The Best Tips to Keep Your Windows PC Protected against Hackers, Cyber-criminals, Crypto-miners, Viruses, Worms, Trojans, Ransomware, Spyware, Adware, and all other types of Malware.
In the world of Windows, it’s your Windows PC vs Millions of malware. How well prepared are you for this never-ending battle?
Here is a list of the 25 easy to follow, free to use, and the most useful Tips to prevent Viruses and all other types of Malware on your Computer.
25 Tips to Prevent Malware Infections on your Computer. Never get Infected again. Keep your Windows PC Protected from all kinds of Threats by using these Computer Security Tips.
- Use an Antivirus
- Use a Firewall
- Regularly Scan Your Computer Using an On-Demand Malware Scanner
- Scan All Connected Removable Storage Devices before Using Them
- Disable AutoRun and AutoPlay
- Download Software from Safe Websites
- Take Control of Your Startup
- Don’t Open Spam
- Don’t Store Data in Desktop, Libraries, and User Folders
- Don’t Use Public Wi-Fi
- Check Wi-Fi Settings
- Keep Windows Recovery Drive Ready
- Keep a Bootable System Repair Disc Ready
- Keep a Bootable Antivirus Rescue Disk Ready
- Keep a Linux Distro Live USB Ready
- Keep Regular Backups of Your Data
- Keep Your Operating System, Antivirus and Other Software Up-to-Date
- Download Button
- Read Reviews Before Downloading Little-Known Software
- Use Additional Compatible Security Tools
- Use Custom DNS Service Provider
- Show File Extensions in Windows File Explorer
- Run Unknown Programs in Virtual Environment
- Integrate your Antivirus into your Download Managers
- Enable Self-Protection on Security Software
1. Use an Antivirus
An Antivirus is the most essential software to keep your computer free from viruses.
- Protects your computer and data in real-time against all kinds of online and offline threats.
- Prevents the installation of malicious software.
- Scans and removes traces of malware or unwanted programs.
- Scans removable storage devices and prevents the spread of malware.
- Blocks malicious websites that could download infected files in your computer.
- Blocks phishing pages to protect your login credentials.
- Prevents identity theft by blocking various types of hacker attempts.
- Scans all of the files downloaded to your computer.
- Detects and blocks email spam content.
- Protects against zero-day malware.
2. Use a Firewall
A Firewall monitors and controls all of the internet related activities on a computer.
- Monitors the networks in real-time and notifies the computer user about all of the incoming and outgoing network connections.
- Blocks malicious traffic.
- Blocks access to malicious websites.
- Hides open ports from port scans to prevent any potential hacker attacks.
- Prevents intrusion attacks on Wireless networks.
- Prevents malicious applications from connecting to the Internet.
- Prevents the cyber-criminals from accessing and controlling the computer remotely. Prevents and terminates any unauthorized remote access attempts.
- Lets the user allow or block specific applications from connecting to the Internet.
- Lets the user monitor data traffic.
- Provides the local address and remote address (IP address and server address) information about a connection.
3. Regularly Scan Your Computer Using an On-Demand Malware Scanner
A Second Opinion Malware Scanner or an On-Demand Malware Scanner is an antimalware software that works only when you execute it. It is not set to autostart with Windows. Even the best antivirus software struggle to reach the 99% detection ratio. There are millions of malware in the wild, even a detection ratio of 99% leaves you exposed to huge sum of malware. Therefore, we need to use these second opinion malware scanner and removal tools to detect the malware that the main antivirus may have missed.
4. Scan All Connected Removable Storage Devices before Using Them
One of the most common methods used by malware to spread themselves is the portable storage devices such as a USB flash drive, External drive, Memory card, etc. Always scan the removable storage devices that you connect to your computer before opening any files from them. Most of the antivirus programs have a Removable storage device scan option; make use of it.
