Joeleonhart’s Weblog

To Learn and To Share

How to Secure Your Windows with Free Softwares (3)

1.3 Keep Your Programs Up-to-Date!

All anti-malware programs require frequent updating. This enables them to recognize new kinds of malware as they are developed. The programs listed above automatically check for updates and download and install them as needed. (Each has a panel where you can verify this feature.)

You must also keep Windows up-to-date. In Vista, the automatic feature for this purpose is called Windows Update. It is on by default. You can manage it through the Control Panel | Security | Windows Update option.

As Microsoft explains, they have broadened Windows Update into a facility they call Microsoft Update. The latter auto-updates a broader range of Microsoft products than does Windows Update. For example, it updates Microsoft Office. You can sign up for Microsoft Update at the Microsoft Update web site.

In XP and Windows 2000, the auto-update feature was usually referred to as Automatic Updates. Manage it through Control Panel | Automatic Updates.

Beyond Windows, you must also keep the major applications on your computer up-to-date. Examples are Adobe’s Flash Player, Firefox, and RealPlayer. Most default to automatic updating. It’s a good practice to verify the auto-update setting right after you install any new program. Then you never need check it again.

If you don’t know whether your system has all the required updates for your programs, run the free Secunia Software Inspector. It detects and reports on out-of-date programs and ensures all “bug fixes” are applied.

If you need to download software updates for many programs, The Software Patch allows you to download them all through one web site.

 

1.4 Test Your Computer’s Defenses

You can test how well your computer resists penetration attempts by running the free ShieldsUp! program.

ShieldsUp! tells you about any security flaws it finds. It also displays the system information your computer gives out to every web site you visit. Section 3 on “How to Protect Your Privacy When Using the Internet” addresses this privacy concern.

Test whether your computer’s firewall stops unauthorized outgoing data by downloading the free program called LeakTest.

 

1.5 Peer-to-Peer Programs Can Be Risky

Peer-to-peer programs share music, videos and software. Popular examples include BitTorrent, Morpheus, Kazaa, Napster, and Gnutella. Peer-to-peer (or P2P) networking makes it possible for you to easily download files from any of the thousands of other personal computers in the network.

The problem is that by using peer-to-peer programs, you agree to allow others to read files from your computer.

Be sure that only a single Folder on your computer is shared to the Internet, not your entire disk! Then, be very careful about what you place into that shared Folder.

Some peer-to-peer programs use the lure of the free to implant adware or spyware on your computer. Other P2P systems engage in theft because they “share” files illegally.

The popular PC Pitstop web site tested major P2P programs for bundled malware in July 2005 and here’s what they found –

P2P Program: Adware or Spyware Installed:

Kazaa Brilliant Digital, Gator, Joltid, TopSearch Ares NavExcel Toolbar Bearshare WhenU SaveNow, WhenU Weather Morpheus PIB Toolbar, Huntbar Toolbar, NEO Toolbar

Imesh Ezula, Gator Shareaza, WinMX, Emule, LimeWire, BitTorrent, BitTornade

If you decide to install any peer-to-peer program, determine if the P2P program comes with malware before you install it.

You greatly increase your personal security by not getting involved in the illegal sharing of music, videos, and software. File “sharing” in violation of copyright is theft. The Recording Industry Association of America has sued over 20,000 people for it as of mid-2006.

 

1.6 Don’t Let Another User Compromise Your Computer

Got kids in the house? A teen or younger child might violate the “safe surfing” rules above and you wouldn’t know it…. until you get blindsided by malware the next time you use your computer.

This article tells about a couple whose tax returns and banking data ended up on the web after their kids used P2P networking software the parents didn’t even know was installed. A spouse or friend could cause you the same grief.

If you are not the sole user of your computer — or if you do not feel completely confident that your computer is secure — consider what personal information you store. Do you really want to manage your credit cards, bank accounts or mutual funds from your PC? Only if you know it’s secure! (Read the agreements for online financial services and you’ll see that you are responsible for security breaches that compromise your accounts.)

Some families use two computers: one for the kids and a secure one for the adults. They use the less secure computer for games and web surfing, and carefully restrict the use of the more secure machine. This two-computer strategy is appealing because today you can buy a used computer for only a hundred dollars.

An alternative is to share one computer among everyone but set up separate user ids with different access rights (explained below). Ensure that only a single user id has the authority to make changes to Windows and restrict its use.

Never use a public computer at a computer cafe or the library for online finances or other activities you must keep secure.

 

1.7 Use Administrator Rights Sparingly

To install programs or perform security-sensitive activities on a Windows computer requires administrator rights.

When you use administrator rights, any malware program you accidentally or unknowingly run has these rights — and can do anything on your system.

In systems like Windows XP and Windows 2000, the built-in Administrator user id inherently has administrator rights. You can also create other user ids to which you assign administrator rights.

Working full-time with a user id that has administrator rights makes you vulnerable! In contrast, using an account that does not have administrator rights gives you a great deal of protection. So create a new user id without administrator rights and use it. Then use the Administrator id only when necessary.

Windows Vista introduces a new feature called user account control that helps you avoid using administrator rights except when required. This feature prompts you to enter a password when you want to perform any action that requires administrator rights. While entering passwords may seem like a hassle, UAC is a big step towards a more secure Windows. Here is Microsoft’s introductory guide on this feature.

Early Windows versions – ME, 98, and 95 – don’t have a system of access rights. Whatever user id you use has the administrator powers. To keep these systems secure, all you can do is follow the other recommendations in this guide very carefully.

 

1.8 Use Strong Passwords

Passwords are the front door into your computer – and any online accounts you have on the web. You need to:

– Create strong passwords

– Change them regularly

– Use different passwords for different accounts

Strong passwords are random mixes of letters, numbers, and punctuation (if allowed) that contain eight or more characters:

AlbqP_1793, pp30-Mow9, PPw9a3mc84

Weak passwords are composed of personal names or words you can find in the dictionary:

Polly28, Bigdog, alphahouse, wisewoman2, PhoebeJane

If you set up a home wireless network, be sure to assign the router a password!

 

1.9 Always Back Up Your Data

One day you turn on your computer and it won’t start. Yikes! What now?

If you backed up your data, you won’t lose it no matter what the problem is. Backing up data is simple. For example, keep all your Word documents in a single Folder, then write that Folder to a plug-in USB memory stick after you update the documents. Or, write out all your data Folders once a week to a writeable CD.

For the few minutes it takes to make a backup, you’ll insure your data against a system meltdown. This also protects you if malware corrupts or destroys what’s on your disk drive.

If you didn’t back up your data and you have a system problem, you can still recover your data as long as the disk drive still works and the data files are not corrupted. You could, for example, take the disk drive out of the computer and place it into another Windows machine as its second drive. Then read your data — and back it up!

If the problem is that Windows won’t start up, the web offers tons of advice on how to fix and start Windows (see the Appendix). Another option is to start the machine using a Linux operating system CD and use Linux to read and save data from your Windows disk.

If the problem is that the disk drive itself fails, you’ll need your data backup. If you didn’t make one, your only option is to remove the drive and send it to a service that uses forensics to recover data. This is expensive and may or may not be able to restore your data. Learn the lesson from this guide rather than from experience – back up your data!

 

1.10 Encrypt Your Data

Even if you have locked your Windows system with a good password, anyone with physical access to your computer can still read the data!

One easy way to do this is simply to boot up the Linux operating system using a CD, then read the Windows files with Linux. This circumvents the Windows password that otherwise protects the files.

Modern versions of Windows like Vista and XP include built-in encryption. Right-click on either a Folder or File to see its Properties. The Properties’ Advanced button allows you to specify that all the files in the Folder or the single File will be automatically encrypted and decrypted for you. This protects that data from being read even if someone circumvents your Windows password. It is sufficient protection for most situations.

Alternatively, you might install free encryption software like TrueCrypt, BestCrypt or many others.

