Username Always stay logged in


Pages: [1]
Author Topic: PC Safety and Security  (Read 2466 times)
Pro Designer

Karma: +0/-0
Offline Offline

Posts: 219

View Profile WWW
« on: January 25, 2010, 10:46:52 AM »

PC Safety and Security--What Do I Need?

This article is intended to provide you with general hints and tips for PC security, as well as some suggestions for reputable, tried and tested programmes that can help you maintain a clean system. It is not something just to be followed slavishly, without any thought – rather it will provide you with guidelines that will help defend against the large number of viruses, Trojans, diallers and other nasties that lurk in the undergrowth of the internet. So, once you’ve digested every last morsel here, have a think about what you need to do to improve your security and prevent infection.

Please note that TSF does not promote, or is associated with any software mentioned in this article. Where software is mentioned, or links provided, they are done, as far as practically possible while maintaining the readability of the article, on a purely alphabetical basis.

Note: this is NOT a 'self-help' guide, nor is it intended to be - it is intended to make users aware of the risks they face while using the internet - and it provides suggestions and advice on how to best mitigate those risks. Any user looking for specific advice should post in the General Security forum, or, if you are infected, or think you may be infected, then refer to this thread for further instructions.

This has probably been said before but is still worth repeating: there is no such thing as perfect security. And this applies not just to PCs!

Now that that’s out the way, let’s move on and see what we need to think about to keep safe and secure while out and about on the web.

The first and most important thing to get is………commonsense! Yes, that’s what I said, commonsense. Got some handy? Good, you’ll need it. Now you’re thinking “This is all a bit weird – thought I was going to learn about PC security?” You are – just keep paying attention!

One of the most obvious things to avoid on the internet is clicking ‘OK’ to a pop up. Now, you might think that’s a bit obvious, but many inexperienced users still do this – DON’T!!. Unless you can be 1000% sure that you know the source of the pop up and that the originator is someone to be trusted, just DON’T!!. This is one of the easier ways to become infected. This also applies to pop ups that tell you that your system is already infected and if you click here you’ll be able to sort the problem – you won’t!! Chances are you were not infected in the first place, but as soon as you click on the ‘OK’ button you will be! You can find a list of rogue anti spyware programmes at Spyware Warrior – all compiled and tested by Eric Howes. Rogue or suspect means that these products are of unknown, questionable or dubious value as anti spyware protection. Many will sometimes infect you just to force you to buy their product. You have been warned! Don’t click ‘OK’ to a pop up! Did I mention that you shouldn’t click ‘OK’ to a pop up? This also applies to e-mail attachments. If you don’t know the sender, delete the e-mail and ask questions later! If necessary make a note of the sender’s e-mail address and reply with a fresh e-mail.

Some words here about a technique known as phishing. This is where you receive an e-mail or Instant Mesage supposedly from your bank or PayPal or similar institution. The scammers will use something known as "social engineering" to try and make you respond. A link to your Bank's website is usually included and you are asked to click on the link and confirm your account details. Never click on any such links! You will be taken to a website that looks like the real Bank website - but it is not! It is a clever spoof website and allows a scammer to capture your Bank security details - you will then become a victim of identity theft or robbery - or both. Banks will never ask you to confirm security details by re-entering them to a website - NEVER!! If you want to go to your Bank's website, type the address directly into your browser or use a stored, known bookmark. The previous advice is still the same - delete the e-mail. Many Banks offer an e-mail address to which you can forward phishing e-mails - it's a good idea to do this - it may help reduce the volume of such attacks.

Avoid the nastier sites on the web, like pornography, hacker sites, sites offering ‘freebies’ and other dubious sites. By even just going to such a page – not doing anything else mind, just visiting the site – can result in an infection. This is known as a “drive-by” – without your knowledge or consent you can find your system is home to some real nasties. And here we come to our first suggestion for something that can help – a new Hosts file. What is a Hosts file, I hear you ask? Think of it as a telephone directory. When you want to go to a website, Windows looks in your Hosts file to see if the website address is present. If not, it will go to a server and say “Can I have the address of please?” So, you can add known bad websites to your Hosts file with an extra command that tells Windows that the address it’s looking for is – which just happens to be the address of your own PC. So you won’t then be taken to the bad website. Simple. eh? And someone has already gone to all the trouble of listing the known bad websites for you – and you can find that Hosts file here – just follow the instructions on the page. Of course, if you’re worried that Internet Explorer is the main target for hackers and hijackers…you’re right. There some things you can do to make IE more secure – read this article by Bobbi Flekman. There is also a tool that places more than 4000 dubious websites and domains in the IE restricted list. This helps prevent downloads from these sites although you can still visit the site. The tool is called IE-Spyad and here you will find a tutorial.

You can also use these alternate browsers that don’t use ActiveX controls, one of the main issues with IE.

Don’t download files unless you know they are genuine or from a reputable source. This includes P2P (Peer to Peer) file sharing programmes. The actual P2P application itself might be clean, but you have no guarantee that the files you download are clean – so don’t take the risk!!. If you must use P2P, and it really is a way to invite malware onto your system, please look at this article first.

Keep Windows updated. Sounds obvious, but again, not everyone does it. Microsoft release fixes and other bits and pieces on what is known as “Patch Tuesday” – the second Tuesday of each month. Add that to your diary now! MS also introduced Automatic Updates as a way of ensuring that users were aware that patches were available. Make sure that Automatic Updates is turned on – you can set the updates to download and install automatically if you want, or you can just ensure you are advised when patches are ready and then decide when it’s convenient for you to install them. Here are guides to Automatic Updates for XP and W2K. Here is a list of all MS patches released since 2003.

