HOME

ARTICLES

Basic Computer Maintenance

Rules for Safe Computing on the Internet

Security Recommendations

How to Secure Your Windows Computer

Windows Versus Linux

Ubuntu Basics

Tweaks! Tweaks! And More Tweaks!

FREE! FREE! FREE!

Your Links to the World of Computers

Building a Personal Computer

So You “Wannabe” a Computer Tech?



SECURITY RECOMMENDATIONS

Last Updated: 10-30-16

THE BASICS

Security is an on-going process not a one-time solution. But, you must begin somewhere. The following are a few security basics that should be considered:

HARDEN THE OPERATING SYSTEM BY INSTALLING ALL SERVICE PACKS AND CRITICAL UPDATES! Do the same for all major application packages (like Microsoft Office) as well. This not only fixes major “bugs” but also closes potential security holes and possible exploits. Most hackers and their creations (i.e., viruses, worms, Trojans, etc.) use these holes and exploits to do their damage. Make sure that you have the latest patches and fixes for all of your programs – especially your Internet Browser and Email programs. Use the Windows Update feature and any update feature that may be a part of your business applications. (Be sure and do a system restore checkpoint and also a backup of all your important data before any system update!)

INSTALL, USE AND UPDATE AN ANTI-VIRUS PROGRAM LIKE NORTON ANTI-VIRUS OR MCAFEE’S VIRUSSCAN! Be sure and do a live update weekly (twice a week is even better!) to make sure that you have the latest virus signature files and engine updates. (You can, of course, activate the auto-update feature of most antivirus programs, if you like.) Be sure and read all documentation and configure the anti-virus program correctly. Every computer needs to be running anti-virus software (auto-protection) continuously. Whenever you hear of a new virus outbreak, do an update immediately! Besides Norton or McAfee, there are also quite a few free antivirus programs available on the Internet. (Go here to find all kinds of links to free online virus scanners and products.)

NOTE: I now no longer recommend Symantec or McAfee products. Why? Because Norton and McAfee products have become monstrously intrusive bloatware that insinuate themselves into your system like malware. If you have a fast enough system and want to pay a high premium for the “pleasure” of a program that when it works it works very well, but when something goes wrong, it is horrid ... then go ahead and pay and play. But beware and be warned that Symantec and McAfee can be as miserable to deal with as most any virus or worm or Trojan I have ever dealt with! (If you must use their products, do not use their Security and Internet Suites! Use only their stand-alone antivirus products. This will have the effect of minimizing their invasively huge footprint upon your system.) If you purchase a new computer and it comes with Norton or McAfee, delete them! (But, good luck trying to do so cleanly and easily. They do not go quietly into the night! They will fight you and insist on staying behind, keeping parts of themselves in memory and on your hard drive and in your registry. To fully get rid of these lecherous programs you may have to use special removal tools. For instance, with Norton you have to use their specialized Norton Removal Tool. To get rid of all McAfee products use the McAfee Removal Tool. By the way, it should be obvious that these tools utilize drastic measures to remove their products from your system. That alone ought to tell you something about the nature of their products. Read all documentation carefully before using these tools.) If you already have and are using Norton or McAfee and everything is going well, then fine, keep them until they turn on you. When that happens – and it will happen – then have fun removing them. My best advice is to not use either Norton or McAfee; instead, go with AVG.

UPDATE: What I wrote in the note above a couple of years ago needs an update! I would now encourage most computer users to actually go with Norton or McAfee. Why? Because they are doing a much better job about handling resources and no longer appear to be so intrusive. While they have a very real learning curve to integrate them well – especially their Internet Suite products – they do a very good job. And there is one more reason: The level of threats out there is much more serious and sophisticated! I don't use Norton or McAfee. AVG and Malwarebytes and ZoneAlarm (all free) are just fine for my purposes. But for the average user, I now recommend they choose a full Internet security product to protect them for the nasties on the net.

INSTALL, USE AND UPDATE A SOFTWARE FIREWALL PRODUCT LIKE ZONEALARM PRO! Be sure and read all documentation and configure the firewall correctly. Every computer on a network attached to the Internet needs to be running firewall software continuously. (The free-for-personal-use ZoneAlarm is good, but the full-featured ZoneAlarm Pro is better!) If you have broadband access to the Internet, in addition to any software firewall you still need a hardware firewall. At the very least use a router that has firewall functions (NAT, SPI, etc.) built in. Do not ever connect directly to your cable or DSL appliance without having a firewall router between you and the Internet! At the very least, if you have Windows make sure that the Internet Connection Firewall is enabled. It is now possible for a brand new, unprotected machine to be hacked or infected when connecting to the Internet for the first time while in the process of trying to update and download programs to protect the system. The first thing to do is to put up a firewall to prevent this from happening. Here is a little reality check for you: Studies are showing that almost 70% of computer systems out there are still not protected with firewall and other security programs! If you wonder why viruses, worms, Trojans, adware, spyware and other malicious programs are wreaking such havoc and have thus become such a major problem, now you know. If you are one of the 70% you are a part of the problem! Understand this; hackers want your computer and are looking for the fools that don’t protect their systems. They then use those hijacked systems to do their dirty work and the infection spreads. (Go here to find all kinds of links to free security scanners and firewall products.)

INSTALL AND USE MALWAREBYTES AND ADAWARE OR SPYBOT! These three programs check for the presence of Trojan Horses and Spyware as well as other malicious programs that exploit your system’s security. Malwarebytes, AdAware and SpyBot are free stand-alone programs that should be used to scan your system once a month at the very least. Like anti-virus programs, these programs and their signature files also need to be updated on a regular basis. Read all documentation that comes with each program. Also, use SpywareBlaster to block spyware and sleazeware from your browser and your system. Spyware is one of the fastest growing threats on the Internet. There are numerous products out there to deal with this problem. Of course Symantec and McAfee are beginning to address the spyware problem with their products. But, again, Symantec and McAfee products can sometimes be just as problematic as the threats they protect against. (Go here to find all kinds of free online scanners and anti-spyware products.)

