Good Boot Security Guide

The Beleaguered Novice's Guide to Protecting Your Computer

The Internet is full of all sorts of dangers for your computer.  Viruses, worms, trojan horses, spyware, browser hijackers, and other bad things are looking to put a damper on your computing fun.  Computer security is sometimes a very complex issue. For most home computer users, the majority of what you need to know boils down to a few simple steps. Computer security measures are much like insurance. If you follow those steps, you won’t eliminate all of the dangers on the Internet, but you’ll significantly reduce the risks.

Top Five Security Tips:

  1. Use a modern antivirus program and keep it updated at all times.
  2. Keep your operating system (Windows, Mac OS, etc.) updated with all critical security updates. Use the “automatic update” feature built into all modern operating systems to automate your updates.
  3. Use a firewall to provide a barrier from hackers and worms.
  4. Use a modern anti-spyware program. Keep it updated and scan your computer regularly.
  5. Adopt safe computing habits.

Tip 1: Use a Modern Antivirus Program and Keep it Updated at All Times

The first of the five security tips we’ve provided is to use a modern antivirus program and keep it updated at all times. There are several good products on the market these days. The two most popular are Symantec’s Norton Antivirus and Network Associates’ McAfee product line.  Even Microsoft has entered the antivirus market with their Windows"One Care" security suite. Other very good commercial products are available from Computer Associates, Trend Micro, and others. For those of you on a tighter budget, free antivirus products have made it into popular use in the last few years. Perhaps the most popular is Grisoft’s AVG Antivirus which is free for home users.

Regardless of the product that you choose, the most important part of using antivirus software is making sure that it is kept up to date. Most modern products automate this process by automatically updating virus definitions over the Internet. While this process is automatic and usually works fine, it is a good practice to manually check your antivirus definition dates to make sure they are recent. If the dates are older than two weeks, your software may not be updating properly.

One important thing to keep in mind is that antivirus software is not perfect. Its extremely important to understand that there are literally thousands of new viruses released each year. A good antivirus program will be around 99% effective at stopping known viruses. These programs won’t however protect you from brand new viruses, since the antivirus companies have to be able to analyze a new virus and develop an update. Most viruses are flying around the Internet for at least two weeks before antivirus manufacturers have included them in updates. To defend yourself from these new or unknown viruses, you’ll need to practice safe computing habits, which we’ll cover in upcoming issues of the Good Boot Newsletter.

Click Here to View a List of Free Antivirus Resources


Tip 2: Keep Your Operating System Updated

Perhaps one of the most overlooked steps in protecting yourself from hackers and malware (viruses, worms, Trojan horses, etc.) is keeping your operating system updated at all times. The two most popular operating systems for home users are Windows and Mac OS. Both operating systems include features for keeping your system updated. Microsoft offers both “Windows Update” (the default option for Windows) and “Microsoft Update” (a new update system for updating Windows and other Microsoft software together). Windows Update is available for versions of Windows from Windows 98 through Windows XP. Microsoft Update is available for Windows XP users with Service Pack 2 installed. Apple offers it’s Apple Software Update service, built into Mac OS. Like Microsoft Update, it downloads operating system and application updates via the Internet.

The update features built into Windows and Mac OS can be used manually whenever you like. In Windows, this is done by clicking the “Windows Update” or “Microsoft Update” on the START menu programs section. In Mac OS, Software Updates can be found in the Apple menu.

When you run the software manually, you may see all sorts of updates that may be categorized as “critical” or “optional”. Critical updates, especially those listed as “security” updates are the most important. Optional updates are, as their category name indicates, optional.  While the manual update feature offers more options, you should configure your systems for automatic updates. The automatic update features allow for critical security updates to download to your system automatically so that you regularly plug security “holes” in your operating system.

Many people ask why it is so important to keep operating systems up to date when you have antivirus software installed.  The reason is because antivirus software doesn't stop all malware; especially worms that enter theyour computer through flaws in your operating system.  But these viruses and worms can usually be stopped by keeping your operating system up to date. Interestingly, all recent major virus outbreaks that impacted home and corporate Windows userswere completely avoidable. Users who kept their operating systems updated were immune from the problems. Users that didn’t were vulnerable even with modern antivirus programs.

Tip 3: Use a Personal Firewall

OK, listen up. I'm only going to say this once. Every home computer user, regardless of the speed or type of Internet connection they have, should use a personal firewall.  When you think of a firewall, the first thing that comes to mind for most people is that a firewall is designed to protect computers from hackers. What most people overlook is that a firewall is also a critical part of a comprehensive virus defense strategy.

