How to improve security on your computer

 The recent spate of virus and worm attacks has raised awareness of how vulnerable most of our computers are. There are a few simple things you can do to decrease the chances of your computer being infected.

 1.      Be smart about E-mail.  Many people tell me “I don’t open anything from anyone I don’t know.” While this is a good practice it doesn’t go far enough. Most infected e-mail comes from someone you know. Do not open any attachments included with an e-mail unless you are expecting it. If someone sends you an e-mail with an attachment without letting you know that it is coming and why, you contact the sender to verify that they intended to send it to you.. Virus writers have become quite clever at disguising the source, subject and contents of e-mails. Because of this you should consider any attachment as suspicious that you are not expecting.

It is also a good idea to never open any attachment which can potentially harm your computer. These are files that end in .exe, .com, .pif, .scr, .bat, .cmd, or .vbs. Unfortunately by default Windows hides these extensions from you. This allows a virus writer to call a file picture.jpg.vbs and your computer will show it as picture.jpg.

To turn on the file extension display in Windows 9x open the Windows Explorer (shortcut trick – hold down the Windows key on your keyboard and strike the letter E), go to View on the menu bar and select Folder Options. Click on the View Tab and make sure there is no check mark in the Hide file extensions for known file types.

To turn on the file extension display in Windows 2000 and XP open the Windows Explorer (shortcut trick – hold down the Windows key on your keyboard and strike the letter E), go to Tools on the menu bar and select Folder Options. Click on the View Tab and make sure there is no check mark in the Hide file extensions for known file types.

2.  Get antivirus software and keep it up to date.  If you go on the internet, use e-mail, are on a network or put a disk or USB key in your computer from somewhere else you need antivirus software. Many new computers come with antivirus software already installed as a trial version, usually good for 90 days. Even full versions of software usually have a life of one year. At the end of that time they will still protect you from viruses in the last set of definitions you have but they will not protect you from anything more recent. Most antivirus software will notify you when your subscription is about to expire. It is essential that you take some action to continue to protect yourself. I recommend that you renew your subscription at the end of one year and get an updated version at the end of the second year. The capabilities of the software change from year to year and by the second year you will probably want to get the improvements. Before renewing do a little research. Is your current program highly rated for protecting you without a lot of flaws or excessive overhead? Sometimes changing your software is better than renewing it.

Important note: Before installing a new antivirus program it is important to uninstall your old antivirus. A computer with two antivirus programs will come to a crawl.

     Many ISP's now provide antivirus software as a free service for their subscribers. It may be worth your while to check these out as they will do a good job and save you money in the process. There are also a number of free antivirus programs that do a good job. My current favorite is Microsoft Security Essentials available from Microsoft.

Be sure that your software is properly configured to automatically get virus definition updates. It is also a good idea to check periodically to be sure that you have the current updates. Most software is updated daily and sometimes more often if necessary.

Antivirus software works by reading all of the files on your computer and comparing them to a list of virus “signatures” that identify the known viruses. Some have additional capabilities that watch for “virus like” actions and notify you. While your antivirus software looks at all files as you use them it is also a good idea to run a weekly scan of your entire hard drive to make sure there isn’t a hidden virus waiting to be activated. This process can take a while depending on the speed of your computer and the number of files on your hard drive. Most antivirus software allows you to schedule an automatic scan when the computer would not otherwise be busy. However the computer must be on during this off peak time in order for the scan to take place.

No matter how good your antivirus software is you must remember that it is reactive. When a new virus is discovered it must be deconstructed to understand what it does and then the virus “signature” must be added to the definitions list. This can be up to a day after the discovery of the virus. Then you have to get the updated definitions installed on your computer. Until all of this happens you are vulnerable so be sure to follow the steps in #1 above.

In addition there are some rules you can follow that may make your chances of getting a virus less likely. Most viruses are now contracted through E-mail although you can still get them from files. The E-mail viruses are spread when you open an infected file attachment. To allow our computers to automate tasks Microsoft has included in Windows and the Office programs the ability to run macros and scripts. These are sets of instructions that run automatically and can do some very useful things. They also leave your system vulnerable to attack. The most common files which can have a nasty surprise included are files which end in .DOC (Microsoft Word), .XLS (Microsoft Excel) , the one that I Love You used .VBS (Visual Basic Script) or .EXE (executable).

