There are a number of things one can do to improve their computer's security. Not one single method protects against everything there is. But combining multiple things will help against most. One thing people do need to know is that having in-depth security on their computer on various levels will make that it won't be a single point of failure to block viruses or malware. And about that, an anti-virus program is a whole different thing then a anti-malware program due to the differences in their definition. Most free anti-virus programs do not protect versus malware, and vice verse. The advantage between anti-virus programs is that these companies have a overall "platform" organization where they exchange newly found specimen among each-other. This is however NOT the case for the anti-malware companies, for Symantec marked anti-malware software of competitors as malware and the newly set up platform didn't act against it. That platform is now sort-of dead, and this created the need to have (a good) Anti-Virus and at least 2 or 3 anti-malware programs installed, for they mostly do not communicate all the new stuff around and let everybody work on solutions. Of all the below security measures only the anti-virus and anti-malware programs are "active" as in requiring system resources of your computer. ============================================== OpenDNS, https://www.opendns.com/ Explanation: OpenDNS is a DNS service which can be managed by its users. DNS is a service which converts the human readable name "http://steamrep.com" to a IP address that the computer can understand and then the browser or other program can access a server to get content from it. This solution will only improve your internet experience for it will block things you selected, without that it puts a load on your computer. Basic steps: Create a account on the site. Go to the dashboard (when logged in): https://dashboard.opendns.com/ Go to the tab "Settings" and block at least "Parked Domains", "Adware", "Web Spam" Install the OpenDNS Updater: https://dashboard.opendns.com/support/ and configure it with your login credentials of OpenDNS. Configure your network to use OpenDNS: https://support.opendns.com/entries/38001040-Windows-7 ============================================== MVPS Hosts, http://winhelp2002.mvps.org/hosts.htm Explanation: MVPS Hosts is a hosts file to block known malware, advertizing, and other domains having less then good intents with you. Read the above linked page for a full explanation. Use Hostsman to automatically update it. (it is linked on the bottom of the MVPS Hosts page. This solution will only improve your internet experience for it will block things you selected, without that it puts a load on your computer. Basic Steps: Disable DNS Client service. (vulnerable service redirecting to wrong server(s) if you ever get infected) Open Start, click "ok" after typing in the search box: services.msc Search for "DNS Client" in the list and double click it. Set "Startup type" to "Disabled" Click the "Stop" button. Click "OK" and close the Services window. Install Hostsman (program to automatically update the MVPS Hosts file, which gets updated about twice a month) Go to http://www.abelhadigital.com/hostsman and download the latest "Installer Version". Go to the download and extract the .zip file. Install the program (create "Desktop Icon" for ease of access). Start the program. Configure it: Click the "Run Hostsman as Administrator" button on the bottom if you have UAC enabled. It will restart the program. Click the "Select Sources..." button. Don't go crazy, only select "MVPS Hosts" not the others, those are a bit overzealous (understatement). The only one I'd also consider is the "Malware Domain List" one. Click "close" to close that dialog. On bottom right, click "Options" Set the following options: System, Automatically run on Windows Startup: All Users Import, tick the box for "Replace IP", and leave it with replacing 0.0.0.0 to 127.0.0.1 Updater, untick the box "Ask for confirmation when new updates are available" Updater, tick the box for "Automatically check and download new hosts file updates" Updater, change "Default Action" to "Replace Hosts File" Click "OK" Click the button "Check for updates" ============================================== Web of Trust, http://www.mywot.com This is basically a "vote by member" system of trusting websites or not. It displays in your browser as a icon next to your URL bar and tells you about its "trust" rating by color and if that trust is rated low, why its "bad" if you click it. I personally don't like it, for I rather research myself (see replies below). But not everybody is so aware and researching everything they encounter. For normal users this can work as first warning... Be warned tho, it can be fooled. SteamRep has had for a long time a "bad rating" on their system, for hijackers and phishers had used bots or whatnot to rate us bad. We had like 10-15 topics regarding this in early 2012. ============================================== Anti-Virus Program Explanation: Have an actual anti-virus solution installed on your computer. But anyways, I recommend: Eset Smart Security (paid) (works great with gaming, it is very low on using CPU and disk access. Avast (Free) Kaspersky Bitdefender To check which would be good for you, I'd recommend to look around on the test results on anti-virus applications here: http://www.av-comparatives.org/ A couple to avoid are: Microsoft Security Essentials (its not a antivirus, never was, too many people think it is) Avira (seen it bypassed too many times by malware, it is simply not defending itself against them) McAfee (nice for corporate environments with other measurements in place, not