Protecting your computer

[mcdermott]

Protecting your computer

If you use a PC and run Windows, then the chances are, you'll have run up against some form of virus or trojan in the not too distant past. These evil little programmes that run on your computer and give control of your machine to somebody else are collectively known as 'malware', and can be extremly dangerous. Symptoms include: making your machine run very slowly, making adverts pop up over and over again -- often adverts for porno websites, even stealing your passwords and other confidential information, which could result in the loss of banking info, credit card numbers, etc.

Before broadband, these things were less of a problem. People were only online for short periods, limited by their phone bills. Today though, many computers are continuously connected. Hackers infect thousands and thousands of computers and link them all together, thereby creating something called 'botnets', networks of 'bots' automatons, that they can then use to do their bidding.

I've been infected many, many times and I have a pretty good insight into computer security. If it happens to me, the chances are, it's happened to you too. You may well be infected as we speak, but simply not know anything about it.

So, what do you need on your computer to protect yourself?

Firstly, you need a firewall. A bare install of something like Windows 2000 or XP will just allow pretty well anything to connect and disconnect to your computer at will. A firewall is a set of rules that only allows internet connections that you've explicitly given permission to. XP and Vista comes with something called 'Windows Firewall' built into the OS, and while it's better than nothing at all, it isn't the most secure firewall. I'd use it if I had nothing else, but fortunately, there are many other options and many of them are free.

Secondly, you're going to need some anti-malware protection. This is a bit more complex, and there's a lot more stuff. Also, there's some cross-over between classic antimalware programmes, and antivirus software. Today, you're more likely to get a trojan or some form of rootkit exploit than you are a classic virus, and so the virus software tends to detect this stuff as well. Unfortunately, it doesn't usually do it as well as the malware stuff does. Again, there's some great stuff out there for free.

Thirdly, you really need some form of back up. In case anything does get completely hosed beyond all recognition, you need a way of getting your data back. For me, this software comes first.

Fourthly, if you are in the habit of checking out dubious software or browsing dubious websites, you might want to think about some sort of Sandbox

Oh, and lastly, you can protect yourself by hardening your operating system. So lets take the last, first.

Hardening your OS

Windows is a very poorly designed operating system that gives too many programmes admin rights when they run. Without admin rights, it's very hard to get a lot of stuff done in Windows, so you tend to find a lot of people running as administrator, rather than under a limited rights user account. If you *can* manage to run as a user account, you absolutely should. There's a programme called SuRun that should help you solve all the problems that you'd have if you're running in a user account on XP.

They tell me lots of these problems are solved under Vista. I don't have enough info to comment on that, but I do know it's much harder to run as an administrator under Vista, so I'm really just talking about XP and Windows 2000 here.

The next thing you should do is to ditch Internet Explorer. Seriously, it's a piece of shit. It's like leaving your front door wide open with a big sign above saying 'come and rob me, please'. The major candidates are Opera, Firefox and Chrome. Chrome is Google's offering, so if you use a lot of Google apps, its worth exploring. Opera is a very mature piece of software with an awful lot of committed adherents. It used to be payware, but its now free. But me, I like Firefox.

I like Firefox because I use a couple of additional security programmes that I think are helpful. I use AdBlocker Plus because it kills 99% of annoying adverts. And I use NoScript because it also hardens Firefox's security by forcing you to give permission to scripts (little programmes in Java or Javascript) to run on that website. So if I'm browsing something like.. say, Apple's website, I'll happily give scripts permission to run. However, if I'm browsing FREE PORNO PASSWORDS!!!1ONE! GET YOUR PASSWORD TO EVERY PORNO SITE ON THE WEB, ABSOLUTELY FREEE!!!!11ONEELEVEN!1!, then I'd rather pull out my teeth with pliers than let those people run a script on my computer.

So, those are my two critical hardening tips. User accounts with SuRun, and Firefox with AdBlock Plus and NoScript. Lets move on to Firewalls.

But first, a commercial break.

Commercial software.

If you've got the dough and you want to spend it, there are a number of companies who produce a good, all-in-one solution that includes Firewall, antivirus, antimalware, intrusion detection, etc. There are really just three I'd recommend:

Eset's NOD32 is great. I run their antivirus software. It's fast, it has a low memory profile, it doesn't eat up processor cycles. Me likee.
Kaspersky's stuff is expensive, but it's rock solid. I don't like it as much as others seem to, because I've always found it heavy on the processor, but you could probably cut down some of the testing it does and make it less processor intensive.
Agnitum's Security Suite is also something I use. I like this one a lot too.

And finally, while Norton's has been crap for years and year and years, the very latest offering is very well thought of. It looks like they are back in the race after ten years in the desert. But I'd still buy one of the other three rather than Norton. Agnitum have got a phenomenal deal until the end of the month.

OK, back to the free stuff.