Many E-mail viruses are particularly insidious because they arrive (or appear to arrive) from someone you know. Since viruses like the I Love You virus, like Melissa before it, spread by e-mailing people in your address book it can spread very quickly. Since anti virus programs can only protect against the viruses they know about these viruses can have 12 to 24 hours to propagate before fixes are available. How can you protect against viruses that your anti-virus program can't catch?

1. Be wary. If you get an e-mail with an attachment that has one of the extensions mentioned above don't open it without some precautions. If the file is expected and is a .DOC or .XLS make sure that your Word of Excel program has auto run macros turned off. It is unlikely that any file you get will include an auto run macro for a useful purpose.
2. If you get a file with an attachment that you are not expecting contact the sender and ask for a confirmation that they have intentionally sent you this file. If so, see rule number one.
3. Don't open an attachment from anyone you don't know.
4. Make frequent backups of your files. The I Love You virus attached itself to many files and the variants could attach themselves to many more types. The only cure at this moment is to erase the infected files. Hardly a good thing if it is a file that is vital to you. Having a recent backup will allow you to delete the file and get it back from the backup disk.

Hopefully these hints will help to protect you from a virus attack but as in life, nothing is absolutely safe. The only suggestion I have heard to totally protect your computer from viruses is to turn it off and never use it again.

Hoax Viruses . There is a common virus that many of you have gotten. It is an E-mail warning you that there is a new virus. The common form of this message tells you that the original discovery came from IBM, Microsoft or some other "trusted source" and that if you get an E-mail with the subject that they list you should not open it because it has a virus. The message goes on to tell you to E-mail this warning to all of your friends. There is no such e-mail message or virus. The actual virus involved is that it clogs up E-mail systems with thousands of people sending it to everyone they know. While this does no damage to your system it does slow down the Internet because of the increased amount of E-mail. A good place to check the validity of such messages is at http://www.snopes.com. They also cover urban legends sent via e-mail.

3.      Use a firewall.  A firewall is either hardware or software whose function is to monitor all network activity (remember the Internet is a network) and only allow approved applications to access the network. While a firewall can be annoying due to its constant questioning of whether an application should be allowed access it is an important tool for protecting your system. Worms travel from computer to computer across networks and frequently they are not detected by antivirus software until it is too late. It is especially important to have a firewall if you have a broadband connection since your computer is always open to the Internet. Some anti-virus suites no include a firewall.

Windows includes its own firewall and in Vista and Windows 7 it does an adequate job with minimal interference. If you want something that is more configurable I recommend Zone Alarm from Zone Labs as a software firewall. They have three versions ranging in price from free (for personal use only) to $49.95. If you need protection for your personal computer the free version works quite well. They now also have a good antivirus program included in their suite.

The difficult thing about a firewall is knowing what to answer when it asks questions such as should Generic Host Process for Windows be allowed to access the Internet (yes it should). Something like Internet Explorer or Outlook Express is an easy answer but there are many programs which may want to access the Internet that are not so obvious such as the example above. I suggest when in doubt answer no but don’t make the answer permanent. After you see the result you can answer yes or no the next time and make it permanent.

Firewall software also keeps track of versions of software. If you update your Internet Explorer the firewall will note the change and ask if you approve this changed program to access the Internet. If you know that you have updated recently answer yes, however, if you aren't aware that your software has been updated this is a tip off that something may have modified your software without your knowledge. This is a frequent trick of hackers to attempt to fool you into allowing them access because of course you want to let your e-mail access the internet.

