It has come to my attention that many of you may be having problems with your
PCs at home...
"Gee, I don't seem to be able to run Internet Explorer."
"My PC sure does seem to be slow recently."
"I think I have a virus. Should I mention this to Sam?"
Fatal ERROR - 0e16fa21 at segment x00h2. "Hmm... wonder what that means?"
Have you asked yourself these questions, or others like them? Have you asked Sam questions like this? You may have a virus, adware, worms, trojans, continual pop-ups, or other malware (a term meaning "my crappie PC is doing things I don't like") on your box. These things may have various behaviors as well as various results. They may try to lead you to web sites that encourage you to gamble or buy Viagra©. They may encourage you to validate your Visa card... and its PIN. They may aggravate you by taking you to Ace Hardware when you try to go to Home Depot. They may do nothing noticeable as they quietly open ports and report your keystrokes (including your Visa card number and password) to another site. They may have seized control of your PC and are using it to distribute SPAM (bulk unsolicited e-mail) or launch DDOS (Distributed Denial of Service) attacks.
Don't go home and kick the dog. Don't scold the kids. Don't fuss at the little lady (or little man, if that's what you have). Odds are high that it isn't their fault. The folks that build this type of software are becoming incredibly sophisticated in the way they write, deploy, and use this stuff. No longer can you depend on deleting an e-mail from someone unknown. Malware payloads can be evoked simply by getting the e-mail, or visiting a hijacked web site. You must be diligent in the maintenance of your boxes... ALL OF THEM! And, you must be, initially, very quick about taking this seriously. A ongoing report from the Internet Storm Center (an Internet watchdog group) gives an unpatched PC less than 20 minutes before malware infection. This article is available at http://isc.sans.org/survivaltime.html. You may also want to check out their linked article entitled "Windows XP: Surviving the First Day."
You need several pieces of software to effectively protect your boxes. Although there are security suites that try to cover all of the bases from companies like Symantec, McAfee, and ZoneLabs, they can be both pricey and resource hogs. Alternately, there are individual packages one can obtain to perform these tasks. Often, this alternative software is both, better, and free. Also, an assumption here is that you are using an operating system from Microsoft. Even if you aren't, you may want to look at the other information. Anyway, regardless of the approach you take, the software you need on each and every one of your PCs at home is:
Each of these will be addressed below.
|
Microsoft » |
Operating System (OS) ConsiderationsMost of you are using some variant of a Microsoft operating system like Windows XP, Me, 98 SE, 98, 95, 2000, or 2003, and that is where the meat of this article is. You must keep your critical updates and security service patches up to date! With most critical updates that require a reboot and certainly with service packs, your OS will present you with a new build number (if you catch it). DO NOT call me and say "it's Windows ME, build 1.03.2h.a.1." I don't know what that means... and I don't care. Just keep that stuff up to date. The easiest way is to turn on automatic updates. If you're using Windows XP, do this:
When the little balloon pops up and says you have updates ready to install, take the time to do so. Beyond that, Microsoft has many helpful sites such as the MS Windows Update site for updating Microsoft's OS and productivity products, the MS Knowledge Base for getting up to date technical information, and finally, for the really geeky types, Technet for in depth articles on the guts of Microsoft's products. Also, if you are not up to Windows XP or 2000/2003, you really need to consider updating to XP. XP service pack 2 is being touted to do a whole lot in the security arena. In the meantime, it is much more stable than any of the older operating systems. Finally, if you're using WinXP, turn off the fluffy icon logins. Make everyone log on with a user ID and password. Once that is done, change all users (except yourself) to "limited users" through control panel. That way, the kids can't download the music share flavor of the moment and wreck your box. |
Anti-Virus (AV) SoftwareViruses, like their biological counterparts, are nasty little critters! Actually, "virus" is a very generic term that loosely means any malicious software. They come in many flavors and for some in depth information on the subject, see the Symantec article about Viruses, Worms, Trojans, and Hoaxes. For now though, the biggies are:
Some nostalgia - two of the first "viruses" I ever remember hearing about back in the mid 1980s were hardware killers. The first went after the old long phosphor monitors. It would push a high pre-amp voltage out of the video card. This, in turn, would "burn" images permanently into the screen. Before long, the monitor would be ruined. Shortly after that, monitor makers began putting current clamping circuitry into their monitors to prevent it from happening. The second was a vicious little routine that would cause the hard drive head to constantly seek. Hard drives were a little more tender back in those days. Within a few hours, the drive head positioning actuator would be worn out and the drive was destroyed. Anyway, I recommend PC-Cillin from Trend-Micro. Actually, I think they've renamed it to PC-Cillin Internet Security now. If you'll watch the Sunday papers, you can get some version of it to show up in a package deal. Between instant and mail-in rebates, it can usually be had for $10.00 to $20.00. That's actually cheaper than the Internet online price. Keep in mind that like Microsoft, the AV market has begun to be targeted and virus writers have begun to target their products directly. One virus actually took Sam's PC at home down by disabling the Live update function. So, if you feel the price is too high or that you don't trust Trend-Micro, there are options. Some web sites are listed below.
