Problems? See this thread at archive.org.
Hello everyone,
Recently it has come to my attention that many computer users don't take basic measures to protect their systems. Even those that do many times don't know why they do it.
I am no expert in the matter, but I thought I'd post a basic security guide for all the simple end-users out there. This guide is directed to people using XP, but most of it should be applicable to Vista users.
This guide is organized in sections. Each section may be a little long, but at the end of each there is a conclusion part that sums it up or a list of programs that you should get one of. So if you're in a hurry, at least read those.
UPDATES
Always keep your programs updated. This is very important as these updates not only address bug fixes but also security fixes. This is especially important for updates of "big" products: Windows, Office, Acrobat, etc.
FILE TYPES
The three most dangerous ways into your system are Internet browsing, emails and file sharing applications such as eMule and Bitttorrent. This is because these ways send files to your computer. Apart from hacking attacks, no harm can be done to you if you dont allow malicious files into your computer.
Most people are clueless as to which file types are potentially dangerous. Users of these forums are not "most people", but will still probably believe that only executable files are dangerous. This is not true.
Basically, you must remember that harmful files must have executable code. This is not the same as being an executable .EXE file. For example, .DOC, .XLS, .PPT, etc are potentially dangerous because Office allows you to include some programming (via "macros"). That is why Microsoft so many times releases "Security Updates for Office" as well as for Internet Explorer and other applications.
This doesn't mean that you must scan every file. Video, image, music and text (PLAIN text, not Word documents) are safe because the applications that open them (Windows Media Player, Notepad, etc) do not execute code. So even if a malicious file called VIRUS.EXE is in your computer, if you rename it to VIRUS.TXT and double-click on it you will be perfectly safe. Of course, it won't execute whatever was in it, so if you rename a game file called GAME.EXE to GAME.TXT you're safe, but the game won't run. NOTE: though these files are typically safe, rarely there are possibilities of these files exploiting the software you use to open them (such as Adobe Reader for PDF). For this reason it is important that you keep these products updated.
One thing you should do right away is to go open an Explorer window, go to Tools ยป Folder Options, go to the View tab and disable the option "Hide Extensions for Known File Types". This options basically makes files such as "VeryImportantMemo.txt" appear as just "VeryImportantMemo", without their extension. However, a file called "VeryImportantMemo.txt.exe" would appear as "VeryImportantMemo.txt". You would think it is a safe text file, when it is in fact a potentially harmful executable file.
So in conclusion:
- Disable the "hide extensions" option
- .EXE, .DOC, .XLS, .PPT, .COM, .CMD, .VBS, .JS are dangerous, scan them
- .MPG, .WMV, .MP3, .WMA, .BMP, .GIF, .JPEG, .TXT, .PDF etc are almost always safe
ANTI-VIRUS
A virus is a program specifically designed to do nasty stuff on your computer. An example is deleting the Table of Contents of your hard drive, forcing you to format it or use advanced data recovery techniques. Obviously, anti-virus are programs designed to prevent virus activity.
It is very important to note that anti-virus do NOT prevent virus files from reaching your computer. They may only prevent you from executing them (in some cases, more on that later) and will usually be able to detect them and remove them AFTER they infect you. It is YOUR job to make sure that those files don't reach your computer or that you know specifically which files are potentially harmful so you can scan them before running them.
A half-decent anti-virus program can have the following parts:
- On-demand scanning: This means that you can order it to scan a specific file. This is usually done by right-clicking the file, an option should appear. Every anti-virus has this.
- Resident shield: This scans every potentially harmful file when you tell the computer to execute it BEFORE it actually gets executed. Most anti-virus have this, though not all.
- Email scanner: will scan attachment files on your emails before they can be shown to you on your Outlook/Thunderbird window.
There are two free anti-virus programs that have all of these, and one that has some:
- AVG Free Edition ( free.grisoft.com)
- Avast! ( www.avast.com)
- AntiVir (WARNING: does not have email scanner; www.free-av.com)
If you use webmail such as Gmail, you can use all of these. If you download mails to your computer (and read them through Outlook or Thunderbird), you should use AVG or Avast!. I use AVG myself, but it's a matter of preference really.
ANTI-MALWARE
Malware programs usually include virus as well, but also include programs called "adware" that make advertisement windows pop up on your web browser and "spyware" that spies what you do on the computer and sends that information to someone else. This can be harmless such as just checking which sites you go to for the purpose of building statistics, or dangerous such as catching your credit card number.
