Some computer security tips
One should never run a computer that is connected to the Internet without a firewall or an anti-virus program installed and maintained with the latest updates. And best of all, there is no need to lay out any cash for this protection on a computer that is for personal use.
What follows are my recommendations for a secure computing environment.
- On this page: (Use your Back button to return here)
Free Anti-Virus protection
I have used AVG Anti-Virus on my computer for a number of years. Before that I used a free anti-virus program called eSafe, but they converted to a paid subscription business model, and I performed a search and found AVG.
Some things to remember
No anti-virus software is of any value if it is not updated regularly. it also must be allowed to run a scan on your system. AVG's free version does have some limited scheduling capabilities. If your computer is not on the Internet at the time of the scheduled update check, the program will abort the scheduled check. It does not have the smarts to check for updates after a missed scheduled check the next time the computer is connected to the Internet. Therefore, the user should perform a manual check periodically.
There is a "Check for Updates" choice on the notification area icon's right-click menu. Also, if the virus database is out-of-date, AVG will issue an alert.
Features in the free version
AVG features a scheduler, resident shield, virus vault, update manager, shell extension, and e-mail scanner. Taken in order, these features let AVG schedule updates and tests; test executables and documents for virus when they are accessed by the user; safely lock away infected files; add AVG to the context menu (right-click menu) to permit a manual check of a given file; and scan and certify both incoming and outgoing mail.
The e-mail scanner can be configured to scan mail, with the choice of adding its certification to the mail message or not, with separate configuration for the incoming and outgoing mail. I currently scan incoming and outgoing mail, but only add certification to my incoming mail.
AVG can be obtained free for personal use by way of a download. There is also a paid version with additional features such as anti-spyware, anti-spam, and a firewall, but you do not need these features if you follow the advice on this page.
Free firewall protection
ZoneAlarm offers a free firewall for personal use. For most applications, this firewall is very sufficient. For those of you using EchoLink , you must reduce the protection level from high to medium in order for the software to make connections with other EchoLink users. This is because there is no provision to configure the free ZoneAlarm to allow certain programs to use specific ports. That feature is reserved for the paid version.
Windows XP has a built-in firewall, but this firewall is only good for protecting against outside threats. Likewise, if you have a hardware firewall in say, a router, that offers excellent protection from external threats.
A software firewall like ZoneAlarm will also protect from threats from within. It can stop a program from connecting to the Internet without your permission. If a rogue program has slipped past your defenses, the software firewall is your last line of defense.
Such rogue programs can be weeded out with a scan of your computer using anti-virus (see previous section) and anti-spyware (see next section) software.
ZoneAlarm also offers anti-virus and anti-spyware options in its paid offerings, but once again you don't have to go that route if you want to save your money.
To reduce the complexity of set-up, ZoneAlarm will preconfigure the Windows components that require Internet access, together with your Internet applications, like browsers, e-mail clients and FTP software. You do have to allow programs that have been updated permission all over again after the update is completed.
A number of tricks can be played on the firewall user by malware, with confusingly similar names to trusted programs. If you are unsure of a program, you can always say no, but don't check the box to remember your answer. This will deny the program this time. If your trusted software then doesn't work as expected, you can reverse your decision the next time the program asks to connect.
A working knowledge of your software's needs for connecting to the Internet, and some common sense come in handy here. For instance, if you have just updated to a new version of something, expect the firewall to be asking and allow the change, but if you haven't made any changes that you are aware of, it may be something bad. Do a virus and spyware scan of your computer, to be safe.
Free spyware / adware protection
There are good freeware and some shareware programs that do an excellent job handling adware and spyware, and like an anti-virus program must be kept current with the latest updates, and like anti-virus programs, must be allowed to periodically scan your computer for bad stuff.
I use AdAware SE Personal, free from Lavasoft, and Spybot Search And Destroy. These have good reputations for weeding out most bad stuff and are free for personal use.. I am aware that there are some others that pretend to be good spyware removal tools, but which actually may be spyware themselves, and there are a select few others that are good. I am familiar with these two, and highly recommend them.
