Viruses, spyware, adware, worms, trojans, rootkits, bots… they are all terms referring to what is generically known as malware, software that does bad things.  It might log your keystrokes, then send those keystrokes (like when you log into your bank) to the bad guy, it might use your computer to send spam email, it could pop up on your screen telling you that you’re infected with all kinds of viruses and you need to buy their virus removal program, and it won’t go away until you do.  No matter what it does, you DON’T want it on your computer.

Unfortunately a lot of computer users think that since they have anti-virus software on their computer they can’t get viruses, so it’s ok to be somewhat reckless on the internet.  Well, thinking that you won’t get infected because you have anti-virus software is like thinking you can’t get killed in your car because it has airbags.  You drive your car 120 mph into an oncoming truck and see just how well that airbag protects you.

So, if your anti-virus software can’t completely protect you, what can you do?  Follow these three guidelines (I call them secrets because so many people don’t seem to be aware of them) and it will be very hard for your computer to get bit by a bug.

DON’T OPEN ATTACHMENTS AND DON’T CLICK ON LINKS IN EMAIL. Email and web pages are the primary avenue of attack for the bad guys.  Clicking on links in email is a easy way to download a virus or get taken to a web site full of malware looking for ways to get into your computer.  The same goes for attachments, opening an attachment is like playing Russian Roulette with your computer.  So how do we make this a practical guideline?

KEEP YOUR COPY OF WINDOWS AND OTHER SOFTWARE UP TO DATE. The bad guys are always looking for a new way to get inside your computer.  The most important (and likely) targets are your operating system (Windows), your web browser (Internet Explorer, Mozilla Firefox, Apple Safari, Google Chrome), Adobe Acrobat Reader (for viewing PDF files), Adobe Flash (used to view video on sites like YouTube and most animation) and Java (by Oracle.)  In fact Java is quickly becoming the bad guys’ favorite way to get into your pc.  Java is used to allow programmers to write a program that can run on different operating systems without having to customize it.  There aren’t a lot of programs out there that require Java, and probably the best thing you can do it just REMOVE Java from your computer.  Just go to your Control Panel and click on Add/Remove Programs (Windows XP) or Programs and Features (Vista and Windows 7) and select Java for removal.  If you later find out that you need it, you can go to Java.com and download the latest version.  If you have Java and you know you need it, be sure you have the latest version (as of this writing, version 6 update 22.)

For Adobe Acrobat Reader and Flash you can go to Adobe.com/downloads and make sure you have the latest versions.

Firefox and Safari are good about notifying you when you need to download and install an update, Google Chrome pretty much just does it for you in the background.  Internet Explorer will get updated the 2nd Tuesday of every month when the Windows Updates are pushed to your computer.

Microsoft updates Windows the 2nd Tuesday of every month, so it’s important that you have automatic updates turned on and you install them when you see the icon in your taskbar tray.

It’s very important that you update your computer as soon as you get a notification, be it for Acrobat Reader, Java or Windows.  The moment these updates are published, the bad guys are analyzing them to see how they can take advantage of people who DON’T update their computers.  Also, sometimes the bad guys find the flaws first, and already are exploiting computers before the fixed are published, so don’t put this off.

USE MOZILLA FIREFOX WITH THE “NO-SCRIPT” ADD-ON. Each web browser has things to like about it: Internet Explorer for its integration with Windows, Google Chrome for its speed, Apple Safari for its speed and more “Mac-like” appearance (and I do like the “Top-Sites” feature.)  But I always recommend Firefox with no-script because it’s the absolute best way to avoid having a malicious web site get into your computer.

So what is “no-script”?  For that matter, what is a script?  Think of the word “prescription”.  A prescription is a set of instructions from your doctor to the pharmacist, you may be delivering it but you’re just the messenger – the pharmacist reads and follows the instructions.  In the world of the Internet, scripts are instructions from the web server (the computer at the other end delivering the web pages to you) to your computer.  Scripts themselves are not inherently evil.  Scripts are necessary just for you to read this page, in fact most sites you visit employ some scripts to automate how the page looks or what information you see.  Unfortunately web browsers are a little too quick to accommodate the instructions from web servers, and a site that has been set up by a bad guy (or compromised by one) can deliver all kinds of nasty stuff on your computer, just by going to a web page.

No script is what’s called an “add-on”.  Think of it like a mini-program that plugs into Firefox, like an accessory.  There are TONS of different add-ons you can use with Firefox, I use 3 or 4 but No-script is an absolute must.  No-script prevents ANY and ALL scripts from running on a web page without your approval.  What’s nice about no-script is that once you’ve approved a site, you don’t have to do it again.  For example, you trust Google and maybe use Gmail, so once you’ve approved Gmail, you won’t have to do it again.  So the first week or so you’ll be approving lots of web sites because it will be the first time No-script has seen them, but it will eventually calm down, and just intervene when you go to a new site for the first time.  The VALUE of no-script comes into play when you accidentally mis-type a web site, say Goggle.com instead of Google.com, or Foznews.com instead of Foxnews.com.  The bad guys purchase these names because they know every know and then people make mistakes, and they just wait for you to come to them.  They also design their web pages to show up high when you search on popular topics.  For example, back in February if you searched for Jessica Biel screensavers or maybe Jennifer Aniston screensavers, about HALF of the search results took you to sites with malicious software just waiting for you.

If you should happen to click on a search result that takes you to a web site that you’re sure is not what it’s supposed to be AND you’re running No-script, then the very worst thing that will happen is you’ll see some text and perhaps graphics/pictures – but that’s all.  NOTHING will be able to install itself onto your computer, all you have to do is click on the back button go back where you started and you can rest easy knowing your computer is safe.  For a DETAILED step-by-step walkthrough of installing Firefox and setting up NoScript, see my post in Apps/Tools or click here.

There you have it.  It seems like a lot at first, but it will save you aggravation and money in the long run if you’ll just convince yourself that it’s worth it (ask my clients who unfortunately had to pay over $200 to get their computer running again after picking up some nasty viruses.)  Follow the above steps, you’ll be glad you did.