for use at home) Once you selected one, a free one or a paid one, install it and keep it updated. To people without and convinced they will not get infected I will say: how did you check? And once you got hijacked, you can't complain. Most anti-virus programs have a "game mode" nowadays to be non-intrusive. ============================================== Browser Explanation: Use a different browser then Internet Explorer. While Firefox is maybe lacking in the UI at the moment, it is still a very secure browser. So is Google Chrome. Download Firefox: https://www.mozilla.org/en-US/firefox/all/ Download Chrome: https://www.google.com/chrome/ A few security improving plugins for Firefox: AdBlockPlus: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ AdBlock Plus Element Hiding Helper: https://addons.mozilla.org/en-US/firefox/addon/elemhidehelper/ Ghostery: https://www.ghostery.com/en/ Google-Yandex search link fix: https://addons.mozilla.org/en-US/firefox/addon/google-search-link-fix/ (needed if you have MVPS Hosts and/or NoScript enabled, otherwise its at least saving you at least a second) NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript/ (is the hardest to use for casual users) General Firefox security tips (although a bit old now): http://www.insanitybit.com/2012/06/02/the-definitive-guide-for-securing-firefox/ As I'm a Firefox only user, and don't use Internet Explorer, Chrome and any of the others, I'm not familiar with counterparts for those plugins for those browsers. Some will have direct counterparts, others not. ============================================== SpywareBlaster, http://www.brightfort.com/ Explanation: This is basically a program that will change settings in your browser to protect it from various bad sites, and their browser plugins. The "Home" version is free, and requires manual updating. After updating you will have to apply it to your browser(s). It is a pretty simple program, so I'm sure you will get the idea. Read more: http://www.brightfort.com/spywareblaster.html ============================================== SpyBot S&D, http://www.safer-networking.org/ Explanation: SpyBot S&D free is useful as a Malware Scanner and has a Immunizer functionality (similar to SpywareBlaster, I use it to complement each to get a completer blocking). Install it, update and run the optimizer. Scan your computer like once a month with it for malware. I'm not familiar with their Anti-virus offering, and as they do not appear on av-comparatives.org yet, I'd not use them for anti-virus, for them being new in that category. The program is pretty big in features, explore and find out yourself. ============================================== SuperAntiSpyware, http://www.superantispyware.com/ Explanation: I use this one often as a extra scan option to scan the computer for malware. No single anti-malware program finds all, and best is to use 2 or 3 different scanners to scan your system fully. I've had good results with this. ============================================== Malwarebytes Anti-Malware & Anti-Exploit Free, https://www.malwarebytes.org/ These 2 are much used free anti malware tools. No single anti-malware program finds all, and best is to use 2 or 3 different scanners to scan your system fully. I've had good results with these. ============================================== JAVA. If you do not absolutely need it, please uninstall it. Every once in a while I do need it, I have to download the latest again and use it, and after I uninstall it again. Their update policy is so bad that 0-days aren't 0-days but 0-quarters (as in 3-montly before it is maybe fixed). Yes, it is a popular programming language. It is also one that is abused a LOT, for it has a load of loopholes that can directly access your system through your browser. Some of the readers won't be able to avoid to have Java installed, some suggestions: Turn off Java in your main browser (often there are options to turn it off within it, or ask permission to run it) and dedicate a different browser for those Java-requiring websites you really need it for. Do that in a browser you really dislike (I use Internet Explorer for it when I need Java). Some browsers can allow different profiles, which you then can set up to use 1 profile normally with Java disabled, and the other to have it enabled, but only to be used for your really needed sites that only work with Java: Firefox: https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles & Chrome: https://support.google.com/chrome/answer/2364824?hl=en Opera** and MS's Internet Explorer seem not to have this feature (outside creating another user in windows and use the browser as that user...). ** don't hang me on Opera, what I found was gone (see linked within the article here: http://www.howtogeek.com/139705/how-to-use-multiple-browser-profiles-in-any-browser/ ) ============================================== RAT (Remote Administration Tool) There is often talk about RAT's used by hijackers/phishers to gain control over your computer. They often use a executable that isn't detected by various anti-virus or anti-malware tools because as soon as those get detected, they change the source code and recompile it into a new version that isn't detected. As the attack vector by them vary a lot by how they gain access, hide themselves and often aren't detected by the various tools above, these are hard to remove once they gained access to your system, some of these even remove themselves after doing their work (trading your items to their mule account, gaining passwords of email addresses to be able to "confirm" the trade, etc.) for they have what they wanted from you, and want to prevent that their tool(s) get detected etc. The only advice