DoctorDoom
10-06-2007, 12:06 PM
Computer Security 101
Given the proliferation of evil digital lifeforms on the Web, it's time fror a refresher on basic computer security procedures.
• Have an up-to-date antivirus program running. This is the front line of defense against the naughties. No AV program is foolproof, but they catch the vast majority of the bad stuff. Download the latest "definitions" at least twice a week to remain current.
One consideration: if you're on dial-up—millions still are—choose an antivirus program that has daily updates that can be fetched without going to lunch while waiting for them to download. As good as Norton AV is, people on dialup connections should avoid it. The update files are now over 16 megabytes. For dial-up (and for broadband as well), AVG by Grisoft is a good choice. It's daily updates are usually well less than a megabyte. And it has a freeware version without the bells and whistles of AVG Pro, but equally effective for protection.
• An adware/spyware utility is a definite must-have. Some anti-virus programs have one built in. Many don't. Two reliable freeware programs are AdAware (http://www.lavasoftusa.com/products/ad_aware_free.php) and Spybot (http://www.safer-networking.org/). It doesn't hurt to have and to use both of them.
There are those that must be bought, and they're most likely better. It depends what the user wants.
• Have a firewall running. Antivirus programs keep out evil software. Firewalls keep out evil people.
A dial-up connection is fairly safe from crackers and script kiddies. The slow responses to their port probes, and the dynamic IP number assignment of dialup connections, will deter all but the most patient and determined assholes. They will still come, but they're not common/ The Windows XP/Vista firewall is adequate, although by no means top-notch. But it will dissuade most attackers on dial-up.
Broadband is another ball game. Probes can be done by the thousands in a short time, and many broadband connections have a static IP number, allowing the invader wannabe to keep coming back to a specific machine with new scripts to try other attacks. Good firewalls are mandatory for broadband-connected boxes.
The ideal ones are hardware-based, such as a network router with a built-in firewall. Another great choice is using an old, slow puter as a Linux-based firewall, e.g., IPCop (http://bizsecurity.about.com/od/securityproductreviews/fr/ipcopreview.htm). If it has a CD-ROM drive, it's fast enough. These two options are ideal for home networks, although they'll work as well with stand-alone boxes.
The second option for individual machines is a software-based firewall. The advantage is that it requires no external hardware, and it can easily be updated. The disadvantages are that it is not as effective as a hardware firewall, and it eats up CPU time and can slightly slow down older machines. The most well-known of the softrware packages is ZoneAlarm (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en), a freeware firewall that's quite effective, once the user learns its quirks and works around its annoyances.
If one's computer is worth spending a few bucks for protection, do a Google search for personal firewalls and see what's available. Here's a good starting point:
Personal Firewall Reviews (http://www.firewallguide.com/software.htm)
• NEVER click on unsolicited email attachments, and be wary of them even from people you know, since they might be the "Ooh! An ATTACHMENT! Let's see what it is!" types. Good AV programs that scan email will catch most of the bad stuff, but ... Ditto files from ICQ et al. And be wary of files from P2P services until they've been scanned for the nasties.
• Outlook Express users are advised to disable the preview window: View > Layout > uncheck "Show Preview Pane". Many naughty things start just by viewing an email, without opening an attachment. Turning off the Preview Pane allows the user to decide what to view. And it gives more screen real estate for the email list.
• Go to Steve Gibson's website (http://www.grc.com/default.htm) and fetch Shoot the Messenger (http://www.grc.com/stm/shootthemessenger.htm) and Unplug n' Pray (http://www.grc.com/unpnp/unpnp.htm). These will close two major Windows security holes. Gibson has a Messiah complex, but his software is excellent. Look over the rest of his offerings while you're there.
• If you have rug apes using your XP puter, assign them their own Limited user accounts. This prevents the self-anointed computer experts from contaminating the box with crap programs, viruses, etc.
XP Playskool theme: Start > Control Panel > User Accounts
Classic Windows theme: Start > Settings > Control Panel > User Accounts
No child should have administrator access to a family computer. Password the Admin account. If they have their own puters, that's another matter.
• XP SP2 and Vista users should regularly download security updates from Mickeysoft. No previous versions are still supported.
More tips will follow.
Given the proliferation of evil digital lifeforms on the Web, it's time fror a refresher on basic computer security procedures.
• Have an up-to-date antivirus program running. This is the front line of defense against the naughties. No AV program is foolproof, but they catch the vast majority of the bad stuff. Download the latest "definitions" at least twice a week to remain current.
One consideration: if you're on dial-up—millions still are—choose an antivirus program that has daily updates that can be fetched without going to lunch while waiting for them to download. As good as Norton AV is, people on dialup connections should avoid it. The update files are now over 16 megabytes. For dial-up (and for broadband as well), AVG by Grisoft is a good choice. It's daily updates are usually well less than a megabyte. And it has a freeware version without the bells and whistles of AVG Pro, but equally effective for protection.
• An adware/spyware utility is a definite must-have. Some anti-virus programs have one built in. Many don't. Two reliable freeware programs are AdAware (http://www.lavasoftusa.com/products/ad_aware_free.php) and Spybot (http://www.safer-networking.org/). It doesn't hurt to have and to use both of them.
There are those that must be bought, and they're most likely better. It depends what the user wants.
• Have a firewall running. Antivirus programs keep out evil software. Firewalls keep out evil people.
A dial-up connection is fairly safe from crackers and script kiddies. The slow responses to their port probes, and the dynamic IP number assignment of dialup connections, will deter all but the most patient and determined assholes. They will still come, but they're not common/ The Windows XP/Vista firewall is adequate, although by no means top-notch. But it will dissuade most attackers on dial-up.
Broadband is another ball game. Probes can be done by the thousands in a short time, and many broadband connections have a static IP number, allowing the invader wannabe to keep coming back to a specific machine with new scripts to try other attacks. Good firewalls are mandatory for broadband-connected boxes.
The ideal ones are hardware-based, such as a network router with a built-in firewall. Another great choice is using an old, slow puter as a Linux-based firewall, e.g., IPCop (http://bizsecurity.about.com/od/securityproductreviews/fr/ipcopreview.htm). If it has a CD-ROM drive, it's fast enough. These two options are ideal for home networks, although they'll work as well with stand-alone boxes.
The second option for individual machines is a software-based firewall. The advantage is that it requires no external hardware, and it can easily be updated. The disadvantages are that it is not as effective as a hardware firewall, and it eats up CPU time and can slightly slow down older machines. The most well-known of the softrware packages is ZoneAlarm (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en), a freeware firewall that's quite effective, once the user learns its quirks and works around its annoyances.
If one's computer is worth spending a few bucks for protection, do a Google search for personal firewalls and see what's available. Here's a good starting point:
Personal Firewall Reviews (http://www.firewallguide.com/software.htm)
• NEVER click on unsolicited email attachments, and be wary of them even from people you know, since they might be the "Ooh! An ATTACHMENT! Let's see what it is!" types. Good AV programs that scan email will catch most of the bad stuff, but ... Ditto files from ICQ et al. And be wary of files from P2P services until they've been scanned for the nasties.
• Outlook Express users are advised to disable the preview window: View > Layout > uncheck "Show Preview Pane". Many naughty things start just by viewing an email, without opening an attachment. Turning off the Preview Pane allows the user to decide what to view. And it gives more screen real estate for the email list.
• Go to Steve Gibson's website (http://www.grc.com/default.htm) and fetch Shoot the Messenger (http://www.grc.com/stm/shootthemessenger.htm) and Unplug n' Pray (http://www.grc.com/unpnp/unpnp.htm). These will close two major Windows security holes. Gibson has a Messiah complex, but his software is excellent. Look over the rest of his offerings while you're there.
• If you have rug apes using your XP puter, assign them their own Limited user accounts. This prevents the self-anointed computer experts from contaminating the box with crap programs, viruses, etc.
XP Playskool theme: Start > Control Panel > User Accounts
Classic Windows theme: Start > Settings > Control Panel > User Accounts
No child should have administrator access to a family computer. Password the Admin account. If they have their own puters, that's another matter.
• XP SP2 and Vista users should regularly download security updates from Mickeysoft. No previous versions are still supported.
More tips will follow.