THINK ABOUT USING SPAM FILTERING SOFTWARE! If you do a lot of emailing or if you are receiving a lot of email and particularly a lot of spam then you should consider getting a spam fighting program. (Most major Internet Service Providers now have spam filtering products as part of their Internet package. If they do, look into this service and use it! Also, if your ISP allows you to use server or Web based email consider using that instead of Outlook or Outlook Express!) There are numerous products on the market. Some work only for Outlook; others work for Outlook Express; some work for both; and others work for different email programs. Some of them are even free. Be sure and take a look at MailWasher. Obviously, as with most security and utility products there are a lot of choices, so do your homework. And, one more thing … every security product you add to your system or network, as essential as they may be, ends up adding one more layer of complexity to your work. There are, quite literally, hundreds and thousands of programs out there for just about anything you want to do. And, you could spend all your time on them and never get any real work done. So, think very carefully about what your real needs are and choose carefully. (Go here to find all kinds of free online security scanners and anti-spam products.)

PASSWORD PROTECT EVERYTHING! All operating systems have some form of password protection. (Some computer systems even allow you to password protect the BIOS and system startup.) Even screen savers allow you to password protect your desktop. Windows 98 is the least secure operating system. Windows 2000 and Windows XP are much more secure. And Windows 7-10 are most secure! Linux is also very secure. Passwords should be a minimum of 6 (8 is better!) letters, numbers and symbols all mixed in together using upper and lower case. They should never be names of people, places or pets. (Don’t use special dates like birthdays either.) For that matter, don’t use any word that can be found in any dictionary (including foreign language dictionaries). Hackers use dictionary tools to crack passwords! If you must use something memorable use a phrase or an acrostic sentence and substitute numbers and symbols where possible. Also, use both uppercase and lowercase letters. So, for instance, rather than using “johnsmith” as a password, use something more creative like, “j04Z*!*sM1t4.” (The “Z” looks like a sideways “N” and the “4” on old calculators looked like an upside down “h”.) A couple of other things. Be sure and change the default passwords and settings that often come with most systems (i.e., administrator and root accounts, router passwords, etc.). Passwords should also be changed from time to time. (At least every six months.) And, finally, if you must write your passwords down, store them in a safe (i.e., under lock and key) place. Do not store your password list in an unencrypted (i.e., plain text file) on your hard drive. One last thing. It is probably now essential that you get a product like LastPass to help you with all your passwords. It is basically a password protection program that stores all your passwords across platform and systems for all your accounts. It is fantastic!

WARNING: You should realize that with the tools and technology available to hackers and crackers almost any password can be “broken”! (This is especially true if you use “weak” passwords.) There are password cracking programs out there that can break all but the most difficult (i.e., strongest) passwords, and they are getting better all the time! If you really are serious about security you should consider password protection and encryption programs.

BACKUPS, BACKUPS, BACKUPS! All of the security features in the world cannot replace the necessity of a regular backup schedule. There are only two kinds of computer users: Those who have lost data and those who will. You must get into the habit of religiously backing up all important computer data. This not only protects your business from security threats but also from system failure, user errors, and other miscellaneous and sundry problems that put your business at risk. You may never experience a malicious hack-attack, but you most certainly will experience a rogue virus or worm. And you will definitely, sooner or later, face hardware or system failure. (You do use an Uninterruptible Power Supply don’t you?) A recent backup is the only protection you have and may very well stand between you and business loss or failure. How often should you back up your data? Well, answer this question: How much work can you afford to loose? Also, never trust your business to only one single backup. For business purposes do the following:

(1) Backup every single day or night!

(2) Have a minimum of two backups; one onsite and one offsite in a secure location.

(3) Test your backups periodically to see that all data can be properly restored and do so on a test system. Do not do a test restore on a production system.

(4) Rotate your backups using a daily, weekly, and monthly schedule.

(5) Replace your backup media on a regular basis. No backup media lasts forever ... and neither do backup devices.

(6) Remember, your backups are your only link to your business in the event of a catastrophe. Keep them safe (i.e., under lock and key).

One of the most important things to do as part of your backup strategy is to make sure that you in some way back up critical system files and settings. Make sure that you are backing up your System State (Registry) using the Automated System Recovery feature in Windows 2000, XP, Windows 7-10, etc. (Other versions of Windows do not have this feature.) You also need to make sure that you have made system Recovery Disks (ER Disks) for each system you have. Every version of Windows has its own way to make these backups and Recovery Disks. You can also do Registry backups in Windows 98; but know that Windows 2000 and XP require special tools for this and Windows 7-10 have their own backup programs and strategies you must learn. It is up to you, the user to make sure that you learn the “art” of backing up your system. In addition, you should make any emergency disks that your security software (i.e., antivirus programs, etc.) recommends. Also, you can create (or find alternate) system startup disks for any version of Windows. And, with Windows 2000/XP/7-10 you can always access the Recovery Console by using the installation CD which can be loaded at boot-up or other times. Bottom line: Make sure that you have a way to access your files and system if your computer will not boot into Windows! The only way to do this is to have some form of alternate booting disks which you must create ahead of time.

NOTE: One of the best backup programs is EaseUS ToDo Backup! Now there is no excuse for you not to do your backups.

These few programs and procedures, when properly used, will go a long way in securing your computer and your network. But, there are a few other things you must do to keep your network secure ...

