VIRUS
PROTECTION
Do you have anti-virus software? Is it configured to run all the time
so it checks every file you access? Do you update it regularly (like
every week or at a minimum every month)? If you have any doubts at all,
I suggest you launch your antivirus program, get the latest update,
then scan your entire hard drive. It may take an hour, but it will be
worth it. All the popular antivirus programs can be configured to
automatically check for and download new virus signature files. Find
out how to make your antivirus update itself so you don't have to worry
about it.
If you don't have an antivirus program, or you can't figure out how to
make it work, you can get immediate free online virus testing here:
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/products/activescan.htm
http://www.kaspersky.com/virusscanner
http://www.bitdefender.com/scan8/ie.html
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://support.f-secure.com/enu/home/ols.shtml
Most good antivirus programs cost between 30 and 40 dollars. You'll
find the price can jump up to 50 or 60 dollars if other features like
spam protection, firewall, or encryption is included. Most of the
programs force you to cough up the same amount of money every year if
you want to keep getting updates. It's the price of security. If you
don't have anti-virus, go buy it now. Seriously. Get up, leave the
house, and go to the nearest computer store. The three companies you'll
probably find in your store (McAfee, Symantec, and Trend Micro) all
have excellent antivirus programs.
If you don't have the money right now, several companies offer
antivirus
totally free for personal use:
http://free.grisoft.com/
http://www.free-av.com/
http://www.bitdefender.com/bd/site/products.php?p_id=24
http://www.avast.com/eng/avast_4_home.html
http://www.clamwin.com/
If you only have a single file you suspect might be infected, you can
test it here:
http://www.virustotal.com/
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
If you have a virus that your antivirus program can detect but can't
remove, you may need to try a few
advanced
removal methods.
WINDOWS UPDATES
Have you kept your computer updated every month with all the security
patches? Go here:
http://windowsupdate.microsoft.com
If you haven't done this before, be prepared to download about 40
megabytes of patches. Even more if you go to
http://officeupdate.microsoft.com
and get the latest patches for any Microsoft Office programs you might
use. Windows can be configured to automatically download and install
updates. If you don't want to remember to check for updates every month
(and if you run Windows 2000 or XP), you can automate the process.
Check your "Control Panel" for the "Automatic Updates" applet. The
Windows Update site should have offered it to you, but if you didn't
get it there, you can get it here:
http://www.microsoft.com/windows2000/downloads/recommended/susclient/default.asp
BASELINE
SECURITY ANALYZER
Just because you install all the patches doesn't mean you've closed the
other obvious security holes. Luckily, Microsoft has provided the
Microsoft Baseline Security Analyzer
to point out the things you really should take care of. Of
course, it's all Microsoft's opinion! For example, I set my IE
"Restricted Sites" zone up to be more restrictive (and more secure)
than Microsoft's settings. The Security Analyzer suggested that I go
back to Microsoft's recommended settings.
SPYWARE
You may have "spyware" installed on your computer. The only reason
spyware isn't classed as a virus is that it doesn't replicate. But it
does mess your computer up, track everywhere you go on the web, deliver
advertisements you don't want to see, hijack your browser's home page,
and maybe even steal your passwords.
PC
Magazine has a nice article
comparing several different anti-spyware programs. I use three separate
anti-spyware programs (listed below). Spybot and Ad-aware are the best
at finding and removing problems, and Microsoft is the best at
real-time protection. Be sure the first thing you do with all these
programs is allow them to check for updates! After you've done
all your cleaning, reboot your computer and clean it again! Keep doing
this until no further improvements are noted. After everything else
gives you a clean bill of health, you can run the PestPatrol online
scan to see if
anything else remains. PestPatrol won't remove the "pests" it finds in
the free online version, but you can follow their detailed directions
to remove any remaining spyware.
If you have a spyware program that you can detect but can't remove, you
may need to try a few
advanced
removal methods.
HOSTS
BLOCKING
Running the
HostsInstall
script is an easy way to install a "hosts" file and
configure your computer to use it properly. A hosts file is a
way
to prevent your computer from connecting to known "bad" web
sites.
Sites that track your movement.
Sites that annoy you with popup ads. Sites that try to install viruses
or
trojans. It won't protect you against everything, but it's an easy way
to protect against the obvious!
The
HostsInstall script
is configured to download, merge, and sort nine different
popular "hosts" files. For flexibility, you can easily modify the list
of web sites whose hosts files you want to use. For fast operation, the
script runs everything through a database for the sort and merge
operations. To keep you running, the script confirms the state of your
"DNS Service" (which must be disabled). For convenience, you'll get
more than the usual "white list" and "black list" configuration
options. For easy searching, the script produces a "hosts" file that is
sorted by domain name (not text-sorted machine names like most other
lists). Finally, (and most importantly) this is an open-source script
you're free to modify.
Recommended: If you have a "hosts" or "PAC" file,
you'll probably end up with error messages in your browser unless you
have a specialized web server program. I recommend "Homer" from
"funkytoad.com". Of course, I offer an automated
Homer download and installation script that will... urrr... download and install Homer automatically.
If you'd prefer to manually
install a hosts file yourself, I recommend you look at these sites:
mvps,
wikipedia,
hostsfile, and
hosts-file.
PAC
FILE BLOCKING
Let's suppose there are sites you don't
want your
kids to see. It's kind of like the word "corn", except it starts with a
"p". You understand? Well, using a
Proxy Auto
Configuration (PAC)
file, you can block 80 to 90 percent of all these
sites for free
and without installing any special software.
As an adult, why should you care?
Graphic content
aside, those sites are like a mine field. Far too many of them try to
install bad things on your computer. You may have already discovered
how easy it is to end up at one of those sites accidentally while
searching or by following a link from an email! For your own sake, you
should block Internet
Explorer from those types of sites.
Let's be honest. Nothing is perfect.
Some things are
going to slip through the filter. Others are going to be blocked when
they shouldn't be. But the advantage of having a PAC file on your
computer is that you can open it with Notepad and make changes. Add
things. Take things away. Customize it.
Recommended: If you have a "hosts" or "PAC" file, you'll probably
end up with error messages in your browser unless you have a
specialized web server program. I recommend "Homer" from
"funkytoad.com". Of course, I offer an automated
Homer download and installation script that will... urrr... download and install Homer automatically.
EMAIL
I have no idea what program you use to read email, but it's probably
your largest security hole! Anything made by Microsoft is a bad bet.
There, I said it. Now you know how I feel about Microsoft! Microsoft
Outlook, Outlook Express, and Internet Explorer are very popular.
Because they are popular, they're also the biggest target for the bad
guys out there! If you absolutely insist on using a Microsoft product
to view your email, go into the Tools menu and configure it to run in
the "Restricted" security zone for email. You should also change the
"Restricted" zone settings to be even more secure than Microsoft's
defaulty (I think I'll leave that typo!) settings. In fact, any email
program (Microsoft or not) should be configured to disable all
features. That means no scripting, no cookies, no Java, no ActiveX, no
installable fonts, and no remote images. If you're foolish enough to
use web-based email, you won't be able to run in the restricted zone,
because you'll need all those features to make your email web page
work. But those same features can make viruses work too! You end up
depending entirely on your email provider and your antivirus for
security. Neither of which will help if someone sends you a new virus.
GFI has a great email security testing tool here:
http://www.gfi.com/emailsecuritytest/
This test will send you several emails, all of which try to see if your
email server and email client will accept the types of emails commonly
used to send bad things. In some cases, your email server may block
these tests. In other cases, your email client will block the tests. If
the emails get through, see if you can activate what they send you. If
you can, it means someone could use a similar email message to attack
you! You will either have to extra careful not to fall for similar
things in the future (along with everyone else who uses your computer),
or you'll have to upgrade or change your mail server (which usually
means losing your existing email address) or you can upgrade your email
client program (the simplest solution). In my case, out of 17
GFI tests, my mail server (Yahoo / Pacbell) blocked 8. The remaining 9
were all ignored, rendered unusable, or properly identified as
executable content by my email client Thunderbird.
I recommend making yourself a smaller target by using a non-Microsoft
email program. My personal preference is Mozilla or Thunderbird.
However, I also use a "dumb" text-only email program to preview
messages before I download them into my main mail client. Those small
underpowered email programs still have their uses! Here's a few free
email clients (in no particular order) you may want to consider. The
ones marked for USB drives tend to be small and leave no trace behind
other than in their installation directory:
Remember
--
Never open executable
attachments. Even from people you know.
To me, executable means anything other than a picture. Microsoft
provides a
list of the more common "executable" files.
But even that list isn't comprehensive, because
Windows Media files can also contain scripts.
Unfortunately, anything that is a Microsoft file type or that is based
on a Microsoft specification should be considered executable. But it's
not all Microsoft! I know Adobe Acrobat PDF files can contain malicious
code, and I've heard the same can be done with Shockwave animations and
RealPlayer movies.
The common advice about only opening attachments or clicking on links
from people you know is
dead
wrong. Most modern worms and
viruses can email themselves using a phony name collected from an
address book. In other words, the mail will
appear
to be from someone you know. You need to apply common sense when it
comes to attachments.
Only
open attachments or click links if you were expecting them.
