How to Keep Your PC Secure (an Idiot's guide)

This is something I wrote and posted on a private forum back in May 2007. Ever since then I've been meaning to give it a more public airing, and having read through it all of it is still relevant.

Introduction



For some people this is going to be really obvious, however it never ceases to amaze me how many others don't take simple basic precautions when using a PC connected to the internet. So here is a quick guide that should help you not get your WOW/bank accounts nicked, without all the scare mongering you see in banner ads, just with genuine true scare mongering in its place.


So Why is My PC at Risk?



Quite simply put, lots of very clever people spend a lot of time finding holes in popular software that they can exploit, and a lot of very greedy people pay some of the aforementioned clever people to do this so they can steal anything of value. Nothing is 100% secure, anyone who tells you otherwise is just trying to sell you something.


Common Myths



1) I don't download software off the internet so I can't get my computer hacked

Microsoft used to trumpet how the US Department of Defense once granted the Windows NT operating system C3 Security certification, which basically means that the DoD considered the thing to be really really secure. However what they didn't shout about too loudly was that this only applied when running it on a certain hardware configuration, which didn't include a network card.

Remote exploits are quite common, many exist for Windows XP and earlier versions. If you aren't patched up with all the latest updates, it is possible for some script kiddie (or even worse organised gangs of n0rty crims) who is scanning whole ISPs for vulnerable computers, will notice yours is a bit leaky and get to work breaking in.

Even if you are completely patched up, it is entirely possible that security holes almost nobody knows about (called Zero Day exploits) exist that may not be public knowledge for a few weeks, and not even fixed for a few weeks after that.

THE LESSON: You connect your computer to the internet, you *are* at risk, full stop, end of story.


2) If someone had got access to my computer, I'd soon notice and stop them

I consider myself very IT literate, and I can spot a dodgy email a mile off, but there is the point right there. I can spot plenty of attempts by people to access my computer, but I probably wouldn't notice anybody who actually managed it.

There is this guy I know from IRC, who had hacked Nildram's (yes the ISP, you know those people who are supposed to be experts in t'internet technology) servers and used to run an illegal ftp site full of dodgy software and games. They found out after a few months (yes not hours, or days, months) and closed down his access to the box that the ftp site sat on. They noticed because one day the sheer volume of traffic this box was generating became too big to hide.

Six months after that, he still had access to at least two other boxes on their network, and would occasionally abuse them for doing security scans on other machines around the world.

THE LESSON: By the time you notice someone has compromised your computer, it is too late


3) Free anti-virus software is poo

Yeah, some of it is a bit poo, but some of it is actually functionally identical to commercial releases of the same product, and made by companies with excellent reputations in this area. Go read http://antivirus.about.com/od/antivi...s/a/freeav.htm if you are still dubious.

Some companies let cheapskates like us use their great stuff for free, because some of us may give them money down the line.

THE LESSON: Free does not equal rubbish

Five Simple Easy *Free* Things You Can Do to Protect Your PC



1) Download and install anti-virus software

In olden days, these just stopped virii from infecting your computer and spreading to others, but most malicious software these days isn't designed to destroy your data, it's designed to harvest it for horrible bastards who want to nick your bank account or WoW details.

Personally I choose to use Avira AntiVir which can be found at http://www.free-av.com/ and the reason is mainly because they are one of the quickest at updating whenever new virii hit the scene. But if for some reason you don't want to use that, I've also used AVG which can be found at http://free.grisoft.com/ although they aren't so quick on the updates, but still more than good enough.

If you've never had anti-virus installed before, install one of these and scan your whole HD, yes it may take a while but it's worth the effort. You only need to do this once, then the fact they run in the background and keep you protected should be enough to maintain a safe desktop.


2) Make sure any folders you are sharing on the network are password protected

Really want any old Tom, Dick or Harry to have access to your files, be able to change them without you knowing, replace them with a trojan you might accidentally run assuming you put it there so it must be okay? No? Didn't think so.

Go here if you use Windows XP and try to make it more secure: http://www.practicallynetworked.com/...ring/index.htm


3) Use some sort of firewall

Windows' built in firewall is FINE. All you want is the ability to decide whether an application should be allowed to connect to the internet or not, and it does this perfectly adequately. Just make sure you turn it on FFS.

If you are particularly paranoid you can go one stage further and use something like ZoneAlarm which can be found here http://www.zonealarm.com/store/content/home.jsp and does an excellent job. However it does require more knowledge about networking to use, and if you aren't particularly solid with PCs then you'll probably end up causing yourself more trouble than it's worth.


4) Make sure your software is up to date with patches

If you have a legit copy of XP then go to Windows Update and patch, patch, patch! Also make sure any other software you use is up to date, this includes things like JPG viewers, WinAmp, Office (MS or Open), etc, if you are particularly paranoid. Heck even Adobe Photoshop has an exploit now.

If you don't have a legit copy, that is still no excuse. You can at the very least scan your system and download patches by hand using the Microsoft Baseline Security Analyzer, which automatically produces a list of links to pages where you can get the patches you are missing. Get it at http://www.microsoft.com/technet/sec.../mbsahome.mspx


5) Every now and again it's worth scanning your PC for spyware

This is probably the *least* important of all the things I suggest you do, since mostly this stuff just gets in the way of browsing the web, anything more malicious is caught by your anti-virus software.

Preferred easymode here is Spybot Search and Destroy which can be found at http://www.safer-networking.org/en/index.html and should be easy enough for anyone to work out how to use. It also lets you protect your browser from malicious sites by adding a block list of n0rty places, just click the Immunize button each time you run the software (after it's updated a current list).

Your Opinions and Comments

Another tip. You know those websites with pictures of the girlies, which open up a thousand pop up pages?

Don't go there.
posted by Jitendar Canth on 2/4/2009 16:29
I'm big on security too. Why only the other day I recieved an email from a concerned financial institution wanting to double check all my bank details. Naturally I obliged immediately.

Do you think they've moved all the money to a safer place? It doesn't seem to be where it was anymore.... :(
posted by Stuart McLean on 2/4/2009 18:59
I'd have looked after it for you, if only you'd said!
posted by RJS on 3/4/2009 00:15