4.      Keep Windows patched. No matter how hard they try it is almost impossible to make software hacker proof. As time goes by new vulnerabilities are found and reported. In order to repair these it is necessary to “patch” the operating system or programs to eliminate the vulnerability. Many  attacks have exploited these vulnerabilities even though a patch had been available for some time. Microsoft releases updates on "Patch Tuesday" which is the 2nd Tuesday of the month. If there is a critical update between the monthly update they will be released on the 4th Tuesday of the month. Very rarely there is something so critical that they will release it as soon as a patch is ready. These are referred to as "Out of Band" updates.
If you have Windows XP:
There are two ways to keep your system up to date. For most people the easiest is to turn on automatic updates. Your computer will then regularly check for any needed updates and either install them (critical updates) or notify you that they need to be installed (when you see the update icon in your toolbar .)
To modify the automatic update settings open the control panel and then open Security Center. Depending on how your control panel is configured it will look like one of the choices below. In either case click on the security center icon.



When the security center is open you will see the current status of your security. To change the Automatic updates setting click the Automatic Updates icon on the lower part of the screen.



When the automatic updates windows is open you will have the choice of automatic, download but let me choose, notify me but don't automatically download or install and turn off automatic updates. Generally it is best to select Automatic. Some people are concerned that updates may cause a problem so they choose download but let me choose when to install. They can then do some research to make sure there are no problems with an update before installing it. If you make this choice it is imperative that you not forget to install the update as soon as you are convinced that it is safe. If you are still on a dialup account you can make the third choice so that Windows isn't downloading updates while you are trying to download something else. Again, it is vital that you download and install the updates as soon as possible. Automatic updates will install critical updates at the prescribed time but it does not install important or recommended updates. To install those you will need to use the update icon in the lower right of your screen.



When you select it a window will pop up asking how you want to install the updates.



If you pick express Windows will install the updates. If you pick custom install it will show you what updates are available.




 From here you can look at the updates which are available with an explanation in the details window and choose which updates to install. Unless you have a specific reason for not wanting to install a potential update the Express install is your best choice. Windows will minimize the window and notify you that the updates are being installed.



Once the updates are installed you will be notified that the updates are complete. In most instances you will be required to restart your computer.



If you choose not to use automatic updates you will need to go to the Windows Update site. There is usually an icon for this on the start menu or programs menu of your computer. If you can’t find the icon you can use Internet Explorer to go to www.update.microsoft.com. Other browsers will not work on this site.

The Windows Update site is used to get updates for your computer. It is advised to get all of the security based updates as soon as possible. There are other options in there as well such as language packs, updated drivers and program updates. It is a good idea to get these as well but be sure to get the security updates.

The Windows Update will first check to see if you have the latest update software on your machine. If not it will try to install it and will pop up a Window asking if it is okay to download and install the software from Microsoft.

You should answer yes. After this or if you already have the latest version of the software you will see a button that says check for updates. Click this button and you will see that it is looking for updates 0% done, then 33%, 66% and 100%.

If you choose Express it will install whatever updates are available. If you choose Custom you have the option to see what updates are available and choose which ones you want. If there are new updates you will then have a button that says review and install updates. Click this button and  you will get a list of the available updates.

Click on Install Now and it will begin downloading and installing the updates. Sometimes there will be updates that need to be installed separately from the others. You will get a window something like this:

Select OK and the single update will be installed. If this occurs you will need to go back to the Windows update for the remaining updates that you need.

Updates usually, but not always, require that you restart your computer when you are done with the update. For this reason it is a good idea to save all work and close all programs before beginning the Windows Update Process.

On many machines it is possible to have Windows automatically notify you of updates, download the updates or even install the updates automatically. Since this is different depending on your operating system and current update status I won’t go into detail about how to do this. However if your computer is capable of this function here are the pluses and minuses of each choice.

Notify me of changes: This will add a little icon down by the clock that will occasionally pop up a banner that says New updates are ready to download. When this occurs you need to click on the icon which will start a process of downloading and installing the updates. The advantage to this method is that nothing happens until you start the process. The disadvantage is that nothing happens until you start the process.

