Social sites like Facebook are built around communities. In the real world, a community is a safe haven, but it’s not so in the digital world because of its faceless nature and facebook impostors. Social hacking is a term that was born from this very phenomenon. Just to give you an example…

You get a link on your profile from a friend (or a username which sounds like a friend). It’s just a casual click on that link which lures you to a web page asking for some personal details. A person who is not aware of terms like phishing or malware falls prey to this cleverly disguised scam attack from Facebook impostors. Malware links can even infiltrate your accounts and leech away profile info like passwords and addresses. Or even more seriously, bank account numbers. That itself can set of a domino effect as the others in your contact book start getting attack mails from your account.

Social networking sites like Facebook have a huge user base. Facebook alone has more than 300 million users. Even if a small percentage of infiltration attempts succeed (and they do), you can do the math.

Protecting your Facebook profile from scammers and spammers requires serious ammo. The first fortifications are of course the security firewalls and countermeasures employed by Facebook itself. But just like any other war, the foot soldier is the most important piece around which the battle can turn. The foot soldier is you and what you do to protect your account. Facebook gives you some privacy controls to help you thwart spammer snoops.

Here’s the checklist on how to configure your profile to protect yourself from scammers –

Stop Facebook Impostors – Configure the Privacy Settings

This is the first port of call. After you log-in, on the top right corner of the blue bar you will see the Settings link. Hover over it to get the dropdown and the Privacy Settings.

The Privacy page is all about allowing or disallowing others from looking at all the information on your Facebook page. Information can be broadcasted from your profile, a Facebook search result with your name, what gets written on Wall Posts, news feeds of your recent activities, and from the applications you authorize to pull information from your page.

The great thing about Facebook is that it allows us to configure each small part of our profile (see screenshot above). This is what we should be aware of.

Be aware of your friends

• Social sites make it very easy to add friends with a click. Soon enough we have an unmanageable bunch. Organizing friends into groups or Friend Lists is one way. Profile views can be set for Everyone, Only Friends, Friends of Friends or customized for specific Friend Lists. You can also exclude certain friends/Friend Lists.
• On the Privacy page, click on Profile. Control who gets to see each bit of information by clicking the dropdown and selecting one. You can also click Customize to further fine tune the selections. Never set it to Everyone – that’s like opening the front door. Also, remember that your friends might have other friends who are absolute strangers to you.



• One absolute area that you should keep private is the Contact Information. You can set it to No one.
• Save all changes.

Be invisible – remove yourself from searches

Given Facebook’s high search listing, anybody (say, scammers) searching for you or some area of related interest would find it easy. When you sign up, the default setting allows everyone to search for you. Later, one way to discourage that is by removing yourself from public search listing and also controlling your visibility from within Facebook.

• From the Privacy page, click on Search to access the settings for search. Under the heading Public Search Listing, deselect the option to create a public search listing of your profile.
• To cloak yourself further, you can control your search visibility from within Facebook by selecting Only Friends for Search Visibility. And then tighten up security by setting what they get to see in your public profile.

Caution with applications

Third party applications have given Facebook a good name and sometimes have left it red faced too. Third party applications with doubtful roots could be spyware by another name. Applications which you authorize need your profile info to work and sometimes that of your friends in the network (that also goes for apps installed by your friends). To cite another example, quizzes and puzzles are fun but they can influence you to reveal some personal information. So, tread on the side of caution.

• From the Privacy page, click on Applications. The Overview describes the situations in which an application accesses your information. From the Settings page you can checkmark the types of information your friends can see about you through applications.
• You can also go to the Applications page (click on Applications on the foot bar) and edit the privacy settings for each individual application. A privacy setting controls the status display on your Facebook profile page.

Screen your messages

A scam behind a Facebook impostor’s message is the oldest trick in the scammer’s book. Beware of messages which ask for personal information or cash/donations. Even if you receive a message from a pal asking for sensitive information or monetary help, verify the request with a phone call. You can also do an authenticity check by asking questions which can be back-checked.

Be wary of direct links

Don’t click on direct links that you get in messages or wall postings especially from unknown sources. They could be a ruse to malware sites or fake login sites. Look at each link carefully before being trigger happy with your mouse. A genuine link can be made out by looking up the domain name with a Google search. Though with a shortened URL, it could be a problem. Many links direct the user to a fake Facebook login page which can compromise your password. Facebook usually never asks you to log-in again to view another page.

Community rip-offs

Joining a community may get you a bunch of contacts in one go. But it can also be a scam trap if the community is a sham. Fake communities could serve as marketing gimmicks, often with the intent of building mass mailing lists. Select your community and look around the member profiles before jumping in.

These are just some of the ways we can guard against scam attacks. The best way of course, is to click logout and pick up the telephone. But that’s like picking up paranoia and ditching the fun of social networking. Simple precautions like choosing a secure password, familiarity with all the security options and safe browsing habits can keep us protected. For more Facebook security tips, check out Mahendra’s post – 10 Solid Tips to Safeguard Your Facebook Privacy.

What other tips do you think can help to keep our guard up? And leave the scammers dry…

Image Credit: Jesse Gardner

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• 10 Solid Tips to Safeguard Your Facebook Privacy (126)
• How To Deal with Spam and Report Email Scams in The U.S. (5)
• 7 Essential Security Downloads You MUST Have Installed (54)
• Top 5 Current Email Scams You Should Know About (25)
• Three Firefox Security & Privacy Add-ons that can Co-exist (23)

If you are facing a similar situation, here are a few steps you can take to make sure you get rid of the trojan horse/virus and most of its ill effects if not all.

Scan thoroughly with the antivirus

Sounds trivial right? Why would you get infected in the first place if your antivirus could detect the virus? Well there can be a few reasons, make sure you get them out of the way. It will save you a lot of trouble:

• Update the antivirus to the latest version, and update the virus signature database.
• Harden the scan options, check on heuristics, potentially dangerous applications, early warning system or whatever fancy names your antivirus uses. Set the antivirus to scan within archives and choose wisely when you specify items to exclude from the scan or leave everything out for scan.