Free firewalls

One application that is looking pretty good at the moment is the Comodo Internet Security Suite. Comodo has a very robust, reliable Firewall, and a much newer anti-virus software. The AV stuff isn't quite as well thought of as the firewall, but it's expected to improve in the way all of their other free products have.

Comodo also have a free anti-malware programme, Comodo BOClean, that used to be well thought of, but I believe other programmes have since superceded it.

If you don't want both, you could simply download the Comodo firewall and use another anti-virus software.

http://www.comodo.com/products/free_products.html

Another, very popular free firewall was Zone Alarm. However, as this has got bigger and bigger, and more and more unwieldy, it lacks the respect it used to have among security professionals.

Anti-virus software

There are one or two free antivirus software packages beside Comodo, but they tend to be 'on-demand' packages, which means that they'll check your machine when you tell them to do so, but they won't sit there in the background, detecting them when they run.

AVG provides one such free package. It used to run in the background as well, but I believe they changed this in the opgrade from 7.5 to 8.

The other reputable free antivirus software also only runs on demand, but it's a very reliable, very well thought of application. This one is produced by Avira
 Software and as with the AVG package, I've used both in the past when I haven't had an annual subscription, and both were more than acceptable.

Intrusion Detection software

If you are using an on-demand anti-virus scanner, you can compensate for the lack of continual monitoring by using  Intrusion Detection Monitoring software. Again, there's some good stuff here, very light on the CPU's and very good at picking up the malware as it tries to install itself.

Threatfire is one that I like a lot. I'm not running it at the moment, because I've got a free, one year's subscription to A-squared, but when that subscription runs out, I'll be reinstalling Threatfire.

A-squared is somewhat similar. More intrusive, but more features, I think. On balance, I prefer Threatfire, but it's probably a matter of preference.

Anti-malware applications.

These tend to change over time. The great antimalware software of a couple of years ago doesn't really touch the sides at the moment. I'm recommending two. I keep both installed. Both free versions. If you get an infection of some sort, these should be your first port of call.

SuperAntiSpyware has traditionally got rid of the infections that people like Norton and McAfee couldn't manage. Often they couldn't even see them, rather than clearing them. Run it every week or two, just to make sure you haven't picked up an infection during that period.

Malware Bytes is a newcomer in this area, but the authors are very enthusiastic and committed to staying on top of their game. The security experts like it a lot, and it may well find stuff that SuperAntiSpyware can't fix. I rely heavily on both, and both have quickly and easily revived a machine that their owners thought were dead.

Sandboxes

If you're in the habit of downloading software from warez sites, or from peer to peer filesharing sites like eMule or BitTorrent, you *will* get infected from time to time, and finding some of the cleverer malware can be a nightmare.

Sandboxes are like a software jail, that allow you to browse, or install and run software within the jail, and prevnt it from escaping onto your computer. When you're done, just delete the jail and any bad stuff that has been installed will get wiped away with it.

You can use complex stuff like Virtual Machines, but for casual users, you can't do better than Sandboxie.

Back-up software

I use a couple of different strategies. I do a disk image back-up of my operating system immediately after I've installed the OS, all the security updates and all the applications. I do this to a desktop hard drive, but you can also do it to DVD's just as easily.

Once my Operating System is backed up, I then focus on backing up my data on an ongoing basis.

I use Acronis True Image to back up my OS drive. However, there are free programmes that can do the same thing. A lot of people recommend Drive Image XML.

I back my data up online, and there are two different services that I recommend for this: Mozy and Dropbox

Conclusion

I know there's a lot of information here. It's a complex subject. But you do need to protect yourself. At a bare minimum, you need to be running a firewall, and an anti-virus or anti-malware, or both.

Dropping Internet Explorer for Firefox is an absolute must. If you do just one thing, let it be that one.

And when it comes to back ups, everyone learns the hard way, but it's dumb because the data on your computer is almost always worth several times the value of the hardware, so get your backups sorted!

OK, questions?

[Jules]

I've installed McAfee Internet Security Suite and run Adaware now and then.  Is this sufficient or should I be installing something extra?

[mcdermott]

Yeah, McAfee's fine, but I'd dump Ad-Aware and replace it with SuperAntiSpyware. Unless you've got a paid copy of Ad-Aware. Ad-Aware's one of those programmes that three years ago, was the business, but hasn't really kept up.

I hope you're using Firefox though. Before anyone does anything, they should switch to Firefox.

[alli]

Hi McD - thanks for all that info - have printed it - and going through it now, trying to download stuff.  Have hit a couple of problems though - I am with internet explorer and have been trying to download Firefox - as you recommended, (went to site, pressed download - shows 4 big icons which you see during download) - but I only ever get as far as No. 2 - where it shows it is downloading the file - then it pops off and nothing else comes up.  So I press on a little tab on the bottom which has 'download' and 'mozilla' on it - and a little box appears on the left hand corner of the screen - which says - i think - that internet explorer has blocked it, and when I try to download it again, it says it has already been downloaded and would I like to replace it and I say yes - and then the whole thing starts again.  Help!!!

