There has been a lot of media attention recently about how easily
your computer may be infected with viruses, worms, Trojan horses or spyware,
often without you knowing about it. For example, Spyware or adware are
relatively new programs that typical anti-virus applications do not
detect. How would you know if you
have any of these pests on your system?
Answer the following questions. Is your computer running really
slowly? Do you see strange new
toolbars in your Internet Explorer (IE)?
Does your browser crash often, or has your browser start page changed
suddenly? Do you or have you used
any of the popular peer-to-peer programs (P2P) such as LimeWire or KaZaA
recently? If so, you probably have
some type of spy or adware on your computer. Even if you do not notice anything
unusual, you may be infected because a lot of spyware is silent.
Here are some tips for safeguarding your computer and protecting your
computer from attacks.
Always make sure that your operating system (OS), virus protection
program, e-mail, and instant messaging (IM) programs are up to date. The reason
for this is that many vulnerabilities on these programs are fixed through
periodic patches. Many of these programs have automatic update features and it
is a good idea to turn these on.
Use a personal firewall. This is especially important if you are
connected to a cable modem, DSL or wireless Internet service. Most XP users by
now have downloaded the biggest upgrade Microsoft has offered so far. The
Windows XP Service Pack 2. SP2 is a totally free upgrade designed to combat the
recent onslaught of viruses and worms targeted at Windows users. Among the
changes made in SP2 is a default firewall which is turned on as soon as the
upgrade is downloaded. If you have not already done so, it is a good idea to
enable Microsoft Windows Auto-Update which automatically downloads the latest
security patches. However, most
experts believe that these changes may still leave you vulnerable and recommend
getting a more secure commercial firewall. However, if you can’t afford one, a number free firewall
downloads are available at www.free-firewall.org. Most experts suggest setting
the personal firewall to at least the medium level of security.
In addition to a firewall, buy anti-virus software, such as
Norton AntiVirus, McAfee VirusScan or ZoneLabs Security Suite, and keep the
subscription current. Although these programs can be set to automatically check
for updates, many subscriptions need to be renewed every one to three years. If
you have not done so recently, check now to make sure that your virus software
is up to date. Note that software vendors will never send you patches via
e-mail. If you get e-mail pretending to be a patch from Microsoft or any other
vendor, delete it.
In addition to checking your computer, your virus program
should be set to scan your e-mail and IM as well, Speaking about e-mails, you
should be very leery about any and all attachments, especially ones with a
.exe, .com or vbs extension. Unfortunately, in this day and age, if you don’t
know where or who your e-mail is coming from, you should delete it before
opening it. Note that a virus or worm can be transmitted through your e-mail
either through attachments or embedded scripting on the e-mail message
itself. A good way to protect
yourself from embedded codes within text is to read all e-mail through plain
text format. You can easily change this in your preferences file. If you are using Outlook Express, a
good way to add further protection is to open Tools and then Options and then
click on the Security Tab. Click on the “Restricted sites zones” button and
adjust the setting to high.
Many e-mail programs also have protection against Spam, but often
you need to turn this on. For example, on Outlook 2003, select Actions-Junk
e-mail options. You will see 4 radio buttons with various levels of protection.
I would suggest using level High, which filters almost all junk mail and
placing these messages into a folder. Since these program are not perfect, you
should periodically review this folder to make sure legitimate e-mail is not
filtered out. If you have some
recipients or domains that you are absolutely sure are safe, you can add these
to the “Safe Lists” and they will not be filtered at all.
If you do get Spam, never respond to it, or send in a “remove me
from the list” response. All this does is lets the spammer know that your
e-mail address is active, and that you are routinely checking it. More often
than not, this will simply get you more Spam.
One of the relatively new threats with e-mail is called “Web
Beaconing.” This is a way that
spammers know that you have opened their e-mail through the use of a small
picture embedded on their HTML formatted message, and send private information
about you and your system. A
simple way to avoid this is by setting a security option that does not allow your
program to automatically download pictures or HTML content. You can also set
your e-mail program to not open any pictures or HTML on e-mail messages (e.g.,
it only opens the text).
Consider getting two or more e-mail accounts. Keep one private for
your friends family and close colleagues and one that you use for more public
purpose. In this way, if you public e-mail account becomes corrupted or
inundated with spam, you can easily get rid of it and start up another
If you surf the internet a lot, if you can, avoid using Internet
Explorer (IE) altogether. Because of its wide spread use, it tends to be a
popular target for hackers and adware programs and is probably the most
vulnerable browser at this time.