Some major players in the AV game are: Regardless of the product you decide on, get one, and keep it up to date. New viruses are coming out every day now and so are new AV signatures. One MUST be diligent. Also, some sites offer online virus scans, but most require plug-ins and/or Microsoft's IE as a browser. More on this down in the Browser section. |
|
Spyware/Adware » |
Anti-Spyware SoftwareSpyware is a breed of software that monitors, to varying degrees, your activity on the Internet. It may be as innocuous as watching your web surfing habits in order to deliver targeted advertising. It may hijack your browser to deliver you to specific sites regardless of where you want to be. It may be full blown key loggers that capture keystrokes like passwords, credit card numbers, pins, etc., and then delivers that information to the unscrupulous. Make your own assumptions as to what these people can do with that type of information. For more details on the subject, see the Wired News article entitled " Sick of Spam? Prepare for Adware." So, what can you do about it? I recommend you load Super Anti-Spyware on your box zippy quick.&mbsp; I also you keep a copy of Spybot Search & Destroy from Patrick M. Kolla as a backup utility. Both of these are freeware utilities for home use. Regardless of which you use, download both, the software, and the latest updates. Once you have the software installed with the updates, you will need to check for updates frequently (say,... once a week). If updates are available, download them and rerun the check on your box. |
|
SPAM Links » |
Anti-SPAM SoftwareSPAM is that class of software that overloads your e-mail inbox. It is bulk, unsolicited e-mail. I have no idea as to how the word spam was ever associated with bulk, unsolicited e-mail, but that's what it is. One explanation can be had by using this " What Is SPAM?" link. SPAM is delivered by the web's unscrupulous slime, and can be many things... When it first became an issue, it was primarily like bulk mail in your regular mail box. Now however, it can still be a solicitation for one to buy online porn, gambling, Viagra, home loans, or just about anything else one can imagine. It can also deliver some really nasty payloads to your PCs. Some examples of this may be pictures that hijack your browser, viruses, worms, or key loggers that watch your every keystroke, including your online bank account number and PIN or maybe your credit card and PIN. There are currently two approaches to combating SPAM. The first is some really heavy math algorhythms that try to figure out the difference between good and bad e-mail. It usually works pretty well, but some good e-mail gets blocked and some garbage gets through. The other approach is something called challenge response SPAM blocking, which uses a challenge to the sender of the e-mail. If there is a legitimate response, the e-mail comes on in. Otherwise, it gets trashed. This works because, SPAMmers don't have the time or energy to do this when they're sending millions of e-mails. These come in both hardware and software versions. The hardware versions are quite expensive and meant for enterprise computing, but the software versions do a good job for the home user. Of the two types, I recommend one of the software challenge response solutions. A really good choice for the single, home user is ChoiceMail. It's free for one user and for under $50.00, it can protect multiple e-mail accounts for everyone in the home. SPAM has become so pervasive that now, it's getting in the way of business. Between identity theft, fraud, lost productivity, storage costs, virus problems, and bandwidth charges, it costs billions annually to combat this stuff. Because of this, end users, businesses, Internet service providers, et. al..., a concerted effort is now being heralded. Let's hope they get somewhere in their efforts. |
|
Firewall Software » |
Firewall SoftwareA long time ago, on a web far, far away, during the cold war (young-uns, ask your parents), the United States Defense Advanced Research Projects Agency (DARPA) began looking for ways for computers to talk to each other. Most of these were either military computers or college research computers funded by the military. Eventually, this led to the DARPA Net, which in turn became the world wide web. Now, the way PCs talk to each other on the web is through a communications standard known as Transmission Control Protocol/Internet Protocol or TCP/IP for short. TCP/IP is what evolved out of the old DARPA Net. The industry is transitioning to TCP/IP version 6. This is where your favorite geek friends get to use all those confusing geeky phrases like DHCP, FTP, POP3, SMTP, and so on. In short, TCP/IP defines 65536 ports. Ports are like little "holes" that data can get through. There are several "well known" ports, and unless you are one of those geeks, you've probably used some of them and didn't even know it. A few are listed below:
These are only a few of the well known ports, which in turn, are only a few of the 65536 ports defined in TCP/IP. Keep in mind that as far as TCP/IP is concerned, this is knowledge in its simplest form! There are many 800 page manuals on the subject. If you want more information on this stuff, start at Webopedia's Well Known Ports page. Anyway, back when the web was honorable, all of these ports were open and no one cared. Then the slime started to ooze... Before long, firewalls were to become a way of life. Jump forward 20 years. Although Windows XP Service Pack Two (SP2) is coming with a new "Security Center" that includes a firewall, it is only for TCP/IP in-bound, well known ports. No out-bound traffic is monitored and Microsoft is not supporting any OS below XP with this technology. Again, if you aren't up to Windows XP, you need to come on board. Having said that, you will need a firewall that monitors outbound traffic. The benefits of out-bound traffic monitoring are two fold. First, it will help stop the propagation of malware by limiting what can get out if your box becomes infected. Second, it will help stop this same malware from reporting your keystrokes to those who would use it. I recommend a product from ZoneLabs called ZoneAlarm. There is both, a free version (firewall only) and several pay-for versions. They also have an entire suite that includes AV, pop-up blocking, and such, but I know very little about it. |
|
Pop-Up Blockers » |
Pop-Up Blocking SoftwarePop-ups are those incredibly annoying, little messages that just... well, "pop-up." You're out there surfing away, and having fun. Suddenly, there's this little window that gets right in your way and says "come buy my crap." Pop-unders are the same class of stuff, except that you do all your surfing and when you're done, you close the browser and all these little windows are there saying "come buy my crap." In the beginning, it was only the browsers that were prone to these things, but as soon as instant messaging (IM) came around, the web slime had a new delivery method. Now, pop-ups can come over unprotected TCP/IP ports, IM ports, or delivered as e-mail payloads. I'm certain that I've seen other delivery methods documented, but their methodology escapes me at the moment. Several browser makers started incorporating Pop-up blockers into their products pretty quickly. Oddly, Microsoft's Internet Explorer (IE), which had well over 90% of the browser market was the last to implement a solution. It didn't come around as in integral part of their browser until they released SP2 in 2004. Now, although Windows XP SP2 is coming with a new "Security Center" that includes a pop-up blocker, it is untested. It may work flawlessly, but that remains to be seen. Regardless, until the new Microsoft variant is tried and prooven as either valid or useless, a great free alternative is the Google tool bar that includes a pop-up blocker. This handy little utility is available from Google's website at http://www.google.com/options/index.html. This will install as a new toolbar on your Internet Explorer browser. Additionally, it gives the added bonus of a Google search window on your browser that doesn't require you hit the Google site to use their search engine. |
|
Browser Links » |
Browser SoftwareBeing the software that allows you to surf the web, browsers come in many flavors. As previously stated, the most popular by market share is Microsoft's Internet Explorer (IE) with well over 90%. Because of this, most websites are streamlined for this particular browser. Empirically, this is supported in a few ways... Microsoft won't run automatic or user selected updates with any other browser. Also, most online virus scans use either direct connection to IE specifically or plug-ins to IE to complete the scan. The online AV crowd doesn't usually support other browsers like Mozilla or Firefox, although that may change in the future. Beyond that, because IE has such a large part of the browser market, many malware products target IE directly. So, if your box gets hijacked and it takes down IE, you may be stuck. In that vein, you may not be able to get out to get updates of any kind. You may want an alternate browser as a backup. At least you'll be able to get online to the news groups and AV sites that can offer some help. I recommend, as an alternate, emergency browser, Firefox. Firefox is a revamped variant of the old Mozilla (Netscape) browsers and is available at http://www.mozilla.org/ as a free product. Download it and tuck it away for emergencies. You may even want to use it as your primary browser until some site requires you to use IE. If you don't like Firefox, check some of the links at your left for some alternatives. |