A FEW MORE SUGGESTIONS

Consider the following suggestions very carefully. You will find that some of them may be essential to the security of your computer and your network. Other suggestions may not apply. Use a little common sense in implementing any of these ideas.

Don't trust the “All-In-One” Internet Security Packages from Symantec or McAfee (and others) to do it all! First realize that these all-in-one products are rather expensive and consistently receive mixed reviews in the trade publications. These programs are huge! In fact they are usually several programs in one. Some of these major retail packages are notorious for loading bloated and useless programs on your computer. Not only do they want to take over your system, they also are complete memory hogs and can actually slow down your computer with all of the processes they want to run. (If you don’t have a high-end machine don’t even try to run one of these all-in-one security products!) Secondly, these products must be set up correctly and be constantly updated to work to their maximum effectiveness. What this means is that if you use them you need to learn them! They may tell you that you can “set and forget” them, but you do so at your own risk. Finally, you can almost always get virtually the same protection from other products, many of which are free, and all of which have a much smaller footprint on your system. While some users may find it convenient to use these all-in-one products, it is recommended that a more eclectic approach be taken and that you find and use only those programs that are absolutely needed. (The more I have dealt with Norton’s and McAfee’s Internet Security packages on client’s machines the more I hate them! But that's just me. You may need them! But the novice user has no easy way of figuring out all the modules in those products. It is just too complicated and usually ends up creating system and program conflicts, not to mention system slowdowns. My solution has been to “dump” almost all Symantec products and install less bloated products that usually happen to be free. Use only the security products you actually need. Don’t install any and every security product there is. For more information about the Symantec problem, see above or go here.)

Here is a security recommendation that also doubles as a system tweak – Clean up your system! Remove all unnecessary programs; turn off all unneeded services; don’t let programs start at boot up if you don’t absolutely have to have them; etc. The point is, don’t bloat your system! How many processes are running in the background? (If you have more than 50-70 you may have too many!) How many icons do you have in your system tray? (If you have more than ten you may have too many!) Use MSConfig (or a similar utility) to see what is loading at startup. Use the Task Manager to see what processes are running in the background. Check out your Registry’s “Run” sections under “HKEY_Local_Machine” and “HKEY_Current_User” to see what’s going on. Keep your system “lean and mean”! Every program or utility that you add to your machine just ends up taking up more memory and creates the definite possibility of system conflicts. Also, if you don’t know what is running in the background, and you don’t know what is supposed to be running, how do you know what’s necessary and what’s not? How do you know if you have some malicious program? The more junk you have running in the background, the greater the chance you have of having some Trojan hiding amongst all the clutter. Another thing. Don’t install every cute little utility that comes along. Don’t turn on every system feature a utility or program has. Go through every program you use and check out the “Preferences” and “Options” to turn off unneeded features, especially those that keep the program running in the background all the time. It seems like every program you install thinks that it is the most important program ever and that it must “take over” your entire system and be available and in memory at all times. The chances are very good that you have at least five programs running in the background that you don’t need. And you probably have ten services or system processes currently running that are not needed, some of which may even be security risks! (One of the most basic rules in computer and network security is to disable all services and products that are not necessary. Microsoft thinks that every service and feature needs to be enabled in all of their products. Symantec and McAfee also thinks that their products need to take over your entire system. Ridiculous! Turn unnecessary features and services off. One service that should be disabled in Windows is the Windows Messenger Service. Another is Universal Plug and Play. In Windows 2000 and XP go to the Services module under Administrative Tools and disable these specific services. There are also several other services that could and probably should be disabled for security reasons. However, such should be done only by the advanced user who fully understands the consequences of what he or she is doing.)

If your computer or your network is connected to the Internet through a modem and a dial-up account, your system is vulnerable during the time you are connected to the Internet. The threat is usually not considered that great since you are given a different IP address by your ISP each time you connect. (Thus, you are a “moving target” to a potential hacker.) However, your system will still be scanned during the time you are connected! What is more, it is also possible for worms to be transmitted across open network shares during that time. This is why it is imperative that you have both a firewall and antivirus software in place, correctly configured, updated and running.

If your computer or your network is connected to the Internet using a broadband cable or DSL modem you are far more vulnerable to hackers and other security threats than you are with a dial-up account. (Usually your broadband ISP gives you a static rather than a dynamic IP address. This is exactly what hackers and script kiddies are looking for.) If you use a cable or DSL modem you must make sure that you also have a cable/DSL router for your network that provides built-in firewall protection usually by a process called Network Address Translation (NAT). (In addition to this you still must use a software firewall program like ZoneAlarm Pro on every single computer!) The Cable/DSL Router with NAT will provide Internet access for all the computers in your small network. Also, you must harden your router and any hardware firewall by making sure that you have updated it with the latest firmware. In addition to this, if you do not use the remote administration feature on your router or firewall, make sure that it is disabled. (It should be noted that a hardware firewall or router that uses Stateful Packet Inspection [SPI] is considered more secure than one that uses Network Address Translation. However, NAT is the first line of defense in hardware firewalls and routers. SPI firewalls and routers are more expensive and more difficult to administer than NAT firewalls and routers.) One last thing: Remember to password protect your hardware firewalls and routers. Do not leave them with their default passwords and settings enabled.

If you have Windows 2000 or XP or Windows 7-10 and are connected to any kind of network (especially the Internet), make sure that you have enabled the network icon in the system tray. Why? So that you can be sure you can see whenever your computer has any network activity! If you notice that your computer is constantly accessing the Internet – especially when you are not “doing” anything on the Internet, you might have a problem. Go to Start, Control Panel, Network Connection and right click on each connection and choose “Properties.” Then under the General Tab, make sure that “Show icon in notification area when connected” is checked. (You should also note that any good firewall, like ZoneAlarm, will also have some visual display of network activity. If you right click on the system tray icon, you can stop and lock your system.)