It's also essential to keep all other software on your system patched up to date. Vulnerabilities are found regularly in programmes such as media players or e-mail clients that, if left unpatched, could increase your likelihood of infection. You can use Secunia Software Inspector to test all installed applications. It will also check that all Microsoft patches are applied. It runs through your browser, so there's nothing to install.

Now let’s look at some useful and necessary programmes that can help you in your quest to stay safe and secure on the web.

Perhaps the most obvious is an anti virus or AV. An AV is a programme that will search your system for known or potential viruses. Most will also monitor traffic as you surf the web and scan e-mail and e-mail attachments. So far so good. Which one should I get, I hear you ask? Now that really is an impossible question. Among the top paid programmes are (in alphabetical order)

Bit Defender
Trend PC-Cillin

And there are, of course plenty of others. There are also plenty of reviews of these products available on the web. There are also free AV programmes available, among which are

Avira AntiVir Personal
Microsoft Security Essentials
Panda Cloud Free AntiVirus

While these are free, there is very often little or no customer support, compared with the paid programmes. You can review independent tests of the top paid AVs at AV Comparatives and find out the best, and worst, performers. You can also review tests of the top free AVs at PC World.

Do I really need an AV? YES!! A good AV will provide protection – not perfect of course (refer to paragraph 2 at the top of the page) - and as long as the programme updates its definition files regularly (daily is preferable as a minimum) then it is a very useful tool in your armour. Find one that suits you - one that you are comfortable using. That way you'll find it easier to master the way it works.

Now, one piece of advice that applies equally to AVs and firewalls. You only need one of each! Having more than one firewall and AV can cause possible conflicts and system instability. Although you may think you have more protection by having more than one of each, it could cause you problems you were not expecting.

Another essential tool is a firewall. What is a firewall? Think of it as a door, an entry point into your system. This door has a good strong lock. Only authorised users, in this case programmes and so on, can open the door, because you have checked them out and given them a key. Any user without a key will not be able to open the door. A bit simplistic I know but I’m sure you get the idea. A firewall can be hardware, such as a server, another PC or a router, and it can be software. Once again I can feel you ready to ask which is best. Ideally, a combination of software personal firewall and a hardware firewall such as a router provides the best protection (not “total protection” – I think I mentioned that there is no such thing as perfect security, didn’t I?). “Hey I’m using Windows XP and it comes with its own firewall doesn’t it?” I hear you cry. Yes that’s true, but did you know that the XP firewall only monitors incoming traffic? It does not monitor outgoing traffic. So, if by any chance you manage to pick up a Trojan or worm that wants to phone home, the XP firewall will allow it to do so, with you being none the wiser. For software firewalls, here are several that are currently free for personal use – note that these companies also offer paid versions, usually with additional features.

Comodo Free Firewall

Please note:

Comodo Free Firewall is now bundled with the installer for Comodo Internet Security. If you already have an AntiVirus, and want to only install the Comodo Firewall, UNCHECK the box for Install Comodo AntiVirus on the installer screen as seen here.

Online Armor Free (there is also a Paid version)
Sygate Personal Firewall to download installation files
CA Personal Firewall (previously Tiny) - Trial
Jetico Personal (free version, but for advanced users)
Agnitum Outpost Free
Sunbelt Personal Firewall - 30 day evaluation

You can test your firewall at ShieldsUp! - Steve Gibson's internet vulnerability test site.

You’ve no doubt heard the old adage “prevention is better than cure” – well it’s true for your system as well. These two free programmes help prevent spyware installing itself on your system. They just sit there and watch, so don’t worry if they don’t appear to be doing anything. The first one is called Spyware Blaster and the second one is called Spyware Guard. Details of each programme can be found on the relevant websites. In a similar vein, there is a useful tool available that let’s you know when a programme wants to record your keystrokes or capture your screen – it’s called SnoopFree. Note that SnoopFree is only suitable for Windows XP. Just the thing to make sure your passwords and other personal details are not being collected without your knowledge. Care - SnoopFree and Comodo Firewall do not like each other. If you are using SnoopFree then please ensure you choose a firewall other than Comodo.

How about scanners? These are useful tools that will scan your system and clean most nasties that have found their way through your defenses.

Malwarebytes' Anti-Malware
Spybot - Search & Destroy


NOTE: Users should be aware that Lavasoft (makers of Ad Aware) are currently (January 2008) in negotiations with IAC to bundle the Ask Toolbar with Ad Aware. The intention is that this toolbar will be installed by default, unless users opt out. Users should also be aware that IAC is a company that has distributed bundled toolbars in the past - you will find a review of the company's products here. Note that TSF makes no recommendation - we are simply placing the available facts before you - it is up to each individual to make up their own mind.

The major AV companies also offer the ability to do an online scan – useful as another check on your system. Here’s a variety of online scanners (in alphabetical order as before):

Bitdefender Online Scanner
CA Spyware Scanner
ESET Online Scanner
F-Secure Online Scanner
Kaspersky Online Scanner
McAfee free scan
Panda ActiveScan
Symantec Security Check
Trend Micro Housecall <<<< works with Firefox & IE

Scan your system with your AV and other scanners on a regular basis. Keep the definitions up to date. Keep Windows up to date. Don’t download files from sources you don’t know. Don’t go to dodgy websites. Don’t open e-mail attachments from sources you don’t know. Don't move. Don't breathe. Only joking - I know there are a lot of "don'ts", but that's because I need to make sure you've been paying attention.

Easy really. Well, that’s about it for now. Did you ever find that dose of commonsense I mentioned earlier? If you did, take a large measure before you start surfing. Failing that, at least follow the above guidelines and your chances of being infected will reduce dramatically. Happy surfing!

Very good article written by glaswegian from
Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
Greenday Theme Designed By [S.W.T]