Now perform a system scan, this way you give your antivirus a better chance to detect newer viruses.

Scan the system in safe mode

Very important to do this once before you get into manually removing the virus and its effects. Sometimes the infected files might be locked by the operating system when working in the normal mode. So to increase your antivirus’ odds to detect and clean the virus, you should restart the computer, boot into safe mode and then perform a thorough scan of your system.

Keep in mind the above mentioned points as well. You can generally boot into safe mode by pressing the F8 key during bootup and choosing the safe mode option.

Use special virus removal tools

Various antivirus manufacturers offer special tools for removing viruses once your system has been infected. Try McAfee’s Stinger or Microsoft’s Malicious Software removal tool or Kaspersky’s Virus Removal Tools. These are special tools that do a great work of removing certain infections.

So once your antivirus has detected the infection, make sure to Google it, this way you can easily find specialized solutions, removal tools and advice on your situation.

Take things into your own hands

There are times when, due to various reasons, none of the above methods works. Even in such cases everything is not lost, you can still rid your computer of viruses and trojan horses by manually deleting the offending file and attempting to nullify the effects that it caused.

The effects vary from changing mouse/keyboard settings to infecting all files in RAM, to infecting all files using a particular library to corrupting the MBR and so on. Your ability to rollback these effects no doubt depends upon how much of a computer nerd you are, but with Google, various forums and Twitter there is a good chance you can make things work for you without having to make that call to your technician.

Here are some tips that may help you:

• Check what processes are currently running. Use task manager, make sure to show processes from all users. If you see any suspicious process name or description just Google the name and you will get all the information you need. Make sure to prevent it from running again if you think you found the problem. You can use msconfig and manage startup items to do so.
• Use HijackThis to diagnose a problem and create a log in case you want someone else to help you with your problem.
• Try to find the nomenclature various antivirus products use to refer to the type of infection you have on your computer. Once you know that, you will be able to find detailed step by step instructions provided by various antivirus vendors to get rid of it. It also makes it easier to search for specialized tools to get rid of the trojan horse/virus. Here is an example of one such page.

All of these methods will surely help your cause. However, your ability to completely rid your computer of a particular virus would depend on how early you are able to detect it, the type of the virus and the harm it was intended to cause (sounds a lot like cancer, isn’t it?).  Always take regular backups in case something goes wrong while attempting a clean up.

Do you have your very own ‘Get Rid of a Virus Workflow’? We would love to know about it in the comments.

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Are Anti-Virus Programs Necessary For Mac? (15)
• 3 Tools to Test Run your AntiVirus/Spyware Program (10)
• Immunet Protect – Free Antivirus Protection From The Social Cloud (Windows) (9)
• How To Disable USB Ports To Prevent Malware Infection (4)
• Hitman Pro: Unleash 8 Anti-Spywares with a Single Click (Windows) (27)

There are plenty of ways to disable usb ports and you don’t need any special software.

Disable USB Ports By Disabling Autorun

Most of the malware that spreads through USB devices spreads because of the Autorun feature which automatically executes a said file mentioned in the autorun.inf file located at the root of the USB device folder tree. Something as unsuspicious as “Open folder to view files” to the untrained eye can be easily made to run any desired file on the drive and can thus infect your computer. So disabling autorun is always one of the better options. To do so:

• First, the key combination Win + R and type Gpedit.msc
• Navigate to Computer Configuration > Administrative Templates > Windows Components, then click Autoplay Policies. (XP users should try Computer Configuration > Administrative Templates > System
• In the Details pane, double-click Turn off Autoplay.
• Click Enabled, select All drives in the Turn off Autoplay box to disable Autorun on all drives.

Microsoft Help and Support has more details and methods

Option 1. Disable users from connecting USB devices

You can prevent selected user accounts from connecting USB devices to your computer. So if you share your laptop/computer with a friend, you should create a separate user account and deny his/her account the ability to connect USB devices. Microsoft Help and Support provides steps to obtain such fine grain control.

Or you can simply navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor and set the value of Start to 4. To enable access again change the value back to 3

Although the site mentions that this applies to Windows XP, 2000 and 2003 it worked just fine on Windows Vista and Windows 7 as well.

Option 2. Change BIOS, disable USB ports, password protect BIOS

Enter your system’s BIOS, just when you press the Power On button. Look for anything that allows you to disable USB ports, disable them and make sure you add a BIOS password.

Option 3. User Device Manager to disable USB

• Go to Device Manager (Right click My Computer, choose Manage, choose Device Manager in left pane)
• Now look for USB Devices in the right pane, right click on the device and choose disable.

Of course you would like to make it a little easier to enable/disable the USB ports. For that you need to create a reg file that modifies the appropriate registry key. Here is an example (make sure to spell everything correctly):

Now double clicking on this file will enable access, similarly you can change 00000003 to 00000004 to create a reg file for disabling access.

None of these are fool proof, there is always someone smart enough to find a way around. If you really want to go all the way you can fill the ports with some epoxy or a similar substance! This is of course not a recommended solution for your personal computer but might come in handy for large organizations trying to prevent employees from using USB devices.

All in all the options are good enough to stop accidental, non intentional spread of malware/compromise of your computer as mostly happens when a USB device is plugged into different computers. However don’t bet your life on these if some one is really determined to use a USB device on your computer for whatever reason.

How do you protect your computer from malware spread via USB drives?

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Use Your USB Stick As a Key to Boot Your Windows PC (52)
• One Network Admin’s Tool to Rule Them All (13)
• Steal Your Friends Passwords and Software Licenses! (32)
• Spyware Terminator – Free Real-time Spyware Protection (19)
• How to Sync Files between PC and USB Thumb Drive? (27)

And these days, we rarely see “viruses”. They typically fall into the spyware category. Pop-Ups, porn and fake AV products seem to be the most popular of malicious material presently. While your AV sits in the system tray hanging out and doing absolutely nothing to protect you.