One of the biggest dangers for your networks are “open shares” (i.e., shared drives and directories; folders and files; printers; etc.). If you must share drives and directories, folders and files, you really should password protect each share! (The reason is simple: If you are sharing files and folders on your network and that network is open to the Internet, those files and folders are potentially also open to the Internet!) Turn off file sharing if you don’t need it. If you must have it, use a firewall. Again, if you are using broadband your system will be scanned several times a day from the Internet, guaranteed. If you have not taken adequate security precautions your network will eventually be compromised either by hackers or worms.

While it is certainly possible to keep your computers and your system running 24/7/365, you should be aware that if you have an always-on connection (i.e., broadband) you are much more susceptible to security problems coming from the Internet. There are several things you can do:

(1) If possible, turn off your computers at night. Windows 98 systems need to be restarted every few days anyway due to memory usage (i.e., resource) issues. But, if you are still using Windows 98, you probably don't really care about security – there is none for Windows 98!

(2) Or, disconnect your network from the Internet connection at the cable modem/router when you do not need the Internet.

(3) No matter what, keep the firewall software running on each computer and use its “stop and lock” Internet/Network feature when you are not using the network.

While most worms travel across open network shares, most viruses come via email! (Very few viruses come via the floppy disk or CD-ROM anymore, but it still happens, so be cautious.) Therefore you must monitor and protect your email. Make sure that you have antivirus software installed and that it is set to stringently monitor your email. And, as an added precaution, make sure that your firewall software also has the ability to block viruses that come through email. (ZoneAlarm Pro does this. But, note that the free-for-personal-use edition of ZoneAlarm does not!) Since most viruses are now sent through email consider the following “best practice” rules:

(1) Never open any email attachment unless you are very sure where it came from and you are expecting that attachment in an email. Even when an email looks like it came from a friend, it could have been “spoofed” (when a fake address is used) by a hacker or a worm. (Many spammers and virus writers spoof email addresses so that it is almost impossible to tell where they came from.) So double check! Never open a program if you do not know what it does. Also, do not click on any links or pictures inside spam emails. Doing so could either activate a virus or take you to a malicious web site on the Internet.

(2) Never respond to any spam – not even to “unsubscribe”! Doing so will only guarantee that you will get more spam. (Sometimes clicking on “unsubscribe” will actually let Trojans or other nasties on to your computer!) Learn how to set up message rules for email to filter all email you receive. (By the way, the reason you even get spam in the first place is because it works! This means that some idiot actually responds to spam and buys into the scam. If enough idiots respond the spammers know that they can make money if they send out enough of their slime. Please don’t be one of the idiots!)

(3) Never send sensitive information via email even if someone who is apparently legitimate asks for it. Unscrupulous spammers and others use a process called “phishing” and “social engineering” to get you to release all kinds of personal information. Don’t do it! (Legitimate organizations will not ask you for sensitive information through email.) This would include account numbers, passwords, credit card numbers, social security information, etc. It should be noted that a careful reading of these scam spams will reveal that they are cons. How? Note the spelling and grammar. Almost every one of these spams contain major and minor grammatical blunders – a dead give-away! (This usually means that the scams originate in foreign countries.) However, be warned, these cons are getting more sophisticated all the time. Many of these scams look almost perfectly like legitimate emails from reputable companies or organizations.

WARNING: I have now seen scams – supposedly from Ebay and PayPal – so good that I could not tell they were fakes until I went into the headers and code to find their spoofed web and email addresses! These cons stated that your accounts may have been compromised and asked you to re-enter your account information. They then redirected you to their fake web site in order to steal your account information.

WARNING: Phishing scams are now virtually exploding everywhere on the Internet! The best way to avoid the phishing is to never click a link in an email or on a third-party web site that supposedly takes you to a financial institution’s web page – even if it is your own financial institution. Don’t do it! Use your own bookmark or type in the address yourself. And, again, do not give out any personal information to anyone who contacts you over the Internet. Basically, be suspicious of anyone on the Internet when it comes to your personal information and your money.

WARNING: And then there is ransom-ware! This is one of the most insidious cons our there. I have actually dealt with them in their early stages. One client had their computer locked down and I was able to “unlock” it and recover almost all of their files. A few months later it happened again. And then another clients system was attacked. I could only save some of their important files. There was nothing else I could do. They lost most everything! The only thing was these attacks were learning steps. The “ransom” would come in later iterations of this Trojan. When it grew up it was “the perfect con”! Now if you get ransom-ware on your computer you will be told how much they want to unlock your files or you will loose them. The only solution to avoiding this terror is to practice safe and sane computing and use many of the security practices mentioned on this web page.

(4) Consider that all email will be read by someone other than the intended recipient. The fact is email is simply not secure! Thus, you should never, ever send personal information via email, unless you want someone else to read it. If you must send sensitive information by email get an encryption program and use it.

(5) If you absolutely must open an email attachment do not open it directly. Save it to disk first; then scan the file with your virus scanner; then open it. (But, this can be rather dangerous!)

(6) In other words, be a little paranoid and do not trust email. It is currently one of the weakest links (from a security standpoint) in most networks.

(7) In Outlook or Outlook Express it is best (i.e., safest) to turn the “Read all messages in plain text” on, and turn “Automatically download message when viewing in the Preview Pane” off. (These are found under the Options, Read Tab.) But doing so will make dealing with email a little more difficult. Also, under the Options, Security Tab, Virus Protection, make sure that all settings are checked and at their highest (i.e., more restrictive) levels.

