2005: The Year of Safe Computing
I wrote the following article specifically for my non-technical friends and family. Most of you who read this blog are savvy enough to skip over this entry. However, if you have an uncle, mother, or grandpa who just can't seem to make sense out of computer security, maybe you can forward this blog entry to them. Merry Christmas!
In lieu of sending Christmas cards, I've decided to invest my time writing an article on how to make 2005 the Year of Safe Computing. As most of you know, I work as a consultant in the IT industry. My job requires that I stay on top of several technology areas, and one of these areas is computer security. My goal with this article is to demystify computer security so you can better protect and maintain your home computer. I am focusing on three security topics that I feel will provide improved security without requiring too much effort to implement. So, grab a cup of coffee or hot chocolate and read on.
The three focus areas for this article are as follows:
- Armor Your PC: Firewalls
- Clean and Inoculate Your PC: Viruses, Spyware, Etc.
- Protect Your Privacy: SPAM and Phishing
1. Armor Your PC: Firewalls
Simply put, a firewall is a software program or hardware device that protects your PC from unsolicited communication. Such unsolicited communication often comes from hackers who prey on unsuspecting Internet-connected PCs. Hackers can send data to your PC over the Internet that will cause it to crash, or worse, they can install programs called "back-doors" that give them full control over your PC and all the data on your hard drive.
There are several ways you can protect yourself from being attacked. The easiest way is to install a software firewall program, which can be purchased at any major electronics retailer. A software firewall instructs Windows to stop listening for communication from other PCs, and instead only allows outgoing communication such as web surfing, or checking e-mail. Most people are surprised to learn that their PC is actively listening for other PCs, which it readily responds to by default. Another option is to purchase a hardware firewall device, often called a broadband router. This may be a good solution if you have more than one PC in your home and you want to share Internet access. In this scenario, the hardware device acts as a firewall protecting the home PCs from inbound Internet traffic. With a hardware firewall you can safely share files between two or more home PCs without the fear that you are sharing your data with everyone on the Internet.
Below is a list of some popular software and hardware firewalls:
Note: If you are running Windows XP, make sure you upgrade to Service Pack 2 using the Windows Update feature (windowsupdate.microsoft.com). Service Pack 2 includes a software firewall that does an excellent job of protecting your PC. If you are running an older version of Windows, you need to invest some money in one of the solutions above. Regardless of the solution you choose, a firewall makes an excellent New Years resolution for 2005.
2. Clean and Innoculate Your PC: Viruses, Spyware, Etc.
Our second area of focus is malicious software, often called viruses, spyware, malware, and adware. Unless you've hidden under a rock the last few years you probably know that computer viruses can wreak havoc on computers, and sometimes the entire Internet. Big-name viruses such as Melissa, Slammer, Blaster, and Sobig have even made the prime-time news. Similar to the firewall advice above, you should install and run software that protects you from malicious software found in e-mail, floppy-disks, or Internet downloads.
There are plenty of antivirus software vendors for you to choose from. Here is a list of the most popular consumer packages:
You may also want to check out a subscription to MSN Premium, which offers both antivirus software and a software firewall as part of the subscriber benefits. I wrote an entire article on this service over at my MSN blog, which you can find by clicking here. Check it out if you are interested in an alternative approach to securing your PC while getting more enjoyment out of the Internet at the same time. Regardless of which antivirus software program you choose, please be aware that you need to keep your virus definitions updated on a daily or weekly basis. Virus definitions are lists of current viruses, which help the antivirus software recognize newly discovered threats. Most off-the-shelf antivirus software comes with a 1-year virus definition subscription at no charge, but anything beyond the first year will cost you between $15 and $30 dollars. This might seem like a racket, but it is a small price to pay to stay ahead of the bad guys.
A new type of malicious software is spreading like wildfire throughout the Internet. This new threat is known as spyware. Spyware is software that tracks your PC activities with the goal of sending you targeted advertising. Some of you may be infected with spyware right now and not even realize it. A more dangerous form of spyware is designed to capture your keystrokes, e-mail messages, and important data files, which are then used for illegal purposes. One reason spyware is such a problem is due to its distribution method. Spyware often rides "shotgun" alongside free software you might find on the Internet. If you have downloaded software such as Kazaa, or other file sharing programs, there is a good chance you have spyware on your computer. There are also numerous Internet Explorer toolbars that claim to offer enhanced search features, but instead simply track your web surfing habits to let advertisers know your interests.
Below is part of an e-mail I received from a friend who was infected with spyware.
"A massive number of pop up windows appeared on my computer, and I couldn't close them fast enough ... they just kept coming. I discovered on my computer a number of programs that I did not deliberately download, and several are preventing me from removing them. In addition, I'm very sorry to say, that under my "favorites" section in Internet Explorer have been added, without my knowledge, links to various websites, including several that are, let's say, very bad."
Does the above situation sound familiar? Has your PC been getting slower and slower over the years? This could be caused by many factors, but quite often it is due to spyware being installed without your consent. A new type of software known as anti-spyware is needed to fight this threat, since antivirus software does not protect you from spyware the same way it protects you from viruses. Isn't technology wonderful!?!?
Earlier this month Microsoft purchased Giant Software, maker of the premier anti-spyware product on the market. This purchase, along with the 2003 purchase of GeCAD, means Microsoft now has both antivirus and anti-spyware software expertise. The rumor mills are aflutter with speculation about Microsoft's plans for both technologies. I can assure you of one thing, Microsoft is getting serious about security. We won't likely see any of this technology directly integrated into Windows until 2006 at the earliest; however, Microsoft has promised a test version of their anti-spyware product sometime in January. Until an integrated antivirus and anti-spyware solution exists, other companies offer free and low-cost software to help you win the battle against spyware. My personal favorites are listed below:
Following the links above will take you to a page where you can download each product and read more about the installation process. I recommend running both Ad-Aware and Spybot Search & Destroy to get the best results. Anti-spyware solutions are not 100% successful at deleting all spyware, which is why it's a good idea to run more than one utility. Keep an eye on Microsoft's spyware page throughout the year for details on their anti-spyware offering.
3. Protect Your Privacy: SPAM and Phishing
The final topic for this article deals with a major annoyance for all users of Internet e-mail; SPAM and phishing. While SPAM is simply annoying junkmail, phishing attacks are SPAM e-mails with a deceptive message. Phishing messages often claim to come from your bank, brokerage firm, or other popular sites such as eBay, and implore you to quickly reset your password or divulge other important personal information. Unfortunately, those that fall for these scams often find that their information is later used for fraudulent purposes.
How can you spot a phishing attack?
- Look for spelling mistakes, or poor grammar
- If the message has an unusually urgent tone
- If the web site address you are sent to is not legitimate, or is not secure
- Be suspicious of requests for financial data or personal information
Conclusion
Please consider the information above my Christmas present to each of you. I want to do whatever I can to help make your PC experience as safe and enjoyable as possible. Computers and the Internet are amazing tools that have changed our lives for the better. However, without the proper protection and safe computing practices, your PC could cause more harm than good. I strongly recommend you compare your current computing environment against my recommendations and implement any necessary upgrades to make 2005 the Year of Safe Computing.