5. Disable AutoRun and AutoPlay
This is one of the most popular methods used by Worms to propagate themselves. You don’t even need to open a file from the external devices to get infected, the Worms will do all the hard-work themselves, and make their copies on your computer. The file called autorun.inf stored in a removable drive automatically executes the script or commands mentioned in it whenever you inject that removable device into your computer.
The autorun.inf is used by the AutoRun and AutoPlay features in Windows. With the help of the Autorun.inf file, the CD/DVD/Blu-ray, USB device vendors can set their devices to perform specific functions, execute specific programs, run specific files, etc. when these devices are connected to the computer. This Autorun file is the same file that automatically pops up a window whenever you insert a DVD, and asks you if you would want to open the files stored in that DVD with your default DVD player.
The Aurorun file can be used by hackers to spread malware. The malware copies itself into the drive, and edits the autorun.inf file to execute and copy it on the computers the drive is connected to in the future.
Disabling the aurotun.inf adds another layer of protection to your Windows PC.
6. Download Software from Safe Websites
Download the software for your computer only from reputed software download portals. Here are some of the best ones. You’ll find everything you need from these websites.
7. Take Control of Your Startup
Manage which programs start with windows. Just having the knowledge of which programs and services start with your computer can be helpful in many ways. You can use Task Manager to learn about and enable or disable the Startup Programs and Startup Services.
8. Don’t Open Spam
These really can infect you. But, how can opening an email infect your computer, you say?
- Spam emails can lead to Trojan dropper files
- Lead you to phishing sites
- Malicious websites that can download malware on your computer.
Here’s a scenario – You open a spam email. The spam email has a document (.pdf, .docx, etc.) that you downloaded, you open this file, there’s a Word icon in this document. You think that this icon is another Word file; hmm, maybe it contains that great deal or a coupon code that was mentioned in the email. When you double-click on the icon to open it, no file opens but the downloading of a malware starts in the background without you knowing. This a classic case of Trojan Horse malware. A file or program that appears to be useful, but in reality, is a malicious software.
9. Don’t Store Data in Desktop, Libraries, and User Folders
Ransomware, the most deadly type of malware, take the user data hostage by encrypting it, and then ask for ransom to decrypt it. These Ransomware start their Encryption process on User Data from these locations – Desktop, Libraries such as Documents, Music, Pictures, Videos, and other User folders.
Make Folders by the same name on another partition and save your files there instead of the Libraries in the Windows partition. If you can’t stop yourself from saving everything on Desktop, then this little trick can work. Make a folder named Desktop in any partition except C: (Windows partition). Now create a shortcut for that Desktop folder on your real Desktop. Remove the terms Shortcut from its name on the shortcut. Save anything you want on your Desktop, but occasionally drag those contents into this shortcut. It will transfer all your files from your actual Desktop to the folder named Desktop present in another partition.
10. Don’t Use Public Wi-Fi
Public Wi-Fi are the Wi-Fi networks that are available for free to everyone. You get these networks on public places such as Airports, Hotels, Coffee Shops, etc.
Dangers of Using Public Wi-Fi:
- A public network doesn’t require security, anyone can connect to it. Malware can be spread through an unsecure Wi-Fi network.
- You could accidentally join a fake Wi-Fi network. These fake networks are named exactly like the real one(s); users may join these ones instead if they see that their signal strength is better than the real one(s). One joined, everything you do on that network can be captured by the cyber-criminal who is administrating that network.
- If the file sharing on a network is enabled on your computer then a cyber-criminal connected to that network can access that data. Your sensitive information such as account login details, bank information, and other personal data could be at stake.
11. Check Wi-Fi Settings
Use unique and strong passwords for your network so that no intruder can enter your network. There are programs like Wireless Network Watcher by NirSoft that let you scan your network to detect all of the connected computers. Or, you could access the Administrator page of your network, and see the IP Addresses of the computers connected to your network.
12. Keep Windows Recovery Drive Ready
The Recovery Drive is a bootable removable media that contains all of the files of the Windows Recovery Environment. Windows automatically boots the computer in the Windows Recovery Environment whenever it finds something wrong with the Windows. However, it doesn’t work every time. Therefore, keeping a Recovery Drive ready is always a good option. This gives you a portable Windows Recovery Environment (Windows RE or WinRE).