(8) Take note of emails that are more than 30KB in size. Normal email messages are typically rather small. If you get a large email it may contain attachments or viruses. (Also, emails that are large are many times filled with spam, pictures or other HTML code.) Currently most viruses and worms that come via email will weigh in at around 30-100KB+ (but they are getting smaller all the time!) because they contain not only the email message but also the additional destructive payload.

You can harden your browser and email applications by going into their preferences and options and choosing their medium (at the very least) to high settings for better security protection. Be sure and note the security and privacy and advanced settings in both Internet Explorer and Outlook Express. Make the settings as restrictive as possible! Beware of ActiveX, Java and JavaScript – especially unsigned or not marked as safe apps! Do not allow Windows Messenger to load automatically! Letting Outlook Express “automatically download message when viewing preview pane” is risky! Disable “Scripting” in Internet Explorer’s Security Settings Tab and choose Custom Level. Also disable “Install on Demand”! Go into Internet Explorer’s Internet Properties, Advanced and uncheck the two boxes for “Enable Install on Demand.” Do not allow Windows Scripting Host to run on your computers unless you are sure that you need it! For your email make sure that you choose to “read all email messages in plain text” option! Do not allow your email program to “auto-open” attachments! Also, go to Tools, Options, and in the Security Tab check, “Do not allow attachments to be saved or opened that could potentially be a virus.” Especially with email use the most restrictive security features the program has! But, the more restrictive you are in these settings the more difficult it is to browse the Internet or deal with your email. (Be aware that disabling Java and ActiveX will keep some web sites from displaying properly, if at all.) One more thing. Some questionable web sites are able to hijack your unsecured web browser if your security settings are not high enough. You will then be taken to the web sites of their choosing every time you open Internet Explorer. (It can be very difficult to fix this!) And, while we are on the subject of what not to do when surfing the Internet ... do not ever click on ads or respond to pop-ups. And, do not get suckered into clicking on an ad that looks like a system event or error message that tells you that if you click “ok” you can fix or patch your system. In other words, never respond to spam or ads or pop-ups that come from the Internet! Never click “ok” or “yes” – cancel them by closing the dialogue box pop-up or deleting the spam. Again, you must do everything you can to make sure that you harden Internet Explorer by installing the latest patches and updates and by using the highest security settings possible.

WARNING: Microsoft now actually recommends that you set your Internet Security level to “High” for the Internet Zone; add web sites you consider “safe” to “Trusted Sites”; use “plain text” to read all emails; and use a pop-up blocker! Go into Tools, Options of both Internet Explorer and Outlook Express to make these significant changes. Before you do any of this you should realize that this may significantly impact your Internet experience! These recommendations will block most ActiveX and scripting features that some web sites depend on. They will also limit your ability to interact with and download from quite a few sites that you may frequently visit. Your email will also be stripped of all HTML coding and graphics. These and other procedures and settings are becoming absolutely necessary as the Internet becomes a much more dangerous place to play! What do we do now? Well, read the following “hint.”

HINT: You can bypass all kinds of potential problems that exploit the weaknesses of Microsoft products by not using Microsoft products! If you use Mozilla Sea Monkey or Firefox or Chrome and Thunderbird, rather than Internet Explorer and Outlook Express, you can easily kill all pop-ups and the grief – including malware – they frequently bring with them. Let me put this simply. Many of the viruses and worms as well as most forms of malware (i.e., adware, spyware, etc.) are designed to specifically exploit the weaknesses of Microsoft products. When possible, especially for Internet browser and email applications, use another product. If you must use Microsoft products then it is absolutely essential that you do all critical and security updates and that you also run the necessary security software products on your system. It is also critical that you set all of their security settings to “high.”

Be aware that all Microsoft Office applications also need to be updated and patched for security measures and fixes. Make sure that all service packs are applied as well. Most of the worms and viruses out there were created to exploit some fault or flaw in not only the Microsoft operating system but also the Microsoft Office products. (The Office products are particularly vulnerable because Microsoft included the Visual Basic Scripting programming language in each module. Hackers exploited this feature and thus macro and scripting viruses and worms were born!) Make sure that macro virus protection is enabled in Office. Better yet, disable macro scripting in all Office products if you don’t need it.

In the good old days of computing (i.e., two or three years ago) it used to be that you actually had to do something to get a computer virus. You either had to directly share an infected floppy disk or open a program to transmit a virus. But now, all you have to “do” is “be connected” to a network! Viruses and worms are now able to do their work without you doing much of anything. And, they will attack an unprotected computer on the Internet in literally a matter of minutes. Viruses attack through what are called “blended threats.” That is, they use multiple ways and means to accomplish their purposes. Viruses not only propagate through floppy disks and boot sectors, but also through email, web applications and servers, open network shares and shared network folders, and so on. They are finding new ways to deliver their payload all the time. (There are new viruses that are targeting PDAs and Cell Phones. And now with wireless network technologies going mainstream, viruses and worms are quite literally being transmitted through the air. There are also viruses in the works that can hide in various picture and other file formats that theoretically were not supposed to be able to transmit virus infections because they were not executable files.) The newer (i.e., “bigger and badder” viruses) are also capable of stealth and morphing strategies. It is a most dangerous time to be a computer.

