A friend of mine asked me this question the other day. His daughter's laptop had become infected with a ransomware trojan. For those who don't know, that's a virus that puts up a scary warning message saying you have been caught accessing porn and the FBI are going to prosecute you and send you to jail, but you can avoid all that fuss by paying a fine now, in untraceable currency. And the message wont go away, and you can't use the PC until you remove this virus. Paying the money is pointless, you only encourage the criminals who did this to you to try again. Regrettably, this form of virus is very common in many varieties. Sometimes they claim to be the Australian Federal Police, sometimes it's some bull crap made up Internet International Police Unit... You get the idea. Sometimes they encrypt your hard drive and demand money for the password, often they don't even have the password. They just try anything to get money out of you.
Now my friend's daughter didn't do anything wrong to get this virus. Zero blame. These viruses are everywhere. You can even pick one up by visiting highly respected web sites like the New York Times. Once the virus was removed, the next logical question was "How do we prevent this happening again?". And that, Dear Reader is what this post is about. I'm not even going to mention that other brand, this post is all about Windows.
1. Use a modern version of Windows. WTF? Windows 7 is clearly a better version of Windows than anything that has come before it. If you are still on Vista or Windows XP, you are asking for trouble. Anything older (eg Windows 2000, Windows ME, Windows 98 - just turn the computer off now and walk away slowly, do not look back. There is a big scary monster in your room and you need to leave immediately!!!) The official date when Microsoft will no longer even mention XP is less than a year away. XP is a 10 year old piece of software. Much as I love it dearly, it's time to put it to bed. XP does not belong on the modern Internet, it's ill equipped to deal with modern viruses. Stop using it. Windows 8 has not been the success Microsoft hoped for (see, that wasn't negative was it?) and is still too new for mainstream use, although I hear it's very good on tablets. Avoid for now.
2. Keep Windows updated. The simple fact is new bugs are discovered in Windows all the time. Microsoft has a very good mechanism for fixing these bugs and you need to stay up to date. There is nothing more embarrassing than being caught by a bug that Microsoft fixed years ago. You want to be caught by a new, fresh bug, not some old stale bug!
3. Update or remove add-on software. Every piece of software on your computer has the potential to allow a virus in. Even software you never use has this potential. Just being installed is enough to compromise your PC. The IT industry harps on about JAVA as a classic example. Hardly anyone in the whole world needs JAVA on their PC, yet millions are compromised by JAVA bugs every day! If you don't absolutely need it, remove it. For add-ons that you do use - like Adobe Reader or Flash - keep them up to date. The latest Adobe Reader has auto-update so if you have version 11 (that's the one after Adobe Reader X) you are probably up to date. If you have an older version - you are a sitting duck. Second to JAVA, Adobe Reader is the next biggest target out there and Flash is number 3.
4. Anti-virus software. OMG, what a world of hurt. I suggest the free Microsoft one. It's as good as anything. Ok so the die hard anti-virus experts will argue that product X is better or product Y is better. The fact is the "best" varies on a daily basis. And on what test you use. If you catch a day where product Y has been fully updated and product X is just about to release their next version, then yes Y is better than X. But a day later the tables are turned. Bottom line - NONE of them are very effective in the real world where you live. But you absolutely have to have one of them and Microsoft is consistently very good. They have a vested interest in keeping Windows reputation out of the gutter so Microsoft does make a very competent product and it's free. Paid ones with more bells and whistles do not do (IMHO) any better at actually keeping you safe.
5. Moderate your behaviour. Regrettably the least secure part of your whole computer is the "problem between keyboard and chair" which would be you. Yes, computers do get infected by worms that require no action on your part. But most likely the infection comes from a pop-up you clicked on or a bad web site you visited. If you do porn or pirated content - you are asking for trouble. "Private Browsing" mode does not stop viruses. "Free" offers are paid for by someone. Often that someone is an organised crime syndicate using viruses. (fake Russian accent on) "All your porn is free, just let me put virus on PC for you"
6. Filtered Internet. Never thought I would say this. I am so totally opposed to the former policy of the former Prime Minister and his Great Firewall of Australia. Censorship sucks big time. But in this day and age, the viruses are everywhere. The bad guys are highly motivated, well funded and have the best technology. Avoiding at least the sites we know are bad is the first step. Open DNS can help you with their free service. Basically instead of using your ISP to provide DNS (the essential name lookup service that powers the Internet) you use Open DNS. They filter out known bad sites so your computer can no longer go to those bad web sites. The premium service allows some parental control. Visit [Open DNS](www.opendns.org, "Open DNS web site") for details.
7. Backup your data or use cloud based storage. Keep your data (photos, music, documents and anything else you value) in more than one place. Using cloud services like Dropbox, Carbonite, CrashPlan and the likes is a great start. Make sure that nothing on your laptop that you value exists **only** on your laptop. Then you can regard the (contents of) the laptop as disposable. At the first sign of a virus, wipe the laptop and start again. If your data is backed up you will lose nothing, except the virus. Most laptops come with a "recovery disk" which will erase the hard disk and put everything back the way it was the day you bought the laptop. If you don't have a recovery disk, you can sometimes make one or you can buy one at low cost. If none of those options are available, make your own using Norton Ghost.
8. Scan your PC from outside not inside. While Windows is running, a virus can be present and Windows has no way to see it. Imagine the guy at the pub who has had 30 beers. Can he decide if he is ok to drive or not? No he can't! Can his mate next to him who is sober decide for him? Yes he can. How does this work for your PC? You get an anti-virus product that comes with a boot disk. You boot off that disk so your Windows is not running. Then you use that disk to scan your PC. Several good products like this exist. Microsoft Safety Scanner is a free one. You download it, make a boot disk and then restart your PC, booting off the boot disk, not your hard drive. BART, BitDefender, Dr Web, heck even Norton or Kaspersky do similar products, although they cost money.
9. Ask the Internet. Before you download the latest free movie viewer, bit torrent client, free phone over the Internet chat roulette must have program, stop and think. Check out the reputation of this program. Only once you are sure it's safe should you download it.
10. Online web scanners suck. Save your time and money. Free online virus scanners rarely find anything. See number 8.
11. Don't ask an IT expert. We are all psycho. The IT industry is the only one that can sell you a broken product and charge you to fix it. If a Russian with a great leather coat asked you to pay glass insurance on your shop window, in cash, every Friday - well you get the hint. But Mr Kaspersky or Mr Norton asks you to cough up $99 per year to keep your PC safe and we believe him? Don't get me wrong, those products do have value. But it's an arms race and the bad guys are way out in front. Accept you will get infected and plan for it.
There we have it. A prime number of positive things you can do to protect a Windows PC. This post passes the modern blogger's template for success! Yipee!