Graeme's PC Page

This is not intended to be a complete guide to Internet security, but I sincerely believe that if you follow the advice given you will have gone a fair way towards protecting your PC. No PC is completely secure while it is turned on, and especially not when connected to the Internet.

If you want to discuss anything I have to say here, feel free to drop me a line. Let me know if you think I'm wrong, or even mistaken, or ask for clarification.

If you read nothing else:

• Install a personal firewall and be careful as to what connections you allow.
• Install antivirus software and keep it up to date
• Scan for spyware regularly
• Take care with email and attachments

Background

I've been working in the Information Communications and Technology area since 1976, in a wide range of jobs ranging from low-level technical support to sales and marketing.

People often come to me when they have problems with their PCs: "You know about computers - can you help me?" This is usually when their PC is performing like a dog because of the amount of malicious software running on it, porn pages pop up at random, etc...

This page has some advice for PC users, particularly home or small business users with a single PC connected to the Internet. Most of it comes from my direct experience and others may well have different views, which I'm happy to consider. There is normally a number of ways to do what you want to do on a PC, and there's never just one answer!

Threats

The Internet is an increasingly hostile place, with organised crime as well as the so-called "script kiddies" and a whole range between coming up with new exploits to take over your computer, extract personal information, or just cause damage.

Don't fall in to the trap of thinking that you're too small for the baddies to be interested in, or that there's no information of interest. Often they're just looking for a machine they can get control of to use for the distribution of spam or to attack another target.

Threats can be categorised under the following main headings:

• Viruses - malicious software including viruses, trojans (as in the Trojan Horse), keyloggers, etc

• Spyware - software that is installed, often by stealth ("drive-by download") or in association with other software, that tracks where you go on the Internet and calls home to report on what it finds. Frequently loads updates in the background, without your permission, slows your PC down to a crawl, serves up advertisements based on what you may be looking at, etc.

• Diallers - often installed by porn sites - "if you want to look at our high-class photographs of people doing interesting things you must install our special piece of software..." - or some other prompt that insists you give permission to install software. Once installed, it turns off your modem's speaker, dials an 0900 number and clocks up charges on your phone bill.

• Home Page Hijackers - change the first page your Internet browser goes to to a "search portal" that tries to divert you to an advertising site (so that the perpetrators get paid for the click), or to a porn site. Often more annoying or embarrassing than dangerous.

Defences

In the commercial world, defence in depth includes separate systems for firewalls, intrusion detection, email scanning, and so on. For example, my home network is connected via a high-speed ADSL link, has a dedicated firewall with intrusion detection, the Windows PCs have personal firewalls and anti-virus software, and are scanned regularly for spyware. Logon to any of the servers requires that the user has a "key" installed on the server and uses a matching key to gain access. This is reasonably secure, but uses technology that probably isn't available to the average home user!

For some time Microsoft has had  the following three points highlighted on a number of their web pages:

1. Use an Internet Firewall.
2. Get Computer Updates.
3. Use Up-to-Date Antivirus Software.

Good advice to which I would add:

4. Scan your system regularly for spyware.
5. Be suspicious of e-mail from strangers or from people you know, but with a strange subject line.
6. Be cautious about opening attachments.
7. Ask if you're not sure.

Internet Firewall

In simple terms, a firewall blocks internet connections you don't want and allows those that you do. Windows XP comes with a firewall that is now (since Service Pack 2) enabled by default. However this can only block connection from the Internet to your computer, while allowing any connection from your computer to the Internet. This means that once a baddie gets in they have complete access to get out again.

I recommend the free firewalls Sygate Personal Firewall and ZoneAlarm. If you have one of the protection suites from Computer Associates, Mcafee, Norton or Panda these are fine.

You will often get dire warnings about someone trying to connect to your PC. This is just the firewall doing its job and the messages are more marketing from the software company than anything else and can generally be ignored, as it's just the program letting you know that it's doing its job.

Every PC connected to the Internet has an Internet Protocol (IP) address associated with it. These are assigned dynamically from a pool when you dial up, for example. The baddies scan IP addresses - just like calling telephone numbers to see who answers or trying doors to see if they're unlocked. The firewall prevents the answer or keeps your door locked, depending on how you look at it.

