(Translate this site)
I wrote the first draft of the guidelines below for my sister-in-law after her family got a broadband internet account for the first time ever-- and immediately got hit with malware in maybe less than 24 hours. I post them here in case others could benefit from them as well.
1: TAKE SPECIAL CARE OF YOUR WINDOWS RECOVERY DISK. You'll need to use it a lot!
2: MAKE SURE TO KEEP YOUR INTERNET CONNECTION ACCOUNT INFO LIKE USERNAME, PASSWORD, AND RELATED EMAIL ADDRESSES AND PASSWORDS RECORDED SOMEWHERE SAFE like in your wallet, pocketbook, and with other important papers. Because you WILL have to re-install your account repeatedly. (Ouch!)
3: Try to use fairly long and complicated passwords which have both letters and numbers in them, and would make sense only to you. DON'T USE COMMON WORDS LIKE NAMES OR PLACES OR WORDS YOU CAN FIND IN A DICTIONARY.
4: If you've already got annoying pop ups or other clues that something has invaded your PC, you need to get rid of them now.
DISCONNECT THE WIRE which brings the internet into your PC first, before trying to rid yourself of the malware. For some 'malware' (viruses, spyware, etc.) is smart enough to re-install itself instantly just as you remove it-- IF your internet connection is attached.
Don't reconnect your internet cable again until after you're sure you've zapped your nemesis.
If you must restore XP to get rid of something, there's usually two ways to do it:
FOR EXTREME CASES: A complete format and restore from your recovery disk (only for extreme cases, as this will take your PC back to what it was when new-- losing everything else you ever put on it, including whatever custom settings/adjustments you've made).
(((If you need more help for an extreme case, try "What to Do When Windows Gets Really Messed Up Even when Windows routinely gives you the Blue Screen of Death, all may not be lost. We'll show you how to restore both your data and your sanity." by Lincoln Spector, PC World; May 05, 2008)))
THE USUAL BEST OPTION: A roll back to a previous state. Like last week or last month. This one you don't usually need the recovery CD for. There'll be a calendar in a control panel where you choose the date you want the PC to roll itself back to-- like just before those nasty pop ups starting appearing on your display. Of course this should also get rid of any new browser plug-ins or whatever you may have added in since the date you want to time travel to with XP.
It might be the roll back option requires some previous set up by the user (so if you must switch it on, do it as soon as possible-- otherwise you'll have no restore points to go back to).
More tips along these lines can be found in "Protect Yourself From PC Security Pitfalls Our columnist shows you how to get rid of spyware, shrug off spam, and stay safe on unsecured public networks" by Lincoln Spector, PC World; April 22, 2008
5: WINDOWS XP MUST BE UPDATED REGULARLY TO MINIMIZE SECURITY PROBLEMS.
Set up your Windows XP to automatically download updates to itself. You can set it to do all this behind the scenes, or wait for you to manually allow the actual update installs after they've completed downloading.
Some of these updates can be time-consuming. But they ARE necessary.
6: DON'T USE MICROSOFT INTERNET EXPLORER. Instead, download and install Mozilla Firefox, and set up things so all that PC’s users run Firefox and NOT Explorer.
(Explorer has all kinds of security problems. Do NOT try deleting Explorer though, for it's part of your operating system).
7: NEVER OPEN OR LOOK AT EMAIL WITH ATTACHMENTS FROM STRANGERS. JUST DELETE IT WHEN IT COMES.
Avoid opening junk email (spam) of all kinds. Keep in mind they use every trick they can to get you to open them, with their subject titles and sender addresses.
8: BE SUPER-PICKY ABOUT DOWNLOADING AND INSTALLING ANY SORT OF SOFTWARE FROM THE INTERNET. It's best to do some Google searches to check out the reputation of all software and sources first.
Of course, it's easy to download risky stuff without meaning to. And where kids use the PC, it WILL happen. In those cases you'll just have to start over at the top of the page again...
9: INSTALL AN ANTI-VIRUS PROGRAM AND KEEP IT UP TO DATE (they usually update themselves over the net).
Reviews of anti-virus programs which cost:
General anti-virus program info
Using a Mac or Linux instead? Then check out Five important security apps for Linux, Mac OS X and Windows By Ars Staff; April 24, 2008 or maybe Keeping your Mac locked down: a Mac OS X security primer (a guide for ADVANCED users)
Truly free and decent anti-virus programs are rare and hard to find.
I currently use the free Avira AntiVir Personal Edition Classic. But its features are limited (like NOT screening email for incoming viruses). You might need more protection than this. But note the email accounts which usually need virus checking will be those you have with your own internet service provider, like firstname.lastname@example.org.
But a Yahoo email address like email@example.com would usually be checked by Yahoo itself for viruses.
HOWEVER, having a Yahoo email account will only provide you with one layer of protection-- and protection ONLY from KNOWN viruses. New viruses could still sneak through on occasion.
Plus, there's other threats besides viruses. Like spyware.
Once you open an email on Yahoo or similar web mail services, that's it: clicking on any link you see INSIDE the email after that is NOT covered by Yahoo's protection. You're on your own. Hence, the warning above about not even opening or looking at suspected spam email.
(Services like Yahoo do seem to scan attachments for viruses, though)
If your PC is in bad enough shape right now, you might have no choice but to buy a good anti-virus CD from a local store and install and run it. And pay an annual fee to keep it going. I've done that too, at times.
10: DON'T let your PC sit idling for hours, doing nothing: shut it down when not using it. PCs on broadband connections sitting idle are one of the things hackers look for to break into.
11: If it appears someone has discovered one of your passwords and is using it to fiddle with one of your online accounts, IMMEDIATELY CHANGE that password. AND review and possibly revamp/strengthen all your present PC security measures. Unfortunately, if one of your passwords has been compromised, others may have been as well. So it's recommended you also change all your other online account passwords too, as soon as you can. You see, if someone manages to plant spyware on your PC, it can act as a 'bug' or listening device to capture your passwords as you type them in. Then send them to the bad guys. Yikes! There do exist anti-spyware programs for this contingency (these are often different and separate from anti-virus programs)...
If you're using Firefox you can set the preferences to erase virtually all your personal data from the browser every time you quit the program. That rids you of things like browser 'cookies' which can be mined for stuff like passwords by just about any web site or malware around.
I'm currently using the free trial version of AVG Anti-spyware. After the trial period most of its features are disabled apparently (unless you pony up some money), but perhaps you can still run a scan with it if you think some spyware is present. Nine Ways to Wipe Out Spyware offers up more info on NON-FREE anti-spyware options.
More good info regarding your PC and internet security can be found in 72 Tips for Safer Computing