In the old days (just a few years ago) viruses were spread via infected programs and as e-mail attachments. To become infected you had to open an infected file. But viruses couldn't spread automatically. In recent years, most of the threats that people describe as "viruses" are actually "worms". The word "virus" is often used to describe a "worm" or the two terms are sometimes used synonymously. But, there is a very big difference. A worm can spread from computer to computer by itself. In most cases, these worms spread by exploiting vulnerabilities in operating systems. The most common method is to spread through part of Windows called the "Remote Procedure Call" service. The "Remote Procedure Call" service is designed to allow automated management of Windows computers and is most commonly used by network administrators in corporate networked environments. Worms exploit bugs in this service that allow the worm to install itself without user intervention. 

While Microsoft (and other operating systems manufacturers) repair these holes through their automatic update feature, newly discovered vulnerabilities may be exploited before the system has been updated.  A firewall effectively protects a computer from worms and other malware that exploit operating system vulnerabilities. And, of course, it still protects you from hackers.

So now that I've beaten it into your head that you need a firewall, the question is . . . how do I get one? Well luckily that's easy (and free). There are three major options out there for firewalls:

  • 1. Use a hardware firewall. A hardware firewall is a firewall built into a piece of hardware. These are most commonly found in Cable or DSL routers that many people use to share a high-speed Internet connection. So, if you have a cable or DSL router, you already have a firewall.

  • 2. Use the firewall built into your operating system. If you have Windows XP or Mac OS X, you already have a firewall built into your computer. If you don't have Windows XP Service Pack 2 or Mac OS 10.3 installed you may have to manually enable your firewall. If you check the Help section included in Windows or Mac OS, you'll find instructions by simply searching on "firewall". If you have Service Pack 2 installed in Windows XP or if you have Mac OS 10.3 or later, your firewall will be enabled by default.

  • 3. If you have a version of Windows prior to Windows XP, you can use a third-party software firewall. One of the most popular free solutions is Zone Alarm, by Zone Labs (http://good-boot.c.topica.com/maadRGHabjtChaaaaaacafpL9m/ Zone Labs offers several different versions. The free one is more than adequate for the vast majority of home users. Of course, users with more complex needs can upgrade to the professional version of Zone Alarm or use a firewall included with security suites like Symantec's Norton Internet Security package.


Tip 4: Anti-Spyware Strategies

One of the biggest areas of growing concern for home computer users in the past two years is the proliferation of spyware and adware. Unlike worms, spyware and adware are usually installed by the computer user when he or she is installing another program. This usually occurs with “free” downloads from the Internet. Very often a “free” software program isn’t free. It is supported through advertising or by collecting information about your surfing habits. The spyware or adware is bundled in the “free” software. So when you install the free software you also install the adware or spyware. This is usually done without the knowledge of the user, but is legal because it is usually disclosed on the manufacturer’s web site or in the end-user license agreement that most people don’t read when installing software. Unfortunately this is so common that the average Windows computer may have as many as 20 or 30 spyware or adware programs running in the background robbing system performance.

Spyware and adware are often discussed together, but are different. Adware describes software that is used to target advertising. While it is not much of a privacy threat, it can cause pop-up advertisements or reduced computer performance. Spyware can be a bit more harmful as it may collect personal information about your surfing habits and reports it to a company via the Internet. Like adware, spyware can quickly degrade your system performance.

Unlike antivirus software, anti-spyware software varies significantly in features and the ability to identify and remove different types of spyware or adware. Most anti-spyware programs can scan your system for spyware and adware and remove it when identified, but can’t proactively protect your computer to keep it from being installed in the first place. Many of the big antivirus companies now offer more advanced anti-spyware programs that provide real-time protection against these threats. Symantec (Norton), Network Associates (McAfee), Trend Micro, and Computer Associates all offer computer security suites that have real-time anti-spyware protection. Other companies, such as WebRoot offer good anti-spyware products.

Windows XP users can download Microsoft Antispyware (now called Windows Defender) for free. At the time of writing, it is a beta test product, but has proven to be an excellent product. Although it is unusual for me to recommend a beta product to most computer users, this one is an exception. It provides excellent real-time protection and is absolutely free. For users of other versions of Windows (prior to windows XP), I recommend WebRoot’s SpySweeper product (available at

http://www.webroot.com)./

Two very popular free spyware scanning and removal tools are Lavasoft’s Ad-Aware and Safer Computing’s SpyBot Search & Destroy. Both are available for free and do a reasonably good job of scanning for and removing spyware and adware. But neither provides very good real-time protection.

Like antivirus software, anti-spyware programs need to be updated regularly. Some products, like Microsoft Anti-Spyware and Webroot’s SpySweeper update automatically via the Internet. Ad-Aware and Spy Sweeper both update manually when you launch the software. Many users opt to install more than one anti-spyware program. This practice is alright as long as the programs don’t provide real-time protection.

As with viruses, spyware and adware require a multi-part security strategy. Software can protect you from known threats, but the only thing that can protect you from new and unknown threats are safe computing habits, which we’ll discuss in the next issue of the Good Boot Newsletter.

Click Here For a list of Free Antispyware Resources


Tip 5: Safe Computing Habits:

When it comes to protecting yourself from danger on the Internet, software and automated systems can only provide you so much protection. The rest is dependent upon your computing habits. If you are one of those people that just clicks away at any “free” download, e-mail offer, e-mail joke, or online game, you’re probably have a significant amount of risk. Here are some tips to keep you safe.

1. Very few things in life are free. Most “free” downloads and services come with a price tag. Make sure you know what that price tag is before you download a free program or register for a free online service. The price tag that comes with many of these “freebies” is spyware, adware, junk e-mail (from selling your e-mail address), or worse. If you don’t know if a download is legitimate and you can not verify that the source is trustworthy and legitimate, just don’t risk it.

2. Remember the old cliché that “curiosity killed the cat”? Many people download new programs out of sheer curiosity or because their “computer expert” friend told them it was a good idea. Don’t just download programs to your computer because they are “neat” or “fun”. If you don’t have a real need, don’t risk adding software to your computer that may contain malware. When in doubt, check with a reliable source.

3. Beware of e-mail attachments and strange e-mail messages – regardless of the sender’s name or e-mail address. Many viruses spread through e-mail. In most cases, they “spoof” the e-mail address and sender information by putting the name of someone in the infected computer’s address book. So even though the e-mail message looks like it is from a friend or family member, it may be a virus that sent the message. If the content of the message seems “weird”, if there is an attachment and you don’t know what it is or what it does, or if there is no personalized message that sounds like something your friend would write, it is probably a virus. When in doubt call the sender on the phone and ask if it is legitimate. Or . . . just delete the message.

4. Never provide personal information in response to an e-mail, no matter how legitimate the e-mail message or the web site linked from the e-mail message may look. No legitimate financial institution, internet provider, online auction provider, or any other company that maintains your personal information will send you a request to update personal information via e-mail. Most online banking systems and auction systems have their own messaging systems built into the online banking or auction features. They will communicate to you through the features on their web site or by phone when there’s a problem with your account. They will never solicit personal information via e-mail or a web link.

5. If you think that an e-mail notification you received may be legitimate, never click the link in the e-mail message or call any phone number listed in the e-mail message. Both the web site and the phone number provided in the e-mail message may be someone trying to steal your information. Instead, look up the phone number for your bank or visit their web site by manually typing in their web site address to find contact information.

6. Always use credit cards or secure online payment systems (like Pay Pal) when shopping online. They provide better security features to protect you from fraud than most debit cards or checking accounts. Be sure that you always review your credit card and bank statements in a timely manner. Report any questionable charges to the issuing bank immediately.

A Word About Phishing and E-mail Scams

Phishing and e-mail scams are fast becoming the biggest threat to the average home computer user. There are all sorts of e-mail scams out there. Some are “chain letter” scams, some are scams to get you to buy useless products, and others are even more dangerous. Probably the most dangerous type of scam is what is known as “phishing”. Phishing is a scam where someone sends an e-mail message that appears to be from a legitimate source, such as a bank, online auction site, Internet provider, or online payment service. The message often starts out telling you that there is “a problem with your account”, or they are “updating their records”, or “they need to verify your information”. The message appears on its face to be authentic and provides links to web sites that appear to be those of the company listed on the e-mail message. When you follow the instructions provided in the e-mail message you essentially provide your private information to a third party that often uses it to commit fraud or identity theft.

Phishing is becoming a huge problem. Companies like Citibank, Bank of America, Ebay, Pay Pal, America Online, and several other large financial institutions have had their names used in these scams.

Unfortunately there is no software or automated way to protect yourself from e-mail scams. In order to protect yourself, you need to make sure that you never provide personal information to anyone in response to an e-mail message – no matter how legitimate it looks.