Skip navigation

Don't Be a Malware Zombie

Halloween is fast approaching, but that doesn't mean you should let your PC masquerade as a zombie for the holidays. You might not even realize the kinds of nasty software programs that inhabit your computer, installing themselves surreptitiously as you browse the Web, looking for the latest sports scores or auction finds.

According to a recent survey by America Online (AOL) and the National Cyber Security Alliance, almost 80 percent of computer users who think their computers are well protected against cyber-attacks are much more vulnerable than they imagine. The culprits include classic malware such as viruses and worms as well as newer forms of attacks such as spyware. Some of these programs are so malicious that they can turn your PC into a silent zombie that attackers can use to remotely compromise other PCs, erasing traces of where the attack actually originated. Chances are, your PC has software on it that you never knew existed.

So what can you do? Well, once you realize you have a problem, the next step is to address the problem.

Nuke It From Space
I've seen some bizarre online advice for dealing with malware. In one recent and memorable column, Macintosh-loving Wall Street Journal columnist Walt Mossberg suggested that readers simply "buy a Mac" if they want to rid themselves of PC-based malware. The theory is simple: Because so few people use the Mac, the Mac is a less obvious target for attackers than Windows. But "security through obscurity" is a losing proposition. Although I also believe that the Mac is a viable PC alternative for many people, others will find the transition difficult. And it's almost impossible to run your existing library of PC software on the Mac or copy over your valuable data.

Another bit of advice that even I have suggested is that you should stop using Microsoft Internet Explorer (IE). IE is a buggy piece of software that's too firmly integrated into the OS to be safe. However, again, dropping IE simply isn't an option for many people. Some Web sites, such as many online banking sites, still work only in IE. My advice for casual users? Try an alternative such as Mozilla Firefox, but keep your copy of IE close at hand and make sure you've updated to the latest patches through Windows Update.

If you're technically inclined, you might consider reinstalling Windows from scratch after backing up your data and formatting the hard disk. Doing so will let you start from a clean slate. Then, you can "do it right" by installing all the latest security updates up front, then performing the steps outlined below to ensure that your system is never compromised again. As with the previous bits of advice, however, reinstalling Windows simply isn't an option for many people. So, the best thing you can do is to get busy cleaning the malware crud from your system.

Solve Your Spyware Problem
First, you need to rid your system of any spyware you might have installed. Spyware is software that installs on your system without your knowledge or consent. After it's on your computer, it monitors your behavior and can be used to introduce other types of malware, such as the remote-control applications that can make it a zombie with which to attack other users.

What you need is a spyware-removal and monitoring application. These applications scan your hard disk, looking for malware, then offer you the chance to the remove the offending programs. After your system is clean, the application continues running and monitors your system to ensure that no more spyware is installed.

Sadly, there's no one application that does a complete job of removing and monitoring spyware. Available tools tend to find some but not all spyware. But I've found two applications—LavaSoft Ad-Aware and GIANT AntiSpyware—that do a great job. Ad-Aware comes in a free version, but you can pay as much as $40 for one of the paid versions, which offer automation functionality and other handy features. Giant AntiSpyware costs $30, but you can try it free for 15 days. It has a pleasant Windows XP-friendly UI that I like, and it appears to work well.

Rid Your System of Viruses
Although 85 percent of the respondents in the aforementioned survey said they had an antivirus solution installed, most hadn't kept the software updated with new virus definitions—which is how you make such an application effective against ongoing attacks. If you don't have an antivirus solution, check out the excellent offerings from Symantec, McAfee, and ZoneAlarm, but be sure to also keep them up-to-date. Most antivirus packages can automatically download new definitions, and you should do so as often as possible.

Get a Capable Firewall
Although XP Service Pack 2 (SP2) includes a new firewall called Windows Firewall, other versions of Windows don't, and Windows Firewall is, itself, only half a solution. Firewalls monitor network traffic that comes into your PC and originates from your PC, but Windows Firewall monitors only incoming traffic. Therefore, if you already have malicious malware on your system, Windows Firewall can't stop your PC from being a zombie.

The solution is simple: Get a better firewall, regardless of which Windows OS you use. My recommendation is ZoneAlarm, which offers a free firewall. Alternatively, for $70, you could go for an Internet security suite that includes the firewall as well as antivirus and other features. And here's a hint: Download the trial version first, and you'll get $20 off your later purchase of ZoneAlarm Security Suite.

Surf Smart
After you scrub your system clean of spyware, viruses, worms, and other malware, your goal is to keep your system up-to-date as you move forward. Make sure your firewall, antivirus solution, and antispyware applications are running constantly and downloading updates as necessary. Set up these applications to perform regular scans of your hard disk, just in case. Enable Automatic Updates in Windows so that your system is always up-to-date with the latest critical Microsoft patches, and visit Windows Update occasionally to check out other noncritical updates.

It's up to you to proactively protect your PC from attack. If you lock your doors at night, wear a seatbelt in your car, or regularly check the batteries in your smoke alarms, you appreciate the need to protect yourself. Your PC is no different, and with just a little bit of work—and a small expenditure—you should be able to secure your PC from most future attacks.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.