Since well over 80% of all email is now spam, one of the best things that you can do to deal with the growing problem (i.e., threat) of spam is to go with an Internet Service Provider (ISP) that filters out the spam for you. This can make a real difference! In fact, some of the better ISPs also use virus filtering software in conjunction with their spam filtering service. (You should note that some studies are now finding that almost one in ten emails contain some sort of virus!) Yes, it might cost a little more than the “no frills” ISPs, but it is worth it. (For instance, since Cox started up its spam and antivirus service I have not received any more viruses through emails and I only get about five spams a day. Whereas before, I would get at least fifty plus spams a day for each email account and at least one or two viruses every other day.) It needs to be understood that major spammers have now learned to create botnets to do their dirty work. These botnets are sophisticated legions of unsecured computers that send out millions and millions of emails a day. In fact many believe that we are now looking at “Spam 2.0” because spam has reached the next level of sophistication. They quickly find work-arounds to the anti-spamming techniques being used and utilize new methods to avoid detection. The spammers are gaining on us, friends, and the good guys are having a harder time dealing with this plague. In my opinion spam is killing email.

You can use an email previewing program like MailWasher to filter out email spam and viruses. It is a little more trouble to use but it can help – especially if you find a suspicious message (or even a virus) in your email. The free MailWasher program can be found here. Read all documentation that comes with the program. (Of course there are other ways of dealing with email and other programs to use, as has been previously mentioned.) One of the reasons for an email previewing program is that simply opening up a spam email in Outlook or Outlook Express can validate your email address to the spammer. It can also automatically trigger a virus or worm, or activate scripting and pop-ups and other annoying garbage (including pornography).

It appears that adware and spyware programs are as big a problem as viruses and worms on the Internet. Recent studies are showing that one out of every three computers are infectd with Trojans or some other form of system monitoring spyware! This means that it is now as necessary to run anti-spyware programs as it is to use antivirus programs on your system. For the moment none of the anti-spyware programs are as sophisticated as the antivirus programs. But, they will surely catch up. The fact is there are some adware and sleazeware Trojans and other junk out there that are very difficult (even impossible?) to get rid of. They just keep coming back through mini-programs called “ticklers.” Some of them hijack your web browser. Some trigger excessive porn pop-ups. Some track your travels on the Internet. Others plant malware on your computer. Still others plant Trojans and key loggers and steal sensitive information off your hard drive. (Key loggers actually log every keystroke as they look for passwords and account numbers you type.) Once a Trojan is planted on your machine, the hacker can do just about anything they want with your system! What is more, some malware is even designed to disable security programs (i.e., firewalls, antivirus, anti-adware, etc.) that run on your system. And, of course, many of them eventually slow down your system and clutter it with junk. This vicious software can even damage system files and cause lock-ups and reboots. It is not uncommon to find literally hundreds of adware programs and cookies and malware on systems that have been operating without protection. Some of the newest spyware “burrows” deeply into your system, infecting the registry and system services or changing system settings, let alone dropping vicious malware products onto your hard drive in the form of programs that may run without you being aware of them. This kind of spyware often requires the use of extensive “surgery” or special tools to remove them. This is getting ridiculous!

WARNING: Just for your information – and because you need to know – I am finding that about 50% of the current virus, worm, trojan and malware infections require drastic measures to deal with them! What I am now noticing is that too many user systems are too far gone to easily disinfect by the time I get to them. About half the time systems must be reformatted and the Operating System and all programs must be completely re-installed! It seems that most disinfecting products (even the retail ones like Norton and McAfee) cannot completely remove all of the viruses, worms, trojans, and malware out there. (I have personally seen systems that even have the all-in-one products still succumb to the dreaded reformat! Why? Usually because the user either did not set up the programs correctly or because they did not religiously update the Operating System and the security programs.) In other words even the best antivirus programs cannot always restore your system to its pre-infected state! What is the lesson? It is rather simple: “Prevention is the best cure!” Oh yes, one more thing. I know that you can “catch” all sorts of infections by innocently traveling the good paths of the Internet, but you will surely “catch” a world of evil by traveling down the dark paths of cyberspace. Don't say you haven't been warned!

WARNING: Well, it was only a matter of time. Now there is a form of spyware that is now being called “kruegerware” (after the Nightmare on Elm Street’s Freddy Krueger). This form of malware is so insidious that it is proving to be very, very difficult to kill and thus the nightmare never ends. Specifically this adware is what is known as a “blended threat.” This means that some forms of adware are now using very sophisticated techniques to install themselves and avoid detection. They also have the ability to reinstall themselves if removed. In some ways kruegerware is more like traditional viruses and worms than plain old “adware.” What this means is that spyware is morphing! If you are wondering why adware is becoming more of a problem, the answer is simple: It works! There is big money in spyware, because there are plenty of people stupid enough to succumb to the “spam and scams” out there. Oh, by the way, this new form of spyware is based in foreign countries like Russia (and others) and is apparently connected with organized crime. (Just so you know, one of the most egregious forms of this new kind of adware is “CoolWebSearch.” It popped up a few years ago. Unfortunately the CoolWebSearch monster has spawned over thirty different incarnations of itself and has become too difficult to deal with. In fact, the only real CoolWebSearch removal tool out there has basically been discontinued because the writer could not keep up with this beast! You can find more information about all of this here.)

WARNING: And just when I thought it couldn’t get any worse ... I have finally dealt with a client’s computer that was so overwhelmed with viruses and Trojans and adware and malware that it took me over three days to get it all cleaned up. If they only had the original Windows XP CDs or Restore Disks, I would have wiped everything out and started over. But, they did not have them and they unfortunately had a pirated update of Windows XP Professional installed and they desperately needed their computer, so I had to do everything the hard way. I actually had to use about ten different antivirus programs to kill the various virus infections. (By the way Norton alone would not and could not do the job! I have told you before that the dirty little secret of the antivirus world is that their products really can’t and don’t perfectly deal with all the viruses out there once they infect your computer. In other words, their products don’t work like you think they do and like they would have you believe.) I had to use about five specialized virus tools to deal with specific infections. I had to use about six different spyware programs to weed out all the malware. Then I still had to use several online scanning sites to finish the job. I actually had to use some of the major player’s sites like McAfee and Symantec, among others, just to identify the beasties so I could manually track them down and kill them. Some of these major scanning sites will only identify but not eradicate the infections. Some of the infections kept coming back even after clean scans. I had to try again until I got it right. Eventually I succeeded and brought the system back to a stable and usable state. But what a mess! Oh, by the way, do I need to tell you where this computer had traveled on the Internet and how it got infected with all of this garbage? This system had literally a dozen different viruses and Trojans on it and hundreds of pieces of adware, spyware and malware choking it to death. The system was hacked and hijacked. This computer had literally thousands of pieces of porn on it. Enough said! If you travel the dark side of the Internet, friends, you get what you deserve and you deserve what you get. The next time I see a computer like this I am just going to nuke it.

Windows contains an option called “hide extensions for known file types” and enables this by default. This is a serious security hazard! Why? Because you can’t tell what type of file you are working with. (In Windows the file’s extension usually lets you know what kind of file it is.) But, more than that, quite a few viruses and worms depend on this to infect your system. (An attachment you might receive called “ILoveYou.txt.vbs.” is not a text file, it is a Visual Basic Script that if run could turn out to be malicious code! With file extension turned off, you would only see the “ILoveYou” file. Be very suspicious of a “double extension” file.) You must disable this stupid feature! Go to Windows Explorer and from the menu look for Folder Options, then go to View and uncheck the box “hide extensions for known file types.”

If you use a wireless network you must realize that wireless is currently very vulnerable to security problems. Most wireless network security settings are disabled by default and that means that you must enable them. Even enabling the security settings that come with most wireless systems presently on the market will not result in a very secure network; but it is still better than nothing. (The fact is anyone with a little knowledge of wireless systems can drive around and find your wireless network and break into your system rather easily – especially if you have not hardened it!) At the very least use strong passwords, well-defined users’ access lists, and various levels of encryption. Be sure that you change the default network names (SSIDs, ESSIDs) and turn on the Wired Equivalent Privacy (WEP) encryption features. (WEP is being replaced by Wi-Fi Protected Access [WPA] – use it instead of WEP, because WEP is no longer considered secure! And WPA is being replaced by WPA2. Does this tell you anything? More recent wireless products may offer a firmware upgrade available by download form the vendor’s website.) Disable SSID broadcasting. Use a MAC address access control list for authentication. However, even these measures are currently not all that secure. One of the most important things you need to do for your wireless network is install a router that has a built-in firewall. Be sure and change the firewall router’s default password! Also consider changing your router’s default IP address. You should note that you can secure your wireless network even further by creating a Virtual Private Network (VPN). But this involves more expense and complexity.

If you ever find a virus infection on your computer the first thing you should do is disconnect (i.e., unplug) that computer from the network. Then update (of course you would have to connect to the Internet for this!) and run your antivirus program on the infected computer. Also, check Symantec’s Security Response web site for the latest information about any viruses or worms you find. You should note that many viruses and especially worms cannot be completely removed by most virus scanning programs. Some actually require additional virus removing tools written specifically for that worm. After you have run the specific virus tool be sure and run that same tool on all the other machines in your network! If all the computers on your network are clear and if the machine that had the original infection is clean, then and only then, connect the computer/computers to the network. Do not reconnect any machine to the network that has an ongoing infection until you have checked and double-checked to be sure that the virus or worm is gone. There are quite a few worms that are able to travel over open networks to infect other systems. Most of them do their work “silently.” One other thing: Remember that viruses love to “hide” in backups, system restore points (in Windows ME, XP and 7-10), or on any form of removable media (i.e., floppies, burned CDs, zip disks, removable hard drives, etc.). So, don’t be too surprised if the same virus or Trojan pops back up at a later time. It just means that you either did not close the door to its chosen method of entrance into your system, or you did not fully disinfect it the first time around.

All Internet Relay Chat programs and Instant Messaging Programs must be considered a security risk, period! Also Windows Media Player and Microsoft Net Meeting present some security risks. Do not use them unless you are willing to take that risk. For the most part, IM programs cannot be secured very well and they can also be a potential conduit for viruses and Trojans. If you must use IMs make sure you set their security options (if any are available) as high as possible. Do not use IM programs to download or share files. (And, while we are at it, Telnet is a major security risk as well.) Under no circumstances should file-sharing (i.e., Peer-to-Peer or P2P) programs like Napster or Grokster or Kazaa or Morpheus or Gnutella or Bearshare ever be used! (Just so you know, studies have shown that up to 45% of all files downloaded with Kazaa contain malicious code!) Be aware that hackers use these kinds of programs to plant Trojans that can not only steal your data but also hijack your computer (turning it into a “zombie” that can then be used to attack other computers) for their evil purposes. Also be aware that hackers sometimes publish freeware that purportedly does something “useful” while at the same time plants Trojans on your system. Do not download any software from sites you are unfamiliar with. Never use “warez” (i.e., outlaw) sites or pirated software.

If you have a system (i.e., Windows ME or XP or 7-10) or software (i.e., GoBack) that does system saves and restores, you need to realize that if you have an undetected virus, it is very possible for viruses to be saved in the hidden system restore folders. To date no virus programs can detect or disinfect these hidden system restore folders. Therefore if you find that a virus has attacked your computer you must disable and delete these system restore features and remove the virus from your system. Only after you are sure the virus has been disinfected should you turn the system restore features back on. If you fail to do this, a system restore attempt at a later date could inadvertently reinfect the computer.