In addition, for most PCs, IE is integrated with the operating system,
which increases the vulnerability of your computer. The best alternative is
probably Firefox which you can download for free here http://www.mozilla.org/products/firefox/?en-US&act=1. Other options are Opera or Netscape and
if you are a Mac user, you can also use Safari. If you must use Internet
Explorer set the security settings to high. Although this will disable
multimedia features of many Web sites, it will block a main path that intruders
use to infect you. To set IE security to high from a PC, go to Tools, Internet
options, and Security settings. From a Mac, go to the preferences, and then
security zones options.
Speaking about Mac users, it is widely known that Macs are far
less vulnerable to outside attacks than PCs, although this is probably less
true now than with the older Mac OS.
There are many reasons for this, but the major one is that hackers want
to get the most “bang” for their effort, and Mac users are a very small
minority. I’m a long-time Mac (and initially Apple II) user myself. If you can’t or don’t want to change to a Mac for everyday
use, consider buying and using a Mac for e-mail, P2P, music and internet
browsing and use a PC (which you never connect to the internet) for all of your
other computer purposes. Another option would be to have two PCs (or two Macs)
and use only one for internet or e-mail.
With the cost of computers being relatively low these days (my first
computer cost $10,000.00!), I think it makes a lot of sense at least for some
“at risk” and vulnerable professionals (small business, lawyers, doctors,
psychologists, etc.) to do this.
We have all heard a million times the reasons why we should back
up all of our important documents and folders at least once a month, but how
many of use really do so? Many
programs are available that do this automatically and the slackers among us
should make use of these. In addition, protect your files or computers with
complex (alpha-numeric passwords) and periodically change these (e.g., every 30
days). Do not use any words found
in an American or any foreign language dictionary or a proper name for your
password because these are more vulnerable to common password crackers. As an alternative, think of a phrase
that is easy to remember e.g., early birds get the worm, and use the first
letter of each word as your password, preferable with a number in between and a
combination lower case and caps (EbGt52w). Also, when first logging on to your computer, do so as a
“user” rather than an Administrator which makes it more difficult for a hacker
to download and install a devious program on your machine.
Don’t give or e-mail your passwords to anyone, and don’t “post”
them on your computer screen.
When surfing the internet, control your “cookies.” These are bits of information that web
sites store on your computer either temporarily or sometimes for years at a
time. They may include passwords or user IDs. In some cases these are useful because you don’t have to
keep retyping them every time you load a new page at the site that issued the
cookie. However, cookies can be used to track your visits through a Web site,
determine the time you spend there or collect other information about you. Some
of these are used only by the site that you are visiting, but often these are
marketed to other sites as well.
Virtually all browsers let you control what, which or if any cookies are
stored on your computer. These can usually be found under preferences and then
under the security options. You
can also clear these at any time.
In many cases, it is a good idea to turn the cookies option “off” while
surfing the net. Some browsers or programs warn you when cookies are loaded on
Turn ad “pop-ups” off.
This can usually be done from the preferences options of your browser
program,. If your browser does not allow this, many programs can do this for
Many internet security problems can be greatly reduced by turning
off (disable) Active Scripting, Active X control, Java or java script on your
browser. Note that doing so will probably have an impact on some of the sites
you visit, but you can easily turn these back on if you need them. On Netscape, this is done through the
“Advanced” settings of your preferences.
With Firefox, this is done through the Web Features section of
preferences. Note that turning off
ActiveX on IE may interfere with Windows update so you should turn “Automatic
updates” on. Also, with IE,
consider using the high (most secure) security level zone. Again, you can
easily change this when or if you need to do so.
A detailed and very useful guide for internet security can be
found at the SANS Institute here:
For detailed information about spyware, go here: http://research.pestpatrol.com/
A good program that detects and eliminates most of spyware is
Spybot S&D. You can get it free here:
Another useful spyware program is called Pest Control. If you
think you may have a problem with spyware, go here for a free scan
If you use a Mac, Internet Cleanup is a useful spyware and adware
program. You can get information here:
Information about Zonelabs can be found here:
Other commercial programs can be found here:
A lot of freeware for virus protection and spyware is available
online. For example, check out http://www.cdnet.com/software/
or do a search on google. On the other hand, a lot of freeware or shareware
itself is designed to spy or collect information about you so you have to be
very careful. Many commercial programs such as Lavasoft (http://www.lavasoft.de/) can detect these