AdAware is an anti-spyware scanner, which requires regular updates in order to be effective, and which should be run on a regular basis to scan your computer, particularly if you have just downloaded something new, or have visited a questionable web site. It will scan memory and look through all running processes, then scan your computer's hard drives for files and Registry entries of questionable repute. It will then report to you with its findings and delete or quarrantine those registry entries and files that you select. (Best way to do this is to right-click and then choose Select All on the menu when you are on the report.)
Spybot is a similar scanner, perhaps more apt to catch something that was missed by AdAware, which in turn may catch something missed by Spybot. Spybot also contains tools that can help you avoid bad Web sites in Internet Explorer, and to help lock your Hosts file to avert browser hijacks, if you go to the Advanced mode.
Spybot also contains a "Tea-Timer" which is supposed to protect your system against unauthorized changes, but in Version 1.4, this tool has a corrupted appearance on the screen, which leaves me uncertain how to approve changes. I therefore do not use this feature. There is plenty of documentation on the web site from the author of the program.
Hosts file
The third prong of my security measures involves the use of a hosts file. The Hosts file, filename of Hosts with no extension, is a local file on your computer that is checked first before a call is made to the domain name server on the Internet to find the address of the named web site you want to go to. Let me clarify that just a bit with an example. You go visit Google at www.google.com. First a check is made locally in your Hosts file for the IP address of Google. Not listed, so a call is made to the Internet DNS, which retrieves the xxx.xxx.xxx.xxx IP address numbers associated with that site. The browser then sends out a visit to the IP address, and a connection is made to Google.
Hosts file continued
If you visit Google regularly, you could edit your Hosts file to list the IP address for Google. Your browser would look it up in your Hosts file, it is listed, and a call is made to the site's address, and a connection is made ever so slightly faster to the site because you did not have to make two pulls on the Internet to establish the connection.
I one time had www.fcc.gov listed in my Hosts file, and fell into a trap when FCC changed servers, and the web site came up at a different IP address! My Hosts file told me the old address, and it appeared the site was down until I wised up and pulled that listing from Hosts. The updated name servers on the Internet were not consulted because there was information in my local Hosts file.
The Hosts file can be put to better use, however, by listing web sites you do not want to visit or want your kids to visit. By listing the IP address for each site as 127.0.0.1, there is going to be a call to your own computer anytime www.badsite.com is visited, and a failure notice will appear on your screen. "This page cannot be displayed" in Internet Explorer, an alert box pops up in Firefox.
A couple of good sources for a Hosts file to install on your system are one from the Spybot program, in its advanced mode tools menu, and one that you can download from off the Internet.
This MVPS web site has instructions on how to download and install their Hosts file, which contains references to many sites that may contain malware and other sites that provide display advertising (and cookies) whenever you visit certain advertiser-supported web sites. I found it necessary to turn off JavaScript support to be able to read one site that I visited from a Google search. The desired article popped up on my screen, followed by a Page Cannot Be Displayed notice. I hit the back button and saw my article, then was sent off again to the advertiser's page, which was referenced to my computer in the Hosts file, and I had to go back again. I am sure, had I not hijacked the advertiser's page, I would have received a first-party cookie from the ad site, plus some banner ads, then been sent back to the article I wanted to read. I turned off the JavaScript and then I had no more referrals to the nonexitent advertiser.
I have not combined the Spybot program's Hosts insertion in with the MVPS Hosts file that I downloaded. That might have added redundant listings, and since the file is already half a meg I chose not to combine them.
if you choose to use the MVPS Hosts file, be sure to regularly check their web site for an updated Hosts file. The author audits the file for nonexistent addresses and needs for new addresses to be added, and posts an updated file.
There is one entry that I added to my Hosts file. Besides making sure that http://localhost was referenced first thing to 127.0.0.1, I added www2.look-up-results.com and pointed it to 127.0.0.1. That is a garbage web site that I have seen myself get routed to whenever I enter a nonexistent domain, such as wb7tjd.oArg. I have never figured out how I get routed to that search page, but if ever I do again, I will have hijacked the hijacker. I will be assured to never see that page again, unless the hijacker bypasses the Hosts file lookup.