What Hacker Suggests to Secure Yourself Online from Malwares

What Hacker Suggests to Secure Yourself Online from Malwares

While technological advances continue to ease our lives by transitioning our physical world jobs to the displays of our personal computers, maintaining the secrecy of our account credentials has always been an area of concern. Be it when we’re purchasing something on the internet using our plastic cards or logging into our bank accounts, it is always important to make sure that no one is snooping on our keystrokes by silently installing a malware.

According to an anonymous malware and botnet operator, securing ourselves from such attacks is no rocket science. In a discussion threadthat was opened by him on Reddit a while ago, he shared a few important, but simple tips for the average folk for keeping malwares at bay and securing our credentials while being online. Although the thread is about an year old, his tips are still relevant.

1. Change the Behavior of Plugins to Click-to-Play

One of the ways through which malwares can silently enter your computer are 0day loopholes in browser plugins.

0-what? A 0day or “zero-day” attack is the attack that occurs on “day zero” of awareness of a vulnerability in a plugin (Adobe flash player is the most commonly used one). Malwares exploit such vulnerabilities stealthily and pretty easily since antiviruses don’t have any previous knowledge about their behaviors. This makes it extremely tough to tackle them.

Such loopholes are generally closed within hours of awareness, but that short gap of time difference is enough for malware operators to infect thousands of computers using those plugins. The best option is to disable the auto-launching capability of browser plugins and allowing them to start only when you click on them.

To do so, open your browser and carry out the following steps:

Chrome

1. Open Settings
2. Scroll down and expand the “+ Show advanced settings” option
3. Choose Content Settings under Privacy options
4. Change the behavior of Plugins to Click to play

Firefox

1. Open the configurations page by typing “about:config” in the address bar
2. Search for: plugins.click_to_play
3. Next, right-click on the click-to-play preference and toggle its value to true.

There’s a video tutorial on How to activate Firefox plugin only when required in case you need further help.

OperaOpera users can enable this feature by turning on Opera Turbo.

1. Launch preferences by pressing Ctrl+F12
2. Navigate to the Advanced tabs
3. Choose Content from the left sidebar
4. Check the Enable plug-ins only on demand option

Safari
If Safari is the browser of your choice, then you can download and install the ClickToPlay plugin.

Internet ExplorerAs usual, enabling such a simple option in Internet Explorer is hardly straightforward and involves going through a lot of steps. Thankfully, Rich Menga of PCMech has compiled a step-by-step guide for doing enabling click-to-play.

2. Use GMER to Detect Rootkits on your Computer

GMER is a free utility that detects and removes rootkits by scanning your computer for hidden stuff. Download it here:

 GMER (369 KB), Windows only

Launching GMER will automatically start a short scan of processes currently running on your computer. After it is completed, perform a deep scan by selecting all your hard drives from the right sidebar.

A rootkit, if found, will be displayed in bold red. To remove it from your system, right-click on it and select Delete file. If that doesn’t work, read the Frequently Asked Question section on GMER’s official website.

3. Mobiles and Tablets are Safer than Desktops for Online Banking

In fact, they’re the safest.

The firmware architecture of mobile devices, unlike desktops, do not allow applications to access the hardware. Thus, designing a malware that intercepts your keystrokes, for instance, while entering your credit card information online, is completely impossible. This is why it’s recommended to carry out any online banking activity on your mobile or tablet.

One can argue that malwares do exist for Android, but the fact is that they are at most capable of spying on our contacts and location info or send SMSes to premium numbers. However, one can easily avoid such malwares by checking the permissions required by the app. If a moto-racing game is asking permissions for directly calling numbers, something’s fishy for sure.

4. Use On-Screen Keyboard Wherever Possible

This is the most important tip that will always keep you safe against malwares from logging your keystrokes, whether your computer is infected or not. Whenever you’re entering your bank account or credit/debit card details, use an on-screen keyboard for typing your credentials. This way, malwares will never be able to steal your credentials.

Windows XP: Start > All Programs > Accessories > Accessibility > On-Screen Keyboard.

Windows 7: Start > All Programs > Accessories > Ease of Access > On-Screen Keyboard.

Windows 8: Type On-Screen Keyboard in the Start screen.

Tip: Most of the Internet Security suites offer this feature. I use Bitdefender and it has a SafePay feature which detects Bank website and activates automatically to secure my transactions.

5. Look Out for Attachments Ending in .EXE or .PDF

Most of the email services do a good job of blocking suspicious attachments and warning the user about it. If you ever receive an email with an executable (.EXE) attachment from a suspicious sender, it’s better to avoid it.

Furthermore, attachments having a compressed folder (.ZIP, .RAR) can carry executable malwares inside them as well. In short, avoid attachments from unknown senders.

Same goes for PDF attachments as well, which is the most popular format for sharing documents on the internet given that the Adobe Acrobat Reader plugin is installed in your browser. For safely viewing PDF documents from untrusted, Gmail users can choose the ‘View on web’ option.

6. Stay Away from Fake Advertisements

Ever came across advertisements announcing you as the winner of a huge Nigerian lottery? Or the 9,99,999th visitor of some website? Stay away from them even if they’re offering you free smileys, which will silently install spam wares as well possible malwares on your computer.

This list ends here. Stay safe!