updated 05/10/2004, 12/10/2004, 18/10/2004, 19/10/2004, 08/09/2005, 08/11/2005, small tidy up 10/01/2007

 

 

Home PC security, as I see it.

 

Or

 

The boring business of being secure

 

 

The problem

 

As anyone reading this article will be aware that now, more then ever before, it is vital that home computers are secured as much as possible from threats from the internet.  Several factors have elevated the threat that a home computer can come under.  The popularity of always on, broadband internet connections lead to millions of computers world wide connected directly to the internet just waiting for any vulnerabilities they may have being exploited by hackers, malicious code on websites or other such attacks.

 

The attacks themselves have become much more dangerous.  In the early 90’s viruses had to spread on floppy disks, this did not often affect home user.  Later on in the 90’s viruses started to spread via e-mail.  A home user would have to download, and open an attachment to become infected (this is known as a Trojan, after the Greek horse).  To convince the user to open the attachment the e-mails where made to look as though they contained an interesting message, such as confession of undying love from a secrete admirer or some other harmless yet interesting waste of time.  This kind of internet confidence trickery is known as “social engineering”

 

Now we have entered the new millennium we do not have to put a floppy disk in to our computers to become infected nor do not even have to open an e-mail attachment.  We can become infected by a virus or spyware just by looking at a website, or even just be being connected to the internet.

 

The solution

 

Unfortunately there is no quick easy way to protect yourself from such threats.  There is no one piece of software, or one technique you can use to make sure that you’re always safe when on the internet. No, not one, there are four.

 

1. Keep up to date

 

This is a quick rundown on the life cycle of a virus:

 

• A company, lets say Microsoft, writes a piece of software that has the ability to talk to the internet.

• The internet hacker community find that there is a security hole in this software.

• The internet hacker community write a piece of software that can exploit this security hole to a) knacker your computer b) attempt to knacker Microsoft’s computers or c) to try and find out information about the person using the computer.

• The company, lets say Microsoft, find out about this hole and write a piece of software to fix the problem.

 

This software is called a “patch”.

 

Luckily the software that is most at risk from attacks from the internet is all written by Microsoft.  This does not mean there software is worse then anyone else’s, it just means it is a lot more wide spread, and because pretty much the whole population of the earth dislike Microsoft for one reason or another (apart from people who have not heard of them,  but if they ever do hear about them, they will develop a healthy dislike for them pretty quickly).  This is lucky because with the more recent versions of Microsoft’s PC operating system, Windows, they have built in an auto update system that will automatically download and install “patches” for all of there software.

 

First things first.  Lets make sure you have all the up-to-date patches on your computer.  The easiest way to do this is to go to www.windowsupdate.com. This will open a webpage that will update windows for you

 

This can also be done automatically with the windows update service, it will download and install patches for you, it will also inform you of when new updates are available with a little globe icon next to your clock

 

Make sure your Windows Update Service is operational, and when it says there are new updates don’t think “oh, I cant be bothered, I want to look at some porn or play a spoddy computer game, not waste my time installing patches”.  Just get the update, right then, not the next day, or the next week, right then!

 

I am not going to tell you how to check if the windows update service is working, or how to make it work.  I can’t be bothered.  Luckily if you check in Windows help (start, help) it will tell you all about it.  But you knew that anyway, didn’t you.

 

I know that other people write software for windows that needs updating, you will just have to look in to that one yourself, I don’t know what software you have so, use your brain.  If it connects to the internet in any way make sure it is up-to-date.  Check the website of the people that write to software.

 

I also know that not all computers in the world run Windows XP or Windows 200.  Well, if you are running a version of Windows that is not XP or 2000 then, upgrade your computer.  If your computer is not good enough to upgrade, get a new one.  There is no excuse.  If you are running an operating system that is not Windows then you will be running Unix, Linux or have a Mac.  If you run Unix or Linux then you probably know more about this stuff then me, so , sort it out yourself. If you have a Mac, then I don’t care if you get a virus or not.

 

OK, your PC is now up to date, so…

 

2. Secure your computer with software

 

There is a lot of software out there that claims to keep you safe on the internet, and I am sure most of it does.  Some of it costs a lot of money, some of it doesn’t.  I, of course, use the stuff that comes free, because I am a Chav.  Below is a list of software that I recommend through nothing more then my own, meandering experience.  I will dispense this advice….. now.

 

 

Antivirus

 

As its name suggests, this software will a) stop you from getting infected by viruses and b) clean them off your computer if you already have any. As with all antivirus, make sure you keep it  up to date, otherwise there is not point in having it at all.