The majority of the time you end up relying on on another product to get the annoyingware off of your machine. So now you’ve got a $60 bloated product eating up resources on your machine and doing absolutely nothing to protect you.

In order to be preventative, it would be nice to maybe give some of these products, which usually have a trial version, a run for their money before making the plunge and purchasing the full product. I’ve found a few tools to give each of these a test run, and see how well they actually are protecting you.

Testing your Anti-Virus

An IT security group based in Europe called Eicar has come with a few different tools to test the effectiveness of your preferred AntiVirus application. There a few individual files to download and run, along with a ZIPPED file that will test your AV software and their ability to scan for viruses deeply embedded into other files. I should point out that Eicar does have a disclaimer:

Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if you are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help.

So, in other words, unless you have complete trust your in prevention, I would use either a virtual machine or another test machine besides your main system to do this test.

Testing your Anti-Malware

Malware is a whole different ballgame, and is much more common and prevalent in today’s “internet” world. A common, everyday search can easily ring in loads of pop-ups, adware, and deeply buried malware, spying on keystrokes, monitoring cookies and just being down right annoying. The problem is that it’s always evolving, and many protective products can’t always prevent malicious activity. However, that doesn’t mean you shouldn’t attempt to block it.

Spycar attempts to hijack your system, similar to typical malware activity and gives your protection a test. Spycar does not include any “exploits”, so you do have to click OK during the process for the test to take affect. If your preventative software is successful during the process, a built-in TowTruck application responds with a rating on your prevention and then returns your system to it’s original state.

There are several different tests to run through. All attempting to try and take advantage of all the various activity that normal malware would. These tools are fantastic. Especially for a brand new system you may be setting up in a business or enterprise environment.

Although not mandatory on all PCs, having some type of protection on your computer today is almost always a must. The problem that most tech savvy users have with them, is that most, just don’t work and most eat up way to many resources. Having a way to actually test some of the options out there, is a fantastic way to make your final decision. So you try it out…Download the latest AVG, Symantec or NOD32 trial and see which comes out on top with each of these tools.

Have any good sites to audit your pc for free? What sites are guaranteed to attempt to hijack your machine? What anti-malware apps do you use?

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Stop & Delete Spyware With Malwarebytes [Windows] (29)
• SpywareBlaster Can Stop Spyware Before It Starts [Win] (7)
• How To Get Rid Of A Trojan Horse Virus That Won’t Go Away (21)
• Hitman Pro: Unleash 8 Anti-Spywares with a Single Click (Windows) (27)
• Best Programs To Keep Your Computer Secure (27)

Below, I would like to share my favorite essential security downloads that have helped me keep my system secure over the last 2-3 years. Check them out and tell us what you think in comments.

1. AVG Anti-Virus (Windows)

AVG is a free anti-virus program, also a really good one. In the past I have tried Norton, Kaspersky, NOD 32 and several others but finally settled on AVG. It’s been my preferred anti-virus program for the last couple of years. MakeUseOf readers seem to agree as well.

We have already reviewed the AVG on MakeUseOf before so if you want to know all the details check out Mark’s AVG review here.

To get an idea here are some of the things you get with AVG:

* real time virus checking
* automatic daily updates
* scans incoming/outgoing emails for viruses
* removes malicious tracking cookies from the browser
* scans search results (ex. Google) and warns about non safe links.
* option control the speed of virus scanning process

2. MalwareBytes Anti-Malware (Windows)

Malwarebytes is an easy-to-use and effective anti-malware application. With over 8 million downloads MalwareBytes is ranked as the 6th most popular software download on Download.com and second in spyware removal category. The users ratings and reviews are pretty good as well.

Malwarebytes’ claims to detect and remove malware that many of the other well known spyware removal programs fail to detect. I can’t really confirm that but after using it for about 2 months it has become my primary spyware removal/scanner app. I must admit I haven’t been using this one long enough yet but so far it has done a pretty good job.

While MalwareBytes doesn’t offer as many features as other tools in that category, it has a comprehensive library of threats to protect against. It’s also very light on your system resources.

The program does have a few more options open to you. For instance, it adds a contextual right-click option to scan individual files. This second option is handy for times when you have to download a file that you think is suspect or need to open someone’s flash drive.

There are some other handy addons as well. You can read more about MalwareBytes in a previous MakeUseoOf article Stop & Delete Spyware With Malwarebytes.

The Basic version which consists of a spyware scanner and removal tool is free. The Pro version costs $24.95 and comes with an additional Protection Module that can detect malware before it can do any significant damage.

3. Spyware Terminator (Windows)

I use Spyware Terminator as my secondary spyware removal tool.

I first heard about it from Bill Mullins, a security expert and MakeUseOf author who recommended the app for real-time spyware protection. In his own words:

As you can see, Spyware Terminator is my current application of choice in the spyware protection/removal category. Having tested virtually all of the major anti-spyware apps over the last year or more, I’ve settled, for now, on Spyware Terminator.

The program is easy to setup and customize, for both less experienced and expert users alike. One noteworthy feature of Spyware Terminator is its ‘Real-Time Shield’ that silently runs in the background and offers strong active protection against both known and unknown threats.

Moreover, there is a simple option to schedule automatic updates and fast spyware scans on a daily basis to ensure your computer is clean.

4. Comodo Firewall Pro (Windows)

Firewall has an essential role in safeguarding your PC. It can block unauthorized remote attempts to access your computer as well as attempts to transfer data by locally installed programs. Unfortunately not many people know about that.

Windows XP and Vista users already have the default Windows Firewall but based on my past experience I don’t find it effective and prefer Comodo Firewall instead (and so do many others).

Just like the above mentioned AVG, Comodo Firewall also came out as the best Firewall in our poll. It’s also probably the lightest one when it comes to your precious system resources. For me it takes only about 3.2 MB on average.