Anti-malware programs work in similar ways as anti-virus (for us, non-experts). Therefore, I won't repeat what I said before. You should take care of getting an Anti-Malware program that has a resident shield and an email scanner. My list is:
- Spyware Terminator ( www.spywareterminator.com)
- Ad-Aware (WARNING: no resident shield, use only if the above has problems; www.lavasoftusa.com)
FIREWALL
The two above sections dealed with problems related to malicious files. This one is different: it deals with malicions connections, usually from the Internet. In a nutshell, Windows is not as safe as you would think it is and will sometimes allow remote computers control your own system if the remote user knows what he/she is doing.
Windows XP SP2 and Vista both have included a Windows Firewall which was meant to end this. It is not a good firewall and you are advised to get another one. My recommendation is:
- Online Armor ( www.tallemu.com) -- better, simple interface
- ZoneAlarm Free ( www.zonealarm.com) -- worse, very simple interface
Online Armor combines a good interface (better than ZoneAlarm's, in my opinion) with a very good firewall quality. Also, the free version includes a program control module which allows you to specifically authorize which programs to run. It can get annoying when you install software, but I generally feel comfortable with it.
I also recommend Zonealarm Free because it is really easy to use for non-experts. I have myself used it, although I have stopped using it and now use Online Armor. This one will let you know whenever someone is trying to connect to your computer (and block it). It will also let you know whenever your programs want to connect to other computers or accept connections, and allow you to block it this time or forever. It is really simple to use, but it is less safe than Online Armor according to all the firewall testing sites I've checked.
WEB BROWSER
As you are probably aware, Internet Explorer and Outlook are full of security flaws. Also, since more than 90% of the world use them, they are the target of virtually all hacks, malwares, virus etc. This post is too long already so I won't detail these flaws, but as an alternative to IE you can get Firefox at
- Firefox ( www.mozilla.org/Firefox)
There is an add-on for Firefox called NoScript that blocks scripts from running except if you explicitly allow them. In IE, you keep getting asked if you want to allow the scripts to run. In Firefox, they just DONT run, and you can allow them temporarily or permanently for each website by accessing a menu on the bottom-right corner. It's really practical and much more safe than IE.
As an alternative for Outlook, get Thunderbird:
- Thunderbird ( www.mozilla.org/Thunderbird)
MULTIPLE OPERATING SYSTEMS
This section deals with having multiple operating systems installed on your computer. It is slightly more advanced than the rest, but simple enough for non-experts (hey, I did it, so can you).
Every time you install a program, you put stuff into your hard drive and into your registry. When you uninstall, most of the times some stuff is left on the registry (and on the hard drive, but that's not very important). After a while, your registry becomes big and slow and so does your system. This makes for larger startup and shutdown times and may even start producing errors and crashes after a long time.
So the idea here is that you will have two systems: one well-kept where you only have the essentials for working (Office, Web browser, basic security measures and that's it), and one where you put everything you want, namely games and other programs.
This approach has the obvious advantage of occupying some extra hard drive space. However, it has some advantages:
- If the OS where you install whatever you want starts giving errors or crashing, or has been infected by a virus, you can always resort to the well-kept version. You will be able to work.
- If your install-everything OS stops booting, the other OS allows you to access the files on your hard drive. That means you can recover your documents, photos, saved games or whatever.
To create a second OS is easier than it looks with a fresh system. With XP and Vista, you basically boot your computer with the Windows CD/DVD in the drive. The setup screen will present you an option to "Install Windows on another hard drive" or something like that. You will need to create another partition unless you have two HDDs, but that's no big deal if your system is straight from the factory. Just format it, create two partitions using your Windows CD/DVD (it has options for that), and install Windows on both of them.
If you have problems with this one, PM me.
FINAL NOTES
Except for the double-OS part, all security measures here are extremely simple to implement, and even the double-OS is quite simple. Therefore you no longer have an excuse to not knowing the basics of computer security.
Best regards,
HerrKaputt
-
-
Decent article
. As for alternate programs between IE7 and Outlook, these days microsoft has really jumped onto the security thing and things are alot better then how they were. So its not AS important to switch, more of a prefernce thing than security. Also on multiple operating systems... I've tried this and again its a prefrence thing but eventually I ended up having to combine the two because it just got sooo annoying having to switch back and forth depending on what I wanted to do. Great list of freeware security software though, very usefull for people who dont want to go out and buy a product.
-
-
How to have basic security in your system
Discussion in 'Windows OS and Software' started by HerrKaputt, Sep 9, 2007.