With a proper (as opposed to Windows XP) firewall, outbound connections are also checked. If a message pops up saying that a program is trying to access the Internet, and you don't know what it is, don't say "Yes" to make the annoying message go away. Try to work out what's happening, or just say no. After a fairly short time you will have trained the firewall to recognise your system and the way you work, and the annoyances will diminish.

Computer Updates

Most exploits rely on vulnerabilities that are already known and for which there are, frequently, patches available. It is good practice to keep your system up to date.

Microsoft distributes updates regularly (normally once a month) for all supported operating systems. This currently includes Windows 98 and later, although support for Windows 98 is limited and due to finish 30 June 2006. Visit the Windows update site regularly. If you are offered the option to turn on automatic updates, I suggest you do this. If you're paranoid, select the option that downloads the updates in the background but lets you choose when to apply them. If you haven't done this for some time - or ever! - the first update could well be huge...

Anti-Virus Software

I'm continually amazed by the number of people who either don't use anti-virus software, or fail to keep it up to date. Along with a personal firewall and the top two inches, this is your primary line of defence. Set the software to scan all files when opened and to scan your email, as a minimum.

Generally, there is a short delay between a weakness being found and an exploit being released - although this delay is ever-shortening - so it pays to keep your anti-virus software and detection files up to date.

I recommend updates at least daily. With my high-speed, always-on, connection, my Windows PCs are set to check for updates automatically every four hours. No, I'm not paranoid - just careful.

Suitable products are available from Computer Associates, Mcafee, Norton or Panda.

Good free alternatives are available from AVG (Grisoft), AntiVir, Avast, and ClamWin. (I have a lot of users who are happy with AVG, but I don't know much about the others as yet.)

Disclosure: I've used CA's EZ AntiVirus for a number of years with no complaints. Not because I think it's better; it was just the way things turned out.

Scanning for Spyware

The two programs I generally recommend - and use myself - are AdAware from Lavasoft and Spybot Search & Destroy. I've also had good results recently with Microsoft's AntiSpyware. This is currently free, but may become a commercial product in 2006.

Just like anti-virus software, these have detection signatures that need to be updated regularly. I recommend that you update the software then scan your system at least weekly.

The software can be overzealous in identifying cookies and recently-used file lists as threats.

• Cookies are small files deposited on your hard drive by a web site to store information for later retrieval. For example, when you log on to the SmartBar Operators' section your credentials are stored in a cookie so that you don't have to enter your user name and password for every page. In some cases they can be used to track you across multiple sites. Red Sheriff is a good example of this.
• Most-Recently Used (MRU) lists are kept by some programs (e.g. Word) to let you return to a file you have opened recently without having to search for it again.

To the truly paranoid, both of these are seen as potential information leaks.

True spyware - and you'll know when it's found - really can constitute a threat.

Email-borne Threats

Email is a common vector for malware and, increasingly, what has become know as phishing. When the Kournikova and I Love You viruses burst on the unsuspecting public they caused absolute mayhem. Their subjects encouraged the recipient to open the email - often this was enough to launch the viral code - or open an attachment in the hope of seeing intimate photographs of the Russian tennis starlet. The viral code then automatically sent itself to all users in the recipient's contacts list and Address Book. I well remember getting this from a friend of mine at my place of work. Having heard about the virus on the radio as I was driving to work, I knew what was happening. I ran to his desk and unplugged his network connection. He was busy typing an email of apology to send to all his contacts, just adding to the confusion and clutter!

The baddies recently (June 2005) took advantage of the Michael Jackson case to try the same sort of attack.

If you get an email from someone you don't know, be suspicious. If you get an email, apparently from someone you know, but with a strange subject, be suspicious.

Don't rely on your anti-virus software, as the exploit may not be detected just yet.

In the case of spam, simply opening the email, particularly if it is HTML format, may be enough to signal the spammer that your email address is valid and they can keep sending to it. NEVER reply. Unless you intend to buy, of course!

Originating addresses are frequently spoofed. Just because you recognise the sender's address, it doesn't necessarily mean that they were the culprit.

Conclusion

Lengthy as it is, the is page is not exhaustive. Let me know if you want further information.

Enjoy your PC and the Internet, but let's be careful out there.

Further Resources

[[To be added...]]

Home | About | Contact | Privacy
Copyright © 2004 - 2008 Kula Services Limited
Page last updated: Sunday, 06 January 2008