The worst type of malware that can affect a Windows PC is that of programs that take your computer hostage and prevent normal use if you don't pay a ransom. In that case there is no antivirus that takes because their installation takes place in the background following the user's approval, misled with an email or with a button on a website that had an honest appearance.
We have talked about this type of software in several articles, explaining how to remove the virus programs that take the pc hostage .
The most famous of these malware is Cryptolocker and its variants like CTB Locker, which makes certain files on the computer inaccessible and requires the user to pay to get the key to eliminate the encryption.
We also talked about this in the article on how to recover files blocked by Cryptolocker and similar malware without paying the ransom.
To prevent this kind of infections, in addition to the updated antivirus and a good dose of attention when opening mails or websites, you can make a change to the Windows system so as to be able to prevent any installation or execution of unauthorized programs, from areas protected Windows system, from where, in theory, no external software should start.
First of all, those who recommend today to disable UAC protection of Windows 7 and 8, are unconscious.
As already explained in a specific guide on how User Account Control in Windows (UAC) works, it should never be disabled because it is an effective barrier against the installation or execution of unauthorized programs.
On Vista this control was annoying so the guides to disable it were wasted, while on Windows 7 and Windows 8 it is nothing more than a warning to authorize the installation of a new program, things that you don't do every day and that, therefore, it must be maintained.
To block the execution of programs, executable files and software from protected and hidden Windows locations, where only a virus could go to hide, you must open the local group policy editor instead.
We have seen in the past, in this regard, the general guide on how to use the local Group Policy editor of Windows which unfortunately is not present in the Premium and Home versions.
To open the editor go to the Run box (pressing the Windows-R keys together) and run the gpedit.msc command.
From the left tree, expand the following folders: Computer configuration -> Windows settings -> Security settings .
Then click on the Software Restrictions Policy folder which should be empty.
Keep it selected, press the Action button at the top and add a new software restriction policy .
You will now see some folders on the right side.
Open the one of the additional rules, right click on the blank, always in the right section of the window, and add a new path rule .
The rule must have as a path:
% AppData% \ *. Exe
Security level: Not allowed
description: appdata protection
Then add another with path % LocalAppData% \ *. Exe (on Windows XP the path is % UserProfile% \ Local Settings \ *. Exe ), always not allowed with free choice description.
These two new rules prevent executable .exe files from running in the protected Appdata folder where there should never be any programs.
This security setting is definitely not foolproof because a virus can be designed to hide in other locations, but it crashes at least one of those most targeted by malware like Cryptolocker.
If you want something easier to use, you can use a free Anti-Ransomware tool against Crypto viruses like Cryptoprevent, MalwareBytes or HitmanPro Alert.
A program that works differently but has a similar result is InstallGuard which works as an enhanced UAC control.
InstallGuard protects new installations with a password, tracks every computer activity and warns the user in case of suspicious activities, but requires installation and remains in the background doing continuous monitoring.
To conclude, remember that you can prevent any malware and viruses by using a secure account on Windows
READ ALSO: Block programs and applications on Windows PC to prevent them from being started and used by others