|
EMail Clients »
Web Based EMail » |
EMail SoftwareAn E-Mail client is the software that lets you send e-mail messages back and forth to your friends, family, and coworkers. Again, Microsoft is the market leader, and as a result, a lot of the web slime seems to target their products directly. There are two basic ways of getting email. First, there is the client side approach where software on your machine goes out and fetches your email and brings it onto your PC. The other email approach is web based email where you browse to an Internet location and view your email online. On the client side, some of the biggies are Microsoft's Outlook, Microsoft's Outlook Express, Mozilla's Thunderbird, and Eudora. Outlook is usually an enterprise thing evoked by businesses. Some of the home use products include Outlook Express, Thunderbird, and Eudora. Outlook Express comes packaged with Internet Explorer and almost certainly came prepackaged on your computer. Thunderbird, from Mozilla, and Eudora are a couple of the other clients. All of these home based products are free for the taking. If you want any of them, just go to the links at the left to get them. EMail clients are currently the preferred method, but if I were a betting man, I'd say they were on their way out in favor of webMail or IM. WebMail and IM will probably do to email what email did to the Fax machine. Within the web based solutions, again several options are out there. Likewise, all of them have some free options. Google's Gmail, Yahoo's mail, and Microsoft's Hotmail are some of the more popular. Webmail is also cool, but because of the volume of email they handle, they aren't usually very fast, and privacy advocacy groups whine about privacy. I recommend, as an alternate, emergency email client, Thunderbird. Thunderbird is part of the Mozilla series of projects. It's easy to configure and it works well. Thunderbird is available at http://www.mozilla.org/ as a free product. Download it and tuck it away for emergencies. I would also recommend that you consider a web-based email. In a pinch, you can always get to it. |
Instant Messaging (IM) SoftwareI'm not a big fan of IM conceptually, so I'm not a big fan of IM clients or IM software. I think that will change as IM technology comes of age, but in the meantime, I'm not going to put much here. Look for updates to this section in the future. |
Load Order...Traditionally, the order in which these types of software packages were loaded onto a PC could have a profound effect on the way a PC would operate, up to and including killing your box. Improvements in XP have negated a lot of those problems, but now other problems exist. If you're going to be on the wire, the order with which these software packages are loaded now may mean your box's survivability while you're getting updates. Also, some of these updates are huge! Attempting them on a dial-up connection is futile and useless, as your PC will be infected long before the updates are complete. However, malware, and subsequent anti-malware updates happen so frequently, this stuff may be out of date by the time you read it. Thus, I make no warranties as to the usefulness of this information. It is only some guidelines and some starting points. If this is not adequate, take your box to a friend's house that has a broadband connection. If your box is new or you don't have any of this stuff, do this:
If your box is already out on a wire, do this:
Hopefully, due diligence and continual monitoring of your system will prevent you from having too many problems. It is unfortunate that we have to do any of this. However, the nature of the pimples doing this stuff is such that they are already good at it, and they are getting better every day. It is unrealistic to believe or expect that you will never have a problem. But, the more attentive you are, the less likely you are to become infected and the more likely you are to get it fixed quickly if you do become infected. I know it can be a pain, but you must recheck your system periodically. Once a week or so should be sufficient. |
|
Reference Links » |
Additional Security Measures...If you're going to be out there on the web, and it's hard to survive today if you aren't, you may want to consider these items also.
In the mean time, if there is something someone wants me to address, or if you need some more information, you can send me a note... you can use either my WebMaster form-mail, or a standard e-mail client. |
![WebMaster form-mail](javascript:EMWM("Send Sam a note...", "sam", "scrgeek", "com", "picSam02.jpg")){kind=link}