On everyday windows security

background

I'm assuming the reader is a windows user. Some things apply to other Operating Systems (OS) as well.

Your http://en.wikipedia.org/wiki/IP_address is your house and "ports" can be seen as different rooms with different tasks that can be performed. Port 80 is usually the http/web room, port 25 is the post office for outgoing mails etc.

A http://en.wikipedia.org/wiki/Firewall is like having a portier that checks all visitors. The portier rarely misses bad guys and he can completely ban access to certain areas for certain visitors. In some cases he can refuse to let things out too.

There are not enough houses for everyone. That's why http://en.wikipedia.org/wiki/Network_address_translation was created. This means that when you want to send something, the NAT router keeps track of that you send something to y and when there is a response from y it's sent back to you. The address the other side see is the address of the NAT router, not you, so the NAT router rewrites the address too. Note that firewalls usually can be told to lower security on machines that are on the same NAT router so you could still easily share files, printers and all that.

If someone wants to send something to you on his initiative, the NAT router must first be told that all calls to a certain port is supposed to be sent to your machine. So, in a way, a NAT router acts as extra security, like a kind of a firewall. It is important to immediately change the default password of the NAT router so no-one from the outside could access it and simply configure these port forwards as he likes thus rendering the protection worthless.

To see if you are beind a NAT firewall, a decent test is to
Click Start bottom left,
Run... cmd
in the command window, run the command ipconfig
If your IP Address is 192.168.x.y you are surely behind a NAT because these adresses are illegal.

Protective software

Warning: With few exceptions, never install more than one program per type. So only one firewall, only one anti-spyware and one anti-spyware. The risk is that they start to fight each others because an anti-virus needs to hook in on the OS just like a bad program does so how to tell what's a bad program and what's a good one?

There are several free firewalls (you can sometimes pay extra to get extra features). The most common on the PC is http://www.zonelabs.com which is a good firewall.

But when crap is entering your system, you need a second line of defense too. The bad software is divided into Spyware and Viruses. Personally I think this is because software houses want to sell two programs (anti-spyware and anti-virus).

The bad software is infecting a computer by the user being tricked to run a file (nude screensaver etc), by a bug in a program (web brower, or one of the programs that listen to a port) etc. If you have administrator status on the user you browse as, the spyware is allowed to do anything on your computer if it's run. So try to have a normal account, and when you install software, right click and choose "Run as administrator" instead. Much better. That's how the Mac does it (more or less) and that's I think an important reason for the much better situation on a Mac.

When it comes to anti-spyware and anti-virus, the best results is achieved by buying http://en.wikipedia.org/wiki/Firewall, http://www.pandasecurity.com or some other product that usually wins tests. Zonelabs has a package whose anti-virus engine is licensed from Kaspersky. Note that these packages usually includes a firewall so you should likely not install Zonealarm in addition to them.

http://www.microsoft.com/windows/products/winfamily/defender/default.mspx is a free program from microsoft used to help kill bad programs. As it's the biggest, this is the first program the bad programs try to fight off. But it does some good and is much better than nothing. Besides, if it's disabled you can assume something is not right.

http://lavasoft.com/ is another anti spyware. It's safe to install the free edition and run complementary sweeps to Microsoft Defender. Note that this program happily reports quite innocent cookies as something horrible so don't panic if you run it.

http://free.avg.com/ is a nice antivirus that takes little resources and has no objections if you receive your mails over encryption (Avast objects so I uninstalled that one). You might want to have look at the settings an disable the annoying "Mail is certified" messages on incoming and outgoing mails.

Usually Internet Explorer is the unsafest browser. A big part of this is because it is used by the largest number of people so it renders good value to find a bug in it. The other part is that it's so tightly integrated into the OS so if you can overtake it, you're halfway in.

Personally, when helping someone, I install Zonealarm, Microsoft defender, AVG, AdAware, Opera/Firefox and makes sure they are behind a NAT router (DLink 604 or something). I also tell them not to use wireless unless really necessary because whatever anyone tells you - http://en.wikipedia.org/wiki/Wireless_security.

If you have bad programs on your computer, the situation is quite often hopeless. Because the spyware is hooked deep in the OS, they reinstall themselves when they are deleted. The best/only thing is to either:

a)
Put your hard disk in an external USB case and clean it from another computer. For the best results, it's usually advicable to delete the content of all tmp catalogs too...
C:\WINDOWS\Temp
..etc because the bad programs quite often live here.

b)
Run a boot cd. Problem with these is they require proper system files from microsoft to work really well so their legality is in a gray zone. But they are brilliant. I've used http://www.ubcd4win.com/ on a friends hopeless machine with good result. You have to do quite a bit of manual things to create the boot cd and AVG goes bonkers when it sees the programs used. The boot cd I created for Windows XP is gold for me and I expect to have much use of it in the future too.

Best regards,
Marcus

Thanks for all the info, I know many of us buy or use these programs and sometimes don't fully understand how and why problem happen. I probably need to go to work and check my system out a lot better. Since moving my ISP does not supply a anti-virus or spyware so I need to get something on my own.

Thanks,

Don

AVG used to be a really good free program, but it's become bloated lately and a resource hog. After using it for several years, I've dropped it at home and now use AVAST instead which is what AVG used to be. It's also free (for personal use) and resource/memory usage is low. And it doesn't require me to reboot my computer every few days like AVG does.

BTW, if you are even a little bit of a computer geek, you should seriously consider putting Linux on any computer where you absolutely don't HAVE to have Windows on it.

For example, my daughter only does homework and surfs the net on her computer. There is not a single program she needs to run that requires Windows, so I run Gentoo Linux on her machine. 99.9% of all spyware and viruses require Windows, so I don't need to worry about viruses or spyware on her computer. I also don't need to worry about her installing anything I am unaware of because neither she, nor her friends know anything about Linux or how to install stuff.

She can still play all her Flash games, visit YouTube, etc. We don't allow her to do any Instant Messaging on her computer and so she can't do it behind our back because she doesn't know how to install an instant messenger on her machine (nor does she have any install rights, anyway).

Same thing with my parents. I spent so much time going to their house removing spyware and viruses because neither of my parents seem to be able to learn what they can and can't click on. Since all they do is surf the net and do email, I put Linux on their computer and taught them how to use WebMail. Problem solved, I haven't had to work on their computer in over a year now.

On my new computer and on my wife's computer (we both run programs that require WIndows) I have installed Linux as the host operating system and we run Windows inside of VMWARE (a program that lets you run other operating systems at the same time on your computer). Occasionally, she will get some spyware on her system from some of the sites she visits and rather than messing with trying to remove it, I just restore from a daily incremental backup on her "virtual machine".

I run 64-bit Gentoo as my host OS and both 64-bit Vista and 32-bit XP at the same time to run various apps (After Effects, 3D programs, Office, etc..) depending on my needs. I do 90% of my browsing in Linux so I don't have to worry about spyware.

Well, believe it or not, none of my production PCs has any kind of virus/maleware protection at all and I always run them as administrator. ;-)