Comodo automatically monitors your connection and alerts you whenever some remote computer or locally installed program tries to initiate an unauthorized connection.

In many cases it also gives you advice on how to react to the alert.

Moreover, Comodo Firewall also comes with something called Defense + Host Intrusion Prevention System. This security addon helps to further secure your computer against malicious craplets before they can do any harm to your system.

Note: Like with any extensive security software if you haven’t used a Firewall before you might find Comodo alerts a little overwhelming. So, keep in mind that it takes some time to get used to.

5. NoScript – Firefox

With over 42 million downloads NoScript is the most popular Firefox addon out there. So if you haven’t tried it before it’s time to do so now.

To put it simply, NoScript makes web browsing safer by blocking everything that can potentially be used to harm your computer. The includes JavaScript, Java, Flash and other executable content.

Now there is one thing to keep in mind here, while you do get a safety net with this addon, as a novice user at the beginning you might find it annoying to constantly add sites to your “trusted sites” list. For instance, when you visit Youtube for the first time after installing it the videos won’t load unless you add Youtube to your trusted list.

But the good news, adding sites to the trusted list can be accomplished with a click of a button and you need to do it only once.

Also for the websites that present information from several sources you might have to “allow” several sites before you are able to view them in full. In such cases you can simply select “Allow all this page” option.

To sum up, NoScript does take some time to get used to but is definitely worth it. Just like like the Comodo Firewall. If you have any questions check out their FAQ page here.

6. Lastpass (Firefox / Internet Explorer)

LastPass is that one password manager you have been waiting for. Unlike Internet Explorer and Firefox’s built in password managers, data in your LastPass Vault is encrypted. The encrypted login details are stored on LastPass server which are then accessible from your browser or any web-enabled computer that you have Lastpass installed on.

It takes about a minute to install and setup.

Once you have set it up, you can start adding your accounts by simply going to sites and login as usual. When Lastpass asks if you want it to remember the login details for the site, click ‘OK’ and done. Next time you visit the site lastpass will fill the login details automatically.

You will only need to know one password, that is the the password to your Lastpass account. You will have to enter it everytime the browser is restarted.

Once logged in you’ll be able to access your web accounts with a single click. Other lastpass features include:

- auto online form filling
- ability to access your account details from multiple computers
- password generator
- and more …

7. WOT (Web Of Trust) – Firefox

Another extremely popular Firefox addon. I have been using WOT for about 4-5 months and so far it has been great. The purpose of WOT is to warn users about unsafe websites before they actually enter them. These unsafe site can mean a site known to scam visitors, deliver malware, send spam etc.

WOT uses color-coded icons show ratings for over 21 million websites – green for safe, yellow for caution and red for stop. Screenshot below shows WOT safety icons on Google search results.

As you can see from the screenshot above WOT warns about the first two entries. So I would skip them.

Do you use any of the the above tools? Any others you would want to add to the list? Please share them with us in comments.

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Three Firefox Security & Privacy Add-ons that can Co-exist (23)
• Dr.Web LinkChecker – Scan Files Before Download (Firefox) (1)
• Browse Safely & Avoid Viruses & Spyware With HHOTT (22)
• 10+ Best Firefox Security and Privacy Addons (65)
• Trustware Bufferzone Has Your Browser’s Back (31)

Another great attribute of SpywareBlaster is its lightweight nature. The program take very little time to install and updating it is also very quick most of the time. SpywareBlaster doesn’t leave any running processes open, since it merely patches areas in hazard, so it won’t even cut into your RAM!

When you bring up the first screen, you’ll initially see this menu. It displays all of the programs or areas that you have the option to restrict, as well as the total number of updates you have loaded (and on one date). You’ll notice that IE and Firefox are not the only browsers available. If it detects them, it will also stop software and protect Flock, Seamonkey, Netscape, and any browser that uses the IE engine (like AOL). This is a fairly broad net that will cover most browsers. Hopefully they are developing support for webkit (Safari and Google Chrome) someday too!

On the left-hand side of the main window, there is a toolbar. That toolbar contains 4 sections: Protection Status, System Snapshot, Tools, and Updates.

The Protection Status section is the primary view and can be broken down by sites and browsers. In each subsection, you can manually control every single item in the program’s library. For IE, there are extra options for preventing the spyware that directly takes advantage of that browser.

The System Snapshot tool is essentially the same as the system restore for an operating system.  This tool is limited to browser settings and other web-related settings.

The Tools menu has a fairly wide variety of options. Most of the tools are specific fixes for things that can happen to IE. If the homepage has been locked, the program name changed, or something similar to that, SpywareBlaster should be able to help. There is also a “safe” to protect backups of the hosts file (which is often targeted by spyware) as well as a Flash blocker.

Lastly, the Updates menu allows you to rapidly update the SpywareBlaster library.  Also on this menu, there is the option to purchase automatic updating.  SpywareBlaster is completely free, but if you don’t want the hassle of updating every week (which I’ve just built into my personal schedule), you can buy a license and the program will update automagically.

Personally, I’m amazed we at MakeUseOf didn’t catch this little program before now.  Maybe it is such an obviously great program that we figured it had already been done before!  At any rate, definitely grab your copy of SpywareBlaster. It’s a wonderful accessory to any other software to delete spyware you’re already using and won’t intefere with it.

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Stop & Delete Spyware With Malwarebytes [Windows] (29)
• Hitman Pro: Unleash 8 Anti-Spywares with a Single Click (Windows) (27)
• 7 Essential Security Downloads You MUST Have Installed (54)
• 3 Tools to Test Run your AntiVirus/Spyware Program (10)
• Trustware Bufferzone Has Your Browser’s Back (31)

Recently, there has been a lot of hoopla regarding Macs and their vulnerability to viruses. Apple initially recommended having one or multiple anti-virus programs running, then swiftly removed it; stating that the KB article was “old and inaccurate”. It kind of shook the whole Mac mantra about how “Macs are protected from viruses right out of the box” – and that got quite a lot of Mac users comtemplating about the necessity of anti-virus programs.

