With all different opinions and ideas flying around, the average user seems to be totally confused about what they need to do to keep their computer secured, how much it will all costs and what it really means. Even worse, users they don’t really know that they should do this or WHY. Given the extended time I’ve been spending lately securing a Windows XP Desktop, in preparation for a security contest, I decided to share some ideas. These are mostly for Windows XP machines, but they are mostly appliable to any other Windows box. Feel free to ask for specific questions for your OS if you need to. I will be glad to answer these.
1. Windows Updates – the critical Windows updates are there for a reason; whenever a vulnerability is discovered that would allow people to hack your system, software teams get back to work and come up with patches for them. They do a pretty good job at patching these things and coming up with an update every other day. And with automatic updates (Start -> Control Panel -> Security Center -> Automatic updates) that do all of this without even bothering you, there is no excuse not to have your system updated DAILY. If you would rather do it manually and/or you also want to install optional updates, just go to Start -> All Programs -> Windows Update (it will be in that small list at the very top). And no, I don’t care what you heard, what your friend of a friend who knows somebody who’s father’s second wife has a son that saw Bill Gates at a conference on a TV in the mall said, updates will NOT hurt your computer. They fix problems that are already there. If you fail to keep your system up-to-date, everything that follows is useless. It’s like trying to lock and dead-bolt your front door while leaving the back-door wide open.
2. Antivirus – “But I got this file from my best friend, I’ve known him for 20 years, of course I trust him”. Well, I do also. But your friend might have a virus and not know it. With all the malware out there, behind every other link or email attachement, nothing pays off more than a simple antivirus. And although opinions about which one is better vary all the time, you shouldn’t let this stop you from just picking one. And guess what? There are a bunch of completely free antivirus programs there that do more than a decent job. “But it’s free, doesn’t that mean it’s a cheap unsafe product?” Rest assured that many tech offices use exactly the same tools. A word of warning here… make sure you only use one antivirus for full-time protection. Feel free to have as many as you want for the occasional scans.. but only use one at a time and only have one enabled 24/7. Why? Well, think of this as taking drugs for a cold. You wouldn’t (I hope) take a combination of Tylenol, Aspirin and Advil, would you? Just the same, no antivirus is bad, one antivirus is good, several antiviruses are nearly as bad as none at all. Here are a few examples of what you can get for free: AVG, Avira
3. Antispyware – Getting back to that example with the cold. You’ve taken your favorite drug, whatever it be and now you’re feeling better. But what about that sore throat? Enter, the lozenge for the sore throat or our next friend, the antispyware tool. If you want to find out what different types of malware are there and what exactly is the difference between a virus, a worm, spyware and all that stuff, don’t let me stop you from asking Google. All I’ll say is that you need an antispyware tool (yes, this one CAN AND SHOULD run at the same time as your antivirus, just as the lozenge can go with whatever drug you’re taking – they serve different purposes). But again, don’t have two antispyware tools running at the same time – it’s a waste of resources and can actually harm your system. My favorite: SpyBot, Ad-aware
4. Firewall – look at the firewall as the Vitamin C you’ve ODed on so you don’t get that dreaded cold. It’s main purpose is prevention/protection and it’s just as important as all the others. The reason I mentioned it later is because you already have one on your system (this assuming you have Service Pack 2, which if you are a Windows XP user, for the love of God, I hope you do, if not get it HERE right NOW) and it does a decent job. There is another one that I personally like more though, a very good tool for both the total n00b (if you don’t know what that is, you are one; no worries it pretty much just means novice) or for the master of ip-tables, and that is Comodo Firewall. It will take a little bit for it to get used to your system and for you to setup all your programs that you trust, but after that it will almost stop bothering you and it will give you a very good protection against what’s out there.
5. Passwords! With all these, there is still the issue of someone using “good” tools (such as remote desktop connection) to get to your computer, with bad intentions. Can they? Maybe.. if they know some vulnerability that no one else knows yet. Maybe, if you don’t have all the stuff I wrote about above. Maybe, if they’re just damn good at what they’re doing. CERTAINLY, if your password sucks. This can be anything from: not having one in the first place, using dictionary words, using a short one or using something that can be known about you (names, cities, dates etc.). If you feel you’re brain can’t take the effort of remembering a random-generated password (it’s a great mental exercise by the way), then what you can do is: you get your regular password, be it “ilovemydog” and change letters with numbers or characters, when it’s rather obvious to do so: “!10v3myd0g”. You’ll remember this in no time and it’s still better than using dictionary words.
6. DON’T JUST CLICK ON STUFF!!! I MEAN THAT! Do you just accept boxes with stuff from random people you meet on the street? Do you explore dark location in sketchy neighbourhoods at 2am? Well, if you’re smart enough not to do that, don’t let yourself be tricked by cheap online tricks! Don’t open emails that offer you discounted drugs, lottery wins, free vacations, surprise funds from dead exotic royal families and whatever ideas they come up with. Even opening the email might land you with malware or simply a confirmation that your email address is genuine and active and then even more spam will come to you. Also, be careful with links you see on unknown pages and especially with pop-ups. Same deal here… no, you’re not the n-th user today, that for some weird reason wins one million dollars; no, that flashy little icon did NOT find an infection on your computer and so on. Be smart and you’ll be safe!
All this should make your online day a happier one. Still, this doesn’t mean that now your computer is impenetrable. It just means that it’s considerably more difficult to hack (compared to “way too easy” before this) and chances are that as long as you don’t do something stupid (see number 6), you’ll be safe. On the other hand, if someone specifically wants something on your system and they make a point out of hacking YOU, that’s a whole different story. But that’s probably not the case, so don’t worry about it for now. Do these steps and you can definitely sleep better at night. If only securing your house was this easy.
Feel free to ask any questions or to bring any comments/additions to the solutions I’ve proposed here!