Even then, only open them if they are the type, size, and name you were
expecting. Only open attachments or click links if the text, subject
line, and author are all consistent. In other words, if a co-worker
sends you an email in ALL CAPITAL LETTERS and they don't normally do
that sort of thing, delete the message. If the person who sent the
email uncharacteristically fell to a sixth-grade spelling level, delete
the message. If the email only has one or two lines and you know the
person is normally long-winded, delete the message. If you just got an
new email, but this new email looks like a copy of an old email, delete
the message.
If in doubt,
delete the message and ask the person to re-send it.
Don't "reply" to the message, type a new message! Why not reply?
Because if the message really isn't from them, you may actually send
them the virus by replying. And and ask for an explanation! Why ask?
Because if a person is infected, they might have an "auto-responder"
that just re-sends the virus to everyone that emails them. By getting
the person to write some explanatory text, you are establishing that
you are conversing with a person, not a virus!
BROWSER
I know 90 percent of Windows users use Internet Explorer at the default
security settings. That's why they probably have viruses, trojans, and
spyware on their system. I have two browsers, and I recommend you do
the same. I only use Internet Explorer to go to Microsoft's web site,
my bank, and a few other trusted sites. For virtually all of my
remaining browsing, I use a non-Microsoft browser:
I configure my primary browser (FireFox) to disable
virtually everything! No cookies, no JavaScript, no Java, no popups,
and no remote images. It's easier to switch browsers than it is to
change your security settings. You make Internet Explorer "versatile",
and you make your other browser "secure". And you only use
your "versatile" browser on web sites that actually need the
versatility -- and only if you absolutely trust the company that
controls that web site. No, you don't use your favorite search web site
with Internet Explorer. You should only conduct web searches with a
secure browser.
Remember
-- If you ever hit a web site that says you need a special viewer or
player to see something, just say NO. The special player they are
trying to get you to install is almost
guaranteed
to have an advertising, spying, or zombie program hidden inside. Always
download your viewers and players from trusted sites:
Note:
Some of the above links (Like QuickTime and DivX) are real-life online IQ tests! Look for the
"Free Version" or "Free Player" or "Free Codec". The free item you want
is often intentionally hidden! Don't be fooled into downloading an "Ad
Supported" version or a "Free Download" or "Free Trial" of something
you have to pay for later. Even though these are widely popular codecs and
plugins, some of them (Real Player and QuickTime, for example) install
additional hidden scheduling software and re-register file types
without your permission.
COOKIES
So many people aren't sure what cookies
are that I'd like to explain a bit. Cookies are a way for web sites to
remember what you've just done. A web site will ask your browser for
permission to "set a cookie". If your browser allows it, it will store
whatever information the web site wants to store and send that same
information back automatically every time it visits that web site for
as long as the web site and your browser agree is appropriate.
Cookies are great if you are shopping
and are gradually adding things to your online shopping cart. In that
instance, cookies are probably used to identify you so the web site can
keep track of what you're picking. Cookies are also used to identify
you at web sites so you don't have to log in every time. Nothing wrong
with that, right?
Unfortunately, advertising, hit counter,
and web
statistics companies use cookies in another way: They track you as you
move around the web. They know what web sites you visit, which pages
you look at, and how long you look. Add to that the fact that browsers
have bugs and sometimes
can be tricked into giving a cookie for one web site to another (evil)
web site. So maybe somebody could get your New York Times cookie and
figure out your New York Times password. If you're lazy and use that
same password in other places, they may have the keys to your kingdom!
What
to do about it... Well, my
advice above in the "BROWSER" section is my best advice. Disable
cookies everywhere except where they are really needed. But even where
they are needed, cookies should only be enabled for the web site you
are viewing. If you have Mozilla or FireFox, you have an obvious option
to enable cookies "for the originating web site only". As it should be!
However, IE users have to dig a bit. On IE, go to the "Tools"
menu, then "Internet Options", then to the "Privacy" tab. Hit
the "Advanced" button. Place a check in the "Override automatic cookie
handling" box. Set "First-Party Cookies" to "Accept" or "Prompt". I
recommend "Accept". Set the "Third-Party Cookies" to "Prompt" or
"Block". I recommend "Block". Only use "Prompt" if you plan on using
each prompt as a reason to make an entry in your HOSTS file (mentioned
above in the "HOSTS FILE" section).
OFFICE
Microsoft Office continues to be a security problem. The fact that you
can embed macros in documents is one of those really cool features that
would be great if everybody was an angel. Unfortunately, we have a few
devils among us! I've removed Microsoft Office from my system. Instead
of Microsoft Office, I recommend the following free Office programs:
http://www.openoffice.org/
http://www.abisource.com/
http://www.atlantiswordprocessor.com/en/
Open Office can read and create Microsoft Office documents (Word,
Excel, PowerPoint, etc.), so you can continue to share documents with
people using Microsoft Office. However, Open Office can do things
Microsoft can't -- like save directly to the Pocket Word, Palm
Document, ShockWave Flash, and Adobe Acrobat formats! The AbiWord and
Atlantis programs are strictly for word processing, but handle several
Office document formats. Using non-Microsoft document-handling programs
also means you are immune from Microsoft macro viruses. If you don't
want to use Open Office, AbiWord, or Atlantis, at least use WordPad or
the
free Office Viewer programs (
Excel,
Word, and
PowerPoint) to read documents!
Change your file associations so that mainline Microsoft Office
products aren't the default viewers for Microsoft Office files. Office
should only be used to edit documents, not to read them!
FIREWALL
Unfortunately, Windows computers are wide open to attack on a network.
It isn't just people on "broadband"! Even dial-up internet users can be
attacked without doing anything other than connecting to the internet.
If you're on the net, you need a firewall. I like to think I have a
fairly normal setup, and I get attacked or probed an average of once a
minute all day long. I think the most recent statistic is that a new
Windows machine on the internet will only last twenty minutes before it
is compromised.
Broadband users should get a "router" with "network address
translation" (NAT). The NAT feature is the firewall. Well, real network
guys will argue that definition, but the fact is that NAT will probably
block 99 percent of passive attacks. The NAT feature will exist in
virtually every router that is sold as a cable/dsl/broadband router, so
you don't really need to worry about looking for that particular
feature. I've seen prices as low as 20 dollars on closeouts, but expect
to pay 50 dollars for a name brand router. Higher prices usually get
you more firewall protection, with features like "stateful packet
inspection" (SPI). If your budget allows, pay the extra for SPI.
All users (broadband and dial-up) should also have a software firewall.
A NAT router, while it's a good start, isn't enough. A NAT router won't
protect you from bad-guy web sites that return bad data or probe you as
soon as you look at them. A software firewall can block those things
that get past your NAT box. If you have XP, you either have to install
a "real" firewall or upgrade to XP SP2. While the SP2 firewall isn't as
good as a real firewall, I'm going to recommend you use the SP2
firewall rather than try to to install something else. Why? The hassle
factor! The SP2 firewall is "good enough". For most people, it won't be
worth the effort to try to disable it and install and manage a separate
firewall. Plus, if you have questions, Microsoft will probably give you
free support and you're likely to have several friends who are also
familiar with the SP2 firewall. A "real" software firewall (not the
Microsoft XP SP2 firewall) will help you control your outgoing
connections. It makes sure any rogue application you inadvertently run
won't be able to use your connection to start doing dastardly things.
It also allows you to stop certain legitimate applications from
"phoning home". The Microsoft SP2 firewall only controls incoming
connections. Not outgoing connections. SP2 might stop you from getting
attacked, but it won't help limit the damage if you make a mistake and
get yourself infected through your email! Here's a few fairly popular
free software firewalls:
http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
http://www.agnitum.com/products/outpostfree/download.php
If you have some money, search for the firewall products offered by the
following manufacturers:
http://us.mcafee.com/
http://www.symantec.com/
http://www.my-etrust.com/
http://www.f-secure.com/
http://www.pandasoftware.com/
The following sites offer free online firewall testing. Try them all
out whether you have a firewall or not. It will open your eyes!
http://www.grc.com/default.htm
(Look for the "ShieldsUp!" link.)
http://scan.sygatetech.com
http://www.dslreports.com/scan
http://www.hackerwatch.org/probe/
http://www.pcflank.com/test.htm
(Caution: Several of the "Exploit" tests can lock up your router or
drop your connection! A reset or reconnect should restore things. Wow!)
VAMPIRES
Does the saying "Never invite a vampire into your home" ring any bells?
No? Well, it's said that if you do, you lose all power over the
vampire. Viruses and vampires have that much in common. No matter how
good your firewall and antivirus is, if you're foolish enough to invite
a virus past your firewall and into your home (by downloading it or by
email), you're in big trouble. Major companies spend major money on
firewalls and virus protection and they STILL get hit with virus and
worm attacks. Why? Because they employ large numbers of stupid people
and supply them with computers. No amount of technology can protect a
network from a stupid person. When you get on the 'net, your brain has
to be ON. You have to understand what you are doing, where you are, and
remember that you are surrounded by evil. Even after you follow all the
above advice, you have to approach every single internet-related task
with a large and healthy dose of paranoia. Trust nothing. Verify
everything. Backup often. Stay away from vampires.