This is utter personal experience: I have yet to encounter any problems with viruses on my Macs.

But the cold hard truth is that no operating system is 100% uncompromisable and viruses aren’t your only worry. There are other malware like trojans and worms, spyware, user-faults and physical intervention to think about too. I’ll get to that in a minute.

Let’s focus on Mac viruses for a moment.

What is a computer virus? The Microsoft answer “Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation.” [Link to definition]. If you look here, Sophos has published a timeline of all Mac malware-related incidences. Mostly, affliction towards Mac computers were caused by Office macro worms and trojans with only a few virus outbreaks. Also, notice that you can almost count the number of incidences spanning over 20 years with your fingers. That’s something to think about.

Another thing to think about is Apple’s market share. Currently, Macs are only almost 10% of the total US PC market. That said, it is a very unattractive market for malware writers to set foot in because attacks would not be on a sufficiently large scale.

The third reason why there have been only so few Mac exploits is the architecture of the OS X operating system. I’m not going to go into the details because like I said, I’m not an expert. Have a look at this article and decide for yourself. In a nutshell, OS X’s stronger permissions and system architecture make it hard for malware to be installed. Also, Macs do not recognize the EXE extension on which most malware are built on, making it immune to many of the popular exploits circulating on MSN Messenger.

Conclusion

There seems to be no substantial evidence that convinces me of the necessity to install an anti-virus program to run in the background, using up system resources for virus attacks which I will hardly encounter. However, you might want to consider an anti-virus if:

A good, freeware anti-virus which comes very highly recommended is ClamXav.

Besides malware, Mac are also vulnerable to spyware. Practicing “safe-surfing” is a precautionary method. Besides that, running an anti-spyware application can actually help get rid of tracking cookies. For that, take a look at MacScan, a free anti-spyware app for Mac.

Protect yourself

Aside from malware and spyware, user-foolishness is one of the more common causes of exploits. This applies to users on both Macs and Windows. For goodness sake, don’t click on every link you receive on MSN Messenger.

If you’re interested in keeping your Mac safe, I urge you read through and consider some of the most basic security tips listed below:

Avoid using the root account

The root account is the super-user account which is created at the time OS X is installed. Having an administrator account and a separate account for yourself and every other user may sound like a hassle but being stripped of admin rights can actually be a blessing. OS X will request for permission on every occasion it needs to alter files over on the root folder (/Library or /System) and prevent any possible malware script actions.

If you are already running on the root account, the option to remove admin rights will be bricked. Create another account and give it admin rights. Log in to that account and remove the admin rights from your user account.

To do this, open System Preferences and go to Accounts. You may have to click on the lock icon to apply any changes. Then click on Login Options.

Disable automatic login & Enable ‘Require password to wake this computer from sleep or screen saver’

This will prevent any unauthorized physical intrusion to your Mac. Remember to lock your Mac (read this article about Lockdown) when you leave it to go to the bathroom if you’re in a public area; and it may be worth it to invest in a good Kensington laptop lock.

You will find these settings in System Preferences under Security.

Turn on your Firewall

Only allow the applications you trust to access the Internet (third option).

This setting is under Security -> Firewall tab.

Disable ‘Open “Safe” files after downloading’ in Safari

Being a little paranoid, I like to assume control of everything that happens on my Mac. And the fact that Macs were once exploited using this feature, I’d rather open the downloaded files personally, and archaically i.e. manually.

You can find this setting in Safari’s preferences under General.

Enable Guest account

If your friends want to use your Mac to check their mail or surf the Web, don’t let them do it on your account. Not everyone is equally tech-savvy. They may click on links which you wouldn’t even look twice at. Setting up a guest account for this purpose will probably prevent you from pulling your hair out if your Mac is infected. Worst of all, it wasn’t even your fault!

Plus, this will also deter others with dishonorable intentions when using your Mac like installing a keylogger or a screen-capture application.

Guest accounts can be added in System Preferences under Accounts. You may want to enable Fast User Switching so that you can switch back and forth through accounts without logging out.

Stop to think when prompted for the Administator password.

Like I said earlier, the admin password will be needed when a program is about to alter system files on the hard disk. Always stop to think and ask yourself why this program needs to alter your system files and if you trust this application’s vendor. Apple made OS X this way so that changes to the system will be authorized so don’t just brush it aside.

Set a different Keychain password

By default, your Keychain password is the same as your user account password. This means that if anyone knows your account password, they can enter that password and easily reveal all your internet account passwords because they are stored in Keychain Access. Having a different Keychain password will add another line of defense against this.

To do it, open Keychain Access. Under the Edit tab, click on Change pasword for Keychain “login”.

What other measures have you taken to ensure your Mac’s security? Any Mac gurus out there who would like to pitch in a few more ways to protect our Macs? Do you use an anti-virus and why? Let it all out in the comments.

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• How To Get Rid Of A Trojan Horse Virus That Won’t Go Away (21)
• How To Disable USB Ports To Prevent Malware Infection (4)
• Hitman Pro: Unleash 8 Anti-Spywares with a Single Click (Windows) (27)
• 3 Tools to Test Run your AntiVirus/Spyware Program (10)
• Threats In Your Email – Are They Real or Not? (6)

Malwarebytes’ Anti-Malware is a good example of the latter. It may not be as feature-laden as Spybot Search and Destroy, which has a ridiculous number of tools, but it is a very lightweight alternative with good spyware coverage.

Until recently, my only two programs to delete spyware were Spybot S&D, as I mentioned before, and Spyware Blaster, which is a preventative blacklist. Now I’m considering adding Malwarebytes to my list. The install is very quick because there really aren’t a lot of bells and whistles on the program. While some might see this as a downside, when installing spyware protection on a new machine or on the machine of a less-techy person, Malwarebytes is quick and non-confusing.

