Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. WINDOWS SECURITY REQUIREMENTS I cannot stress how important it is that you read this article and implement the recommendations. Your computer is under constant attack from people that want to steal your personal data, use your computer to send out spam, or use your computer to attack others. This is done by placing a variety of bad programs on your computer collectively called malware. Some of these programs are called viruses, Trojan horses, worms, keyboard loggers, etc. Most of them are designed to run without your knowledge, although some are designed to destroy the data on your hard drive. If you elect to not follow these recommendations, here is what may happen: 1. Your personal information could be at risk. 2. Your computer will eventually run very slowly. 3. All of your data and programs may be erased. 4. Your computer may be used to send out spam. 5. Your computer may be used to attack others, Back in 2003, the common belief was that you did not have to worry about anything if you never opened an email attachment or did nothing more than connect to your bank site. Although it is still very important that you do not open any unexpected attachments, there are many other ways that you can get infected with malware. Some of these are: 1. Just connecting to internet with an unprotected computer will result in malware infesting your computer in a matter of minutes. This is done by malware that is constantly scanning the internet, looking for a computer to connect to. 2. Just reading an email message – no attachment necessary – especially if the email uses html as it is easy to embed the malware within the html code. If an email message is nice an colorful and contains smilies or other icons, you need to turn off the html email feature in your email program. 3. Just connecting to a corrupted internet site can result in malware being downloaded to your computer. Sometimes the malware is hidden in an image on the website. Your browser automatically opens and displays the image, but the image also contains a small program that will then download more malware. 4. Downloading some shareware and freeware programs. You have to be especially careful of programs that claim to be anti-spyware programs. Back when the internet and Windows were designed, no one thought that the internet would be used for such bad purposes. Consequently, there are a lot of ways that are constantly being discovered to infect your computer. Unfortunately, if you use Windows and connect your computer to internet – even for short periods of time – you need to become somewhat of a security expert and keep updated on the most recent issues. If you are not willing to do this – and you still want to
  2. 2. use a computer – you may want to consider getting an Apple computer or using Linux on your present computer when you connect to internet. HOW TO PROTECT YOUR COMPUTER There are numerous “security suites” that try to address most of the security issues. However, this “one-stop” approach is (to date) definitely NOT recommended for the following reasons: 1. There is not one anti-spyware program that catches everything. 2. Some of these programs do not update nearly often enough. (In fact, one popular antivirus program will not even let you retrieve updates manually). 3. Some of these programs use detection engines that are not current and are themselves subject to attack. 4. Almost all of these programs suffer from extreme “bloatware” and slow down your computer. 5. None of the suites give you the “best of the best” protection for all forms of malware. Instead, I recommend a “layered” approach that will allow you to use the current “best” programs and then easily change programs as needs dictate. The best part of this is that the overall cost will likely be less also. So, let’s get started. The first thing that you need is a firewall. A good firewall will prevent your computer from unauthorized access from internet and will also prevent unauthorized programs from accessing internet and sending personal information to the bad guys. If you connect to the internet via broadband using Ethernet, you need a hardware firewall. All of the popular routers / wireless routers include a firewall. The firewall will look at all incoming data from internet and will only let through information that you requested. However, it only works on incoming data and it assumes that all outgoing data is ok and lets it through. This is where a software firewall comes into play. EVERYONE needs a good software firewall, even if you have a hardware firewall. Users that connect via dial- up or cell phone will only be able to use a software firewall. The good news is that a software firewall will monitor both incoming and outgoing data and protect your computer from unauthorized access in both directions. (IMPT NOTE – the software firewall included with XP SP2 only protects you from incoming data, it does not monitor outgoing data. Do not use the XP SP2 firewall). The bad news is that some malware is able to turn off some of the more popular software firewalls. It is for this reason that I do NOT recommend ZoneAlarm as there is malware that can detect it and turn it off. I use Sygate and have been happy with it. Other possibilities include Kerio and TinyFirewall. Note that you can have both hardware and software firewalls, but you should only have ONE software firewall. Trying to run more than one software firewall can cause problems. ANTI-VIRUS PROTECTION
  3. 3. Let’s cut to the chase. There are only two antivirus programs that I recommend. The best is a pay product called NOD32 from Eset. It is lightweight, fast and efficient and gets updated several times a day. Most importantly, it is one of a few antivirus programs that is not susceptible to the magic byte / jpeg method of fooling virus detection. For a free antivirus program, I recommend AVG Free edition. However, whatever you choose, there are some other important considerations. Most antivirus product editions work best with XP. If you investigate, you will find that the good antivirus products made for XP catch 100% of the viruses, but their performance falls off (sometimes drastically) for prior versions of windows. The second thing that you need to know is that many antivirus products only update once per week – even if you try a manual update. The third thing you need to know is that virus detection engines have (and must) change over time as new malware is developed. Just keeping the virus definitions updated on your two-year old program is not sufficient. Get