Securing Your PC
So you want to know how to keep your XP Machine secure? Well, I can give you some advice. But before I do that, let's get
some legalese out of the way. I make no guarantees that someone will not hack into your computer, nor that you will not
get any virii, trojans, worms, malware, adware, spyware, etc.
H'Okay, there are a few things that you need to understand. It is fairly easy for a Windows XP computer to get infected
or compromised. However, there are some very simple things that you can do to protect yourself. The following list assumes that
you have been running XP for a while. If you are starting from scratch, or at least very close (and I do mean very, like just installed
XP yesterday and haven't had more than an hour of an Internet connection), then start in reverse. Actually you could start in reverse no matter
what, but if you've been running XP for any length of time, starting from the beginning will probably be the most important:
- Firewall
- Anti-Virus Software
- Spyware/Adware Detection Software
- Firefox
- Ensure you have the lastest Windows XP and other software updates
- Harware Router
Let's look at each of the above items.
FIREWALL
A firewall is the first line of defense for your PC. Windows XP has a perfectly fine firewall.
As long as you are using Service Pack 2, your firewall is automatically on. To ensure that it is
on I'll refer you Microsoft's web site that will explain the process better than I can and with illustrations.
Windows Firewall.
So what does it do? Well the short answer is that it looks for any program that wants to communicate with
the outside world. Malicious software tries to connect to its server. The Windows firewall will look for that and
put up an alert message. The problem is that good software will do this too. So you need to pay attention to the alert
so that you don't deny a trusted piece of software from communicating to a valid server. When you allow this communincation
you are creating what is called a "rule" for the Firewall to use to determine if it is OK to let the software access the
server or site. Clear as mud right?
Firewalls also prevent unwanted or unauthorized traffic from entering your computer. Certain "ports" are turned on by default. These are
like channels on your TV. So the same "rules" are used to determine if something is allowed to communicate to your computer on that particular
channel. The vast majority of these ports are turned off to both incomming or outgoing traffic.
Now if you do not want to use the Windows firewall, I would recommend a product called Zone Alarm. It is completely free, though
they have a pay-version. I would avoid that as you are adding a lot of things you don't need. You can get it here: Zone Alarm.
Anti-Virus Software
So everyone has heard of a virus by now. Without going into all of the specifics of what each type is, there are also Trojans,
Worms, and Malware. They all are bad. Back in the day, you got a virus and you would know about it pretty quickly. It would do some
really bad things to your system. You would be missing files, or other files would be altered. The altered files were ususally
like a set of instructions of what the computer needs to do while it is starting up. It could also make other programs unusable.
Now things are a little different. Most of the time your "virus" is really something called malware and it's intent is to create
something like a zombie out of your computer. This makes your computer effectively under the control of someone else. The person
who writes this malware doesn't want you to know it's there. The longer it stays hidden the better.
So what does it do? A variety of things. Your computer could become the source of e-mail spam and the will of the hacker,
it could be the host of all sorts of files from mp3, software, pictures, movies, etc., or even be used to attack a web site
in what is known as a Distributed Denial of Service attack (DDOS - sometimes mistakenly called a DOS). These are not things
that anyone wants. With high speed internet out there, many people's computers are on 24 hours a day. That is a perfect scenario
for a hacker to exploit your system.
So how do you protect yourself? Get an Anti-virus program. There are a few free Anti-Virus programs out there. My personal choice
is a program called AVG. It's very easy to set up. You can get it here: AVG. Just like Zone Alarm, they
have a paid version. The referenced page gives you a comparison chart. If you really look at it, you will see that the vast majority
of the features under the Professional version are features you don't need. Stick with the free stuff.
What about Norton or McAfee? They did the job, but they have a tendency to slow down your system more than the free stuff. They are also
known as bloat. Programs like that take up more resources (memory, computing power) than needed.
Spyware/Adware
Spyware is a type of software that will sit on your system and report back all kinds of info on you. Some of this is what web sites you
visited. It is also the reason you get some "pop-ups." These are unsolicited windows that try to get you to visit a site and buy something.
Hackers can make upwards of $100,000/yr for these clicks. Spyware can also send more personal info like credit card numbers, social security
numbers, passwords, user names, etc. You typically get this from visiting a web page that will exploit a vulnerabilty in the browser you are using.
It can also be installed like a Trojan where it hides within another program that you installed.
One of the best ways to prevent this from happening is to not visit questionable websites. Don't click on links from e-mails. Make sure that as you
surf you are only going to trusted web sites. Pay attention!
A "sub-class" of this is "phishing" sites. This is where you clicked on a link in an e-mail from a site you thought was your bank, eBay,
Pay Pal, or your ISP. The page you go to will look almost identical to the real site. There might be a few very small differences, however many
times the only difference is the actual URL (web address). This is where you need to pay attention to that address bar in your browser. Only use the
bookmarks in your browser. These fake sites will collect that personal info and then exploit it.
To help prevent this there are a couple programs that you can use. One is from Microsoft call Defender. It's a bit new, but it actually works fairly
well. You can get it here: Microsoft Defender. There is also another free program called
Spybot Search and Destroy. I've never used it, but it is highly recommended in the PC community. You can get it here: Spybot.
There is also a program called Adaware. You can get that here: Adaware. You only need one of these programs.