After install, check to see that the updates are as recent as possible.  This is done on the “Update” tab.  It should automatically update upon install, which is another nicety for a quick start, but I’d double-check. Once you’re all updated, try scanning. A short scan will target common hot-spots and a full scan will cover everything but take a long time. Here’s a scan I ran recently:

The scanner will show what area is being scanned, how many objects have been scanned, and how many have come up as problems.  The time on this scan is relatively short, but you may want to use it during a period of inactivity, as your system will slow dramatically during the scan.  Here are the results of that scan:

After being scanned by Spybot S&D, Malwarebytes found a number of nasty little files lurking.  Most of these were in the registry or in infected program files. This shows the value of having mulitple spyware libraries from which to run scans. Also, if you already have Spybot S&D or something similar, there is no reason to have duplicate tools.

The program does have a few more options open to you. You can restrict what is scanned and you can also add a contextual right-click option to scan individual files.

This second option is handy for anytime you have to download a file that you think is suspect. Most virus-scanners also have this capability, but this will check for malware as well.

Malwarebytes has two extra tools on board.  The first is a set of bug-reporters and false positive flaggers that will help make the network more efficient in hunting out spyware.

Also, there is a program for deleting locked files.  This can be handy when you need to delete a file that is either in use (which is generally unadvisable) or simply corrupted and difficult to delete by normal means.

Good luck managing your spyware and remember that having multiple programs installed is the best way to eliminate the need for frustrating repairs and reformattings.

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• SpywareBlaster Can Stop Spyware Before It Starts [Win] (7)
• Hitman Pro: Unleash 8 Anti-Spywares with a Single Click (Windows) (27)
• 3 Tools to Test Run your AntiVirus/Spyware Program (10)
• Spyware Terminator – Free Real-time Spyware Protection (19)
• Best Programs To Keep Your Computer Secure (27)

The basic premise behind Hitman Pro is that a single anti-spyware tool is often insufficient to detect the sheer variety of malicious code in the form of spyware and /or trojans. It is not an anti-spyware by itself but it downloads some of the popular anti-spyware scanning engines to scan your computer.

Therefore Hitman Pro is more of an umbrella for the rest of the scanning engines to work under. The scanning engines include names like – Prevx CSI Free, Trend Micro, Lavasoft Ad-Aware SE, Spybot Search&Destroy, Webroot SpySweeper, Ewido AntiSpyware, PC Tools Spyware Doctor and Sunbelt Counterspy. It also bundles in two trial anti-virus scanning engines (not real time protection) Trend Micro Sysclean and McAfee VirusScan.

The anti-spyware programs include trial versions of paid software like the Webroot SpySweeper and PC Tools Spyware Doctor. When the trial period is over, you will have to disable them or alternatively if you have the paid component then Hitman Pro recognizes and accepts them.

The interface gives the user control over which spyware engines to install and once the setup commences, the process is pretty much automatic. It’s as if the program switches on its auto-pilot. Each program is downloaded and installed in sequence along with the updates. The interface is vanilla simple and this obviously is a double-sided feature. The simple interface offers ease of understanding and use but it also takes away control over individual engines. The only option that’s available is to select the scanning engines.

Along with automatic scanning, Hitman Pro offers some extra features like a behavioral scan, browser protection and an expert mode.

The “behavioral scan” looks at suspicious registry entries and collates all orphaned links with related information. The users can then go over the results and remove the displayed files.

The “browser security” features (called ‘SurfRight’) allow for a safe surfing environment protected from trojan attacks.

The “expert mode” gives some control to the user to deal with the threats detected. The expert mode also retains a record of the earlier detections so that the user does not have to do a full scan again. At the end of it all, the program generates a single report file for your perusal.

After using the software for some time, I’ve discovered both its good and bad sides. Here’s a small rundown…

The good…

• An integrated all in one solution to take care of your ‘defense’ shield.
• It’s a great free solution for those who don’t like to be saddled with the individual complexities of an anti-spyware program.
• Simple basic control with a single click operation.
• Updates and patches are downloaded automatically.
• Uses the better known free anti-spyware software. Also has support for the paid ones.

The bad…

• Lack of individual control over the scanning engines.
• Multiple engines take up time and slows down the system. It’s best to run the engines when the system is idle. (An auto shutdown checkmark is a thoughtful help)
• As the individual engines bloat with repeated versions, downloads over slow connections could become a problem.

Hitman Pro’s appeal lies in its one-icon solution for multiple anti-spywares. Hitman Pro and its quiver of engines could just help us circle our wagons against the attack of the trojans.

Hitman Pro 2 (2.7.6.0) runs on Windows 2000, XP and Vista.

Note: As of date, Hitman Pro 3 is in beta phase and available for public download. However it offers a different flavored solution to its earlier version. It does not use third party software but relies on its own new sophisticated heuristic technique.

Why don’t you download it, give it a go and then let us know what you think of it? Did it manage to find extra spyware that was hiding in your computer?

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Stop & Delete Spyware With Malwarebytes [Windows] (29)
• SpywareBlaster Can Stop Spyware Before It Starts [Win] (7)
• 3 Tools to Test Run your AntiVirus/Spyware Program (10)
• Spyware Terminator – Free Real-time Spyware Protection (19)
• How To Get Rid Of A Trojan Horse Virus That Won’t Go Away (21)

Mark’s experience however brought to mind a number of spam email attacks that include false warnings, including death threats, in order to deceive the recipient into falling for a scam, a phishing attack or installing malware.

A spam campaign that was active towards the end of 2007, and still continues, comes in the form of an e-mail allegedly from a private investigator hired to investigate the recipient. This is a private investigator with a heart, it seems, since the email recipient is advised that their telephone is being monitored and that it will be revealed who planned this surveillance, in a follow-up e-mail.

As a sign of good faith by the private investigator, a password-protected compressed file is attached to the message that allegedly contains a recording of the victim’s telephone conversations. In reality however, this password-protected compressed file is designed to defeat anti-malware applications running on the victim’s computer.

The file actually contains malware in the form of a Trojan horse, Trojan.Peacomm.D, which most of us know as the “Storm” Trojan. This malware is designed to gather system information and email addresses from a compromised computer. As well, this Trojan can infect legitimate system drivers, and variants can insert components into legitimate processes such as ‘Explorer.exe’ and ‘Services.exe’. (For more info regarding what Windows system processes should, and should not be running on your Windows computer see ProcessLibrary.)

Cyber criminals, being what they are, have improved upon this scheme by developing a variant of this email scam – the Hitman email. These fear-provoking emails contain a threat that the recipient will be murdered by a hired hitman. Fortunately for the intended victim, there is a way out of this predicament however; if the recipient will agree to pay a substantial sum of money to the hitman the contract will be cancelled.

These hitman emails are not a new occurrence since they have been circulating on the internet since early 2007. These frightening emails seem to be aimed primarily at a select group of professional high earners, such as doctors, lawyers, and business owners; those who are most likely to be in a position to pay the large sums of money demanded in the email.

Although there are many variations of this email, here is one example:

Good Day,

I want you to read this message very crefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from,till i make out a space for us to see, i have being paid $50,000.00 in adbance to terminate you with some reasons listed to me by my employer,its one i believe you call a friend,i have followed you closely for one week and three days now and have seen that you are innocent of the accusation.

Do not contact the police or F.B.I or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do,beside this is the first time i turned out to be a betrayer in my job.

Now listen,i will arrange for us to see face to face but before that i need the amount of $80,000.00 and you will have nothing to be afraid of.I will be coming to see you in your office or home dtermine where you wish we meet,do not set any camera to cover us or set up any tape to record our conversation,my employer is in my control now,

You will need to pay $20,000.00 to the account i will provide for you, before we will set our first meeting,after you have make the first advance payment to the account,i will give you the tape that contains his request for me to terminate you, which will be enough evidence for you to take him to court(if you wish to), then the balance will be paid later.

You don’t need my phone contact for now till am assured you are ready to comply good.

Lucky You.

Like all email scams these emails, which contain many grammatical and spelling errors, are generally sent to a large number of people within the targeted group in the expectation (usually justified), that some will respond. Compounding the issue further, the cyber criminals may try to collect personal information from the victim in an attempt at identity theft.

Keeping in mind that email scams are sent out in bulk it’s reasonable to assume, if you should receive such an email, you are not in any danger of being murdered by a hired killer. Obviously the attempt at extortion is genuine, but the threat against your life is not.

Internet security experts always advise, if you receive unsolicited email messages, you should not reply or respond in any way, but instead simply delete the message from your inbox. In the case of this particular email scam, law enforcement officials repeat that advice; that you do NOT respond.

However, in the event you receive a threatening email that includes significant personal information that is specific to you, to ensure your safety, it would be prudent to report this to your local police department.

As an added precaution, if you believe you are the victim of a potential scam visit Scambusters.org a great site that will help keep you up to date on the latest scams circulating on the internet.

From the Scambusters.org web site:

Don’t Get Scammed!

Many scammers are very cunning, so being smart is NOT enough to protect yourself. Every day smart subscribers thank us saying they would have been scammed if they didn’t subscribe to ScamBusters. Don’t take a chance. Subscribe FREE to ScamBusters, a public service and the #1 publication on internet fraud.

(By) Bill Mullins is a Blogger who writes on Internet Security, System Tools, Free Software, and provides downloads links. Check out his Blog at Tech Thoughts

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Top 5 Current Email Scams You Should Know About (25)
• Online Resources To Battle Frauds, Urban Legends & Spam (9)
• How To Deal with Spam and Report Email Scams in The U.S. (5)
• Facebook Impostors – Tips For Your Profile To Stay Safe From Scammers (8)
• 2 Websites to Verify Urban Legends and Email Scams (6)

Currently my home system is running the following freeware: Zone Alarm (3′rd most popular firewall among MakeUseOf readers), WinPatrol (system monitor), Avira AntiVir Personal – Free Antivirus, ThreatFire 3 (blocks zero-day attacks heuristically), SnoopFree Privacy Shield (anti-keylogger) and Spyware Terminator (spyware protection/removal). This is my minimum safety configuration; depending on circumstances, in addition, I will also use Sandboxie (a free sand box application).

As you can see, Spyware Terminator is my current application of choice in the spyware protection/removal category. Having tested virtually all of the major anti-spyware apps over the last year or more, I’ve settled, for now, on Spyware Terminator.

A simple to use interface makes this program easy to setup, customize and run, for both less experienced and expert users alike.

Spyware Terminator provides strong active protection against known and unknown threats. If anything, I find it perhaps a little overly aggressive. On the other hand, better this than the alternative.

The program rates very highly in offering protection against spyware, adware, Trojans, key-loggers, home page hijackers and other malware threats. The scan behavior can be customized based on your level of experience; ranging from automatic interception for the less experienced user, to manual potential threat control for the more experienced user.

A definite plus is the program’s ability to schedule spyware scans on a daily or a weekly basis to ensure your computer’s continuing integrity. When set to download updates automatically, Spyware Terminator will check for, download and install new updates, keeping all files current with minimal user input. Optionally, you can choose to update manually.

Included with Spyware Terminator is Open Source ClamWin anti-virus, a reasonably effective anti-virus solution. My personal choice however has been to disengage this side of the package and to run Avira AntiVir Personal – Free Antivirus instead.

Quick Facts about Spyware Terminator

Real-time protection
Spyware removal
Automatic updates
Scheduled scans
On demand fast scan
On demand full scan
On demand customized scan
On Boot file remover
Context menu scan option
AntiVirus integration
Free support
Multilanguage support

System Requirements:

Windows 98/Me/2000/XP/Vista

As we all know however, there is no one anti-malware tool that is likely to identify and remove all of the millions of rogue malware that infest the cyber world. So to ensure maximum safety, if that’s even possible, it’s important to have layered defenses in the ongoing fight against malware.