the latest edition every year, or check your edition and make sure it is current. Also, note that you can run only one antivirus program at a time. ANTISPYWARE PROGRAMS No single antispyware program catches all spyware. Fortunately, you can run more than one antispyware program at a time, and there are several that I recommend. There are several good products out there and also some bad ones. Some of them have come under legal attack, namely because the End User License Agreement that you agreed to when you installed that software explicitly allowed spyware to be installed. Some programs also have a “gentleman’s agreement” to specifically not detect certain keylogging programs…which of course the bad guys have learned to emulate. When it comes to good spyware programs, this is really a moving target. It really pays to investigate recommendations from a certified testing source as I suspect that some of the reviews and recommendations in PC magazines are either drive by advertising dollars or incompetence in their testing procedures. Here is what I use, which may change tomorrow: 1. Tenebril Spycatcher (free edition does not automatically update. Also, a little geeky, but if you thoroughly explore what it is telling you, it is great). 2. Microsoft free antispyware program (only works on XP). I still use this even though MS has had to back off a bit on detection due to lawsuits threats regarding spyware that you agreed to have installed when you installed that shareware/freeware.) 3. Spybot Search and Destroy. Again, not quite the program that it used to be. 4. WinPatrol or Prevx (details discussed later). ROOTKITS
  4. 4. There is a new class of malware that is called rootkits since it is able to install itself deep in the kernel of your OS and NOT be detected by conventional antivirus or antispyware programs. Without getting technical, suffice it to say that NO ONE has developed a really good rootkit detection program. To make matters worse, if you are able to detect it, you may not be able to remove it! There are presently two products that attempt to detect rootkits. Rootkit Revealer is available for free from SysInternals. It is a pretty geeky program and will likely result in false positives. Another program is BlackLight from F-Secure. However, the only foolproof way to detect rootkits requires two copies of Windows and a rather details process far beyond what you or I would like to undertake. MS is trying to come up with a workaable solution but it presently hung up with the licensing issue regarding the two OS copy issue. Sony developed a rootkit in early 2005 that was meant to prevent making more than three copies of their music CD’s. This rootkit caused two major problems. First, if you uninstalled the rootkit, Windows was rendered useless! Second, if you left the rootkit on your computer, additional vulnerabilities were enabled. So, what is your defense? As of this writing, the best thing that you can do is to make absolutely certain that your computer does not have any malware (including rootkits) and then make an image of each partition on your hard drive (HD). The only way to ensure that your computer is 100% clean is to reinstall Windows (and all your programs and data and of course your anti-malware programs) and THEN make your image. (Also, be aware that System Restore is NOT the same thing and will NOT protect you from most of these attacks.) You will use this image periodically (I do it monthly) to easily restore my computer to a known-good state. This procedure will also protect you from HD failure, user error, or any malware that is able to sneak through your defenses and damage your computer. You will need a second HD to store the image on. I recommend an external HD as this can be easily disconnected from internet. There are several good disk imaging programs, but the one I recommend is Dantz Retrospect. A perfectly good lite version comes with many new external hard drives. If you are purchasing an external HD, get one that is USB2 (firewire if your computer supports it), and spins at 7200 rpm. It is also preferable to get one that has a low seek time and also has 16MB cache, but this is not absolutely necessary. KEEP WINDOWS AND OTHER SOFTWARE UPDATED Microsoft issues patches and updates on the second Tuesday of the month. However, there are several problems with this: 1. There are vulnerabilities that MS has not addressed 2. Since the patches only come out once a month, there is potentially significant time that you are vulnerable 3. The Auto Update feature could result in at least a 5-day delay in your getting the patches, even if you have a broadband connection and always leave your computer
  5. 5. on. Obviously, if you are an RV’er, you need to manually download and install the updates. WIFI Many WIFI public hotspots (and campgrounds) do not use any security on the radio link from your computer to the router. This means that everything you send and receive from your computer is freely available for anyone to intercept and read as long as they have a computer with a wireless card and a simple program like Ethereal. Some WIFI hotspots are encrypted with WEP. However, WEP is easily broken and the pass key is shared with everyone on the network. WPA is a much stronger form of encryption, but it is seldom used because early versions of WIFI cards do not support it and it is a bit of an administrative hassle to manage the pass keys unless a Radius server is used. However, note that if SSL (Secure Sockets Layer, developed by Netscape) is used by a website or by your email provider, your data is protected, You can tell when a website is using SSL as your browser will display an icon, such as a lock, and also the address bar will start with https: instead of http:, indicated an SSL connection. Note that if WPA is not used at your hotspot, you email id and password will be sent “in the clear” for potentially anyone to snag. Most ISP’s (including Yahoo and Hotmail) support secure email to ensure encrypted login and encrypted delivery of your email. You will have to make a configuration change in your email client to take advantage of this. However, another alternative is to use a pay service such as Anonymizer, PublicVPN or HotspotVPN which actually allows your to connect to their servers via an SSL connection. Either of these services ensures that ALL of your data is encrypted and not available for ANYONE to decipher. If you choose a service like this, make sure that your connection to their service is via 128 bit SSL to ensure encrypted communications. Note that there are some other services that provide another type of encryption using IPSEC (IP Security) that establish a VPN (Virtual Private Network) tunnel between your computer and their server. This is also a good service that will encrypt all your communications. However, the problem with VPN services is that some wireless network routers are set up to block VPN ports whereas the ports necessary for SSL communications are virtually always open. The result is that often your VPN service will not work with WIFI. CELLULAR You are possibly concerned about the security of using your cell phone for internet access. The cellular industry has adopted the Wireless Transport Layer Security model that greatly reduces security concerns. As long as your cellular connection is digital, you are virtually as secure as you are on a wired internet connection. ADDITONAL CONSIDERATIONS
