live dangerously, or have many users on the system with the same USERID, taking extra precautions is advised.

Windows PC's are the most attacked. Why? Because they are the most machines out there. Apple's aren't attacked that much either. It doesn't have as much to do with how hard it is to get something onto the system as much as the possible return one can get.

You have 2 types of infections, the annoying and the stealing of data. Annoying is anything from damaging your system to playing with you, pop-ups, shutting down, etc. Stealing, which I'd include using your computer to send out spam, is the dangerous ones that can cause you financial loss.

Irv S.

Posted 3 years ago
Top
 
TheShadow
Posts: 29

If you have a good package of layered protection, you can go where you like, do what you like, etc., in relative safety. The guy who really needs to be paranoid is the same guy who says "I don't use no AV software".

I always advice using several programs from different vendors just so you get protection with a different slant on the problems.
For instance AVG is an excellent AV, Trojan and Spyware program. Likewise 'Malwarebytes' but they don't seem to look for the same things. So just to be safe I bought both and run both. They complement each other and co-exist very well on my PC.

So if anyone tells you that any one program is going to keep you 100% safe, be careful, they may try to sell you some beachfront property in Nevada.

Oh, besides the two programs I've already mentioned, I also use Spybot Search & Destroy and Spyware Blaster, to keep my computer Spyware free.
Every program I've mentioned can be had for FREE.

Good Luck,

Posted 3 years ago
Top
 
StringJunky
Posts: 2454

Irv

A few people on my email list send me spam addressed from them, have their systems been hijacked?

Tony

Posted 3 years ago
Top
 
ispalten
Posts: 6259

Tony. probably not. What has happened is someone has gotten their e-mail address, easy to make it look like it came from someone else, just put that e-mail address in your client as the FROM: and as your name.

Where did someone get their e-mail address, one of 3 ways usually...

1) They gave some mailing list or company their e-mail address and it was SOLD... and re-sold, and re-sold...
2) They replied back to a 'click here to remove my e-mail address' and it was captured....
3) They joined a newsgroup and their e-mail address was 'scrapped' off of the newsgroup...

However I think you said people YOU send e-mail to are sending you spam... well, they could be infected, or they forwarded your e-mail onto someone who was infected or whoever got the e-mail did it...

Don't rule out a 'break-in' on a computer where you did give your e-mail address.

Matter of fact, our ISP might have had just such a thing happen recently. At least 3 people I know on that ISP had to change their PW's as their e-mail was compromised. No 'damage' (that they know of), just SPAM going out to friends. The 3 people are not related or even know each other.

This is the way it is.

I keep getting 'crap' and I 'report it' to my ISP... never gets stopped. Some isn't that easy to trace I guess. However, if I can create a simple filter based on the RECEIVED FROM: address, why can't they?

That is the stuff I call 'annoying' too.

Irv S.

Posted 3 years ago
Top
 
edmenje
Posts: 279

Following up on Irv's suggestion for sandboxing the system, another program for this is Returnil System Safe available in free and paid versions. I have used the program to essentially lock-down a number of machines in a senior center computer lab to keep any changes made to the system from persisting to the next reboot. When you initiate virtual mode Returnil makes a virtual copy of the system which you can then work on for the current session. Once the computer is shutdown the virtual version is discarded leaving the original OS and file systems untouched (note: while working in virtual mode you need to save files to an external drive. At the Center I set up a NAS for this purpose.) I also use Macrium Reflect to image the system to a second partition so that I can recover the system if anything untoward happens...certainly has saved my butt on my home machine and on one of the computers at the lab recently when this one in particular started being unable to install Windows Updates. I recovered to an image of the earlier system state and the updates were able to install properly, so another good security layer is imaging the drive in case anything does get through. On my home computer I also use Virtual Box with either Xubuntu or XP if I think what I'm about to do will be a bit risky...easier to bollix up a VM than the base system, and VM images take literally seconds to take back to an earlier image rather than the minutes that it takes Macrium to recover an image of my base system.

Posted 3 years ago
Top
 
StringJunky
Posts: 2454

Irv

Yes, these are people I correspond with that 'appear' to be spamming me as it's from their email address but I know it's not instigated by them personally. I notice there are other names,probably from their address book, that same email has been sent to.

Posted 3 years ago
Top
 
ispalten
Posts: 6259

Tony, I get calls about once a month to help a friend out on their computer. Some have just problems with a program or feature, others got infected. What surprises me most, about 1/2 of them are running outdated virus signatures. Why, the A/V that came with the computer expired and then NEVER updated/renewed the subscription. Running with outdated signatures opens you up to newer virus attacks. I suspect a large percentage of the computer population might be in this state.

Irv S.

Posted 3 years ago
Top
 



Topic Closed

This topic has been closed to new replies.