Computer Security 101: The Basic Triad.
Tack Furlo
computer no matter what else you do on a computer. One of them is
using a USB Optical mouse, but that's just a personal opinion. Running
proper computer security software, on the other hand, is considered
mandatory by anyone who has ever caught a virus and most people who
make their living getting rid of them. The general concept is composed
of a triad of problems and solutions. The problems are keeping bad
things out, taking out bad things if they get in, and restoring your
system if you can't get them out. The solutions are Firewalls,
AntiVirus software, and Regularly Scheduled Backups. The problem comes
when people forget any one of these three things. In this mini-guide,
I'll tell you how to keep yourself from posting here in the past tense
on about 60% or more of the problems we get. Links to download these
tools will be provided at the end of this guide.
Note: In the example given below, Alpha will refer to your computer,
and Beta will refer to some other computer - one on the internet trying
to access your computer.
First of all is a firewall. The good news is that XP includes a built
in firewall. It's not perfect, though. Firewalls can be of two types
- Incoming and Outgoing. The problem is that the distinction between
Incoming and Outgoing is often blurred. For example, a common system
used to remotely access a computer (in this case, more often
legitimately than as a virus) is VNC. VNC runs a server on Alpha and
then Beta can access it from anywhere on the internet using a VNC
client. For many years, to do this, you'd have to open the Incoming
port on Alpha for VNC (5900) for Beta to be able to connect, but now
you don't. If Beta has his client listening in "reverse connect" mode,
then Alpha can start the connection and in doing so it gets around the
windows Firewall, because it is seen as an outgoing connection by
windows, and the Windows Firewall does not block outgoing connections
at all. In this way, your computer can be remotely accessed and evade
the windows firewall entirely. The only real solution to this is to
use a third-party firewall, and you have several options. ZoneAlarm
and Sunbelt Kerio Personal Firewall are both free options, and both
Kerio and ZoneAlarm offer more advanced systems you can use for a
price. These both block incoming and outgoing connections, therefore
fully firewalling your computer.
Your next "line of defense" (though it's more like "offense in your own
end zone" than defense) is Antivirus Software. Common Software for
this include Symantec Norton AntiVirus and Norton Internet Security
(which also includes a good firewall). McAfee has typically been seen
as a secondary vendor though in modern times, both Symantec and McAfee
are equally effective. ClamWin is also available, but does not offer
real time scanning. Avira AntiVir, Avast!, and NOD32 are also good
AntiVirus packages. Most new computers come with one of these
included. So you already have an AntiVirus software, right? Good, but
you're still not done!!! AntiVirus software is just that - AntiVirus.
It's not AntiSpyware, AntiMalware, of AntiTrojan, and you have to
protect against all of those, too. Two key products stand out to do
this. One is Spybot Search & Destroy, which is open source and free.
Spybot is the gold standard for AntiMalware. On the other end of the
spectrum, Windows Defender from (who else?) Microsoft has been shown to
do a good job. At one point after Microsoft bought out Gator they
allowed Gator's malware through Windows Defender (back then under the
name Microsoft AntiSpyware) and it's due to this that it's always a
good idea to run both programs to allow each of them to check out the
other. Another noteworthy program is SpywareBlaster, which does not
offer any real time protection, but instead patches Internet Explorer
and Firefox to prevent most Spyware from getting in in the first place.
Running these three makes most, if not all systems impervious to
Spyware.
If the above fails - and it will at some point - then your last
remaining option is to restore a backup you've made in the past. What,
you've never backed anything up?! Well, to make it as easy as it can
be, you'll need 2 things to do this. First of all, backup (unlike the
other two parts of the triad) will require you to buy additional
hardware. In this case, you'll need a USB Hard Drive. The Hard Drive
in question has to be AT LEAST 2/3 of the size of your main system
drive. If your computers is really slow (1.5GHz or less) you'll want
to get a USB HDD that's the same size as your system drive because
compressing the drive backup will be way too slow. The second thing
you'll need is a copy PING. PING (Partimage Is Not Ghost) is a Linux
Live CD that you can boot from. Once you boot from PartImage, you can
backup your entire hard drive to a disk image file. Then, if your
system ever crashes, you simply boot from the PING CD again and restore
the disk image. Of course, for this to be effective, you'll have to
make images on a regular basis. How often you do so depends on how
much you use your computer and what you use it for. If, for example,
you only web browse for an hour a day, then imaging the computer once a
month is fine. If you do major graphics design work that's impossible
for you to reproduce later, backing up once a week or even twice a week
isn't entirely out of the question. Your main goal is to minimize the
amount of work you have to redo in the event that your computer crashes
and you have to restore the image.