I can give you, is to use below mentioned resources, which often utilize a program named "ComboFix", this is a scanning and report program, they read those reports and those experienced security people on the various forums are more knowledgeable in this then I can convey in a simple topic. As I don't specialize in this, I wouldn't be able to help people with this either. I just know my way around, and am quite suspicious of any "new" program, esp if it comes from someone else instead of finding it yourself online (and yes, most of those RAT's are hosted on a fake website, some even have fake mumble sites copied fully to make you believe, but only if you then google it, you find that its actually mumble.info or mumble.com, not mumble[xxxx][dot][xxx] and especially not a "beta" of it. Popular RAT attacks: "screenshot": Telling the user some "outragious" thing, like "Look what they said about you here", or whatever scheme to get you to click a link with a ".scr" extension. filename.scr is just another executable. The .SCR stands for "Script", see http://filext.com/file-extension/SCR), and a related read about it https://blog.malwarebytes.org/fraud-scam/2014/11/rogue-scr-file-links-circulating-in-steam-chat/ If your BROWSER cannot display it, don't download it, for its not a "image" that you want. Tell them to reupload it to imgur or any other (known) image hosting site so it can be viewed online. A variation to this is when they give you this via a ZIP or RAR file, and then you extract it. Mumble: Telling user that the server is a "new beta" version of mumble, requiring a beta version of mumble. This just foregoes the principle that new beta server versions of Mumble are fully compatible with older version clients. TeamSpeak: Telling user to connect to a TeamSpeak server, and a "Error" pops up saying either about a wrong codec "needed" for this server, or a newer version of TeamSpeak, conveniently linking the malware directly for download. This abuses a little known feature of TeamSpeak: The server can push to the client a dialog box with custom text and links etc. The real update and/or notification from TeamSpeak will always be in the status bar (bottom bar of the window), never a pop-up. "Anti-cheat" program required by the CS:GO server: Basically inviting people to a "match" on their "server", telling them they need to install some program from a (fake) website to be able to connect with their game. There is no server on that IP, hence the game tells you it cannot connect. The executable they want you to install.... Well, if you read above... you recognize a pattern: - Someone contacts you and makes up SOME reason to give you a link or connect to something. - You have to click the link, and either its a site where their malware is located, or a direct download. - Your computer gets hijacked.... So, don't click/download stuff others linked you, and if you do, make damn sure, for it can be a costly mistake if your Steam Items are worth in the 1000's. ============================================== Conclusion: The above all combined will keep you pretty secure as long as you keep involved to keep yourself secure. For instance the Firefox NoScript plugin is for advanced users, that keep track what sites they want to give permission to run scripts in their browser (normally everybody). There is no way to be safe 100%. A new 0-day vulnerability will get through (although NoScript will give them a hard time if you have that, and are sensible with it). Also, if you get linked something, do not download it. Search for it on your own merits via Google, or heaven forbid Bing. If you cannot find their "version" via your search, that should give you a clue that they cannot be trusted. If they want you to review images or w/e, tell them to host them on Imgur or other image hosting site, or email it to your email address (use a spam-address, see: http://forums.steamrep.com/threads/general-e-mail-security-considerations.17308/ ) The better mail providers have pretty good virus/malware scanners in place to protect their users. Resources you might like to check out if you get infected anyways: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ http://www.spywareinfoforum.com/ http://spywarehammer.com/ http://forums.whatthetech.com/ http://www.techie7.com/ http://www.malwareremoval.com/forum/ http://www.spywarewarrior.com/index.php And many more. You can find a bunch of these and more in different languages on 3/4th of this page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Now, do not run combofix unless instructed to by such site. It is too advanced and may cause problems. I do however have 1 general advice when you do get infected with malware: With more then 5 to 10 infections found by your anti-malware software (and no, I do not mean "bad cookies") you should start considering to reinstall your computer with windows to get rid of all the crap it left behind. Malware will negatively change your computer systems security settings and put in measures to get itself re-installed again. The more you find on your computer, the higher the chance on this, and the more problematic it becomes. I've seen computers infected literally with hundreds of pieces of malware, spyware and/or viruses. After cleaning they came back, either after a reboot or after a while with scheduled tasks to re-install themselves, and then install other one "helper" programs. It becomes then way too hard to get the computer cleaned, for they where spending months on how to hide their tracks, and you just come around looking to find it. Better then to get it all down the bin, and restart with a clean installment of windows and security measures. In that way, prevention is better than curing it.