Sunday, February 8, 2009

Prevent Virus Infections #3

Rule #3: Run suspicious programs in a sandbox.

If you have the slightest doubt about a program or e-mail attachment you downloaded, install the program or open the file in a sandbox or other virtualized environment before you load it on your PC.

My favorite sandbox application is the excellent free program called Sandboxie. This and other virtual environments allow you to install and run programs in an area of your PC that's been specially fenced off; it actually isolates the program you are running from the rest of your computer. If the program you install happens to be infected, the infection is confined to the sandbox and cannot affect your PC. Any infection can be removed by simply deleting the sandbox or its contents.

A neat feature of using a sandbox is this: Your security software can see what's happening in the sandbox and can warn you of any problem. In fact, it's much easier for your virus scanner to detect an infected program that is actually running rather than to detect an infection only by scanning the file.

If you install a downloaded program in a sandbox and get no warnings from your security software, it's unlikely that the file is infected. You can then delete the sandbox and install the program with confidence on your real PC.

Sandboxes are also great for safely opening e-mail attachments. The next time someone sends you a funny Powerpoint presentation, save the attachment and then open it inside a sandbox. OK, it may take you 20 seconds longer, but that's a lot less time than the hours you'd spend removing a malicious infection from your PC.

Rule #4: Read the software licensing agreement

Of my four rules for safe downloading, this one is most likely to be ignored. That's a pity, because analyzing the end-user licensing agreement (EULA) is a surprisingly good way of determining whether the program you're installing contains any unwanted components.

Now, no hacker or Internet criminal is going to tell you in a licensing agreement that they have malicious programs in their software. However, most adware purveyors and spyware vendors will disclose the contents of their "services."

That's because advertising software is quite legal. Indeed, some AV and antispyware programs won't pick up particular advertising programs because they are legitimate.

Spend a couple of minutes reading the EULA rather than just automatically clicking the "I have read this and agree" button.

If you find reading EULAs too tedious, download and install Javacool Software's EULAlyzer program. Let this program “read” the EULA in question; it will flag any worrying or potentially alarming pieces of text. EULAlyzer is free for personal and educational use.

In addition to reading the EULA, you should also be vigilant about what you agree to as part of the installation. Quite often, software vendors will slip into the install wizard a default selection permitting the installation of a third-party product, a subscription to their promotional newsletter, or a browser toolbar; I consider the latter to be a terrible practice. In my opinion just by choosing this way of “stowaway” distribution this piece of stowaway software is disqualified.

A common example of this practice is the otherwise excellent freeware disk-cleaning program CCleaner (more info). Embedded in the installer is a default option to add the Yahoo search toolbar to your system. If you don't want the toolbar, you need to uncheck the option. To be fair I need to mention that Ccleaner is developed by an individual. For every installation of the Yahoo toolbar he likely gets a few cents and I rather watch out and de-select this sort of thing than see Ccleaner disappear because the author can't finance the development anymore.

Now, the Yahoo search toolbar is a legitimate product and supposedly quite a good one. But do you really want it? I don't, and I suspect most other users don't want it, either. The next time you install a program, read before you click.

So, that's it.

Of all the security threats your computer faces, downloading and installing programs is statistically your highest risk. I have outlined four simple rules for downloading that anyone can follow. Just stick to these rules and you are on the way to a future free of malicious software.

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.

No comments: