There are various security measures you can take in order to protect your endpoint, some might be heavy on the machine and not necessarily that helpful, for instance, the traditional antivirus is only 20-40% effective, according to CheckPoint’s blog post from last year.
Nevertheless, we do advise having some sort of security on your endpoint just in case something still manages to sneak by, but is it enough? Probably not!
Did you know that you can improve your computer’s security rather easily without installing extra security software? Here is how:
Let’s start with the easiest thing you can do, copy WordPad’s executable (write.exe) from the Windows directory, name the files “malware.exe” & “sample.exe” and place them on the OS drive.
It will look something like that:
The reason we do this is to make malware think it’s in a test environment.
Next, you will be able to use built-in Windows tools running in the background in order to fool some malware into thinking it’s being investigated.
The simplest tool, command line, most commonly used for running commands like pinging IPs, checking configurations and more…
Task Manager, this tool shows information on current processes in the system, the machine performance, list of services running and more.
Last but not least in the built-in tools is the System Configuration (or better known as msconfig)
Here you can also look at the startup applications on the machine and make sure that everything is in order!
The next tools are heavier than the previous ones but well worth knowing as they give you the ability to check applications without fearing the worst, while they are installed they also deter malware by adding entries to the system that gives the impression the system is virtual (which malware try to avoid).
VMWare Workstation Player: by definition this software (or similar) is giving you a second OS on your machine and enables you a safer place to try things, just make sure you know how to properly use it (more info can be found in the documentation here)
VirtualBox: a free tool similar to VMWare’s workstation play
Sandboxie (or similar): this is an isolated environment on the machine that enables testing applications for malicious activities.
Although it is considered as a security software; its mere presence helps in your protection since it’s a common tool used to catch malware in the act.
Our last tools set are designed to get advanced information from Windows by SysInternals, but not just that! they’re also very helpful in deterring various malware while the tools run (even in the background), these tools are often used by malware researchers in order to get details on a malware and understand what it did to the OS (of course they also use more advanced tools to understand it underneath the surface).
And the plus side, these tools are free of charge and very handy for other stuff as well.
Process Explorer, this tool is similar to the built-in Task manager only much better and more informative.
Process Monitor, this tool has the same basic functionalities and a lot in common with Process Explorer but the monitor is used more as a real-time troubleshooting tool (Also it’s a combination of the old FileMon and RegMon that were used as part of the SysInternals tools)
AutoRuns, this tool will show what is automatically loaded on the machine startup and also a lot of information in the machine like services, drivers, DLLs and more…
TCPView, this tool helps see network traffic (TCP and UDP) including local and remote connections.
We hope this will help you improve your security just enough to avoid possible malware, we also have great tips on how to keep safe online from earlier this year here.
From all of us @ Deceptive Bytes
Happy Holidays!