Firefox
This brings us to our next subject. Now if I was doing a fresh install of XP, I would have installed this before anything else except for a firewall. But if you've been surfing with
Internet Explorer all this time, waiting till you got some other software really won't matter. So why Firefox? Well, it is a more secure browser. Now this doesn't mean you can't fall prey
to a malicious web site. Firefox just doens't suffer from many of the same exploits that Internet Explorer (IE) does. Now, there is a new version of IE called IE7. It is officially a Beta
version which means it's a test version. Microsoft Defender is also Beta, but it's a type of Beta that is very close to what will be officially released. I've heard some good things about IE7,
but I don't have any personal experience with it.
Back to Firefox, you will need to go here to get it: Firefox. The page that comes up should have the correct version for your computer.
Download it and install. There are also things called Extensions that add features. Firefox is very customizable with Extensions and Themes. These are the Extensions I recommend:
- NoScript - Helps prevent scripts from website from executing without your permission.
- FasterFox - Makes surfing faster on Firefox.
- TabX - Puts an "X" on each tab that will close the tab.
- Adblock Plus (there is an Adblock from a different group - either one should be fine)
- Adblock Filterset.G Updater (an updater that installs new filters every 4-7 days)
- Forecastfox - A nice weather app
All of these can be found in the Extensions part of the Firefox website. The best way to find them is to type in their name in the search box on the web site.
You can also use the Menu Item Tools, then select Extensions to bring up the Extensions window. Clicking on "Get More Extensions" will bring up the default page.
So the bottom line is use Firefox for almost ALL of your browsing. The only time to use Internet Explorer and be 100% safe is when using the Microsoft site. They
pretty much require it for any kind of download or system update since they use something called Active X. Active X is one of the reasons IE has a bad rep since it is a way for a web site
to run "code" or a program on your computer without your permission. Javascript is another way, but so many sites use Javascript (JS) that it is next to
impossible to surf with IE and have tha feature turned off. With the No Scrip extension in Firefox, you can build a set of rules to allow sites that you trust
to run their scriupts. If you encounter a trusted site that still insists on using IE, then go ahead and use IE on that site.
Updates
First and foremost you should be running the most up-to-date version of XP. If you have not already set up your install of Windows to automatically update, do that NOW!
If you do not know how to set this up, then go here: Windows Update. It gives a very good explanation of
how to configure the automatic update.
This is extremely important because many of the exploits to XP occur because a hacker a figured out how to attack XP and the user has not installed the latest update to the OS.
This also includes exploits to Internet Explorer. Unless you are very familiar with XP, then make sure that everything is set so that it will download and update automatically.
If you are concerned about the update occuring during a time that you may be using the computer, then pick a day and time that you will least likely use it.
A suggestion is maybe at 2 or 3 in the morning on a Monday AM since the vast majority of people are asleep then. Or you could pick any day to do it when you are fairly sure you are
asleep or at work. The key here is to keep your computer on. Don't worry, it's more harm to power off a computer and then power it on than to leave it on 24/7. I've been keeping at least one computer
on 24/7 for at least 10 years. The power consumption is negligible. The real power monster is the monitor. If you employee a screen saver, then you will be fine.
Besides XP's updates, you should look in the Properties area of any program for a setting that will automatically check for updates of that program. Most programs will
ask about installing the new update before it actually installs. A great resource for checking for new versions of programs or just to look for all kinds of program is
Version Tracker. You can even get a daily e-mail of updates.
Router
OK, so if I don't have more than one computer connected to the Internet, why do I need a router? Well, the built in Firewall alone is the reason. All Routers have a built in
Firewall. While it won't give you an alert to outgoing traffic, it is less vulnerable to attack. Software Firewalls can be compromised easier than a Router. One MAJOR piece of
advice is to make sure that you change the Admin (Administrator) password on the router. Each router has a different way of doing this, so consult the manual that comes with it.
A hardware router will also help block other attacks that rely on knowing the IP (Internet Protocol) address of your computer. Many wide-spread trojans will easily infect a computer
within an hour of being on the Internet if they are not behind a router. This is why I advised getting the Firewall first on this page. I am assuming that you already have XP installed
for a while. If not, then the safest way to do all of this is in reverse of what I have listed. As far as a suggested router, just about any router will do. The top two are D-Link and Linksys. Both are excellent quality.
So that concludes the basic ways to secure your XP machine. The biggest thing to do is exercise Common Sense. Don't go to places on the 'Net that could be dangerous. Also, don't download
software, pictures, music files (mp3, wma, etc.), videos where you don't know it is from a trusted source. Also, e-mail is one of the biggest ways virii and spyware are spread. Be very wary
of people sending you attachments on e-mail. I'm sure that the vast majority of them are safe, but the easiest way to spread these things is for the virus to execute a script to resend itself
via e-mail using your address book. If you use Outlook, there is a Preview Pane or just Preview setting that you can disable. Using Outlook, or most e-mail programs, when you just single click
on a message, it actually opens the message in a small window below the list of e-mails. So any malicious attachment could be opened automatically and infect your system.
OK, so that really wraps things up. If anything is confusing to you or just any kind of questions, them feel free to e-mail me. Use my .Mac address. It is marz8, then the "@" sign, then
"mac.com" I do this to avoid special programs from getting my e-mail address to spam me. Plus I'm a bit lazy to search out some special scripts to allow me to actually use my e-mail address,
but prevent those scripts from getting it. You will probably notice that I don't not include complete e-mail address anywhere else on this site.
Here are my GPG Public Keys:
![[Mac Sig]](http://homepage.mac.com/marz8/images/pgp-now.gif)
My Mac address sig
My Earthlink address sig
![[Blue Ribbon Campaign icon]](http://br.eff.org/br.gif)