Malicious Software: Protection Advice for Windows PCs
To protect your computer, you need to exercise some basic principles of safe computing. Although these principles apply to all types of computers, these instructions are targeted for PCs that use the Microsoft Windows operating system.
Identify the Source of Unknown Software and Files
The first and most important step in protecting your computer and data from malicious software is to properly identify the source of any file that you open on your computer. Many types of malicious software use psychological tricks designed to fool you into opening the software and installing it on your computer.
Malicious software may generate fake e-mail with a special attachment that installs the malicious code on your computer. Web sites that offer downloads such as media players, web browser add-ons or search tools may "piggyback" malicious advertising or spy software with their downloads. Sometimes malicious software will compromise an entire web site, causing browsers that visit the site to automatically start downloading malicious code. Some malicious programs will create fake documents that look like regular word processing documents or images, but they will install a virus when opened.
Before you open a file from your e-mail, your web browser, or a floppy disk, you need to verify the origin of the file. Are you sure that your friend or co-worker actually sent this e-mail? You can call or e-mail them back to confirm. Are you sure that a web site is offering legitimate software? A movie site that requires a special movie player may also include unwanted software. If you want to download a free viewer or player, go directly to the web site of the company that makes it and read carefully to make sure it doesn't include anything you do not want. Internet chat clients and peer-to-peer file sharing programs are well-known sources of malicious software.
For examples of fake e-mail, see the companion document Recognizing Viruses and Fake E-mail.
Keep Your PC Fully Patched and Updated
Some of the most dangerous and prolific malicious software takes advantage of programming errors or "bugs" in the Windows operating system, the Internet Explorer web browser or other common applications. Attempts to infect a computer with malicious software this way are called "security exploits."
Security exploits are extremely dangerous because they allow malicious software to take control of the operating system itself and access everything on the computer. Through a security exploit, malicious software can terminate, damage or remove antivirus software and use the computer's Internet connection to hunt down other easily exploitable computers.
The key to stopping security exploits is to apply updates from Microsoft to your Windows operating system. These updates are called "patches," because they replace broken components in the operating system with new components. Almost all versions of Windows have a special web link in the Start menu, in Programs or All Programs, called Windows Update. Use Windows Update to apply important patches and protect your computer from viruses. Recent versions of Windows also include an Automatic Updates utility. On some versions of Windows, you'll find an Automatic Updates control panel in Start, Control Panel. On older versions, it is a tab in the System control panel. Use Automatic Updates to schedule critical updates so you don't need to visit Windows Update regularly.
Choose a Strong Windows Password
All accounts on your computer should have a strong password associated with them, to prevent worms from exploiting bad passwords.
If your computer is on campus in the ADRICE domain, then you don't need to worry, as we have strong password requirements.
If you maintain your own Windows computers in your office, home or college, make sure to give each account a strong password with 8 or more characters and a mix of uppercase and lowercase letters, numbers or symbols. In Windows XP, go to Start, Control Panel, User Accounts to set a password for each account. In Windows 2000, go to Start, Settings, Control Panel, Users and Passwords.
For More Help
If you have questions about malicious software protection on your Windows PC, or if you believe that your PC is currently infected, please call the Information Technology Help Desk (xHELP or 713-348-4357). We will be happy to discuss the matter with you and refer you to an expert who can assist.
For more information about malicious software, see the other documents in this series:
