UPDATE - 06/03/2005: This article was originally posted on June 25, 2004. In nearly a year the landscape hasn't changed much other than the volume of malware increasing. I've updated this post to include the beta release of Microsoft's AntiSpyware utility. Other than that, the advice of a year ago still applies today.

If you are running a Windows operating system and are connected to the Internet, you are at risk of being infected by one of the many viruses, worms, adware and trojan horses (collectively referred to as malware) that target Windows. Some of you reading this are likely already infected. The purpose of this article is to tell you how you can determine if you are infected, how to remove the malware, and how to prevent being infected. This applies to home users only. Corporate users should always follow the security policy of their company.

Detecting Viruses, Worms, Adware, and Trojans

To determine if your computer may be infected with one of these types of malware, you should run the following pieces of software:

• A good antivirus program. This will detect viruses and most trojans, worms, and adware.
• AdAware. This will detect most adware, some of which may not be detected by your antivirus program.
• Spybot Search and Destroy. Another adware and spyware detector.
  
• Microsoft AntiSpyware Beta. Yet another adware and spyware detector. All of these should be run to provide more complete detection and removal.
  

Your antivirus program should be set to always be active and to automatically download updated virus definitions regularly (daily or weekly). You should update the AdAware and Spybot software before each use and run them at least once a week.

When running AdAware and Spybot, keep in mind that it will list web site cookies that are used for tracking web site advertisements. These aren't malware but are presented so you can remove them if you don't want advertising web sites to track the ads served to your computer.

Removing Malware

If your computer has been infected by malware, your best course of action is to reformat your hard drive and reload your operating system. This is the only way to ensure all malware is removed. If this is not possible, you should do the following:

• Reconsider formatting your hard drive and reloading your operating system. Seriously, this is the only way to know for sure you have removed all the malware. Since some malware contains software like key loggers which log all the keys pressed on your keyboard (thus intercepting usernames, passwords, and credit card numbers), you want to make sure you completely remove it.
• If you are infected by a virus, worm or trojan, your antivirus software may be able to remove the virus for you. Or, you may have to visit your antivirus software vendor's web site to download a separate removal tool specific to the virus.
• If you are infected by adware, AdAware and Spybot should be able to remove it for you. Or, they may provide links to web sites with more information on how to remove it.

After you have removed the malware, run your antivirus program, AdAware, and Spybot again.

Preventing Infection

To prevent being infected by malware, you need to practice defense in depth. This is a common security practice which boils down to: don't put all your eggs in one basket. It is much harder for malware to make its way through multiple levels of security than it is one level. Here's what you'll need to do:

• Keep your Windows patches current. Go to http://windowsupdate.microsoft.com/ to update your operating system. If you use any Microsoft Office software, go to http://officeupdate.microsoft.com/ to update it. Activate Automatic Updates and set it to automatically download and install security updates. Subscribe to the Microsoft Security Notification Service to be emailed whenever a security update is released. If you use an RSS/feed reader, you can get an RSS feed of the security bulletins.
• Use a firewall. This can be a software based firewall (also called a personal firewall), or a hardware based firewall. A cable modem or wireless router does not count. While these provide very basic firewall functions and some contain more advanced functions, they are not a replacement for a good, updated software firewall.
• Run antivirus software. This should be software that runs at Windows startup and actively scans for viruses, worms, and trojans. It should allow you to schedule automatic virus definition updates as well as full system scans.
• Use Mozilla Firefox instead of Internet Explorer for web browsing. Firefox is much safer than Internet Explorer since it doesn't load ActiveX controls and doesn't use the special file handlers and security zones that most Internet Explorer vulnerabilities use. It also has nice features like popup blocking and tabbed browsing, with many more extensions available. Give it a try--you'll like it.
• Use Mozilla Thunderbird instead of Outlook Express for email. Thunderbird is much safer than Outlook Express since it doesn't use Internet Explorer to render HTML content and HTML content rendering can easily be either turned off or set to view safe HTML.

Conclusion

It is possible to use Windows safely and prevent infection from malware but it takes some work. This work will pay off in the long run. One virus infection that corrupts your hard drive, one worm that sends spam from your computer and gets your Internet connection suspended, or one virus which installs a key logger that steals your usernames, passwords, and credit card numbers makes all that hard work worth it.