13. Keep a Bootable System Repair Disc Ready
Windows has an in-built feature called System Repair Disc that lets its users create a bootable rescue disk. In case of a malware infection, you can boot (start) your computer using this Rescue Disk, and perform operations like System Restore to go back to the state when the computer was not infected. The following six system repair tools are available in the System Repair Disc – Startup Repair, System Restore, System Image Recovery, Windows Memory Diagnostic, Command Prompt, and Recovery Manager.
14. Keep a Bootable Antivirus Rescue Disk Ready
An antivirus rescue disk is the most efficient way of detecting and deleting malware from an infected computer. A Bootable Antivirus Rescue Disk scans Windows files and User files outside of Windows. So, all those malware that start along with Windows, and hide themselves from antivirus programs cannot do that when you scan your computer using a bootable rescue disk.
15. Keep a Linux Distro Live USB Ready
A Linux Live USB is a combination of two things – Linux and Live USB.
The GNU/Linux (or Linux) is a free and open-source operating system. Linux understands the Windows File System, and hence can be used to run your computer from if your Windows installation refuses to boot.
A Live USB (or CD/DVD) is a bootable operating system installation that runs from the USB disc instead of the computer hard disc.
Scanning, cleaning, and repairing an infected or unbootable computer takes time. You may not have that much time, and the most important thing for you is recovering or accessing some important files. A Linux Live USB lets you do both of these things. Because most of the Linux distributions come packed with all kinds of programs that run the most commonly used files types, you can use your bootable Linux Live USB to do your regular computer work like working on documents, etc. Or, you could just transfer your files from the host computer to another removable disk using Linux Live USB.
16. Keep Regular Backups of Your Data
Backup means keeping a copy of your data on a separate partition of the same disk/drive or on a separate (removable) storage medium. This Backup can be used to restore the data if you ever lose your original copy of data because of a virus attack, hardware malfunction, or any other reason. Windows has an inbuilt backup and restore feature called Windows Backup and Restore. Use can use other third-party alternatives as well to manage your backups.
17. Keep Your Operating System, Antivirus and Other Software Up-to-Date
In order the understand the significance of an up-to-date system and software, we need to talk about the following three tech terms – Zero-day, Exploit, and Vulnerability.
Anything Zero-day (or 0-day) means any vulnerability, bug, or error in the software or hardware that is yet to be identified by the vendor of that software or hardware. The day these issues are identified by the vendors is called Day Zero. The Software or Hardware companies create and release fixes, patches, or updates for these issues as soon as they come to know about them.
If you do not update your Windows and other software, and any possible vulnerabilities in your system are not patched or fixed, then the hackers, malware developers, or cyber-criminals can exploit those vulnerabilities. The software and hardware manufacturers may have found a vulnerability in their software, and addressed that in the latest update of their software and drivers, but if you didn’t update then you are vulnerable to the exploits written for that vulnerability.
The Zero-day attacks involve Vulnerabilities that the attackers know about; who then create Exploits to make use of these vulnerabilities to take unauthorised control of the system in order to perform various malicious activities such as deleting, stealing, or copying of the data. A Zero-day attack is said to happen when a hacker exploits a vulnerability.
18. Download Button
Don’t just click any image that has the word Download written on it. An image with the Download text does not, always (and only), downloads the file that you think it is downloading. Various malicious websites use these links to deliver Backdoor Trojans into your system.
Sometimes, the Download button has another link over it that you can’t see, however, you can check what’s behind it by hovering over that link, and then looking at the Status Bar of your Web Browser.
Whenever you hover over a link, the status bar in the web browser displays the hyperlink behind that link or image. The malicious websites have hyperlinks to ads or harmful websites over the actual link or image, so when you click on it the first time, that link is opened and not the actual download link or the legitimate hyperlink. The malicious link could do anything; it could open a sponsored webpage in a new tab, a new popup window, it could execute a malicious script in your web browser, or it could start downloading an adware or a malware either in front or in the background.
19. Read Reviews Before Downloading Little-Known Software
There are software for almost everything. There could be a scenario when you want to perform a very specific task but there aren’t any popular candidates or well-known software for you in this category. If you find yourself in such as a situation, try to find and go through Editor and User reviews of such little-known software before deciding to download and run them. Most of the popular Download Portals have reviews by their Editors. You can check those as well as the User reviews from various websites.
20. Use Additional Compatible Security Tools
Depending upon the number of features provided by your antivirus and firewall, and the level of your computer savviness, you could choose to install additional security tools that are also compatible with other ones already installed in order to strengthen your computer security setup.
For example, you want to know about all of the network connections, data traffic, and other network related activities going on in your system, but you are using a basic firewall that does not have too many features, then you can use a network monitor software like GlassWire.
21. Use Custom DNS Service Provider
Some Internet Service Providers (ISP) inject ads into their network, and thus in the web browsers of their users; these kinds of ads cannot be blocked using an ad-blocker. One of these ad-networks could also include some malicious websites. So, now you have the risk of ads as well as phishing websites thanks to your ISP. This situation can be averted by using a third-party Domain Name System (DNS) service. Some of the best free ones are Cloudflare 220.127.116.11, Cisco OpenDNS, and Google Public DNS.
22. Show File Extensions in Windows File Explorer
By default, Windows does not show file extensions of files in its File Explorer. This is a major security flaw. Many malicious websites on the Internet give you free songs, movies, photos, etc. These malicious files have file names and icons similar to those media file types they make think they provide, but the file extension is not always correct.
The setting that manages the show-hide status of file extensions in the Windows File Explorer is called “Hide extensions for known file types”, and is located in View tab of Folder Options window of Windows File Explorer. By default, it is enabled. Disable this setting by clearing its checkbox. Click Apply, and then OK.
Here is an example to show how this change can help you in protecting your computer; a website lets you download songs illegally for free. You find a song to that you were looking for, and start downloading. Now, this file is labelled as 01 – Artist Name – Song Name. The file icon is similar to the audio file icons used in the Windows File Explorer. With the default Windows Folder Options settings, you will the name without the file extension like this, 01 – Artist Name – Song Name. But, if you change this setting, then you will be able to see the complete file name with its extension, which would be 01 – Artist Name – Song Name.exe in this case. A music file should have had .mp3, .aac, .ac3 or any other audio file extension, and not .exe (executable).
This way, you call tell if the file that you downloaded is a legitimate file or a malware.
23. Run Unknown Programs in Virtual Environment
If there is something that you really want to run, test, or use but are not sure about its origins then you can make use of Virtual Machines (VMs). Programs such as VirtualBox and VMWare can be used to run the files in a Virtual environment.
If your Antivirus or Firewall supports the Sandbox feature, then you can use that to run the applications of dubious origins.
24. Integrate your Antivirus into your Download Managers
Most of the Download Managers have a Virus Scanner option in their Settings that lets you browse for the main executable file of the Antivirus installed on your computer. Every time a file is downloaded using that download manager, it will be scanned by the integrated Antivirus automatically.
25. Enable Self-Protection on Security Software
Some security software have a password-protection setting that lets you lock the program settings. When enabled, a user has to enter a password for doing things like change settings, quit program, Whitelist or Blacklist applications, etc. This makes it difficult for malware or another person with malicious intentions to disable your security software.
Go through the Settings of your Security programs, and try to look for a setting with the names like Self-Defence, Self-Protection, Password-Protection, etc. Set a password of your liking.
Use Computer Sense along with these Tips
Unlike popular belief, your antivirus provides only the secondary protection, the primary protection to your computer is provided by yourself. Use the Computer Sense while browsing the Internet and operating your PC. All these tips and some computer sense is good enough to keep your computer protected from Malware and Hackers.