Last updated
14/05/2005
Copyright © 1999 - 2004, Sandra Hardmeier, All
Rights Reserved Worldwide
The 10 immutable laws of security |
1. Stay informed
When it comes to malware and viruses, prevention is far better than cure because some infections can be extremely hard to remove. Although we can download and install various protective softwares to minimize the risk to our computers, knowledge is the ultimate weapon.
Visit http://www.microsoft.com/security/ on a regular basis to check for the latest in the ongoing battle between Microsoft and those who would hijack your browser, or take over your computer.
Keep an eye on the Microsoft Spyware information site:
http://www.microsoft.com/athome/security/spyware/default.mspx
Sign up with the Microsoft Security Notification Service or subscribe to the RSS Security Bulletin feed
http://www.microsoft.com/technet/security/bulletin/notify.mspx
Visit the Internet Explorer community regularly:
http://www.microsoft.com/windows/ie/community/default.mspx
2. Keep your computer up to date
Use Windows Update and, if relevant, Office Update, regularly. Download and install all critical patches relevant to your computer, ESPECIALLY those related to Internet Explorer and Outlook Express.
Enable Automatic Updates.
3. Use a firewall
Windows XP has a firewall - turn it on!
VERY IMPORTANT WARNING
The XP firewall cannot be considered to be equivalent to products such as ZoneAlarm and Kerio. If your computer is infected, the XP firewall may NOT stop your computer from sending data OUT. Until things improve I must suggest that a third party firewall be used.
I also recommend that you leave the Windows Firewall enabled, even if you have a third party product installed. This is because Windows Firewall includes boot time protection - protection during that short period of time between when the network starts and a third party firewall fires up. Your third party firewall may not have the same ability.
Even if you don't have XP there are various free firewalls available, including ZoneAlarm, Kerio Personal Firewall and Sygate. Select the one that best suits you according to your level of experience and knowledge, and start using it.
4. Use an antivirus programme and keep it up to date
There is a free one available from http://www.grisoft.com/us/us_dwnl_free.php
5. Use an anti-spyware product and keep it up to date
The Spyware Warrior web site hosts a comprehensive comparison of anti-spyware products which I think you will find very useful when deciding what product to use:
http://spywarewarrior.com/asw-features.htm
The end result of all this analysis is a list of “trustworthy” products:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy
Spywarewarrior also hosts a comprehensive list of rouge or suspect anti-spyware products (products that are of “unknown, questionable or dubious value”):
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Randy Knobloch, Microsoft MVP (aka Siljaline), works hard to keep people informed about the latest updates for various anti-spyware products. Keep an eye on his site for downloads relevant to software you have installed. Randy's personal blog is at http://www.msmvps.com/siljaline/ and his info-posts can also be found at Security Tools Updates.
6. Internet Explorer
Update to the latest version of Internet Explorer available for your operating system.
Disable install on demand (Internet Explorer and other) via tools, internet options, advanced.
Make sure that your Java VM is up to date. You will find information about how/where to get java and how to update from this link.
You may like to use Mike Burgess' hosts file, available at http://www.mvps.org/winhelp2002/hosts.htm.
Do NOT give permission to a website to install or run anything on your computer unless YOU initiated the download. The prompt may look like either of these examples (the 2nd is from a new version of Internet Explorer):
6. Outlook Express
DO NOT OPEN ATTACHMENTS!!!
If you REALLY REALLY REALLY want to open an attachment, reply to the email and ask 'Did you send me this?' DO NOT OPEN THE ATTACHMENT UNTIL YOU GET A REPLY.
Set OE to view all messages as plain text.
Make sure OE is set to 'restricted zone' (more info here)
Don't open spam. Delete it without opening.
Watch out for phishing (more info here)
7. Windows XP
By now, all XP users should be running Service Pack 2. If not, I strongly recommend that you download and install it. It will go a long way towards making your computer more secure, and protecting you from the seedier side of the internet. Developers and those who own web sites may like to review the following document:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
XPSP2 is being distributed already installed on some new computers, via Windows Update, or can be ordered on CD. The URL for ordering XP SP2 is:
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default810.mspx
If you do not have broadband internet access, or if you have to pay by the byte for downloads, or you do not want to have to wait 4 - 6 weeks for the CD to arrive, several computer magazines distribute XP SP2 on their sampler CDs, so check out your local newsagent.
Unfortunately, Windows XP automatically gives user accounts full administrative rights. Create a 'limited user' account and use that account for all internet surfing and general computer usage. Only use an Administrator account if you wish to install software, or you have a programme that will only work properly under administrator. If you have only one account, do NOT set that account as 'limited user'. Create a new one especially for the purpose. Password protect your Administrator account. Write down the password on a sticker and, to ensure you don't lose it, do what I do - affix the sticker to the INSIDE of your computer case cover.
Windows XP SP2 includes many improvements including:
a pop up manager (picture here)
add on management and crash detection ("..Users will be able to view, enable, and disable the add-ons used by Internet Explorer, and identify add-ons that might be related to Internet Explorer crashes...") (picture here)
a greatly improved firewall (on by default...boot time security...global configuration [all network connections use same setting]...stateful filtering...)
the ability to block all downloads from a particular publisher ("...This feature allows the user to block all signed content from a given publisher without showing the Authenticode dialog box to the user while doing so. This stops code from the blocked publisher to be installed. This feature also blocks installation of code with invalid signatures...") Instead of just having only an 'always install' option, you will also have a 'never install' (picture here)
one prompt per control per page ("....It mitigates [stops] the social engineering trick of prompting the user a number of times for the same control. Even though users repeatedly refuse, they cannot get out of the loop, and they might eventually accept the installation out of frustration....") (picture here)
some pretty cool improvements to OE that the spammers are gonna hate (see this page for details).
automatic downloads (such as that used by Majorgeek and other software distribution sites) are disabled by default. To enable go to IE tools, internet options, security. Click the custom level button and turn on the option to 'allow automatic prompting for file and code downloads'.
a "Security Centre", which is a central repository for information about firewall, antivirus, Windows Update and system settings (picture here)