PS - had a look at SuRun - but found it all very confusing and was too scared to download it!

I'll try a firewall now.  alli x

[alli]

My head is going to explode!!!  Here goes - bringing you up to date.  Noticed in a documents folder that firefox had partly downloaded so I pressed on the icon and it continued to download - going to no. 3 then 4, etc - then a box came up and said - do you want to import setings and data from Microsoft Internet Explorer - so I said yes.  So I have got firefox now, - but!!!  -  I cannot get to my yahoo email from there,  It will not just let me in like it used to - and when I type in my ID and password it talks about cookies saying I have not got any - and I tried to get onto the Alliance Forum from there too and tried to log in but it would not let me, but I think that is because I was still logged in in Internet Explorer - which is still there - and I am able to get to my yahoo email from there and everything else still - but should I get rid of that then - and if I do will I still be able o get to my email???

Also - I went to download Eset's NOD32 - went off to get my card to pay for it - then got involved in unloading the washing machine and listening to some great music on the radio - when got back to computer - put in card details etc....... then pressed proceed, .... then page expired came up., should I start again with that, or has it taken my money and I will just be ordering another one - oh, and should I get the back-up disc as well.

I was thinking about getting the Agnitum's one - because they have got a fantastic deal on at mo like you said but I like that Eset's has low memory profile as have just got my computer cleared of a lot of shite it kept running that I did not need and which made it go very very slowly, so I like that it is running quite quickly again and don't wan to clog it up again.  I apologise for being so computer illiterate. alli x

[mcdermott]

Good grief, alli. Give me a call on the helpline on Wednesday and I'll answer all of your questions verbally. OK? You shouldn't have any problems with getting your email, but you I'll talk you through that stuff when we talk. You probably just need to clear out your old cookie and create a new one in Firefox. I'm guessing it's imported (or thinks its imported) your old cookie from Internet Explorer.

Have you had recent problems? Just to be on the safe side, I'd download SuperAntiSpyware free version, install it, update the definitions and run it, just to make sure you haven't got some nasty piece of malware sitting there at the moment.

Also, both the ESET and the Agnitum software should give you 30 days free use, so even if you haven't actually paid yet, you can install and get the protection from that while we figure it out.

[alli]

This is the 3rd time I have tried this - I write my post - then click on post - then something comes up saying the page has been lost and I've been disconnected.  Don't know what is happening - if it is at my end or your end.

Don't want to keep going through what I've typed - here goes again, quickly; - downloaded 30day free trial antivirus from agnitum.  Still having a bit of trouble with firefox and internet explorer - can get email from it now and can get to alliance, - hope can speak to you it will be easier and thanks for the offer - but Wednesday is really bad day - doing training - out from 8.00 - 6.30, are you there on any other day?  alli x

[znagemq]

Forgive my ingnorance but I am useless on the computer. I just use windows firewall, AVG and the sheild delux for malware as of yesterday when I got a very nasty Trogan which took hours to sort out. Anyway, my question is this - how do I stop google and internet explorer being the automatic web browser and switch to Firefox?

[znagemq]

Doesn't matter, sorted it!

[mcdermott]

AVG is pretty good at catching Trojans, but SuperAntiSpyware gets rid of them better than anything else I've used.

Did you have one of those that re-install themselves after they've been deleted? Some of them are a real bugger to get shut of. I remember, before the cleaning software was as good as it is now, you'd have to wipe your hard drive and reinstall everything.

But the key to getting shut of them is to update your definitions and then disconnect from the internet while you clean. Then run SAS a couple of times to make sure you get shut. The problem is, if you're still connected to the net, then after you've half-cleaned, it automatically downloads a new copy and reinstalls it before you're done, so you get into a loop of cleaning, reinfecting, cleaning, etc.

Also, when you install Firefox, it usually asks to check that that's your main browser. If it slips back to IE, give me a call and I'll figure out where the setting is.

[znagemq]

Thanks McDermot
I will try what you have suggested because I think the thing is still there - I keep getting that Trogan warning but the computer appears to be working fine - no hanging etc. Also, I had something that was bogus to my usual updates - sorted that with the Sheild but going to have to have Antispyware. 

[mcdermott]

In that case, I'd definitely download SuperAntiSpyware Free version, let the definitions update, disconnect it from the internet and run it a couple of times. My guess is that you've got most of it and AVG is stopping it from getting worse, but it sounds like you've still got the head of it in there. If AVG fails for some reason, or they modify it to break AVG, you'll get a reinfection.

Or if you want to bring it to Doncaster over the next two days, I'll take a look at it for you.

Trojans and malware are a real curse.

[znagemq]

I will tyr that. Thanks for the offer of taking a look but it's my desk top rather than lap top so not easily portable. I am sure what you say will work though so fingers crossed!

[alli]

 McD - if I bring my laptop down to birmingham next week - will you have a look at it then if you have time? 

[alli]

I take it that's a no then.