I have already switched one of my machines to Linux because I am sick of getting infected. I would switch my main PC as well; however, I need to run the Adobe Suite and I do not think it will run well in a Virtual Machine.
I know I should already know methods - which I do - but, I am generally too lazy. I keep getting burned and need to make some adjustments.
1) Will running as a non-administrator in Windows XP really help stop a Virus? I had some strand of Vundo and it infected almost every system file on my machine.
2) I tried firewalls like Comodo, but hated it because it prompted me to do every little thing.
3) Anti-virus - I was using Avast and it didn't do crap. I showed that the files were infected, but could not repair them.
1. What some viruses do is try to run as the logged on user and try to bind themselves to system files and cause havoc. Being that non-admins can't modify system files, running as a non-admin will help prevent the malware from doing damage to system files (since non-admins won't have access to the files). The same applies to other functions that non-admins can't do.
2. I know S0lo loves AVG (or maybe Avast...forgot which one)...maybe he'll spot this post and tell you how great it is better. I use AVG but rarely pay much attention to it...I simply play safe on the Net and rarely have problems.
3. I'd suggest trying a commercial AV solution but I'd like to see solid tests that show that commercial AV solutions are better than free solutions before I suggest that.
4. It depends on the virus. I've noticed several that users have gotten at work also infect files in the system restore directory. We use Norton and it usually is good with cleaning them out.
Thanks for the reply KiLLaBeE. That's pretty much what I was thinking. I need to way the pros and cons and the annoying factor of not being an admin. I was also thinking I could run any shady software in a VM first to see if it causes any havoc.
Here is what I do, much of it might sound trivial though.
1- Immediately after formating and installing Windows OS I turn on the windows firewall before connecting the PC to the network. This is the most important part that many fellow IT forget to do. Since many viruses now a days use some ports (That are open by default after a fresh Win install), and since the updates have not been installed yet to patch the holes. The firewall will close those ports wither or not your system is patched.
I find the built-in windows firewall very convenient. It doesn't nag on every net access, only server (inbound) access prompts you to confirm it.
2- Install a decent AV and keep the auto-updates ON. Yup as KiLLaBeE said I find the freeware AVG very good. But not excellent, I have seen it slip a new virus. But if you keep the auto-updates on, sooner or later it spots the virus. I believe Smurf uses Sophos. I used to like NAV (Norton/Symantec) but not any more, too heavy. My work place is using TrendMicro and I can tell you so far so good.
3- Install the newest service pack then all critical windows updates. Make sure you put auto-update ON. I prefer to schedule it to automatically install them at 3:00AM
4. I'd keep Spybot there.
Once you reach this point, you are locked in the secure area. The 3 biggest threats that might infect you now are:
1. Opening attachments that your not sure of.
2. Using other people's USB flash drives. I can't avoid that so I'll always manually update my AV before inserting the flash, just to make sure.
3. Mis-configuring the firewall. Keep an eye every now and then on the open ports and programs allowed. I find it quite surprising how this list expands. Every time you click the (Unblock) button a program/port is added to the allowed list.
Add to this, every time I install a new software (that I'm not sure of), I manually check the list of auto-start programs in those registry keys: