Outline of PC Online Security
Both Security and Personal Safety have two ways of being achieved
1) Passively
like an air bag, it requires the user to do nothing and
it responds to the conditions at hand.
2) Actively
like a seat belt, the user must engage it or it does
nothing to help you
In addition, there are Reactive tools (like anti-virus and IDS
scanners), as well as Proactive tools to avoid contamination altogether.
Lastly, there's no silver bullet that 'kills all vampires'. Like a
carpenter's tool box, there are special tools for each job and sometimes
multiple variations for the same task (ie a framing hammer versus a tack
hammer). You can NEVER have too many tools!
Dialup users get a new IP address every time they connect. This implies
that if I want to attack you specifically, it can only be done during
the life of your existing connection (else how can I find YOU next time).
This makes the attacker's life more difficult and they will usually look
for easier targets (ie: a machine with a fixed IP address).
Broadband and ISDN users have significant exposure. If you do nothing at
all, your computer sets on the Internet begging to be attacked. Without
some protective techniques, your computer can easily become a remote
robot used to infect other users too (very much like infectious diseases).
What are the steps to secure your system?
1) Get a Router - cheap, hardware-passive solution (ok, you have to buy
one, install it, and turn on) which is ~75% effective. Your system is
no longer visible to the Internet and the
chances of direct attack are
greatly reduce (notice: not 100% protected). WHY? The modem will have
a Public IP address and this is visible. When the computer is connected
to a Router (and then to the modem), your system as a Private IP address
(ie: a non-routable address like 192.168.*.*) An Internet attack can
not be made directly against a non-routable address and your computer is
much safer. This is all done be a router technique called NAT (network
address translation).
2)Install Windows XP with SP2. This Service Pack reconfigures Windows
to be very much like Apple Macintosh has always been; all ports closed.
Without an open port, the system is exactly like not even being
connected at all and thus is much more immune from attack.
3)Get a Software Firewall - several are available, not expensive and
there is at lease one or more that are Freeware (ZoneAlarm, COMODO).
Windows XP users have a freebie from Microsoft which is a half/firewall solution;
half because it only controls inbound connections and has very little
configuration control -- the whole object of a firewall in the first place.
A configurable firewall will allow you to control inbound access very
effectively. For example, all of your local network (other computers
also connected to your router) can be allowed to enable File and Print
Sharing). Then inbound traffic from the Internet can be restricted by
default. You have control and the bad guys are locked out.
A firewall increases
your protection level to ~95% effective. Why not
100%? Because
you the user still 'invite' visitors into your system
with Email and Web pages! If you never read Email nor browsed the web
for information, then you would be secure, but then you've paid for
access that is useless to you too
Here are some specific tools to assist you in keeping your system safe
and sane:
ActiveX control
Spyware Blaster @
http://www.javacoolsoftware.com/
Keylogging protection, hijacker control, system modification
monitoring all leading to Identity Theft
Spybot Search & Destroy
@
http://www.spybot.info/en/index.html
love this one, as you can disable startups
without fussing with the Registry!
Popup control
Popup Stopper
@
http://www.panicware.com/product_psfree.html
Spam control
a) don't use the Preview Pane,
it allows access before you even get to delete it.
b) use a spam filter like
http://www.giantcompany.com/
which was just acquired my Microsoft
http://www.microsoft.com/athome/security/spyware/default.mspx
c) another choice is Mozilla Thunderbird which avoids
ActiveX and VP scripting code altogether
AntiVirus Software
Reactive measure to fix the damage already active on your system. Some
products perform scans on files as they are being opened, which is a
Proactive approach to avoiding contamination.
edit:
http://free.grisoft.com/
http://www.mcafee.com/us/default.asp
edit: Add a host file to block well known sites with various contaminations!
access this online text file,
then
SAVE AS \windows\system32\drivers\etc\hosts\ (notice no extension and allow the replacement).