 

AVG antivirus

 

You will have to register to get this, but don’t worry, you wont get millions of spam emails about penis enlargers and Viagra.  You have to register, which is a pain, but what do you expect, its free

 

Mcafee Stinger

 

Stinger is a very handy free utility.  It is a simple virus scanner, but it takes care of most common\nasty viruses in one hit.  Some viruses can disable antivirus software or firewalls, if you find yourself in this situation Stinger should be able to nuke them.  If ever you suspect you may be infected, run a scan with your standard antivirus (AVG) and then all so run a scan with Stinger, a "belt and braces" technique.

 

How can I tell if I have a virus, what sort of virus it is, and how best to get rid of it? click here

 

 

Spyware removal

 

There is plenty of free software to protect from and remove spyware, personally, I like this one.  It has lots of useful features that I have not seen on other free distributions. 

 

Windows Defender

 

Its free, it does the job.  This is a no brianer.

 

Microsoft AntiSpyware, along with a whole bunch of other software from Microsoft's download site now requires you to verify that you have a genuine copy of Windows, they call this Genuine Windows Validation.  If you have a pukka copy of windows (i.e. the one that came with your computer) you will not have a problem.  The chances are that even if yo you have a slightly dodgy one you should still be OK.  When I have some further info on this I will add it here.

 

Ad-Aware

 

One of the longest standing spyware removal systems, it been around since the late 90's when spyware first started to be added in to software like Real Player (kicked up quite a stink at the time).  This was the second spyware removal system that came out, after the demise of the grandfather of them all Opt-Out.  Its a good sturdy item of software, and good to use along side MAS.

 

 

If you don’t know what spyware is here is a good rundown from ScumWare.com

 

 

Firewall

 

You should know this, but I will tell you anyway.  A firewall is a system that controls who or what can talk through a specific part of a network.  On a big company network a firewall will be a big green box with Cisco written on it at the part of the network where the internal bits (i.e. the companies computers) connect to the external bits (i.e. the internet).  On your home computer it will be a bit of software that looks at what is trying to talk in and out of your internet connection and tries to stop anyone from doing anything naughty.

 

It can also be a big wall in a building that stops fires from spreading, but I don’t think that is really in the remit of this article.

 

Anyhoo…

 

The software I recommend is…

 

Sygate Personal Firewall

 

If you run more then one computer in your home, or you would rather not have the performance impact of a host based firewall (i.e. a bit of software that installs on your computer).  you can purchase a hardware firewall\router\100Mb switch.  If you don't know what one of these will do for you then I wouldn't worry about it.  But if you do , this is a good, cheap one.

 

D-Link 4-Port Broadband Router

 

 

These bits of software should keep you pretty safe, but if you still use Internet Explorer you are going to be asking for trouble so...

 

Get a new web browser

As I am user you know, a web browser is the software that you use to look at web pages, the chances are that at the moment you are using Microsoft Internet Explorer.

 

On the internet these days Microsoft's internet explorer is a necessary evil, there are a lot of website that simply don’t work very well without it.
That is, of course because it is the most popular browser. Its popularity also means that it is a constant target for hackers, browser hijacks and so
forth.

If you have ever had your browser hijacked with popup adverts flashing up every 2 seconds then you will know what a pain this is. 99% of the time Internet Explorer is not required, so you can use a different browser during this time.

 

When you first try a browsers that isn't internet explorer it feels "wrong" but it doesn't take long to get used to it.  Try one of the browsers I mention below for one week, I bet you don't go back to IE.  There are a couple of really good browsers you can get for free:

Opera

Opera is a very light, quick tabbed browser that provides a features and functions that make it the best browser to use, not to mention the most secure at the moment.  Its what I use.

Firefox 

Brought to you by the same people that made Netscape Navigator. Also a good browser and rapidly becoming a big competitor to Internet Explorer (it was reported recently that one in ten browsers on earth are Firefox).  If ever you see a screenshot come from anyone one the internet who knows there way around a computer it will have FireFox on it somewhere.   unfortunately due to its popularity vulnerabilities are being discovered and exploits created.  In fact, recently more vulnerabilities where discovered for FireFox then for Internet Explorer over a one month period.  Don't let this put you off, its still a very good browser.

browser that also offers tabbed browsing. Tips for Fire Fox

The point that I cant stress strongly enough is "do not just use internet explorer".  Using it is asking for trouble.  Even with the updates provided with Windows XP service pack 2 its still a major target for producers of malware. Try either opera or firefox, you will soon find that as well as being more secure, they are both much easer to use.
 