  6. 6. You also need to run a program such as WinPatrol or Prevx to protect you from host-file hijacking. This is a method whereby you are directed to a “fake” website, even though you manually typed in the proper web address. The folks at run an excellent service that examines the running processes on your PC. Download the Hijack This! Program and run it. DO NOT let it fix anything as this can be very dangerous. Instead, open the Hijack This! Log file copy it into the form on the HJT Help page and press the Parse button. Although the analysis is not necessarily 100% accurate, you will have a good idea as to whether or not you have a problem. This will not necessarily catch rootkits. There is also a wealth of information and links to identify and remove spyware. Go to Steve Gibson’s site at and download and run his excellent security programs such as Shoot the Messenger, Decombulator and Unplug and Pray to disable high-risk services. There are additional services that you could disable that I will not mention here for fear of interfering with other programs on your computer. Use Firebox instead of Internet Explorer. Secure each of these as follows: Keep Internet Explorer safe: Many people find IE 6's Medium security level too obliging to ActiveX controls and other small programs, or scripts, that the browser runs on your PC. ActiveX and JavaScript enable such useful Web features as order forms and security scans, but they also may run malicious code and give attackers access to your system. To make IE safer, click Tools, Internet Options, Security, Custom Level, select High from the drop-down menu at the bottom of the Security Settings dialog box, and click Reset, Yes, OK. Unfortunately, setting IE to the High security setting can lead to the browser's unleashing a fusillade of warnings and permission pop-ups every time you visit a site. The solution is to add the sites that you access often to IE's Trusted Sites list: Choose Tools, Internet Options, Security, click the Trusted Sites icon, and then click the Sites button. Enter the Web address, click Add, and repeat as necessary (see the Trusted Sites screen above). Be
  7. 7. sure to uncheck Require server verification (https:) for all sites in this zone. When you're finished, click OK twice. Make Firefox more secure: The only way to block JavaScripts on a site-by-site basis in the Mozilla Foundation's free Firefox browser is to download and install the NoScript add-in that was created by Giorgio Maone. NoScript places a warning bar at the bottom of all the Web pages you visit that use JavaScript. Click the bar to see options for allowing scripts on the site (permanently or temporarily), blocking scripts, and other operations. The program can also stifle Flash animations and other Firefox plug-ins, but keep in mind that going Flash-less means you'll be missing out on some of the Web's richest content (along with all of those great dancing ads). Although NoScript is freeware, the author does accept donations at Due to all of the vulnerabilities in Outlook / Outlook Express, switch to another email program such as Thunderbird or Eudora. Whatever email client you use, be sure that you close the Preview window, if you program uses this. Use the Microsoft Malicious Software Removal Tool to scan and remove the latest threats. This is a good double-check. When connecting to any website involving any financial transactions, ensure that SSL is used. The browser will display a lock or other symbol to indicate that you are on a secure website. Your address bar will show https: instead of http:. Note, sometimes the bad guys lure you to a cloned site that will look like your bank’s site, and they will also try to spoof the SSL certificate…you will get a popup window asking if you want to accept the certificate that has not been verified or signed, so that you get the lock icon and https in the address bar. You can test your firewall for free at You need to do this to ensure that it is configured properly and protecting your computer. Be very suspicious of any emails or warnings you get that ask you to click a link or respond giving any of your personal information. No legitimate firm is going to ask you for this information over internet. If for some reason you think it is legitimate, CALL the firm and VERIFY, It is very easy to fall for an email advising that a new version of software is available by clicking a link that will take you to a cloned pirate page where you are really installing malware. Go to the software website by typing in the address yourself – if there really is a new software version available, you will be advised of it then. There are products available that essentially put you behind a commercial firewall that reroutes all of your traffic through their server. Every data packet is inspected by them before it is sent to your computer. This service costs roughly $60 for the equipment and $15/month for the service. This will not solve all of your security issues as you will still be vulnerable via other sources, such as installing shareware on your computer.
  8. 8. You may also want to consider surfing the internet anonymously. An excellent free program is available at which will help you with this. I am also evaluating a program called ProcessGuard. It is available as both a free and pay version, but the pay version is recommended for best protection. It appears to work very well, but it requires a bit of learning and patience. For example, you have to tell it which programs are allowed to run….or else that program will not run! Also, turning on the Global Hook feature will stop some programs from running. However, if you don’t mind the extra effort required, this looks like an outstanding program.