Best prevention needs to start from a clean state but can apply protection to an existing system.   However, protection is no good if you’re already infected without first getting rid of the infection.  We will address both scenarios.

Here are your two lines of defense regardless of starting from clean or not you must have minimally:

  1. Firewall- This is applicable from router and operating system.
  2. Malware ProtectionThis applies to the operating system.

 

Firewall:

A firewall is a virtual wall that is suppose to block unwanted probing of your network and/or machine.   In a computer network there are things called ports.  Much like a real port on city piers, on a computer there is over 65,000 ports of which most 99% of them are accessible.   Some of these ports are used to control some of the deepest levels of your computer and you certainly want to block those specific ports from access both internally within your machine as well as outside as in outside of your home.

Getting webpages uses a port and that port is #80 as an example but other ports like xxx are for private system level communication that no outside or even inside your own machine should have access to.  And this is what firewall mostly tries to prevent.  

There are two line of defensive firewalls for a home user.  The first is your router and the second is the operating system.

First, your router’s firewall: Most routers will have some level of protection to block outside intrusion.  It may look like this:

{snap of router firewall}

Generally you don’t have to do anything.  The default settings on your router is actually good enough if not the best you can do on it.

Second, your operating system’s firewall:

 

At a minimum your Windows 7 firewall settings should look like the above.

 

Malware Protection:

This application gets applied after you’ve installed the operating
system.  Best done when applied immediately after a fresh operating
system install but can be applied after.

Like the firewall it also blocks ports and malicious rogue applications
but does more.  Malware protection not only blocks but watches every
event that happens on your machine then with some hetaeristic factors
including a list of malware definition it gets periodically from the company
will try to stop it.  Unfortunately not always successful but more
often than not it is.   It will try to do several things:

1. Make a determination what the application is trying to do.
2. If deemed malicious or questionable it will quarantine it and ask for
your accept/reject.
3. If you deem it as safe then it will make a note of it and submit that to
the mothership so others can know.
4. If you reject it as something questionable then it will be either
quarantined or deleted and also submitted back to the mothership for log.

It’s imperative that you have access to the web so that you can get the latest malware definition from the company offering the protection.  If you don’t then you are in danger of any new infections that arises from that point forward.  Although old malware still lurks most of the harmful ones are the new ones thus being imperative you have the latest malware definition.

 

 

 

How to apply protection onto an already running a system.   The basic steps described at high level are:

  1. Backup personal files not apps.
  2. Make full backup of your system.
  3. Restore from your Restore CD or partition to put the machine back into
    the original state as you got it.
  4. Once restored and your Operating System fully updated with the latest
    patches and updates.
  5. Now is the time to install your protection.

G

We can apply the above two lines of defense to either of the starting points::

  1. Complete wipe and
    clean of the system making for 99.9% certainty of no infection.
  2. Apply protection to an
    existing system but a chance of malware escaping detected.

 

How to apply protection onto an already running a system:

The basic steps described at high level are:

  1. Backup personal files not apps.
  2. Make full backup of your system.
  3. Scan your system.
  4. Apply protection.

Generally speaking having multiple protection from multiple companies or even from the same company can be a burden to your machine or worse run into each other trying to protect.     Kinda like applying wax on your
car after you’ve already applied a layer of wax.