 

            Now for a safer e-mail client

 

Secure E-mail Software

 

ThunderBird

 

I imagine that at the moment  you probably use Outlook Express to read your e-mail.  Either that your you read it through a web browser.  There are security issues with both of these systems.  One way that malicious code can infect your computer is as an e-mail attachment, as I mentioned earlier.  But it does not have to be an executable file that you download and run.  It can be written in to an e-mail that appears as a web page when you read it.  Because the e-mail client decodes the email when  you read it, it is possible to execute code on your computer.  Also a new vulnerability has been discovered in may components of windows that allows malicious code to be delivered to you in the form of a .jpg picture.  Thunderbird is a mail client written by the same people that make FireFox.  It addresses these security issues by not executing code from e-mails or displaying pictures without our express consent.  It has many other features that I wont go in to now, but I do highly recommend it.

 

But what if you have a wireless network???

 

3. Wireless security

 

Wireless network and internet access is brilliant.  It allows you to browse the web from our back garden or have computers networked all over your house without any cabling.  Its also extremely easy to set up, and this, unfortunately, is the problem.

 

Wireless is very easy to set up, but not so easy to make secure.  In fact the majority of wireless networks have no security on them what so ever.  You may think "so what, I don't mind if my next door neighbour uses my wireless internet connection" and that is a very nice attitude to have.  Unfortunately they wont just be using your internet connection.  They may be spying on you in a number of different ways, looking though your personal files (even if its just your digital photos) or at the very worst, work their way in to your internet banking and commit fraud.

 

You may all so think that no one is going to attempt to access your wireless network, you would be suppressed.  If a person has a wireless card in their computer it is quite easy to attach to someone else's network accidentally if that network has no security on it. There will also be people sat in their homes who enjoy accessing their neighbours computers, just for kicks.  and then there are the war-drivers.  War-driving is a practise carried out by hackers.  They get in their cars and drive round looking for wireless networks to attack.  This may all sound quite fanciful, but tryst me, it does go on.

 

A rudimentary form of wireless security is called WEP (Wired Equivalent Privacy) This was created back in the early days of wireless networking and was believed to be a very strong method of encryption. Believe me, it isn't.  Many people who have set up wireless networks have enabled WEP and assumed that they are now secure, this is not the case.  With very limited knowledge and a few items of freely available software you can crack WEP encryption in under an hour.

 

Newer wireless kit comes with support for WPA (Wireless Protected Access).  This method provides significantly more security then WEP, at the moment to crack a properly configured WPA wireless network you would require some very fast computers and about 30 years.   

 

So basically, only use wireless kit that supports WPA, if you already have wireless kit that doesn't support WPA, chuck it in the skip and get some that does.  And make sure that when you set it up, you activate the security.  If you have problems with this, get some assistance, don't just activate your wireless network with no security because it is easer. 

 

OK, your computer is now up to date, you have lots of swanky software to keep you safe, you even have better web browser and you wireless network is secure, what else could you possibly need to keep you safe, well, I’ll tell you.

 

 

4. Use Your Brain

 

That’s right, don’t be stupid.  Think about things before you do them.  Just like in real life, have a bit of common sense when you are on the internet.

 

If you receive an e-mail from someone you don't recognize who has sent you an e-mail attachment then don't open it, it could well be a virus. In fact, if you receive an unexpected e-mail attachment from someone that you do know it is best not to open it with out checking with the sender first.  If you receive an e-mail that in any way looks suspicious it is best just to delete it.

 

If you go trawling through websites that are stuffed with porn or that offer free software, or serial numbers for free software then the chances are the sites will try to infect you with software that will make adverts pop up every few seconds, or change your home page.  If you do feel then need to do this sort of thing, try using your spare browser.  Make sure you have the protection software installed on your computer.  But the best bet is to just not go there at all.

 

If you download free software (apart from the stuff I have recommended) or software that lets you download stuff for free (kazaa, lime wire, morphius etc) then it will try to install ad ware or spyware on your computer.  Some of these types of software will not run unless you have this software installed, in fact the chances are you agreed to it when you clicked the “I have read and agree to the terms and conditions” button with out reading them.  Again, make sure you are fire walled off, if anything tries to connect to the internet that you don’t recognize, don’t let it.  Run Spy Sweeper after you install software.

 

Like I say, its all common sense stuff, but I have fixed (or attempted to fix) a number of computers that have become un-usable because this advice was not followed.

 

 

 

 

 

Thus ends the sermon.  If you would like to ask me a question or make a comment you can get me at homepcsecurity@thebrownhaze.com.  If you like looking at stupid stuff on the internet you have a look at my website www.thebrownhaze.com.  If you like sniffing the saddle of exercise bikes in the gym, then you are a sick perve who should neither e-mail me or look at my website.

 

Yours Spodily,

 

Stuart Winter.