That's the basic computer security triad. There are several other
useful strategies you can follow, too. For example, you can store any
and all of your documents on a network server. If it's not a program,
store it off-site. Then image your computer with nothing more than
windows and your programs. After this, when your computer crashes (if
you don't do any major configuration changes) you lose nothing when you
image the system. Along the same lines, setting up two separate
partitions or using a USB Hard drive for document storage accomplishes
the same thing, but some of the major viruses will spread between local
drives (whereas fewer of them will spread through the network). While
you're at it, you can try software like DeepFreeze, which prevents any
and all changes to the C: drive of your computer. You can also use
Sandboxie to prevent just one program (such as your web browser, which
is how most spyware is caught, or email to prevent most viruses) from
writing to the hard drive while letting all your other programs
through. This does not work sometimes, though, because this prevents
your browser from downloading files and prevents your email client from
storing email on the hard drive, so over time you have to download the
same messages over and over.
So that's it. Here's the links.
* ZoneAlarm by Zone Labs -
http://www.zonelabs.com/store/content/home.jsp
* Kerio Personal Firewall by Sunbelt Software -
http://www.sunbelt-software.com/Kerio.cfm (Note there's another
firewall with the same name that is not free.)
* Symantec, makers of Norton AntiVirus and Norton Internet Security -
http://www.symantec.com/index.jsp
* McAfee, Symantec's primary competition - http://us.mcafee.com/
* SpyBot Search & Destroy -
http://www.safer-networking.org/en/index.html
* Windows Defender by Microsoft -
http://www.microsoft.com/athome/security/spyware/software/default.mspx
* SpywareBlaster by Javacool Software -
http://www.javacoolsoftware.com/spywareblaster.html
* PING, or Partimage Is Not Ghost - http://ping.windowsdream.com/
* Faronics, makers of DeepFreeze - http://www.faronics.com/
* Sandboxie - http://www.sandboxie.com/
Now stop reading and go secure your system! Good luck.
Tack Furlo
BigMatt
and I'm not even connected" or "I downloaded this thingee and now I got
a blank screen with a curser, What do I do???" We can simply link them
up to your post, and with a smile say "Read this!!"
Note, nVidia based chipset's are coming with a very good firewall (came
on new computer) It's picking up things that the Norton is not...
Tack Furlo
Is there any other topic in which you (or anyone) would like a general
tutorial? I'm going to be bored out of my mind for 8 hours tomorrow so
if there's anything else I can write, please let me know.
Daniel
router. I have often suggested to people to just buy a router, even if
they don't need a network, just to use it as a hardware firewall.
Several benefits of a routers:
Costs about the same as most firewall software
Since it's seperate hardware, it doesn't slow down your computer
In addition to the firewall, it adds NAT which adds extra protection
It makes it easier to back up files to another computer on a network
Also, a few extra comments:
USE FIREFOX!!! Internet Explorer (especially IE6) is the number 1 way
to get your computer infected
The number 2 way is Outlook Express. Use regular Outlook or
Thunderbird to access mail
I have never found Windows XP's system restore to actually fix
anything. I suggest disabling it, and doing manual backups. Many
external hard drive manufacturers offer a "one touch backup" solution,
which I recommend.
Oh, and keep your system up to date. Have automatic update turned on
and periodically check windowsupdate.com to make sure you have all
current updates.
Oh, and if you still can't keep your system secure, switch to linux and
forget about it.
Tack Furlo
As for buying a router, yes, basic residential routers are a great
alternative to cumbersome (and expensive) software firewalls. The
problem with a router (or even a dedicated hardware firewall) is when
laptops come into play. Right now I have 4 computers - two laptops and
two desktops, and one of the two laptops gets around 20 minutes of
battery life. Guess where I spend 95% of my time? Yes, on the laptop
with good battery life. Of the 4 systems it has the slowest processor
but I can get 8 hours or more of use out of a single charge with it.
However, with that said, since I use this laptop (which doubles as a
convertable Tablet PC) in many random locations and like to be able to
just pull it out of my backpack and be on the internet within 30
seconds, a hardware firewall isn't practical. For that reason - simply
because with a laptop it doesn't work - I advise using a software
firewall on any laptop system. Of course, if you can put in a router
at home, then it never hurts to add extra layers of protection to your
network. Basically I'm not saying to not get a hardware firewall -
they're wonderful - but with any laptop they're just not good enough.
Now, for those who have a router at home and do not have a firewall on
your laptop, let me make this clear: YOU HAVE A PROBLEM. I have seen 4
seperate cases where a guy beings his virus-filled laptop home and
thinks to himself "sure, my laptop has no firewall and probably has
problems, but I'm behind a router, so my wife's desktop with 10 years
of tax data is safe." This is not true. Residential routers firewall
all incomming traffic, but only incomming from the internet to your
computers. This becomes a problem because it provides no firewall at
all between the machines inside the router. This also means that if
your best friend beings over his laptop and uses your private wifi, you
should enable your software firewalls before letting him on your
network, as often viruses spread through the local network and not just
through the internet.
So to recap...
If you have more than one computer on your network, get a router.
If you have just one computer and its a desktop, a router is still
better.
If you have just one computer and its a laptop that you take with you,
get a software firewall.
If any computer you take with you ever leaves your own personal router,
get a software firewall for it.
Good Luck.