10 quick fixes for the worst security nightmares

The program also gives you links to the software vendor's site as well as Secunia's full report about the vulnerability on your system. You can choose to block future warnings about a particular program (but you should, of course, be careful before doing so).

Secunia PSI isn't perfect, and doesn't always make it easy to update unsafe program components. But for most apps it provides a quick -- and very important -- fix.

Fix 3: Let the latest browsers fight for you

The most insidious hijacked Web pages are nearly impossible to spot. Tiny snippets of inserted code that don't display on the page can nevertheless launch devastating behind-the-scenes attacks.

Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites -- attacks against sites for Sony games and the Miami Dolphins are just two well-known examples. But new site-blocking features in the just-released Firefox 3 and Opera 9.5 browsers provide some shielding.

Both browsers expand on the previous version's antiphishing features to block known malware sites as well, whether they're hijacked pages on legitimate sites or sites that were specifically created by bad guys. Neither browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps.

Microsoft plans to add a similar feature to Internet Explorer 8, but this version won't be ready for prime time for a good while. For more on the browsers' improved security, see "New Browsers Fight the Malware Scourge."

Fix 4: Sidestep social engineering

The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn't mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defenses and lure you into opening a poisonous e-mail attachment or downloaded file. A targeted attack might even use your correct name and business title.

To fight back, turn to a simple but powerful tool: VirusTotal.com. You can easily upload any file (up to 10MB) to the site and have it scanned by a whopping 35 different antivirus engines, including ones from Kaspersky, McAfee and Symantec. A report tells you what each engine thought about your file. While some (such as Prevx) are prone to false alerts, if you get multiple specific warnings that include the name of the particular threat, then you almost certainly want to delete the file.

A lack of warnings doesn't guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every e-mail attachment and download you're not 100% sure about, and you'll avoid insidious social engineering.

Reprinted with permission from

For more PC news, visit PCWorld.com.
Story copyright 2009 PC World Communications. All rights reserved.