Take the warning and threat of viruses and worms very, very seriously! Recent information is beginning to add up to one critical fact: “We ain’t seen nothing yet!” Many viruses and worms that have previously been unleashed on the world have been “concept” viruses. (To put it another way, they were written just to see if the “concept” would work.) Once the hacker community sees that something works (or they find system vulnerabilities) they usually will seek to perfect their creation by adding a more deadly payload to be delivered the next time. Hackers also share their evil creations so that other hackers can have a crack at making the bug better. What also concerns the security community is that with present world tensions “cyberterrorism” is becoming a very real possibility. (This means that a kind of “warfare” is being directed against the Internet and even networks of other governments and countries. The truth is all of this is going on right now!) But, keep in mind that as the hackers viruses and worms get better and better, so do the antivirus products. This is why you must be vigilant in your fight against the nasties! So far the antivirus and security companies have been able to “contain” newly hatched viruses within twenty-four hours and release updates accordingly. But, keep in mind, that just a few years ago live virus “experiments” (like SQL Slammer and now MyDoom, Blaster and Bagle and NetSky) on the Internet have shown that a virus can travel around the world and infect hundreds of thousands of computers in ten minutes. A few years ago if you put an unprotected machine on the Internet it would be attacked by some worms and viruses within 15 minutes. Now it’s 15 seconds! And, now it has also been shown that an unprotected system will at the very least be compromised with malware within twenty minutes. It used to be forty minutes! The bottom line is this; an unprotected system using broadband will now be attacked in some form or another literally dozens of times a day! (And, while we’re at it, the mean time between a security vulnerability announcement and the release of a virus or worm that exploits that vulnerability has gone from 99 days to five days ... and now to zero days!) No matter how you look at it you must fully secure and protect your system before you connect to the Internet. Why? Because it is no longer possible to download all the Critical Windows Updates and Patches (that it takes to fix the holes that make you vulnerable to all the Internet threats) before you are “hit” by some form of cyberworld attack!

NOTE: There are basically four catagories of virus writers: (1) Creators – Programmers who write viruses for the thrill of creation; (2) Students – Individuals who write viruses for experimental learning and research; (3) Script Kiddies – Kids who cook up viruses using virus programming tools readily available on the Internet; and (4) Cyberterrorists – Terrorists and organized underworld criminals who write viruses for political or monetary profit. It is this last category that is becoming an even greater concern. Recent events have indicated that teams of individuals are now involved in the “virus wars.” What is more, these virus wars seem to now be coming from organized crime both foreign and domestic. There is one other thing you should be aware of. There is a very real connection between cyberterrorism (hackers and crackers) and spammers and pornography. Each one of these “underworld industries” exploits the technology of the others. And all of those involved are part of the dark side of the Internet, the “Darknet”.

Let’s put all of this “hacker threat” into perspective. Hackers are not the greatest threat to your network and computer systems. The greatest threats to your network come from inside your network, not outside. In other words, user error (intentional or unintentional) is the single greatest threat to your computers and your data. Human error is the number one reason for data loss. The next significant threat to your data is hardware, software, or power failures. Then come viruses and worms. And finally, hackers. This is real-world information to help you see where the emphasis on computer security needs to be placed. It gets back to this:

(1) Backup your data.

(2) Train the users of your network on proper procedures.

(3) Use an Uninterruptible Power Supply

(4) Keep your antivirus and anti-spyware programs active and current

(5) Use a firewall to keep the bad guys out.

So, are hackers that big a threat to your business? Actually yes – especially if your network is connected to the Internet via broadband. Again, if your network is connected to the Internet your systems will be scanned several times a day from questionable sources. Hackers are “out there” looking (i.e., scanning) for unprotected systems. What many, if not most of them seem to want are home systems with a broadband Internet connection. While they may not want your data, they more than likely will want to use your computers for their evil purposes. Bottom line: While a hacker actually getting into your system is probably a remote possibility, you still need a firewall.

IN CONCLUSION

It should be obvious by now that the only truly secure computer or network is the one that is disconnected and unplugged! But, then you would not have access to either your computer or your network. In other words computer security is all about striking a balance between ease of use and security concerns. A computer that is very easy to use is also easy to compromise. The more secure a system is the more difficult (i.e., inconvenient) it is to use. Also, realize that every additional security program (i.e., anti-virus, firewall, etc.) is one more layer to have to deal with on your system. And, every layer you add to your system is just one more thing to go wrong (i.e., create a conflict). Again, balance is the key and you determine balance by considering the risks. Ultimately you must figure all of this out for yourself. You must figure out how vulnerable you are; what the threats are; and what risks you are willing to take. (Vulnerabilities + Threats = Risks)

PLACES TO GO ... PEOPLE TO SEE

To help you figure out your security risks you can go online and visit the following sites that can actually test your system’s security and alert you to any potential problems. These sites are run by reputable organizations and individuals who are leaders in the security industry. Read all information and make sure that you understand exactly what is going to be done for each test.

The Gibson Research CorporationThis site is run by Steve Gibson and has a wealth of information on computer security. Go to the “Shields Up!” page and test the security of your computer on the Internet. Run all of the Shield’s Up tests.

The Symantec Security Response PageThis page has the most current information on virus threats as well as numerous tools to remove the more serious ones.

The Symantec Security Check PageThis site will also scan your computer for security and virus threats.

The McAfee Security PageThis site will also scan your computer for virus threats.

The Trend Micro SiteThis site offers a virus scanning service.

Finally, for all kinds of links to security and other computer technology sites, as well as free online scanning and all kinds of freeware programs, go to my Computer Links page.





Copyright © 2003-2016

Randar

A+/Network+/Server+/INet+/Linux+ CompTIA Certified Technician



Back to Randar’s Tech Page ...