A new threat that comes under the guise of a genuine antivirus program has become increasingly prevalent over the past year. Offering to locate and remove malware from your PC, this rogue will actually install a Trojan on your unsuspecting system. The process is usually initiated when you click a link for what you believe is valid security software or its vendor’s site. (Update: Microsoft removes 1m fake antivirus apps)
Such has been the success of these scams that several of the fake programs have become infamous. WinAntiSpyware, Antivirus 2008 (recently updated to 2009), Antispyware Pro XP and AntiVirus Lab 2009 are all suspect – and no doubt others will soon emulate them.
With similar tactics having been previously used to perpetrate fraud such as phishing, the scammers have latched on to a very effective way to play on people’s existing security fears.
In the following workshop, we’ll show you how to protect your PC from rogue antivirus programs. Should a fake antivirus program break through your defences, however, visit our tutorial for information on removing it from your system.
1. Start off by setting your browser security to the highest level. In Internet Explorer (IE), go to Tools, Internet Options and click the Security tab. In Firefox, go to Tools, Options. Now tick the boxes for various security options, such as receiving a warning if a site is fake.
2. Fake antivirus software is particularly dangerous because it can mask its own behaviour – installing malware when you click the cross to close the dialog box, for example. Using the pop-up blockers built into IE and Firefox minimises your exposure. The Google Toolbar can also prevent windows opening on sites.
3. Regularly creating restore points can help you get your PC back on its feet after a malware infection. In Vista, go to the Backup and Restore Center in the Control Panel and click ‘Create a restore point’. XP users should go to Control Panel, Performance and Maintenance, System Restore.
4. Restore points can be used to return your system to an earlier, hopefully more stable, state. In Vista, go to Start, Run and type rstrui. Select a restore point from the dialog box that appears, then restart your PC as normal. The process in Windows XP is very similar.