Automatically download updates: This will check automatically for updates when you go online. If updates exist they will be downloaded in the background. When all downloads have been completed you will get an icon down by the clock that says that New updates are ready to install. Again you would click on the icon and begin the install process. The advantage of this system is that the download will be on your machine and you won’t have to wait while the download completes. If you have high speed internet this method works very well. If you have dial up there can be some issues with it. Because it is working in the background it is taking some of your internet speed which will make e-mail and internet browsing slower. Since some of these downloads are very large (I have seen up to 32 MB sizes) they can take a long time to download, thus slowing your internet connection for a long time. As above they also are not installed until you click on the icon.

Download and Install Updates at a fixed time: This allows you to be sure that you are getting the updates without having to think about it or do anything. Again, this works best with high speed internet connections. You must also be sure that your computer is running at the time set for the update/install process. If you have dialup internet service (and it is properly configured) you can use this method to download when you are not otherwise using the machine (such as in the middle of the night.) One drawback to this system is that you have no choice as to the updates you get. They will all automatically be installed whether you want them or not. This also means that you agree to all changes in the license that may be included with the update.(You do read the license agreements, don’t you?)

Be aware: While Microsoft does its best to test the updates there is always the possibility that a fix will also break something. Many times a change to Windows will affect how another part of Windows or another program will function (or not function as the case may be.) Because of this you may choose to not install a particular upgrade if you are aware of a possible consequence of doing so. Items such as Service Packs in particular carry a larger risk. A Service Pack is usually a number of fixes and changes all wrapped up in one. As people report problems with Windows Microsoft fixes defective parts of the software. These can sometimes be downloaded separately if you have a problem but Microsoft usually waits until they have a large number of theses fixes to create a Service Pack. Service Packs also usually contain all of the critical update patches that are available.  Some but not all Windows updates can be undone if they create a problem so it is often possible to recover if an update messes up something else on your computer.
If you have Vista or Windows 7:
  

5. Patch Other Programs. You may have other programs on your system that need to be updated. Some of the most common ones are JAVA, Adobe Acrobat, Adobe Flash, I-Tunes, Quick Time and Real Player. When you receive notification that there is an update for these programs it is a good idea to do so. Windows has become more and more secure over the years so now many bad guys are targeting these programs. While the updates may include new features they most commonly are done to improve security. You may have all, some or none of these programs on your computer.

WARNING Some programs will also offer to install other programs such as toolbars, anti virus or browsers and since they are convinced you really want it they have taken the liberty of pre-checking the additional software. Be sure to look closely at all update windows to be sure that there is nothing else checked except the update.



JAVA JAVA is a program compiler that allows programmers to write programs that will run on any computer with the JAVA installed. These is more efficient as they don't have to write different programs for Windows, Apple and Linux. It is primarily used by browsers to add features to a page. When JAVA has an update available it will notify you with a popup and icon on your toolbar.



When you see this icon you should click on it. This will then display the installation screen



Click on install and you will get the install screen.

When it is finished it will notify you. It may also open your browser and take you to a page to verify that you have the latest version. As pat of the install it will remove the previous version.



Acrobat Reader This free program is a means for displaying documents exactly as they were originally formatted even though the recipient may not have the same fonts or programs as the creator. It uses the .pdf extension for its files. It has become a target for bad guys as they can send you a mal-formed PDF and compromise your system. For this reason it is important to keep it up to date. You can create your own PDF files if you have the full Adobe Acrobat program or Microsoft Office 2007 and above, Open Office, Libre Office and an assortment of other free and paid stand alone applications.



Adobe Flash This controversial program (currently not supported by Apple) is used on web sites to enable video and other effects. A good example is youtube which uses flash to display their videos. It is another frequent target of the bad guys so it is important to keep it up to date.



I-Tunes is Apples all in one media player and media store and it is required if you have an i-phone.



QuickTime is another Apple product which allows you to view videos in certain formats.



Real Player is yet another media player which allows you to play music and video in certain formats.