An excellent choice, as a secondary line of defense, is Spyware Doctor Starter Edition from PC Tools. This free version of the award winning program, with its easy to use interface, is used by millions of people worldwide to protect their computers; it’s reported there are a million+ additional downloads every week.

File protection is the only real time protection that operates in the free version and unfortunately, this level of real-time protection is inadequate in the current internet environment.

I would not recommend then, that you use this free version of Spyware Doctor as a stand alone security application because it simply will not offer you adequate protection. Instead, use it only as an on-demand scanner.

(By) Bill Mullins is a Blogger who writes on Internet Security, System Tools, Free Software, and provides downloads links. Check out his Blog at Tech Thoughts

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• Rogue Software Lies – Hang Onto Your Money! (18)
• TrendMicro – Free Online Spyware Removal Tool (5)
• Stop & Delete Spyware With Malwarebytes [Windows] (29)
• SpywareBlaster Can Stop Spyware Before It Starts [Win] (7)
• RU Botted – Watches your System for bot-related Activities (13)

Anti-Virus

AVG Anti-Virus

AVG Anti-Virus – AVG has been around since 1991, and have been updating their program since then. This program as well is definetely one of the best anti-virus programs out there. (See MUO Poll on Best Antivirus Software). AVG has numerous features that most certainly assist in keeping your computer secure, including periodic scans, built in email scanner, the ability to heal some virus infected files, and a “virus vault” that holds virus’.

Mark previously wrote a review on the new AVG 2008 Antivirus here.

ThreatFire

ThreatFire – ThreatFire is an extremely sweet Anti-Virus application. It does not only do all of the things many Anti-Virus applications do, it also addresses problems differently. On a regular Anti-Virus application, numerous different steps need to be taken to find and destroy a threat, unlike ThreatFire which automatically detects threats and malicious behavior, and addresses them automatically in the background while keeping logs of this.

On their website it states that ThreatFire has 243% more protection then traditional Anti-Virus applications in tests and that ThreatFire has examined 17,836,589,477 programs for suspicious behavior!

Avira

Avira Anti-Virus – Avira AntiVir is one of the highest rated Anti-Virus applications out there.

It runs in the background checking for malicious behavior and runs occasional checks, while checking opened and closed files.

Anti-Spyware

Windows Defender

Windows Defender – Microsoft created Windows Defender which is an incredibly awesome Anti-Spyware application built into Windows Vista and is available for Windows XP and Windows Server 2003.

It includes many features that make it one of the best applications out there, including: Monitoring start up applications as well as system configuration and Internet Explorer, monitoring applications as they run, etc. Again, check out our poll what’s the best spyware removal.

Spybot Search and Destroy

Spybot Search and Destroy – This program has been around for a while now. I use it for many things as a general security suite as well.

Spybot removes Adware, Spyware, keyloggers, trojans, usage tracks, shreds malicious programs, the option to get back the programs that have been removed, etc.

Secure File Erasers

Eraser

Eraser – Eraser is one of the most used file removers. It can erase files and folders, password protected files, temporary files, internet cookies, paging files, internet cache, compressed files, etc. It adds an option to “Erase” something to the right click menu when you click on a file or folder.

You can check previous MakeUseOf review of Eraser here.

UltraShredder

UltraShredder – UltraShredder is another one of the most used secure file shredders. It overrides files with random characters, while saving it to the disk, and then removes the file without the recycle bin of course. Thus, if a file recovery service attempted to access the file, all they would find is random characters. See our earlier round-up on free file shredders here.

Keeping your computer fast

CCleaner

CCleaner – CCleaner is one of the most essential tools for keeping your computer fast. It takes up an extremely small amount of space and should be used often. The specific use of it is to remove and/or fix temporary internet files, cookies, other types of temporary files, fix the Registry, and fix applications.

It includes an extra start-up list to allow you to edit and an uninstall option to replace the standard Windows Uninstaller.

Defraggler

Defragger – This application is from the same company that created CCleaner. It is an incredibly awesome disk defragger that replaces the standard Windows Defraggler. Unlike many defragging applications, Defragger allows users to defrag a certain file or folder, and not an entire drive if you like.

The actual application is small, around 1 MB, and thus can be put on a flash drive. After it is done, Defragger creates a map of your hard drive showing the parts that were fragmented and how much space they take up, etc.

Defraggler is a great disk defragmenter, though some people may prefer something else, for other disk defragmenting tool check out earlier article on 5 Disk Defragmenter Programs to Defrag your PC.

Startup Control Panel

Startup Control Panel – Startup Control Panel is one of the most effective applications for speeding up your computer out there. It gives you a list of applications and other things that start on startup and allows you to remove those to speed up your computer start time.

Be sure not to uncheck your Anti-Spyware or Anti-Virus software, yet there are many things you can remove. It comes with the option to download the full program (59 kb) or a single executable (34 kb).

WinPatrol

WinPatrol – WinPatrol is another extremely helpful small program, that assists in not only speeding up your PC, but also keeping it secure. It runs in the background and monitors system changes to find added and taken away registry keys. Mark briefly covered it in an article last year.

Is there anything I have forgotten? Anything in the list you disagree with? Let us know in the comments!

(By) Will is a complete computer nerd and geek and currently works on his website at Advanced Tech Solutions and his blog at Online Free Tech Tips.

Did you like the post? Please do share your thoughts in the comments section!

New on Twitter ? Now you can follow MakeUseOf on Twitter too.

• The Cut Out and Keep Guide to Essential Software Programs (25)
• 10 Most Downloaded Free Security AND PC Care Programs (24)
• 3 Tools to Test Run your AntiVirus/Spyware Program (10)
• Top 8 Programs That Can Make Your Computer Run Faster (168)
• Stop & Delete Spyware With Malwarebytes [Windows] (29)