Protecting your computer, the basics

Some suggestions on how to improve the security of your computer.

Decorative Image, PC Firewall WebWith the increasing number of threats that are spreading across the web it can be difficult to know how best to protect your computer. What do you need to protect against? Will one tool protect you on all fronts? Do you get what you pay for in a tool? Can a free tool be good enough?

I’ll try to answer these questions and give some idea of what to look out for…

The threats on the web are constantly evolving and the lines between different attacks are becoming blurred.  Malicious applications are increasingly combining threat vectors so it is no longer easy to distinguish between a worm, virus, trojan, adware, backdoor or the various other nasties (for an explanation of the many different pieces of nasty software take a look at the Glossary page).

Firewall

What it does: A firewall acts as a gatekeeper for your computer.  It checks, allows or blocks any connection to or from your computer.   If your computer were to become infected, the malware would likely attempt to contact a “Command & Control” server on the web for further instructions, to hand over control of your computer to some malicious person/people or to download further code to expand on the functionality of the infection.

Where to find it: From Windows XP onwards Microsoft have included a basic firewall as part of the operating system.  Make sure that this is turned on and it should be enough for most purposes.  If you’re doing anything more on the internet than just basic web browsing then you may need to make some changes but whatever program you’re using should give instructions.

The firewall in Windows XP only controls inbound connection (a connection from the internet into your computer) so it is of limited use.  The firewall that comes with Windows Vista and Windows 7 controls outbound connections as well as inbound so gives much better protection.

If you’re still using Windows XP and you don’t want to pay for a firewall tool, there are a few reasonable free tools that still provide a reasonably level of protection

! usual disclaimer of software applies !

Anti-Virus:

What it does: It’s the bread and butter of protecting your computer from infections.  It inspects any files that are being downloaded, saved, opened, edited or handled in any way and attempts to verify that the file is safe.  It does this with two main functions; 1) it compares them to a list of known viruses (in this context, the term virus is used to collectively describe all malware types inluding but not limited to trojans, worms and rootkits) and 2) it tries to understand whether the file is intended to do anything malicious like changing system settings or files.

Where to find it: From Windows Vista onwards Microsoft have included an anti-virus tool (Security Essentials) which fares pretty well up against independent tests, providing a good balance of discovering infections against false positives (false alarms, incorrectly reporting a clean file as infected).  While the scanning speed and resource usage is not the best, it’s also not the worst and for a free tool that’s ready to go it’s acceptable.  Security Essentials has performed better overall than some paid-for products so there is no harm in sticking with this for the easy life.  I won’t name names here as the AV market changes so rapidly that any comparisons are likely to be out of date quite quickly.

Decorative Image, virusThere are numerous independent testing bodies that have far more time and resource at their disposal than myself so I won’t attempt to better their work.  One very good such source of information is AV-Comparatives.  They periodically repeat their tests to keep up with new threats and patch levels. I’d recommend their “On-Demand Comparative” report (latest at time of writing is dated February 2011).  The reports are quite in depth but you can skip to the interesting comparison charts that show the performance of each major AV product (includes free and paid-for).  Please note that these comparison reports focus on the effectiveness of each tool (which is the most important factor) and don’t provide much detail of the extra bells and whistles.

If you’re still using Windows XP (we’ll skip the obvious WHY?!?! questions here) and you’d rather not pay for AV protection then there are a number of free tools that still measure up to provide reasonable levels of protection that I’ve linked to in a previous article.

Spyware

What it does: Spyware is not as malicious as a virus infection in that it is not intended to harm your computer (although it may be closely associated with or even a part of an infection).  Instead it monitors activity, information and sometimes keys pressed, attempting to report this information back to its malicious owner.  Spyware may only gather and report on websites browsed; some websites attempt to do this in order to tailor the adverts that they present to you.

A specific subset of spyware is Keyloggers and these are more dangerous as they are often designed to look out for logon credentials for email services, social networks or banks.

Where to find it: Most AV tools also include Spyware protection but not all so check the labels.  Microsoft Security Essentials includes this protection.  If you’re still using Windows XP (really?!) then I have had no complaints about the following free products:

Decorative Image, email envelope

Anti-Spam:

What it does: Anti-Spam tools inspect each email that’s targeted to your inbox, compares it to a set of rules and makes an educated guess of the probability that the email is unwanted junk mail.  It’s often reported that 70~85% if all email sent around the world is spam!

Where to find it: Most likely you will be using a web based email service for your day to day personal stuff like GoogleMail, Yahoo or Hotmail.  As such, your emails stay on the web and the email service provider takes care of blocking unwanted spam emails so you don’t need to worry about this.

It is important to note however that no single tool gives 100% protection.  You could run several tools to increase the overall protection but this would have quite an impact on the performance of your computer and there are still likely to be overlaps in the threats that are missed.

So in summary, one tool is not enough, more expensive is not necessarily more protection, and free can be good enough.

Other things that you can do…

Don’t run as an administrator! It might seem like a hassle having to type in an administrator password whenever you want to make a change but if your sessions is compromised in any way then it is quite likely that the infection will assume what ever privileges your account has; if you’re running as a normal (non-admin) user then the infection will be severely restricted in how much damage it can do and how deeply it can plant itself.

Patch, Patch and Patch! Most bits of software will have an option to automatically check for, download and install patches.  Use it.  While there will always be zero-day threats (new infections that the AV vendors have not had time to identify and block) most infections will take advantage of a vulnerability that has not been patched.  Be sure to patch things like plug-ins and add-ons for your web browsers, as well as the web browser itself, along with the operating system and any other software.

Pay attention to what you’re clicking! Most (but not all!) infections will require some level of user interaction.  This might be as trivial as clicking on a link or clicking an OK or Accept button on a pop-up window.  I’ve said it before but it’s worth repeating, if something doesn’t behave the way you expect, pay extra attention to what you’re doing, or close it down and start again.


Hat Tip: This blog is in response to a request from Jonny Rose. Find him on Twitter @98RosJon
Image Attribution: Thanks to jscreationzs and Salvatore Vuono @ FreeDigitalPhotos.net for the images