6.    Be careful what you install. Many programs, especially “free” utilities that you download, can contain more than meets the eye. You are attracted by something the program does such as a screensaver update, a music download, updated local weather reports, updated time etc. However, attached to this useful tool are one or more other programs, many of them what is called spy ware as well as other possible ‘features’. At one time the popular music download program Kazaa included software that would use your computer as a peer to peer server for another company, that is, your computer would be used to distribute software or other files to total strangers without your involvement or okay. By installing this software you accept all of the other software that may come with it and agreeing to whatever license is included. Since most people don’t read the license you don’t have any idea what you just agreed to. Many of these programs track where you go on the internet and then provide pop up advertising based on your interests. While many of them claim they are not tracking personally identifiable information some of them do.

 7.      Do Regular backups. Unfortunately, no matter how secure you try to make your computer there is somebody out there smarter than we are. The odds are, some day you are going to get hit with a destructive bug or a hardware failure. While you can’t prevent the loss of your data you can take steps to insure that you can recover. It is a good idea to make frequent backups of your data to another location. This can be done to a tape drive, an external hard drive, a USB key, another computer or a CD/DVD. Whatever method you choose just be sure that you do it regularly. For help on backup procedures check our Backup FAQ's.

 8. Get Anti-spyware software and keep it up to date. The most recent threat to our computers is spyware. Also known as adware and malware recent studies indicate that as many as 2/3 of all PC's are infected. These are programs which get installed on your computer and do things such as send information about your surfing habits back to them, open pop up ads on your computer and some even have the ability to get your account sign ins and passwords. As more and more of them get installed they can greatly slow your computer and even prevent you from logging on to the internet.
Unfortunately, at this time, there is no single program that will get rid of all spyware. It is best to use a combination of programs that will get the vast majority of spyware programs. The good news is that there are a number of excellent free programs. Because spyware programs are constantly being introduced it is necessary to get updates for them just as for antivirus programs. Some of these recommendations are self updating while some require you to update them manually.

CAUTION: There are anti-spyware programs which do nothing except to add spyware. If you get a popup on your screen that says you are infected with spyware and click here to fix it DON'T. Stick to the list below of reputable vendors and you will be okay. If you have a question about the value of an anti-spyware app you can check it out at http://www.spywarewarrior.com/rogue_anti-spyware.htm. This helpful site lists over 200 anti-spyware programs which are of questionable value if not outright dangerous.

Free:

Malwarebytes - Highly recommended. Available at www.download.com.
Adaware - This is available at http://www.lavasoft.com/. This is a free for personal use program but they also have paid versions with more features. The program is fairly straight forward and will prompt you to get updates periodically. It can only be run manually and does not provide and real time protection, only removal. 
Spybot Search and Destroy - Available at http://www.safer-networking.org/en/download/index.html this program was one of the first free anti-spyware programs and still one of the best. Use the immunize feature to help protect against new infections.
Microsoft Anti-spyware 'Windows Defender'- It is free and is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en.   It works with Windows XP. It is installed by default in Vista and Windows 7.

Paid:

Webroot Spy Sweeper - Currently the highest rated anti-spyware program will do a free scan of your system by going to http://www.webroot.com/. The free scan will only identify problems, not fix them. You can purchase a copy of the program to provide protection against new attacks. It lists for under $30.

9. Be Aware of Phishing Scams Phishing is the art of getting you to give up personal information by sending you an e-mail that purports to be from your bank, your stock brokerage or e-bay/Paypal. They usually tell you they are doing a security check of some sort and want you to go to their website and update your information such as account name/number, password, social security number and so forth. When you click on the link in the message it takes you to a website that looks identical to the providers website. However it is not actually the website you think you are on. The information you supply is then used for identity theft or to drain your accounts. Your bank or other account providers will never ask you for this kind of information, they already have it. If in doubt about any correspondence you receive from a financial institution go to their website by typing it in, don't use the link in the e-mail. It is also a good idea when you are on a website that has your personal information (banking, web stores, e-mail) to check for the lock symbol in the lower right hand corner or on the address bar to be sure you are on a secure page or you can look at the address of the site and see that it starts with https://.

10. Check your security Microsoft now offers Microsoft Safety Scanner which will check your system for viruses and threats as well as general performance issues. This is a free online check and could be a good starting point for a security review.