If you encrypt your data, be sure you will always be able to decrypt it! If the encryption is based on a key you enter, you must remember the key. You might wish to keep unencrypted backups of your data on CD or USB memory stick.

Laptop and notebook computers are most at risk to physical access by an outsider because they are most frequently lost or stolen — keep all data files your portable computer encrypted.

 

1.11 Reduce Browser Vulnerabilities

As the program you run to access the Internet, your web browser is either your first line of defense or a key vulnerability in protecting your computer from Internet malware.

Will Your Browser Run Anybody’s Program? – From a security standpoint, the worldwide web has a basic design flaw – many web sites expect to be able to run any program they want on your personal computer. You are expected to accept the risk of running their code! The risk stems from both accidental program defects and purposefully malicious code.

Some web sites require that you allow their programs to run their code to get full value from the web site.

Others do not. You can find whether the web sites you visit require programmability simply by turning it off and visiting the site to see if it still works properly.

Here are the keywords to look for in web browsers to turn off their programmability —

– ActiveX

Active Scripting (or Scripting)

.NET components (or .NET Framework components)

Java (or Java VM)

JavaScript

Turn off the programmability of your browser by un-checking those keywords at these menu options — Browser: How to Set Programmability:

Internet Explorer Tools | Internet Options | Security | Internet Custom Level

Firefox * Tools | Options | Content

Opera Tools | Preferences | Advanced | Content

K-Meleon Edit | Advanced Preferences | JavaScript

SeaMonkey Edit | Preferences | Advanced (Java) | Scripts and Plugins (JavaScript)

* Version 2 on

Internet Explorer Vulnerabilities — The Internet Explorer browser has historically been vulnerable to malware. Free programs like SpywareBlaster, SpywareGuard, HijackThis, BHODemon, and others help prevent and fix these problems.

Tracking Internet Explorer’s vulnerabilities is time-consuming because criminals continually devise new “IE attacks.” If you use Internet Explorer, be sure you’re using the latest version and that Windows’ automatic update feature is enabled so that downloads will quickly fix any newly-discovered bug.

Internet Explorer has traditionally been insecure measured against competing browsers. Some feel that IE versions 7 and 8 correct these problems, or that Vista resolves them. Others disagree. If you wish to use some other browser the above chart lists free alternatives..

 

1.12 Wireless Risks

Wireless communication allows you to use the Internet from your computer without connecting it to a modem by a wire or cable. Sometimes called Wi-Fi, wireless technology is very convenient because you can use your laptop from anywhere there is a invisible Internet connection or hotspot. For example, you could use your laptop and the Internet from a cafe, hotel, restaurant, or library hotspot.

But wireless presents security concerns. Most public hotspots are un-secured. All your wireless transmissions at the hotspot are sent in unencrypted “clear text” (except for information on web pages whose addresses begin with https). Someone with a computer and the right software could scan and read what passes between your computer and the Internet.

Don’t use public hotspots for Internet communications you need to keep secure (like your online banking).

Many people set up a wireless home network. You create your own local hotspot so that you can use your laptop anywhere in the house without a physical connection.

Home routers are insecure by default. You must apply security to them. Otherwise you might inadvertently create a public hotspot! Freeloaders on your home network could reduce the Internet performance you’re paying for. Activities like illegal song downloads would likely be traced to you, not to the guilty party you’ve unknowingly allowed to use your network.

First, be sure the wireless equipment you use supports either the 802.11 G or 802.11 N standards. These secure wireless transmissions through WPA (Wi-Fi Protected Access) or WPA2 encryption.

Do not base a wireless home network on equipment that only supports the older 802.11 A or 802.11 B standards. These use an encryption technology, called WEP (Wired Equivalent Privacy), that is not secure.

When you set up your wireless home network, assign your system a unique name, tell it not to broadcast that name, give it a tough new password, and turn on the strongest encryption your router supports. Specify that only certain computers can remotely use the network through MAC address filtering. Turn off your router and modem when you’re not using them. Expert advice varies on how to best secure wireless networks, so see the Appendix for more detail.

 

June 10, 2008 - Posted by | Computer & Techs

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: