Five basic security tips



They are well known pieces of security advice - but we will bring them to you anyway. Cause you can't be reminded too often how to guard your computer against online attacks.

The following five tips every consumer should know:

1. Install and use a firewall.
2. Use anti-virus software and update virus definitions regularly.
3. Create secure, original passwords.
4. Update your computer(s) with the latest vendor security patches.
5. Practice basic e-mail and downloading "street smarts."

The last piece of advice especially points to being careful about which e-mail attachments to open. For an example, it is generally a bad idea to open attachments that contain the ".vbs" file extension.


Some good basic pointers here worthy of more elaboration...

Install and use a firewall

Some very good free ones out there - and some good not-free ones also. Zonealarm is one of the most widely used and is (relatively) easy for newcomers (free version downloadable here). Outpost is the one I recommend - it offers far more control (allowing you to set rules for individual applications if you wish) and includes ad-filtering, active content control (cookies, ActiveX, javascript can be disabled on a site-by-site basis) and other features. Version 2 has recently been released and is available as a 30-day trial here - version 1 is still available as a free download here. For support, there is a special user-run site - Kerio and Sygate are other firewalls worth considering.

Use anti-virus software and update virus definitions regularly

For a free anti-virus package, consider Grisoft AVG. Bear in mind that Grisoft will not have the same resources as the likes of Symantec or McAfee for countering the latest viruses (and have done poorly in past Virus Bulletin reviews) but using this is far better than nothing at all. However, given the problems a virus infection can cause, this is an area where money really should be spent.

Update virus definitions at least weekly. If you run file-sharing software or use instant-messenger/internet chat software try to update more often since new viruses can spread faster through these applications.

Anti-virus software specifically searches for viruses (code that tries to copy itself to other files) and worms (code that installs on your computer, but does not attach itself to files) - more details on this distinction here. However there are other dangers not covered such as trojans (programs that appear useful or harmless but actually carry out other actions like recording your keystrokes to find passwords or allowing an outsider control over your computer), adware (software that carries advertising - often in an intrusive fashion like creating pop-up windows when you visit a web site) and other malware. To deal with these, a specific anti-Trojan scanner is needed. Popular (and free) ones include Adaware and Spybot Search and Destroy. Eric Howes has done an analysis of the increasingly widespread use of this software. Some truly obnoxious examples can be found here and here. A case where someone almost received a prison sentence due to a trojan can be found here.

Update your computer(s) with the latest vendor security patches

Consider not using Microsoft products. Yes, really. The list of security vulnerabilities in Internet Explorer (IE) is seemingly never-ending - and with its default configuration, viewing sites in IE is having your house front door and windows wide open. Outlook Express (OE) has been the most effective propagation method for viruses ever (most so-called "email viruses" are actually Outlook scripting viruses) and MSN Messenger also has had some major security vulnerabilities. Other vendors are not blame-free in this regard, but MS seems to have the worst record by far. Even though known loopholes are (eventually) patched, the large number found so far is an indication of insecure design and a guarantee of more problems in future. And the less said about Microsoft Passport the better.

Alternatives for IE include Mozilla, Firebird and Opera. For OE, consider Eudora, Thunderbird and the Bat. For MSN Messenger, look at Trillian. More suggestions are given here.

Finally, while applying patches is a good idea, having them applied automatically is not. A patch should only be installed if you need it - having unnecessary ones will increase the chance of problems. To this end, consider disabling Automatic Windows Update and install needed patches manually.

Practice basic e-mail and downloading "street smarts."

Most anti-viruses scanners can be configured to check email attachments - check that yours is. Download managers can usually be configured to run a virus-scan automatically at the end of a download - another worthwhile feature to use.

Another issue with email is that of spam (unsolicited commercial email) which can range from mildy irritating (a couple of "special offers" per day) to the downright outrageous (a deluge of hundreds of emails touting viagra, mature content sites with pictures and explicit descriptions and get-rich-quick scams). Many such emails include HTML with hyperlinks so that spammers know when you open their mail - this of course guarantees you will get more. Configure you email software not to display HTML or download images - if this cannot be done, configure your firewall to bar access to port 80 for your email client. If you use Outlook Express, disable the preview pane to avoid automatically downloading such items.

Prevention is better than cure with spam - make use of disposable email addresses from sites like SpamGourmet or SneakEmail to supply a unique email to every website and newsgroup where you have to register. This gives you the ability to identify where a spammer got an email address from and allows you to shut the address down with minimum collateral damage. If you are already receiving spam on your "main" email address, consider using software like Mailwasher to delete or bounce suspicious emails before you download them from your ISP.

Advanced Security Tips

You have your firewall setup, your anti-virus software is zipping through all your emails, spammers are tearing their hair out over not being able to harass you - is that everything? Well there are still some issues to consider...

There have been a number of programs produced to bypass personal firewalls by piggybacking onto a trusted application (examples include TooLeaky, FireHole and Yalta). While the latest firewalls (like Outpost v2) will block them, an "application firewall" (which intercepts calls from one application to another) is really the solution needed. A good (and free) one is System Safety Monitor - the download will take a while (slow site) but it should be a worthwhile addition to most people's security arsenal (Win9x/ME users may find compatibility problems however).

If you have a broadband (cable or xDSL) connection, it is likely that your computer is connected to the Internet for longer periods than a dial-up user's would be. This makes your system a more attractive target for crackers. Consider getting a router that offers Network Address Translation (NAT) - as well as hiding your IP address, these allow you to share your connection with other PCs. Having a built-in firewall is also useful, since it will keep working even if the personal one on your PC goes down during a system crash.

Finally, spend some time at security-related sites like PCFlank or SecurityFocus or forums like Wilders. And of course, this forum, where rolfw will be happy to deal with all your questions! :D