10 quick fixes for the worst security nightmares

You don't have to be a genius to avoid these common attacks; implementing a few simple fixes will help you avoid most of the bad stuff out there

Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites -- attacks against sites for Sony games and the Miami Dolphins are just two well-known examples. But new site-blocking features in the just-released Firefox 3 and Opera 9.5 browsers provide some shielding.

Both browsers expand on the previous version's antiphishing features to block known malware sites as well, whether they're hijacked pages on legitimate sites or sites that were specifically created by bad guys. Neither browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps.

Microsoft plans to add a similar feature to Internet Explorer 8, but this version won't be ready for prime time for a good while. For more on the browsers' improved security, see "New Browsers Fight the Malware Scourge."

Fix 4: Sidestep social engineering

The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn't mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defenses and lure you into opening a poisonous e-mail attachment or downloaded file. A targeted attack might even use your correct name and business title.

To fight back, turn to a simple but powerful tool: VirusTotal.com. You can easily upload any file (up to 10MB) to the site and have it scanned by a whopping 35 different antivirus engines, including ones from Kaspersky, McAfee, and Symantec. A report tells you what each engine thought about your file. While some (such as Prevx) are prone to false alerts, if you get multiple specific warnings that include the name of the particular threat, then you almost certainly want to delete the file.

A lack of warnings doesn't guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every e-mail attachment and download you're not 100 percent sure about, and you'll avoid insidious social engineering.

If using VirusTotal starts to become a habit (not a bad idea) and you want to make sending files for scanning to VirusTotal really easy, download the free VirusTotal Uploader. Once you've installed the utility, just right-click a file, and you'll see an option (under Send To) to upload it to the VirusTotal site.

Fix 5: Get the jump on fast-moving malware

Traditional, signature-based anti-virus software is getting snowed under by a blizzard of malware. Attackers try to evade detection by churning out more variants than security labs can analyze. So besides signatures, any anti-virus program worth its salt today uses proactive detection that doesn't require a full signature to spot sneaky malware.

One promising approach uses behavioral analysis to identify malicious software based solely on how it acts on your PC. But your anti-virus software by itself may not be enough. ThreatFire, a popular free download from PC Tools, adds such a layer of behavior-based protection. In recent tests, it correctly identified 90 percent of malware based on its behavior alone.

PC World's ThreatFire review provides a thorough analysis of the program and a quick download link (as well as a warning about installing too many security programs on one PC). And for more on behavioral analysis and proactive virus detection, see "When a Signature Isn't Enough."