Hi,
I am a member of a number of forums and a moderator of one particular favourite forum of mine (apart from this one) has just posted a message:

"A few days ago, I went to a popular forum and checked out a post I found interesting. In that post was a link...

...that automatically tried to download a Trojan Horse onto my computer!

Since then, I've seen this type of post on 2 other forums, and I just deleted a post here on our Forum with a link that tried to do the same thing.

If this becomes a trend (and it's looking like it to me) it could cause major problems for those who do not fully understand the implications.

http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

Read the information at the wikipedia link above and also do some searches on the web to educate yourself on their destructiveness. For example, a snippet pulled from the above article explaining what Trojans are capable of:

# logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).

# phish for bank or other account details, which can be used for criminal activities.

# installing a backdoor on a computer system.

What can you do to lessen the chances of this happening to you??

* Don't click cloaked links put up by new members, or at least hover over them with your mouse first and look at what web address it's leading to.

* Never click a link to anything with a .exe extension unless you know and trust the person who put up the link.

* Always make sure you have up to date firewalls, virus scanners and adware/malware systems in place on your machines.

and whatever the heck else you can think of.

Anyone who's an expert on this type of thing, I'd like to ask that you please add to this thread any proven techniques you know of or use to guard yourselves against Trojans and other scumware."


I wonder if anyone here might add anything to this - what can people do to protect against this new spread of targeted trojans? What are the precautions? Safety measures?

Thanks for reading, all answers gratefully received.

you could run your account as a limited account hence preventing this malicious code or .exe files from being able to execute and install because of lack of rights.

or if you need or just have to click on suspicious links and you run with full admin rights then you could use a sandbox, or vmplayer for web browsing to further protect yourself. read this article from Pcworld called disarm net threats:

http://www.pcworld.com/article/id,126832/article.html

you could run your account as a limited account hence preventing this malicious code or .exe files from being able to execute and install because of lack of rights.

or if you need or just have to click on suspicious links and you run with full admin rights then you could use a sandbox, or vmplayer for web browsing to further protect yourself. read this article from Pcworld called disarm net threats:

http://www.pcworld.com/article/id,126832/article.html

Hi, thanks for your post - and for responding so quickly.

I found that an interesting read - when you say run your account as a limited account do you mean to say that if I create a second user account (non-admin) on my computer that I should use that one to surf with but then go into my other account (admin) to do any secure stuff ?

Could you expalin what a 'sandbox or vmplayer' is please? Thsi si new to me.

Thanks again - I'll go and read that article now.

best computing practices suggest that you only use an account with administrative privileges to do administrative tasks/maintenance on your pc. all other activities (web browsing, email, word processing, daily tasks) should be done using a (LUA) Limited User Account and use the "Run As" option when you need to do a single administrative function while still running in a LUA. The problem with running it as a LUA is sometimes you might run into programs that dont run under a LUA account although that is changing. or that you try to do something and you are denied because of the limited rights ie: you cant change the clock time running in a LUA, so people get frustrated and go back to running under administrative privileges, which is where the sandbox and vmplayer or using Microsoft virtual pc which is a free download or a vmware to run an OS in a virtual environment comes in. that way when you browse the web or email you do in a controlled & isolated environment so even if the virtual pc gets infected, you can either delete it and install a new virtual OS or use a feature called snapshot which is on vmware. snapshot allows to create an image so you can mess around with features, settings and options, or if you want to browse the net and be naughty you can, then when your done you just choose the option to revert to previous snapshot, and everything is restored back to the original settings when you first installed it. very handy, which is why i use vmware all the time.

read the article it will explain what a sandbox and vmplayer are all about.

Thanks again OB1 - your posts have been extremely helpful.

Best regards.

best computing practices suggest that you only use an account with administrative privileges to do administrative tasks/maintenance on your pc. all other activities (web browsing, email, word processing, daily tasks) should be done using a (LUA) Limited User Account and use the "Run As" option when you need to do a single administrative function while still running in a LUA. The problem with running it as a LUA is sometimes you might run into programs that dont run under a LUA account although that is changing. or that you try to do something and you are denied because of the limited rights ie: you cant change the clock time running in a LUA, so people get frustrated and go back to running under administrative privileges
Not real practical. Even Microsoft makes their users local admins so the system must be flawed. A lot of software plain refuses to run unless you are a local admin. I would never advise anyone to run as a less than admin user unless there was an admin available to take care of them.

i agree the system is flawed at least in M$ case.

thats why i added the pcworld link for disarming net threats, to provide alternatives to safer browsing while still running as a local admin. every little bit helps, especially for people who dont pay attention and just click on anything and everything so to speak whether from an email or while browsing the net.